I have rootkit.0access.H - help?!

[Durrman]

Here is the log from dds:

dds.log:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.19088

Run by Stephen at 20:24:10 on 2012-03-28

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.3581.2636 [GMT -4:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\aestsrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\STacSV.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Skype\Updater\Updater.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\iPod\bin\iPodService.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.ca/ig/dell?hl=en&client=...-row&channel=ca

uWindow Title = Internet Explorer provided by Dell

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll

uURLSearchHooks: H - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart technologies\notebook software\NotebookPlugin.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\18.0.1025.142\npchrome_frame.dll

TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe

mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [bing Bar] "c:\program files\msn toolbar\platform\5.0.1449.0\mswinext.exe"

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

LSP: mswsock.dll

Trusted Zone: ucdsb.on.ca\access

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab

DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ssl.tundra.com/dana-cached/sc/JuniperSetupClient.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{3B669FA9-1337-425C-BCB6-51D3414366BC} : DhcpNameServer = 192.168.0.1

Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\18.0.1025.142\npchrome_frame.dll

Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-3-28 239168]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-3-28 338880]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-5-20 73728]

R2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-1-31 158856]

R3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\drivers\SMARTMouseFilterx86.sys [2008-4-3 11048]

R3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\drivers\SMARTVHidMini2000x86.sys [2008-4-3 14120]

R3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\drivers\SMARTVTabletPCx86.sys [2008-4-3 16808]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1c9c3a560755f0;Google Update Service (gupdate1c9c3a560755f0);c:\program files\google\update\GoogleUpdate.exe [2009-4-22 133104]

S2 ndasscsi;CdaC15BA;c:\windows\system32\svchost.exe -k netsvcs [2008-6-3 21504]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-22 133104]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2012-3-28 366840]

S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2012-3-28 1150936]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-03-29 00:08:07 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-28 22:13:34 -------- d-----w- c:\users\stephen\appdata\roaming\GetRightToGo

2012-03-28 11:40:28 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys

2012-03-28 11:40:28 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys

2012-03-28 11:40:28 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2012-03-28 11:40:28 103232 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys

2012-03-28 11:40:26 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2012-03-28 11:40:26 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2012-03-28 11:40:21 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2012-03-28 11:40:15 -------- d-----w- c:\users\stephen\appdata\roaming\PC Tools

2012-03-28 11:40:15 -------- d-----w- c:\program files\PC Tools Security

2012-03-28 11:40:15 -------- d-----w- c:\program files\common files\PC Tools

2012-03-28 11:38:20 -------- d-----w- c:\programdata\PC Tools

2012-03-28 11:03:43 99328 ----a-w- c:\programdata\87dke3Fr.exe_

2012-03-28 11:03:43 99328 ----a-w- c:\programdata\87dke3Fr.exe

2012-03-28 02:03:02 99328 ----a-w- c:\windows\system32\Ab155.com

2012-03-28 01:27:59 99328 ----a-w- c:\windows\system32\Ab155.com_

2012-03-28 00:30:31 273256 ------w- c:\windows\system32\HPDiscoPM9311.dll

2012-03-28 00:02:41 22032 ----a-w- c:\windows\DCEBoot.exe

2012-03-27 23:44:13 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-03-13 05:51:15 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys

2012-03-13 05:51:15 190464 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-03-07 00:21:37 -------- d-sh--w- C:\found.003

.

==================== Find3M ====================

.

2012-03-29 00:20:39 184320 ----a-w- c:\windows\system32\drivers\netbt.sys

2012-03-29 00:09:30 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys

2012-03-28 11:21:08 102400 ----a-w- c:\windows\RegBootClean.exe

2012-01-08 21:25:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

============= FINISH: 20:25:28.00 ===============

attach.log:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 20/05/2008 10:30:08 PM

System Uptime: 28/03/2012 8:20:34 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0UK435

Processor: Intel® Core2 Duo CPU T9300 @ 2.50GHz | Microprocessor | 2501/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 136 GiB total, 33.192 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 5.514 GiB free.

E: is CDROM (CDFS)

F: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader 8.1.3

Advanced Audio FX Engine

Advanced Video FX Engine

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bing Bar

Bing Bar Platform

Bonjour

Broadcom Management Programs

BufferChm

CameraDrivers

CameraReadme

Compatibility Pack for the 2007 Office system

Conexant HDA D330 MDC V.92 Modem

Coupon Printer for Windows

Dell DataSafe Online

Dell Getting Started Guide

Dell Support Center

Dell Touchpad

Dell Webcam Center

Dell Webcam Manager

DeviceDiscovery

DeviceManagementQFolder

Digital Line Detect

EDocs

eSupportQFolder

File Recover 7.5

FileZilla Client 3.1.1.1

FormatFactory 2.60

Google Chrome Frame

Google Earth

Google Update Helper

Google Updater

GoToAssist 8.0.0.514

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Deskjet 3050 J610 series Basic Device Software

HP Deskjet 3050 J610 series Help

HP Deskjet 3050 J610 series Product Improvement Study

HP Imaging Device Functions 9.0

HP Photo Creations

HP Photosmart Cameras 9.0

HP Photosmart Essential 2.01

HP Photosmart Essential2.01

HP Solution Center 9.0

HP Update

hpicamDrvQFolder

HPProductAssistant

Hummingbird Component Deployment

ImageMixer for HDD Camcorder

InstantShareDevicesMFC

Intel® PROSet/Wireless Software

iTunes

Java SE Runtime Environment 6

Juniper Networks Cache Cleaner 6.0.0

Juniper Networks Network Connect 6.0.0

Juniper Networks Setup Client

Laptop Integrated Webcam Driver (1.04.01.1011)

Live! Cam Avatar Creator

Live! Cam Avatar v1.0

Logitech Harmony Remote Software 7

Malwarebytes Anti-Malware version 1.60.1.1000

MarkBook 2007

MarkBook 2008

MarkBook 2009

mCore

MediaDirect

mHelp

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Default Manager

Microsoft Office 2000 Premium

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

mMHouse

MobileMe Control Panel

Modem Diagnostic Tool

mPfMgr

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Music, Photos & Videos Launcher

mWMI

NetWaiting

Notebook Software

NVIDIA Drivers

OutlookAddinSetup

PanoStandAlone

PDFCreator

Pixtorio Viewer

Product Documentation Launcher

PSSWCORE

PuTTY version 0.60

Quicken 2008

QuickSet

QuickTax 2008

QuickTime

Remote Control USB Driver

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Sid Meier's Civilization 4 Gold

SimCity 4 Deluxe

Skype™ 5.8

SMART Board Drivers

SolutionCenter

Spyware Doctor with AntiVirus 8.0

Status

StudioTax 2008

TrayApp

UnloadSupport

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

VideoToolkit01

VLC media player 0.9.8a

WebReg

WIDCOMM Bluetooth Software 6.0.1.3100

Windows Live ID Sign-in Assistant

WinRAR archiver

WordPerfect Office 12

WordPerfect Office ProductCode 1 Key

Xvid 1.1.3 final uninstall

.

==== End Of File ===========================

[Durrman]

Also, I ran Malwarebytes - it tells me I have rootkit.0access.H. I tried several times to remove it, but it keeps coming back.

[Durrman]

I ran tdsskiller as well:

20:38:14.0443 3720 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18

20:38:14.0724 3720 ============================================================

20:38:14.0724 3720 Current date / time: 2012/03/28 20:38:14.0724

20:38:14.0724 3720 SystemInfo:

20:38:14.0724 3720

20:38:14.0724 3720 OS Version: 6.0.6001 ServicePack: 1.0

20:38:14.0724 3720 Product type: Workstation

20:38:14.0724 3720 ComputerName: STEPHEN-PC

20:38:14.0724 3720 UserName: Stephen

20:38:14.0724 3720 Windows directory: C:\Windows

20:38:14.0724 3720 System windows directory: C:\Windows

20:38:14.0724 3720 Processor architecture: Intel x86

20:38:14.0724 3720 Number of processors: 2

20:38:14.0724 3720 Page size: 0x1000

20:38:14.0724 3720 Boot type: Normal boot

20:38:14.0724 3720 ============================================================

20:38:15.0036 3720 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

20:38:15.0036 3720 \Device\Harddisk0\DR0:

20:38:15.0036 3720 MBR used

20:38:15.0036 3720 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2B800, BlocksNum 0x1400000

20:38:15.0036 3720 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x142B800, BlocksNum 0x110ED7F8

20:38:15.0145 3720 Initialize success

20:38:15.0145 3720 ============================================================

20:38:27.0220 2760 ============================================================

20:38:27.0220 2760 Scan started

20:38:27.0220 2760 Mode: Manual; SigCheck; TDLFS;

20:38:27.0220 2760 ============================================================

20:38:27.0922 2760 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys

20:38:28.0000 2760 ACPI - ok

20:38:28.0156 2760 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

20:38:28.0171 2760 adp94xx - ok

20:38:28.0234 2760 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

20:38:28.0234 2760 adpahci - ok

20:38:28.0296 2760 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

20:38:28.0312 2760 adpu160m - ok

20:38:28.0390 2760 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

20:38:28.0405 2760 adpu320 - ok

20:38:28.0483 2760 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

20:38:28.0499 2760 AeLookupSvc - ok

20:38:28.0593 2760 AESTFilters (ef1142512bec12f1c2c87735da1755be) C:\Windows\system32\aestsrv.exe

20:38:28.0593 2760 AESTFilters - ok

20:38:28.0780 2760 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys

20:38:28.0795 2760 AFD - ok

20:38:28.0889 2760 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys

20:38:28.0889 2760 agp440 - ok

20:38:28.0967 2760 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

20:38:28.0983 2760 aic78xx - ok

20:38:29.0076 2760 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

20:38:29.0123 2760 ALG - ok

20:38:29.0263 2760 aliide (e32a92e1574a467f7c762922f6162d76) C:\Windows\system32\drivers\aliide.sys

20:38:29.0279 2760 aliide - ok

20:38:29.0357 2760 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys

20:38:29.0357 2760 amdagp - ok

20:38:29.0404 2760 amdide (b52b576cb0099a62f87214f371031561) C:\Windows\system32\drivers\amdide.sys

20:38:29.0404 2760 amdide - ok

20:38:29.0482 2760 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

20:38:29.0544 2760 AmdK7 - ok

20:38:29.0607 2760 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

20:38:29.0653 2760 AmdK8 - ok

20:38:29.0747 2760 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys

20:38:29.0763 2760 ApfiltrService - ok

20:38:29.0887 2760 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

20:38:29.0919 2760 Appinfo - ok

20:38:30.0028 2760 Apple Mobile Device (70d7be78061126dd0c3accdb7e129017) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

20:38:30.0043 2760 Apple Mobile Device - ok

20:38:30.0090 2760 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

20:38:30.0106 2760 arc - ok

20:38:30.0199 2760 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

20:38:30.0215 2760 arcsas - ok

20:38:30.0277 2760 ASInsHelp - ok

20:38:30.0355 2760 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

20:38:30.0387 2760 AsyncMac - ok

20:38:30.0480 2760 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys

20:38:30.0480 2760 atapi - ok

20:38:30.0621 2760 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll

20:38:30.0636 2760 AudioEndpointBuilder - ok

20:38:30.0652 2760 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll

20:38:30.0683 2760 Audiosrv - ok

20:38:30.0761 2760 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys

20:38:30.0761 2760 bcm4sbxp - ok

20:38:30.0855 2760 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

20:38:30.0901 2760 Beep - ok

20:38:31.0057 2760 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll

20:38:31.0089 2760 BITS - ok

20:38:31.0135 2760 blbdrive - ok

20:38:31.0307 2760 Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Program Files\Bonjour\mDNSResponder.exe

20:38:31.0323 2760 Bonjour Service - ok

20:38:31.0494 2760 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys

20:38:31.0494 2760 bowser - ok

20:38:31.0572 2760 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

20:38:31.0588 2760 BrFiltLo - ok

20:38:31.0619 2760 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

20:38:31.0666 2760 BrFiltUp - ok

20:38:31.0744 2760 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

20:38:31.0791 2760 Browser - ok

20:38:31.0915 2760 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

20:38:31.0962 2760 Brserid - ok

20:38:32.0009 2760 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

20:38:32.0040 2760 BrSerWdm - ok

20:38:32.0087 2760 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

20:38:32.0134 2760 BrUsbMdm - ok

20:38:32.0181 2760 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

20:38:32.0212 2760 BrUsbSer - ok

20:38:32.0352 2760 BthEnum (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys

20:38:32.0352 2760 BthEnum - ok

20:38:32.0430 2760 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

20:38:32.0461 2760 BTHMODEM - ok

20:38:32.0524 2760 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys

20:38:32.0555 2760 BthPan - ok

20:38:32.0617 2760 BTHPORT (73d53f8e90550ba81e2cf44a0873b410) C:\Windows\system32\Drivers\BTHport.sys

20:38:32.0649 2760 BTHPORT - ok

20:38:32.0758 2760 BthServ (58ee7f5e68310bc8d4e7cebd8358c12e) C:\Windows\System32\bthserv.dll

20:38:32.0773 2760 BthServ - ok

20:38:32.0836 2760 BTHUSB (32045a4bb143bbc5bab1298c4e9e309a) C:\Windows\system32\Drivers\BTHUSB.sys

20:38:32.0851 2760 BTHUSB - ok

20:38:32.0929 2760 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys

20:38:32.0961 2760 btwrchid - ok

20:38:33.0085 2760 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

20:38:33.0101 2760 cdfs - ok

20:38:33.0195 2760 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys

20:38:33.0241 2760 cdrom - ok

20:38:33.0319 2760 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll

20:38:33.0335 2760 CertPropSvc - ok

20:38:33.0413 2760 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

20:38:33.0444 2760 circlass - ok

20:38:33.0553 2760 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys

20:38:33.0553 2760 CLFS - ok

20:38:33.0647 2760 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:38:33.0647 2760 clr_optimization_v2.0.50727_32 - ok

20:38:33.0787 2760 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:38:33.0803 2760 clr_optimization_v4.0.30319_32 - ok

20:38:33.0928 2760 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

20:38:33.0959 2760 CmBatt - ok

20:38:34.0021 2760 cmdide (c177dd90b5dc1dcaa96ccece752e6f0f) C:\Windows\system32\drivers\cmdide.sys

20:38:34.0037 2760 cmdide - ok

20:38:34.0115 2760 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

20:38:34.0115 2760 Compbatt - ok

20:38:34.0146 2760 COMSysApp - ok

20:38:34.0193 2760 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

20:38:34.0193 2760 crcdisk - ok

20:38:34.0287 2760 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

20:38:34.0349 2760 Crusoe - ok

20:38:34.0443 2760 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll

20:38:34.0489 2760 CryptSvc - ok

20:38:34.0536 2760 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys

20:38:34.0552 2760 CVirtA - ok

20:38:34.0614 2760 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll

20:38:34.0630 2760 DcomLaunch - ok

20:38:34.0801 2760 DfsC (cbda4adeec40ff219a141729e4774d05) C:\Windows\system32\Drivers\dfsc.sys

20:38:34.0801 2760 Suspicious file (Forged): C:\Windows\system32\Drivers\dfsc.sys. Real md5: cbda4adeec40ff219a141729e4774d05, Fake md5: a3e9fa213f443ac77c7746119d13feec

20:38:34.0801 2760 DfsC ( Virus.Win32.ZAccess.c ) - infected

20:38:34.0801 2760 DfsC - detected Virus.Win32.ZAccess.c (0)

20:38:34.0895 2760 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll

20:38:34.0926 2760 Dhcp - ok

20:38:35.0004 2760 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys

20:38:35.0020 2760 disk - ok

20:38:35.0129 2760 Dnscache (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll

20:38:35.0160 2760 Dnscache - ok

20:38:35.0223 2760 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll

20:38:35.0269 2760 dot3svc - ok

20:38:35.0347 2760 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

20:38:35.0379 2760 DPS - ok

20:38:35.0488 2760 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

20:38:35.0503 2760 drmkaud - ok

20:38:35.0581 2760 dsNcAdpt (4823163c246868863d41a2f5ee06a21e) C:\Windows\system32\DRIVERS\dsNcAdpt.sys

20:38:35.0597 2760 dsNcAdpt - ok

20:38:35.0644 2760 dsNcService (bdf3fc4915e3810aed3245b8f15aa5bb) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

20:38:35.0659 2760 dsNcService - ok

20:38:35.0831 2760 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys

20:38:35.0893 2760 DXGKrnl - ok

20:38:35.0971 2760 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys

20:38:36.0018 2760 e1express - ok

20:38:36.0112 2760 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

20:38:36.0143 2760 E1G60 - ok

20:38:36.0221 2760 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

20:38:36.0252 2760 EapHost - ok

20:38:36.0424 2760 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys

20:38:36.0424 2760 Ecache - ok

20:38:36.0502 2760 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe

20:38:36.0517 2760 ehRecvr - ok

20:38:36.0533 2760 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe

20:38:36.0549 2760 ehSched - ok

20:38:36.0564 2760 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll

20:38:36.0564 2760 ehstart - ok

20:38:36.0642 2760 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

20:38:36.0658 2760 elxstor - ok

20:38:36.0751 2760 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll

20:38:36.0767 2760 EMDMgmt - ok

20:38:36.0876 2760 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll

20:38:36.0876 2760 EventSystem - ok

20:38:36.0985 2760 EvtEng (e71b03ff6b819ae1a286aa27e956d523) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

20:38:37.0017 2760 EvtEng ( UnsignedFile.Multi.Generic ) - warning

20:38:37.0017 2760 EvtEng - detected UnsignedFile.Multi.Generic (1)

20:38:37.0141 2760 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys

20:38:37.0157 2760 exfat - ok

20:38:37.0235 2760 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys

20:38:37.0251 2760 fastfat - ok

20:38:37.0297 2760 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

20:38:37.0329 2760 fdc - ok

20:38:37.0407 2760 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

20:38:37.0422 2760 fdPHost - ok

20:38:37.0485 2760 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

20:38:37.0516 2760 FDResPub - ok

20:38:37.0625 2760 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

20:38:37.0641 2760 FileInfo - ok

20:38:37.0703 2760 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

20:38:37.0719 2760 Filetrace - ok

20:38:37.0781 2760 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

20:38:37.0812 2760 flpydisk - ok

20:38:37.0890 2760 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys

20:38:37.0890 2760 FltMgr - ok

20:38:38.0015 2760 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

20:38:38.0015 2760 FontCache3.0.0.0 - ok

20:38:38.0109 2760 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

20:38:38.0124 2760 Fs_Rec - ok

20:38:38.0202 2760 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

20:38:38.0202 2760 gagp30kx - ok

20:38:38.0280 2760 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys

20:38:38.0296 2760 GEARAspiWDM - ok

20:38:38.0389 2760 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

20:38:38.0389 2760 GoToAssist - ok

20:38:38.0499 2760 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll

20:38:38.0530 2760 gpsvc - ok

20:38:38.0639 2760 gupdate1c9c3a560755f0 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

20:38:38.0639 2760 gupdate1c9c3a560755f0 - ok

20:38:38.0655 2760 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

20:38:38.0670 2760 gupdatem - ok

20:38:38.0733 2760 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

20:38:38.0733 2760 gusvc - ok

20:38:38.0826 2760 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys

20:38:38.0842 2760 HDAudBus - ok

20:38:38.0920 2760 HidBth (204c3b1846e9cbaaef88b8e1f86782f8) C:\Windows\system32\DRIVERS\hidbth.sys

20:38:38.0951 2760 HidBth - ok

20:38:39.0013 2760 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

20:38:39.0045 2760 HidIr - ok

20:38:39.0138 2760 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll

20:38:39.0201 2760 hidserv - ok

20:38:39.0279 2760 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys

20:38:39.0294 2760 HidUsb - ok

20:38:39.0357 2760 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

20:38:39.0388 2760 hkmsvc - ok

20:38:39.0466 2760 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

20:38:39.0481 2760 HpCISSs - ok

20:38:39.0622 2760 hpqcxs08 (58d4765ab87347db835d5693adf652c1) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

20:38:39.0637 2760 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning

20:38:39.0637 2760 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)

20:38:39.0653 2760 hpqddsvc (99ed733f614660eb32199bf889dfb7e2) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

20:38:39.0669 2760 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning

20:38:39.0669 2760 hpqddsvc - detected UnsignedFile.Multi.Generic (1)

20:38:39.0793 2760 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys

20:38:39.0856 2760 HSF_DPV - ok

20:38:39.0918 2760 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

20:38:39.0918 2760 HSXHWAZL - ok

20:38:40.0012 2760 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys

20:38:40.0074 2760 HTTP - ok

20:38:40.0246 2760 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

20:38:40.0261 2760 i2omp - ok

20:38:40.0355 2760 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

20:38:40.0371 2760 i8042prt - ok

20:38:40.0417 2760 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys

20:38:40.0433 2760 iaStor - ok

20:38:40.0495 2760 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

20:38:40.0511 2760 iaStorV - ok

20:38:40.0589 2760 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

20:38:40.0620 2760 idsvc - ok

20:38:40.0714 2760 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

20:38:40.0714 2760 iirsp - ok

20:38:40.0823 2760 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll

20:38:40.0839 2760 IKEEXT - ok

20:38:40.0979 2760 intelide (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\DRIVERS\intelide.sys

20:38:40.0979 2760 intelide - ok

20:38:41.0073 2760 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

20:38:41.0104 2760 intelppm - ok

20:38:41.0182 2760 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

20:38:41.0213 2760 IPBusEnum - ok

20:38:41.0338 2760 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:38:41.0369 2760 IpFilterDriver - ok

20:38:41.0416 2760 IpInIp - ok

20:38:41.0478 2760 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

20:38:41.0525 2760 IPMIDRV - ok

20:38:41.0603 2760 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

20:38:41.0619 2760 IPNAT - ok

20:38:41.0712 2760 iPod Service (dcb3796e0169419618c72f0ce34c68ed) C:\Program Files\iPod\bin\iPodService.exe

20:38:41.0743 2760 iPod Service - ok

20:38:41.0884 2760 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

20:38:41.0899 2760 IRENUM - ok

20:38:41.0962 2760 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys

20:38:41.0962 2760 isapnp - ok

20:38:42.0040 2760 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys

20:38:42.0055 2760 iScsiPrt - ok

20:38:42.0118 2760 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

20:38:42.0118 2760 iteatapi - ok

20:38:42.0227 2760 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

20:38:42.0227 2760 iteraid - ok

20:38:42.0289 2760 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

20:38:42.0305 2760 kbdclass - ok

20:38:42.0321 2760 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys

20:38:42.0352 2760 kbdhid - ok

20:38:42.0399 2760 KeyIso (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe

20:38:42.0430 2760 KeyIso - ok

20:38:42.0508 2760 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys

20:38:42.0523 2760 KSecDD - ok

20:38:42.0601 2760 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

20:38:42.0633 2760 KtmRm - ok

20:38:42.0789 2760 LanmanServer (1925e63c91cf1610ae41bfd539062079) C:\Windows\system32\srvsvc.dll

20:38:42.0804 2760 LanmanServer - ok

20:38:42.0867 2760 LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll

20:38:42.0882 2760 LanmanWorkstation - ok

20:38:42.0991 2760 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

20:38:43.0007 2760 lltdio - ok

20:38:43.0069 2760 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

20:38:43.0101 2760 lltdsvc - ok

20:38:43.0163 2760 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

20:38:43.0194 2760 lmhosts - ok

20:38:43.0257 2760 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

20:38:43.0257 2760 LSI_FC - ok

20:38:43.0366 2760 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

20:38:43.0381 2760 LSI_SAS - ok

20:38:43.0428 2760 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

20:38:43.0444 2760 LSI_SCSI - ok

20:38:43.0522 2760 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

20:38:43.0537 2760 luafv - ok

20:38:43.0600 2760 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll

20:38:43.0615 2760 Mcx2Svc - ok

20:38:43.0725 2760 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

20:38:43.0740 2760 mdmxsdk - ok

20:38:43.0818 2760 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

20:38:43.0834 2760 megasas - ok

20:38:43.0912 2760 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

20:38:43.0943 2760 MMCSS - ok

20:38:44.0068 2760 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

20:38:44.0099 2760 Modem - ok

20:38:44.0161 2760 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

20:38:44.0193 2760 monitor - ok

20:38:44.0286 2760 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

20:38:44.0286 2760 mouclass - ok

20:38:44.0333 2760 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

20:38:44.0364 2760 mouhid - ok

20:38:44.0442 2760 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

20:38:44.0458 2760 MountMgr - ok

20:38:44.0536 2760 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

20:38:44.0551 2760 mpio - ok

20:38:44.0629 2760 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

20:38:44.0645 2760 mpsdrv - ok

20:38:44.0692 2760 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

20:38:44.0707 2760 Mraid35x - ok

20:38:44.0801 2760 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys

20:38:44.0817 2760 MRxDAV - ok

20:38:44.0941 2760 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys

20:38:44.0941 2760 mrxsmb - ok

20:38:45.0035 2760 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:38:45.0051 2760 mrxsmb10 - ok

20:38:45.0082 2760 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:38:45.0097 2760 mrxsmb20 - ok

20:38:45.0144 2760 msahci (2681302b63b318cbea6c82902ac5428c) C:\Windows\system32\drivers\msahci.sys

20:38:45.0160 2760 msahci - ok

20:38:45.0238 2760 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

20:38:45.0238 2760 msdsm - ok

20:38:45.0316 2760 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

20:38:45.0331 2760 MSDTC - ok

20:38:45.0425 2760 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

20:38:45.0456 2760 Msfs - ok

20:38:45.0534 2760 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

20:38:45.0550 2760 msisadrv - ok

20:38:45.0628 2760 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

20:38:45.0659 2760 MSiSCSI - ok

20:38:45.0706 2760 msiserver - ok

20:38:45.0799 2760 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

20:38:45.0846 2760 MSKSSRV - ok

20:38:45.0909 2760 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

20:38:45.0924 2760 MSPCLOCK - ok

20:38:45.0987 2760 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

20:38:46.0033 2760 MSPQM - ok

20:38:46.0127 2760 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys

20:38:46.0127 2760 MsRPC - ok

20:38:46.0221 2760 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

20:38:46.0221 2760 mssmbios - ok

20:38:46.0314 2760 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

20:38:46.0330 2760 MSTEE - ok

20:38:46.0408 2760 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys

20:38:46.0408 2760 Mup - ok

20:38:46.0501 2760 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll

20:38:46.0548 2760 napagent - ok

20:38:46.0673 2760 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys

20:38:46.0689 2760 NativeWifiP - ok

20:38:46.0767 2760 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys

20:38:46.0813 2760 NDIS - ok

20:38:46.0923 2760 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

20:38:46.0938 2760 NdisTapi - ok

20:38:46.0985 2760 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

20:38:47.0001 2760 Ndisuio - ok

20:38:47.0094 2760 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys

20:38:47.0110 2760 NdisWan - ok

20:38:47.0188 2760 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

20:38:47.0219 2760 NDProxy - ok

20:38:47.0297 2760 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

20:38:47.0328 2760 NetBIOS - ok

20:38:47.0422 2760 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys

20:38:47.0437 2760 netbt - ok

20:38:47.0484 2760 Netlogon (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe

20:38:47.0500 2760 Netlogon - ok

20:38:47.0562 2760 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

20:38:47.0593 2760 Netman - ok

20:38:47.0656 2760 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

20:38:47.0703 2760 netprofm - ok

20:38:47.0812 2760 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

20:38:47.0812 2760 NetTcpPortSharing - ok

20:38:47.0983 2760 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys

20:38:48.0093 2760 NETw4v32 - ok

20:38:48.0186 2760 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

20:38:48.0202 2760 nfrd960 - ok

20:38:48.0280 2760 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

20:38:48.0295 2760 NlaSvc - ok

20:38:48.0373 2760 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys

20:38:48.0405 2760 Npfs - ok

20:38:48.0467 2760 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

20:38:48.0498 2760 nsi - ok

20:38:48.0607 2760 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

20:38:48.0654 2760 nsiproxy - ok

20:38:48.0779 2760 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys

20:38:48.0795 2760 Ntfs - ok

20:38:48.0873 2760 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

20:38:48.0919 2760 ntrigdigi - ok

20:38:49.0029 2760 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

20:38:49.0060 2760 Null - ok

20:38:49.0309 2760 nvlddmkm (dc89868592d74de404406c9420c3f277) C:\Windows\system32\DRIVERS\nvlddmkm.sys

20:38:49.0528 2760 nvlddmkm - ok

20:38:49.0637 2760 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

20:38:49.0653 2760 nvraid - ok

20:38:49.0731 2760 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

20:38:49.0731 2760 nvstor - ok

20:38:49.0809 2760 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys

20:38:49.0824 2760 nv_agp - ok

20:38:49.0855 2760 NwlnkFlt - ok

20:38:49.0887 2760 NwlnkFwd - ok

20:38:49.0980 2760 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys

20:38:50.0011 2760 OEM02Dev - ok

20:38:50.0074 2760 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys

20:38:50.0089 2760 OEM02Vfx - ok

20:38:50.0167 2760 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys

20:38:50.0199 2760 ohci1394 - ok

20:38:50.0323 2760 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll

20:38:50.0355 2760 p2pimsvc - ok

20:38:50.0401 2760 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll

20:38:50.0433 2760 p2psvc - ok

20:38:50.0511 2760 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

20:38:50.0557 2760 Parport - ok

20:38:50.0682 2760 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys

20:38:50.0682 2760 partmgr - ok

20:38:50.0729 2760 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

20:38:50.0791 2760 Parvdm - ok

20:38:50.0869 2760 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

20:38:50.0869 2760 PcaSvc - ok

20:38:51.0072 2760 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys

20:38:51.0072 2760 pci - ok

20:38:51.0135 2760 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

20:38:51.0135 2760 pciide - ok

20:38:51.0197 2760 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

20:38:51.0213 2760 pcmcia - ok

20:38:51.0337 2760 PCTCore (995e6bc3bb92bb4a9eb49a663c43b6cb) C:\Windows\system32\drivers\PCTCore.sys

20:38:51.0337 2760 PCTCore - ok

20:38:51.0400 2760 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys

20:38:51.0447 2760 pctDS - ok

20:38:51.0571 2760 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

20:38:51.0618 2760 PEAUTH - ok

20:38:51.0774 2760 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

20:38:51.0821 2760 pla - ok

20:38:51.0868 2760 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll

20:38:51.0899 2760 PlugPlay - ok

20:38:51.0993 2760 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll

20:38:52.0008 2760 PNRPAutoReg - ok

20:38:52.0071 2760 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll

20:38:52.0133 2760 PNRPsvc - ok

20:38:52.0258 2760 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll

20:38:52.0305 2760 PolicyAgent - ok

20:38:52.0398 2760 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

20:38:52.0429 2760 PptpMiniport - ok

20:38:52.0523 2760 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

20:38:52.0554 2760 Processor - ok

20:38:52.0648 2760 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll

20:38:52.0679 2760 ProfSvc - ok

20:38:52.0710 2760 ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe

20:38:52.0726 2760 ProtectedStorage - ok

20:38:52.0804 2760 proxyserverservice - ok

20:38:52.0866 2760 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys

20:38:52.0882 2760 PSched - ok

20:38:52.0913 2760 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys

20:38:52.0929 2760 PxHelp20 - ok

20:38:53.0038 2760 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

20:38:53.0069 2760 ql2300 - ok

20:38:53.0147 2760 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

20:38:53.0147 2760 ql40xx - ok

20:38:53.0272 2760 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

20:38:53.0287 2760 QWAVE - ok

20:38:53.0459 2760 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

20:38:53.0490 2760 QWAVEdrv - ok

20:38:53.0599 2760 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys

20:38:53.0755 2760 R300 - ok

20:38:53.0865 2760 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

20:38:53.0880 2760 RasAcd - ok

20:38:53.0943 2760 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

20:38:53.0958 2760 RasAuto - ok

20:38:54.0036 2760 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

20:38:54.0067 2760 Rasl2tp - ok

20:38:54.0099 2760 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll

20:38:54.0130 2760 RasMan - ok

20:38:54.0255 2760 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys

20:38:54.0286 2760 RasPppoe - ok

20:38:54.0364 2760 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys

20:38:54.0411 2760 RasSstp - ok

20:38:54.0489 2760 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys

20:38:54.0504 2760 rdbss - ok

20:38:54.0613 2760 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

20:38:54.0629 2760 RDPCDD - ok

20:38:54.0691 2760 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys

20:38:54.0723 2760 rdpdr - ok

20:38:54.0754 2760 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

20:38:54.0785 2760 RDPENCDD - ok

20:38:54.0879 2760 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys

20:38:54.0894 2760 RDPWD - ok

20:38:55.0003 2760 RegSrvc (2cf574d0965f58e514a2dc94114d7eca) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

20:38:55.0003 2760 RegSrvc ( UnsignedFile.Multi.Generic ) - warning

20:38:55.0003 2760 RegSrvc - detected UnsignedFile.Multi.Generic (1)

20:38:55.0097 2760 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

20:38:55.0128 2760 RemoteAccess - ok

20:38:55.0191 2760 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll

20:38:55.0206 2760 RemoteRegistry - ok

20:38:55.0269 2760 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys

20:38:55.0284 2760 RFCOMM - ok

20:38:55.0362 2760 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys

20:38:55.0362 2760 rimmptsk - ok

20:38:55.0440 2760 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys

20:38:55.0456 2760 rimsptsk - ok

20:38:55.0503 2760 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys

20:38:55.0503 2760 rismxdp - ok

20:38:55.0549 2760 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

20:38:55.0565 2760 RpcLocator - ok

20:38:55.0643 2760 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll

20:38:55.0659 2760 RpcSs - ok

20:38:55.0799 2760 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

20:38:55.0815 2760 rspndr - ok

20:38:55.0908 2760 RushTopDevice (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\FVNETusb.dll

20:38:55.0908 2760 RushTopDevice ( Backdoor.Multi.ZAccess.gen ) - infected

20:38:55.0908 2760 RushTopDevice - detected Backdoor.Multi.ZAccess.gen (0)

20:38:55.0955 2760 SamSs (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe

20:38:55.0971 2760 SamSs - ok

20:38:56.0033 2760 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

20:38:56.0033 2760 sbp2port - ok

20:38:56.0142 2760 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll

20:38:56.0173 2760 SCardSvr - ok

20:38:56.0267 2760 Schedule (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll

20:38:56.0283 2760 Schedule - ok

20:38:56.0376 2760 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll

20:38:56.0407 2760 SCPolicySvc - ok

20:38:56.0610 2760 sdAuxService (a1089ac7683826e6c7c9fab9723dd80f) C:\Program Files\PC Tools Security\pctsAuxs.exe

20:38:56.0641 2760 sdAuxService - ok

20:38:56.0751 2760 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys

20:38:56.0782 2760 sdbus - ok

20:38:56.0969 2760 sdCoreService (ed6c2efeb47524bff4d5e5109fb1a2bb) C:\Program Files\PC Tools Security\pctsSvc.exe

20:38:57.0016 2760 sdCoreService - ok

20:38:57.0141 2760 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

20:38:57.0172 2760 SDRSVC - ok

20:38:57.0328 2760 SeaPort (4a5809a1d796e2675ac0332bf7b0cb11) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

20:38:57.0343 2760 SeaPort - ok

20:38:57.0406 2760 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

20:38:57.0453 2760 secdrv - ok

20:38:57.0562 2760 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

20:38:57.0577 2760 seclogon - ok

20:38:57.0624 2760 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll

20:38:57.0640 2760 SENS - ok

20:38:57.0671 2760 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

20:38:57.0718 2760 Serenum - ok

20:38:57.0796 2760 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

20:38:57.0827 2760 Serial - ok

20:38:57.0905 2760 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

20:38:57.0936 2760 sermouse - ok

20:38:58.0045 2760 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

20:38:58.0061 2760 SessionEnv - ok

20:38:58.0139 2760 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys

20:38:58.0155 2760 sffdisk - ok

20:38:58.0233 2760 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys

20:38:58.0264 2760 sffp_mmc - ok

20:38:58.0311 2760 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys

20:38:58.0357 2760 sffp_sd - ok

20:38:58.0498 2760 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

20:38:58.0529 2760 sfloppy - ok

20:38:58.0607 2760 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll

20:38:58.0638 2760 SharedAccess - ok

20:38:58.0732 2760 ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll

20:38:58.0763 2760 ShellHWDetection - ok

20:38:58.0857 2760 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys

20:38:58.0872 2760 sisagp - ok

20:38:58.0966 2760 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

20:38:58.0966 2760 SiSRaid2 - ok

20:38:59.0028 2760 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

20:38:59.0028 2760 SiSRaid4 - ok

20:38:59.0137 2760 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files\Skype\Updater\Updater.exe

20:38:59.0153 2760 SkypeUpdate - ok

20:38:59.0293 2760 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe

20:38:59.0387 2760 slsvc - ok

20:38:59.0481 2760 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll

20:38:59.0512 2760 SLUINotify - ok

20:38:59.0621 2760 SMARTMouseFilterx86 (9d819137bbdee71f4241706acf80fbe1) C:\Windows\system32\DRIVERS\SMARTMouseFilterx86.sys

20:38:59.0621 2760 SMARTMouseFilterx86 - ok

20:38:59.0715 2760 SMARTVHidMini2000x86 (2d362731fac8440e9d3a43f5d1dae280) C:\Windows\system32\DRIVERS\SMARTVHidMini2000x86.sys

20:38:59.0715 2760 SMARTVHidMini2000x86 - ok

20:38:59.0761 2760 SMARTVTabletPCx86 (81f42b378175728c3cd13ef3fd1c53f0) C:\Windows\system32\DRIVERS\SMARTVTabletPCx86.sys

20:38:59.0777 2760 SMARTVTabletPCx86 - ok

20:38:59.0855 2760 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys

20:38:59.0871 2760 Smb - ok

20:38:59.0917 2760 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

20:38:59.0917 2760 SNMPTRAP - ok

20:38:59.0995 2760 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

20:39:00.0011 2760 spldr - ok

20:39:00.0089 2760 Spooler (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe

20:39:00.0105 2760 Spooler - ok

20:39:00.0214 2760 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys

20:39:00.0229 2760 srv - ok

20:39:00.0354 2760 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys

20:39:00.0370 2760 srv2 - ok

20:39:00.0432 2760 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys

20:39:00.0448 2760 srvnet - ok

20:39:00.0557 2760 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

20:39:00.0604 2760 SSDPSRV - ok

20:39:00.0697 2760 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

20:39:00.0729 2760 SstpSvc - ok

20:39:00.0807 2760 STacSV (7e6dd4b34acd36af6c711d2bde91b040) C:\Windows\system32\STacSV.exe

20:39:00.0822 2760 STacSV - ok

20:39:00.0900 2760 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys

20:39:00.0947 2760 STHDA - ok

20:39:01.0072 2760 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys

20:39:01.0103 2760 StillCam - ok

20:39:01.0197 2760 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll

20:39:01.0243 2760 stisvc - ok

20:39:01.0337 2760 stllssvr (7489520e98a119b5a9a00857f4f87d16) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

20:39:01.0353 2760 stllssvr - ok

20:39:01.0431 2760 Subsonic - ok

20:39:01.0524 2760 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

20:39:01.0524 2760 swenum - ok

20:39:01.0602 2760 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll

20:39:01.0649 2760 swprv - ok

20:39:01.0711 2760 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

20:39:01.0711 2760 Symc8xx - ok

20:39:01.0821 2760 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

20:39:01.0836 2760 Sym_hi - ok

20:39:01.0899 2760 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

20:39:01.0899 2760 Sym_u3 - ok

20:39:01.0992 2760 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll

20:39:02.0023 2760 SysMain - ok

20:39:02.0148 2760 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

20:39:02.0164 2760 TabletInputService - ok

20:39:02.0242 2760 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll

20:39:02.0273 2760 TapiSrv - ok

20:39:02.0335 2760 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

20:39:02.0351 2760 TBS - ok

20:39:02.0507 2760 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys

20:39:02.0569 2760 Tcpip - ok

20:39:02.0710 2760 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys

20:39:02.0757 2760 Tcpip6 - ok

20:39:02.0881 2760 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys

20:39:02.0928 2760 tcpipreg - ok

20:39:02.0991 2760 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

20:39:03.0037 2760 TDPIPE - ok

20:39:03.0069 2760 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

20:39:03.0100 2760 TDTCP - ok

20:39:03.0225 2760 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys

20:39:03.0256 2760 tdx - ok

20:39:03.0334 2760 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys

20:39:03.0349 2760 TermDD - ok

20:39:03.0505 2760 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll

20:39:03.0568 2760 TermService - ok

20:39:03.0724 2760 Themes (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll

20:39:03.0739 2760 Themes - ok

20:39:03.0817 2760 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

20:39:03.0833 2760 THREADORDER - ok

20:39:03.0864 2760 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

20:39:03.0880 2760 TrkWks - ok

20:39:03.0927 2760 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe

20:39:03.0942 2760 TrustedInstaller - ok

20:39:04.0020 2760 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

20:39:04.0067 2760 tssecsrv - ok

20:39:04.0192 2760 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

20:39:04.0207 2760 tunmp - ok

20:39:04.0285 2760 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys

20:39:04.0301 2760 tunnel - ok

20:39:04.0332 2760 TVALG - ok

20:39:04.0395 2760 twfwq - ok

20:39:04.0488 2760 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

20:39:04.0488 2760 uagp35 - ok

20:39:04.0566 2760 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys

20:39:04.0582 2760 udfs - ok

20:39:04.0691 2760 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

20:39:04.0722 2760 UI0Detect - ok

20:39:04.0785 2760 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys

20:39:04.0785 2760 uliagpkx - ok

20:39:04.0909 2760 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

20:39:04.0909 2760 uliahci - ok

20:39:04.0987 2760 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

20:39:04.0987 2760 UlSata - ok

20:39:05.0065 2760 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

20:39:05.0065 2760 ulsata2 - ok

20:39:05.0143 2760 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

20:39:05.0159 2760 umbus - ok

20:39:05.0268 2760 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

20:39:05.0299 2760 upnphost - ok

20:39:05.0362 2760 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys

20:39:05.0362 2760 USBAAPL - ok

20:39:05.0455 2760 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

20:39:05.0471 2760 usbccgp - ok

20:39:05.0533 2760 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

20:39:05.0580 2760 usbcir - ok

20:39:05.0689 2760 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys

20:39:05.0705 2760 usbehci - ok

20:39:05.0783 2760 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys

20:39:05.0814 2760 usbhub - ok

20:39:05.0892 2760 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

20:39:05.0939 2760 usbohci - ok

20:39:06.0033 2760 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

20:39:06.0048 2760 usbprint - ok

20:39:06.0142 2760 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

20:39:06.0157 2760 usbscan - ok

20:39:06.0189 2760 usbsermptxp - ok

20:39:06.0235 2760 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:39:06.0267 2760 USBSTOR - ok

20:39:06.0345 2760 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

20:39:06.0360 2760 usbuhci - ok

20:39:06.0469 2760 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll

20:39:06.0485 2760 UxSms - ok

20:39:06.0563 2760 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe

20:39:06.0641 2760 vds - ok

20:39:06.0703 2760 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

20:39:06.0735 2760 vga - ok

20:39:06.0828 2760 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

20:39:06.0844 2760 VgaSave - ok

20:39:06.0953 2760 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys

20:39:06.0953 2760 viaagp - ok

20:39:07.0000 2760 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

20:39:07.0047 2760 ViaC7 - ok

20:39:07.0109 2760 viaide (689547ce911998d1e0da7a5992e025fc) C:\Windows\system32\drivers\viaide.sys

20:39:07.0109 2760 viaide - ok

20:39:07.0203 2760 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

20:39:07.0203 2760 volmgr - ok

20:39:07.0343 2760 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys

20:39:07.0359 2760 volmgrx - ok

20:39:07.0421 2760 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys

20:39:07.0437 2760 volsnap - ok

20:39:07.0515 2760 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

20:39:07.0515 2760 vsmraid - ok

20:39:07.0655 2760 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe

20:39:07.0733 2760 VSS - ok

20:39:07.0827 2760 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll

20:39:07.0873 2760 W32Time - ok

20:39:07.0951 2760 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

20:39:07.0983 2760 WacomPen - ok

20:39:08.0092 2760 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

20:39:08.0107 2760 Wanarp - ok

20:39:08.0107 2760 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

20:39:08.0123 2760 Wanarpv6 - ok

20:39:08.0232 2760 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll

20:39:08.0248 2760 wcncsvc - ok

20:39:08.0326 2760 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

20:39:08.0341 2760 WcsPlugInService - ok

20:39:08.0435 2760 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

20:39:08.0451 2760 Wd - ok

20:39:08.0529 2760 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

20:39:08.0544 2760 Wdf01000 - ok

20:39:08.0622 2760 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

20:39:08.0653 2760 WdiServiceHost - ok

20:39:08.0669 2760 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

20:39:08.0685 2760 WdiSystemHost - ok

20:39:08.0731 2760 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll

20:39:08.0747 2760 WebClient - ok

20:39:08.0872 2760 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll

20:39:08.0903 2760 Wecsvc - ok

20:39:08.0965 2760 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll

20:39:08.0997 2760 wercplsupport - ok

20:39:09.0075 2760 WerSvc (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll

20:39:09.0090 2760 WerSvc - ok

20:39:09.0168 2760 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

20:39:09.0199 2760 winachsf - ok

20:39:09.0199 2760 WinHttpAutoProxySvc - ok

20:39:09.0340 2760 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll

20:39:09.0371 2760 Winmgmt - ok

20:39:09.0465 2760 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll

20:39:09.0589 2760 WinRM - ok

20:39:09.0730 2760 WinUsb (f03110711b17ad31271cb2baf0dbb2b1) C:\Windows\system32\DRIVERS\WinUSB.sys

20:39:09.0761 2760 WinUsb - ok

20:39:09.0839 2760 Wlansvc (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll

20:39:09.0855 2760 Wlansvc - ok

20:39:10.0011 2760 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

20:39:10.0073 2760 wlidsvc - ok

20:39:10.0307 2760 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

20:39:10.0338 2760 WmiAcpi - ok

20:39:10.0416 2760 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe

20:39:10.0447 2760 wmiApSrv - ok

20:39:10.0541 2760 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe

20:39:10.0572 2760 WMPNetworkSvc - ok

20:39:10.0681 2760 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll

20:39:10.0681 2760 WPCSvc - ok

20:39:10.0759 2760 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll

20:39:10.0775 2760 WPDBusEnum - ok

20:39:10.0853 2760 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys

20:39:10.0869 2760 WpdUsb - ok

20:39:11.0134 2760 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

20:39:11.0149 2760 WPFFontCache_v0400 - ok

20:39:11.0337 2760 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

20:39:11.0352 2760 ws2ifsl - ok

20:39:11.0383 2760 WSearch - ok

20:39:11.0524 2760 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll

20:39:11.0586 2760 wuauserv - ok

20:39:11.0695 2760 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

20:39:11.0711 2760 WUDFRd - ok

20:39:11.0773 2760 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll

20:39:11.0820 2760 wudfsvc - ok

20:39:11.0914 2760 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys

20:39:11.0914 2760 XAudio - ok

20:39:11.0961 2760 XAudioService (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe

20:39:11.0976 2760 XAudioService - ok

20:39:12.0007 2760 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

20:39:12.0179 2760 \Device\Harddisk0\DR0 - ok

20:39:12.0210 2760 Boot (0x1200) (22a2276b146dd2b6b0608893f0f47b5c) \Device\Harddisk0\DR0\Partition0

20:39:12.0210 2760 \Device\Harddisk0\DR0\Partition0 - ok

20:39:12.0226 2760 Boot (0x1200) (e0b34747fcbaf3b00e70ab93cbf15441) \Device\Harddisk0\DR0\Partition1

20:39:12.0226 2760 \Device\Harddisk0\DR0\Partition1 - ok

20:39:12.0226 2760 ============================================================

20:39:12.0226 2760 Scan finished

20:39:12.0226 2760 ============================================================

20:39:12.0241 3844 Detected object count: 6

20:39:12.0241 3844 Actual detected object count: 6

20:39:58.0776 3844 C:\Windows\system32\Drivers\dfsc.sys - copied to quarantine

20:39:58.0776 3844 C:\Windows\$NtUninstallKB42504$\749111982\@ - copied to quarantine

20:39:58.0776 3844 C:\Windows\$NtUninstallKB42504$\749111982\cfg.ini - copied to quarantine

20:39:58.0776 3844 C:\Windows\$NtUninstallKB42504$\749111982\Desktop.ini - copied to quarantine

20:39:58.0776 3844 C:\Windows\$NtUninstallKB42504$\749111982\L\qnbwvoto - copied to quarantine

20:39:59.0260 3844 Backup copy not found, trying to cure infected file..

20:39:59.0260 3844 Cure success, using it..

20:39:59.0260 3844 C:\Windows\system32\Drivers\dfsc.sys - will be cured on reboot

20:40:06.0857 3844 C:\Windows\$NtUninstallKB42504$\374329695 - will be deleted on reboot

20:40:06.0857 3844 C:\Windows\$NtUninstallKB42504$\749111982\@ - will be deleted on reboot

20:40:06.0857 3844 C:\Windows\$NtUninstallKB42504$\749111982\cfg.ini - will be deleted on reboot

20:40:06.0857 3844 C:\Windows\$NtUninstallKB42504$\749111982\Desktop.ini - will be deleted on reboot

20:40:06.0857 3844 DfsC ( Virus.Win32.ZAccess.c ) - User select action: Cure

20:40:06.0857 3844 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user

20:40:06.0857 3844 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:40:06.0857 3844 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user

20:40:06.0857 3844 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:40:06.0857 3844 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user

20:40:06.0857 3844 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:40:06.0857 3844 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user

20:40:06.0857 3844 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:40:06.0857 3844 RushTopDevice ( Backdoor.Multi.ZAccess.gen ) - skipped by user

20:40:06.0857 3844 RushTopDevice ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip

20:42:12.0702 3556 Deinitialize success

[Durrman]

And here is the malware log:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.27.08

Windows Vista Service Pack 1 x86 NTFS

Internet Explorer 8.0.6001.19088

Stephen :: STEPHEN-PC [administrator]

28/03/2012 9:03:23 PM

mbam-log-2012-03-28 (21-11-30).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 211460

Time elapsed: 7 minute(s), 25 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 1

C:\Windows\System32\FVNETusb.dll (RootKit.0Access.H) -> No action taken.

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\System32\FVNETusb.dll (RootKit.0Access.H) -> No action taken.

(end)

[MrCharlie]

Welcome to the forum.

Do you still need help?

If so Update and run a Quick scan with MB and this time...........

Make sure that everything is checked, and click Remove Selected.

Post back the log, MrC

[Durrman]

It looks like I managed to remove the virus - combokill seemed to have removed it. But I think some windows system files have been affected as well. A few people have recommended doing a clean install anyway, so I think I will do that next.

Thanks,

Stephen

[MrCharlie]

OK, thanks for letting me know, MrC