Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Google redirecting/Freezing Apps/Virus Notifications/Spam Pop-Ups

Started by dreamcrasher , Apr 06 2012 11:42 AM

This topic is locked

22 replies to this topic

#1 dreamcrasher

New Member

Members
11 posts

Posted 06 April 2012 - 11:42 AM

All of a sudden, I am experiencing system issues which seem to fall under the Malware category. I am running Windows 7, and if it helps, I just changed from McAfee to Trend Micro Titanium yesterday to see if I could remedy the issues. I think this took care of the Spam Pop-Ups, but everything else is still there. Thanks in advance for your time and help. It is appreciated. Log files are attached per the forum guidelines.

Issue Clarifications:
•Google redirecting to different sites/spam sites.

•Freezing Apps (Outlook, Mozilla, etc) – System will lock up and will not allow me to click on desktop icons or even bring up the Start Menu. In some cases, my icons disappear, and I’m left with just my screen wallpaper so I am forced to push down the power button to shut down/restart. When I restart, I am receiving notice from Trend (before it was McAfee) that a virus was removed from a file. Doesn’t appear to be any file I am familiar with (File name: 80000032.@).

•I was experiencing an issue where randomly, 150 or so tabs would open within one Mozilla session. I could simply “x” out and close them all, but obviously, this should not be happening. As mentioned, I have not had this problem since installing Trend.

Thanks, and please let me know what I can do to help.

Attached Files

Attach.txt 11.17K 2 downloads
DDS.txt 27.84K 2 downloads

BC Ads
BleepingComputer.com

#2 gringo_pr

Bleepin Gringo

Malware Response Team
122,845 posts

Gender:Male
Location:Puerto rico

Posted 07 April 2012 - 03:52 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

Please do not run any tools unless instructed to do so.
- We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
Please do not attach logs or use code boxes, just copy and paste the text.
- Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
Please read every post completely before doing anything.
- Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
Please provide feedback about your experience as we go.
- A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following
Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

#3 dreamcrasher

New Member

Members
11 posts

Posted 07 April 2012 - 11:41 AM

Gringo,

Thanks for your quick reply and for the help. I disabled my Trend Micro Titanium, but Combofix noted that my previous install of McAfee AV and AS could potentially interfere with it. I checked in my 'Start Menu - Programs' as well as in the 'Uninstall a Program' list in the Control Panel, and I do not see any instances of the previously-used McAfee product.

I went ahead and ran Combofix, and it seemed to progress all the way through stage 50, but then it hung on the “preparing log report” screen. I ended up having to reboot, and my PC forced me into running Startup Repair. System could not be repaired so I had to do a System Restore to get back to the point where I could run Combofix again. This took me back to my pre-Trend install, so I uninstalled McAfee again and ran Combofix before reinstalling Trend. Figured this would prevent having to disable it temporarily while Combofix ran. I didn’t get the message from before so McAfee (and any other AV programs) proved to be completely uninstalled.

Briefly surfing the net, I am not seeing any hiccups as of yet (yay!), but I'll continue to monitor things. Should I go ahead and reinstall my Trend AV software at this point? Hate to be unprotected, but I wanted to clear it with you first.

Here is the log:

ComboFix 12-04-07.02 - Technicyst Fix 04/07/2012 11:13:48.1.8 - x64
Running from: c:\users\Technicyst Fix\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\windows
c:\programdata\Windows\msseedir.dll
c:\users\Technicyst Fix\POD Farm v1.12 Installer.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\jucheck.exe
c:\windows\system32\jusched.exe
c:\windows\System64
c:\windows\SysWow64\config\systemprofile\appdata\roaming\apple computer\sp.Dll
c:\windows\SysWow64\tmp2E8E.tmp
c:\windows\SysWow64\tmp2E9F.tmp
.
---- Previous Run -------
.
c:\programdata\Propellerhead Software\ReCycle\ReCycle210.dat
c:\programdata\Windows\ccdxmmde.dat
c:\programdata\Windows\drss.dat
c:\programdata\Windows\xessmsxe.dat
c:\users\Technicyst Fix\AppData\Roaming\Propellerhead Software\ReCycle\ReCycle Preferences File.prf
c:\users\Technicyst Fix\POD Farm v1.12 Installer.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\jucheck.exe
c:\windows\system32\jusched.exe
c:\windows\SysWow64\tmp2E8E.tmp
c:\windows\SysWow64\tmp2E9F.tmp
c:\windows\TEMP\Support_Temp_AMSP\boost_date_time-vc80-mt-1_36.dll
c:\windows\TEMP\Support_Temp_AMSP\boost_thread-vc80-mt-1_36.dll
c:\windows\TEMP\Support_Temp_AMSP\outer_AMSP_ClientLibrary.dll
c:\windows\TEMP\Support_Temp_AMSP\utilAccessControl.dll
c:\windows\TEMP\Support_Temp_AMSP\utilComponentInfo.dll
c:\windows\TEMP\Support_Temp_AMSP\utilDebugLog.dll
c:\windows\TEMP\Support_Temp_AMSP\utilInstallation.dll
c:\windows\TEMP\Support_Temp_AMSP\utilIPC.dll
c:\windows\TEMP\Support_Temp_AMSP\utilJsonHandle.dll
c:\windows\TEMP\Support_Temp_AMSP\utilMsgBuffer.dll
c:\windows\TEMP\Support_Temp_AMSP\utilRPC.dll
c:\windows\TEMP\Support_Temp_AMSP\utilThread.dll
c:\windows\TEMP\Support_Temp_AMSP\VizorUniclientLibrary.dll
F:\autorun.inf
Y:\AUTORUN.INF
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SPService
.
.
((((((((((((((((((((((((( Files Created from 2012-03-07 to 2012-04-07 )))))))))))))))))))))))))))))))
.
.
2012-04-07 16:21 . 2012-04-07 16:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-05 23:46 . 2012-04-05 23:58 -------- d-----w- c:\program files\Trend Micro
2012-04-05 23:45 . 2012-04-07 15:58 -------- d-----w- c:\programdata\Trend Micro
2012-04-05 23:31 . 2012-04-06 03:23 -------- d-----w- c:\program files (x86)\Trend Micro
2012-04-05 00:09 . 2012-04-07 15:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-04 16:31 . 2012-04-04 16:32 -------- d-----w- c:\windows\system32\EventProviders
2012-04-04 16:31 . 2012-04-07 15:58 -------- d-----w- C:\317d460ecafc1cdb9243
2012-03-31 14:13 . 2012-03-31 14:13 -------- d-----w- c:\programdata\PreSonus
2012-03-31 14:13 . 2012-03-31 14:13 -------- d-----w- c:\users\Technicyst Fix\AppData\Roaming\PreSonus
2012-03-31 14:13 . 2011-07-07 16:42 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-03-31 14:12 . 2012-04-07 15:58 -------- d-----w- c:\program files\PreSonus
2012-03-29 21:18 . 2012-04-07 15:58 -------- d-----w- c:\users\Technicyst Fix\AppData\Roaming\McAfee
2012-03-28 19:42 . 2012-03-28 19:42 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-28 19:42 . 2012-03-28 19:42 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-28 19:41 . 2012-03-28 19:41 -------- d-----w- c:\windows\system32\Macromed
2012-03-19 23:00 . 2012-03-19 23:00 -------- d-----w- c:\users\Technicyst Fix\AppData\Local\blekkotb
2012-03-17 04:05 . 2012-03-17 04:05 -------- d-----w- c:\users\Technicyst Fix\AppData\Roaming\Renoise Plugin Server
2012-03-17 00:32 . 2012-03-17 00:32 -------- d-----w- c:\program files\Renoise 2.8.0
2012-03-15 08:01 . 2011-11-19 18:30 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 08:01 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 08:01 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 16:44 . 2012-03-13 16:44 -------- d-----w- c:\users\Technicyst Fix\AppData\Roaming\Cocoon Software
2012-03-13 16:44 . 2012-03-13 16:46 -------- d-----w- c:\program files\QuickMediaConverter
2012-03-13 16:43 . 2012-03-13 16:43 -------- d-----w- c:\users\Technicyst Fix\AppData\Local\WDSetup
2012-03-11 16:12 . 2012-03-11 16:12 -------- d-----w- c:\program files (x86)\ApecSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-02 09:06 . 2012-03-02 09:06 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-02 09:06 . 2012-03-02 09:06 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-02 09:06 . 2012-03-02 09:06 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-02 09:06 . 2012-03-02 09:06 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-02 09:06 . 2012-03-02 09:06 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-02 09:06 . 2012-03-02 09:06 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-02 09:06 . 2012-03-02 09:06 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-02 09:06 . 2012-03-02 09:06 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-02 09:06 . 2012-03-02 09:06 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-02 09:06 . 2012-03-02 09:06 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-02 09:06 . 2012-03-02 09:06 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-02 09:06 . 2012-03-02 09:06 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-02 09:06 . 2012-03-02 09:06 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-02 09:06 . 2012-03-02 09:06 448512 ----a-w- c:\windows\system32\html.iec
2012-03-02 09:06 . 2012-03-02 09:06 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-02 09:06 . 2012-03-02 09:06 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-02 09:06 . 2012-03-02 09:06 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-02 09:06 . 2012-03-02 09:06 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-02 09:06 . 2012-03-02 09:06 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-03-02 09:06 . 2012-03-02 09:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-03-02 09:06 . 2012-03-02 09:06 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-02 09:06 . 2012-03-02 09:06 2308096 ----a-w- c:\windows\system32\jscript9.dll
2012-03-02 09:06 . 2012-03-02 09:06 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-02 09:06 . 2012-03-02 09:06 1798656 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-03-02 09:06 . 2012-03-02 09:06 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-02 09:06 . 2012-03-02 09:06 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-02 09:06 . 2012-03-02 09:06 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-02 09:06 . 2012-03-02 09:06 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-02 09:06 . 2012-03-02 09:06 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-02 09:06 . 2012-03-02 09:06 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-02 09:06 . 2012-03-02 09:06 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-02 09:06 . 2012-03-02 09:06 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-02 09:06 . 2012-03-02 09:06 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-03-02 09:06 . 2012-03-02 09:06 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-03-02 09:06 . 2012-03-02 09:06 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-02 09:06 . 2012-03-02 09:06 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-02 09:06 . 2012-03-02 09:06 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-02 09:06 . 2012-03-02 09:06 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-02 09:06 . 2012-03-02 09:06 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-03-02 09:06 . 2012-03-02 09:06 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-02 09:06 . 2012-03-02 09:06 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-02 09:06 . 2012-03-02 09:06 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-01-22 19:17 . 2012-01-22 19:17 485576 ----a-w- c:\users\Technicyst Fix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Steam"="c:\program files (x86)\steam\steam.exe" [2011-08-03 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Dell PanelMgr"="c:\windows\Dell\PanelMgr\SSMMgr.exe" [2009-05-09 541936]
"2335dn Scan2PC"="c:\windows\twain_32\Dell\Dell2335\Scan2Pc.exe" [2008-09-26 495616]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"AsioThk32Reg"="CTASIO.DLL" [2010-02-23 51712]
"CTHelper"="CTHELPER.EXE" [2010-02-24 23040]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-02-24 23552]
"SAOB Monitor"="c:\program files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-11-16 2536448]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-02-02 5546376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-08 559616]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0242461333814782mcinstcleanup;McAfee Application Installer Cleanup (0242461333814782);c:\users\TECHNI~1\AppData\Local\Temp\024246~1.EXE [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 MOBCleanup;MOBCleanup;c:\users\Technicyst Fix\AppData\Local\Temp\MOBCleanup.exe [x]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 253600]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-04-15 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-04-15 79360]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [x]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [x]
R3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\System32\drivers\CTEAPSFX.SYS [x]
R3 CTEAPSFX;CTEAPSFX;c:\windows\system32\drivers\CTEAPSFX.SYS [x]
R3 CTEDSPFX;CTEDSPFX;c:\windows\system32\drivers\CTEDSPFX.SYS [x]
R3 CTEDSPIO;CTEDSPIO;c:\windows\system32\drivers\CTEDSPIO.SYS [x]
R3 CTEDSPSY;CTEDSPSY;c:\windows\system32\drivers\CTEDSPSY.SYS [x]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [x]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [x]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [x]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\DRIVERS\nvnusbaudio.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynUSB64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 306416]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-05-24 3246040]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2011-07-06 2304912]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-12-06 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 4948992]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 automap;Automap MIDI Driver Service;c:\windows\system32\DRIVERS\automap.sys [x]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [x]
S3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\System32\drivers\CTEDSPFX.SYS [x]
S3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\System32\drivers\CTEDSPIO.SYS [x]
S3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\System32\drivers\CTEDSPSY.SYS [x]
S3 L6GX;Service - Line 6 GX;c:\windows\system32\Drivers\L6GX64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 synusb64;eLicenser;c:\windows\system32\DRIVERS\synusb64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 19:42]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-03 8158240]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 163568]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-02-02 390720]
"combofix"="c:\combofix\CF25562.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
imagedrv
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
LSP: mswsock.dll
Trusted Zone: internet
Trusted Zone: line6.net
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Technicyst Fix\AppData\Roaming\Mozilla\Firefox\Profiles\ezd5qmvd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe
c:\program files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
c:\windows\SysWOW64\CTHELPER.EXE
c:\program files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
c:\program files (x86)\Creative Professional\Digital Audio System\E-MU PatchMix DSP\EmuPMixDSP.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-04-07 11:32:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-07 16:32
.
Pre-Run: 200,296,988,672 bytes free
Post-Run: 200,376,139,776 bytes free
.
- - End Of File - - 9A636527986E9912EBD23238A1A7A52C

#4 gringo_pr

Bleepin Gringo

Malware Response Team
122,845 posts

Gender:Male
Location:Puerto rico

Posted 07 April 2012 - 11:53 AM

Greetings

after you run these scans go ahead and reinstall it as I will be gone for a couple of hours and later if needed you can uninstall it again

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

Double click the aswMBR.exe icon to run it
it will ask to download extra definitions - ALLOW IT
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

#5 dreamcrasher

New Member

Members
11 posts

Posted 07 April 2012 - 12:52 PM

Thanks, Gringo. I have Trend installed and running now, and I downloaded TDSSKiller. My computer froze when I tried to launch it though, and I was forced to reboot manually. Upon reboot, I was forced into another Startup Repair which did not fix the issue. I debated on doing another System Restore, but the latest timestamp option I had to choose from was a version prior to running Combofix, so I did not want to choose to do that. What do you recommend at this point? Thanks again for your time. It is more than appreciated.

#6 gringo_pr

Bleepin Gringo

Malware Response Team
122,845 posts

Gender:Male
Location:Puerto rico

Posted 07 April 2012 - 05:56 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]

#7 dreamcrasher

New Member

Members
11 posts

Posted 07 April 2012 - 06:44 PM

Thanks again for helping me out. I successfully ran FRST. Here is the log.

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 07-04-2012 18:36:40
Running from I:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8158240 2009-10-02] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163568 2010-09-24] (Microsoft Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [390720 2011-02-01] (Acronis)
HKLM\...\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL "" [1111568 2011-10-08] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [197152 2011-02-10] (Trend Micro Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807600 2009-11-13] ()
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell PanelMgr] C:\Windows\Dell\PanelMgr\SSMMgr.exe /autorun [541936 2009-05-08] ()
HKLM-x32\...\Run: [2335dn Scan2PC] "C:\Windows\twain_32\Dell\Dell2335\Scan2Pc.exe" [495616 2008-09-26] ()
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL [x]
HKLM-x32\...\Run: [CTHelper] CTHELPER.EXE [x]
HKLM-x32\...\Run: [CTxfiHlp] CTXFIHLP.EXE [x]
HKLM-x32\...\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2536448 2010-11-16] (Acronis)
HKLM-x32\...\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [5546376 2011-02-01] (Acronis)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKU\Technicyst Fix\...\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent [1242448 2011-08-02] (Valve Corporation)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-08] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 AcrSch2Svc; "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe" [1112240 2011-02-01] (Acronis)
3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253600 2012-03-28] (Adobe Systems Incorporated)
2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2011-05-24] (Acronis)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-31] (Apple Inc.)
2 CodeMeter.exe; "C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe" [2304912 2011-07-06] (WIBU-SYSTEMS AG)
2 imagedrv; C:\Windows\System32\icam4usb.dll [6656 2009-07-13] (Oak Technology Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2011-12-06] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [208536 2011-12-06] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [161168 2011-11-18] (McAfee, Inc.)
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [64856 2009-02-26] (Microsoft Corporation)
2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [4948992 2009-07-17] (Native Instruments GmbH)
3 WMZuneComm; "C:\Program Files\Zune\WMZuneComm.exe" [306416 2010-09-24] (Microsoft Corporation)
3 ZuneNetworkSvc; "C:\Program Files\Zune\ZuneNss.exe" [8251120 2010-09-24] (Microsoft Corporation)
3 ZuneWlanCfgSvc; C:\Windows\system32\ZuneWlanCfgSvc.exe [467696 2010-09-24] (Microsoft Corporation)
2 0242461333814782mcinstcleanup; C:\Users\TECHNI~1\AppData\Local\Temp\024246~1.EXE -cleanup -nolog [x]
2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 MOBCleanup; "C:\Users\Technicyst Fix\AppData\Local\Temp\MOBCleanup.exe" [x]
3 RoxMediaDB10; "c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [x]
2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
3 stllssvr; "c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [x]

========================== Drivers (Whitelisted) =============

3 afcdp; C:\Windows\System32\Drivers\afcdp.sys [285280 2011-05-24] (Acronis)
3 automap; C:\Windows\System32\Drivers\automap.sys [11264 2010-02-10] (Novation Digital Music Systems Limited)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 BVRPMPR5a64; C:\Windows\System32\Drivers\BVRPMPR5a64.sys [35840 2010-06-06] (Avanquest Software)
3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2011-10-15] (McAfee, Inc.)
3 COMMONFX; C:\Windows\System32\Drivers\COMMONFX.sys [123992 2010-02-23] (Creative Technology Ltd)
3 COMMONFX.SYS; C:\Windows\System32\drivers\COMMONFX.SYS [123992 2010-02-23] (Creative Technology Ltd)
3 CT20XUT.SYS; C:\Windows\System32\drivers\CT20XUT.SYS [202840 2010-02-23] (Creative Technology Ltd.)
3 CTAUDFX; C:\Windows\System32\Drivers\CTAUDFX.sys [588888 2010-02-23] (Creative Technology Ltd)
3 CTAUDFX.SYS; C:\Windows\System32\drivers\CTAUDFX.SYS [588888 2010-02-23] (Creative Technology Ltd)
3 CTEAPSFX; C:\Windows\System32\Drivers\CTEAPSFX.sys [187480 2010-02-23] (Creative Technology Ltd)
3 CTEAPSFX.SYS; C:\Windows\System32\drivers\CTEAPSFX.SYS [187480 2010-02-23] (Creative Technology Ltd)
3 CTEDSPFX; C:\Windows\System32\Drivers\CTEDSPFX.sys [287832 2010-02-23] (Creative Technology Ltd)
3 CTEDSPFX.SYS; C:\Windows\System32\drivers\CTEDSPFX.SYS [287832 2010-02-23] (Creative Technology Ltd)
3 CTEDSPIO; C:\Windows\System32\Drivers\CTEDSPIO.sys [158296 2010-02-23] (Creative Technology Ltd)
3 CTEDSPIO.SYS; C:\Windows\System32\drivers\CTEDSPIO.SYS [158296 2010-02-23] (Creative Technology Ltd)
3 CTEDSPSY; C:\Windows\System32\Drivers\CTEDSPSY.sys [338520 2010-02-23] (Creative Technology Ltd)
3 CTEDSPSY.SYS; C:\Windows\System32\drivers\CTEDSPSY.SYS [338520 2010-02-23] (Creative Technology Ltd)
3 CTERFXFX; C:\Windows\System32\Drivers\CTERFXFX.sys [116312 2010-02-23] (Creative Technology Ltd)
3 CTERFXFX.SYS; C:\Windows\System32\drivers\CTERFXFX.SYS [116312 2010-02-23] (Creative Technology Ltd)
3 CTSBLFX; C:\Windows\System32\Drivers\CTSBLFX.sys [589912 2010-02-23] (Creative Technology Ltd)
3 CTSBLFX.SYS; C:\Windows\System32\drivers\CTSBLFX.SYS [589912 2010-02-23] (Creative Technology Ltd)
3 ha10kx2k; C:\Windows\System32\Drivers\ha10kx2k.sys [1021016 2010-02-23] (Creative Technology Ltd)
0 JRAID; C:\Windows\System32\Drivers\JRAID.sys [100776 2009-07-24] (JMicron Technology Corp.)
3 L6GX; C:\Windows\System32\Drivers\L6GX64.sys [894592 2010-03-25] (Line 6)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160280 2011-10-15] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2011-10-15] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [481768 2011-10-15] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647080 2011-10-15] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75808 2011-10-15] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2011-10-15] (McAfee, Inc.)
1 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [284648 2011-10-15] (McAfee, Inc.)
3 NvnUsbAudio; C:\Windows\System32\Drivers\NvnUsbAudio.sys [55296 2010-05-26] (Novation DMS Ltd.)
1 RxFilter; C:\Windows\SysWow64\Drivers\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
0 snapman; C:\Windows\System32\Drivers\snapman.sys [277088 2011-05-24] (Acronis)
2 SSPORT; C:\Windows\System32\Drivers\SSPORT.sys [11576 2009-05-08] (Samsung Electronics)
3 SynasUSB; C:\Windows\System32\drivers\SynUSB64.sys [30352 2009-06-26] (Steinberg Media Technologies GmbH)
3 synusb64; C:\Windows\System32\Drivers\synusb64.sys [30352 2009-06-26] (Steinberg Media Technologies GmbH)
0 tdrpman273; C:\Windows\System32\DRIVERS\tdrpm273.sys [1263200 2011-05-24] (Acronis)
0 timounter; C:\Windows\System32\DRIVERS\timntr.sys [970336 2011-05-24] (Acronis)
2 tmactmon; C:\Windows\System32\Drivers\tmactmon.sys [90704 2012-04-07] (Trend Micro Inc.)
2 tmcomm; C:\Windows\System32\Drivers\tmcomm.sys [144464 2012-04-07] (Trend Micro Inc.)
2 tmevtmgr; C:\Windows\System32\Drivers\tmevtmgr.sys [67664 2012-04-07] (Trend Micro Inc.)
1 tmtdi; C:\Windows\System32\Drivers\tmtdi.sys [105552 2012-04-07] (Trend Micro Inc.)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: imagedrv

============ One Month Created Files and Folders ==============

2012-04-07 12:39 - 2012-04-07 12:39 - 2073136 ____A (Kaspersky Lab ZAO) C:\Users\Technicyst Fix\Downloads\tdsskiller.exe
2012-04-07 12:14 - 2012-04-07 12:14 - 0001452 ____A C:\Users\Technicyst Fix\Desktop\Trend Micro Titanium Internet Security.lnk
2012-04-07 12:14 - 2012-04-07 12:12 - 0144464 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
2012-04-07 12:14 - 2012-04-07 12:12 - 0105552 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmtdi.sys
2012-04-07 12:14 - 2012-04-07 12:12 - 0090704 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmactmon.sys
2012-04-07 12:14 - 2012-04-07 12:12 - 0067664 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmevtmgr.sys
2012-04-07 12:11 - 2012-04-07 12:12 - 73594856 ____A (Trend Micro Inc.) C:\Users\Technicyst Fix\Downloads\TTi_MR_Download_64bit.exe
2012-04-07 11:32 - 2012-04-07 11:32 - 0025529 ____A C:\ComboFix.txt
2012-04-07 11:24 - 2012-04-07 11:24 - 0000000 __SHD C:\$RECYCLE.BIN
2012-04-07 11:13 - 2012-04-07 11:32 - 0000000 ____D C:\ComboFix
2012-04-07 11:13 - 2011-06-26 01:45 - 0256000 ____A C:\Windows\PEV.exe
2012-04-07 11:13 - 2010-11-07 12:20 - 0208896 ____A C:\Windows\MBR.exe
2012-04-07 11:13 - 2009-04-19 23:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-04-07 11:13 - 2000-08-30 19:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-04-07 11:13 - 2000-08-30 19:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-04-07 11:13 - 2000-08-30 19:00 - 0098816 ____A C:\Windows\sed.exe
2012-04-07 11:13 - 2000-08-30 19:00 - 0080412 ____A C:\Windows\grep.exe
2012-04-07 11:13 - 2000-08-30 19:00 - 0068096 ____A C:\Windows\zip.exe
2012-04-07 10:11 - 2012-04-07 10:11 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-04-07 10:11 - 2012-04-07 10:11 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-04-07 10:11 - 2012-04-07 10:11 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-04-07 10:11 - 2012-04-07 10:11 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-04-07 10:11 - 2012-04-07 10:11 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-04-07 10:11 - 2012-04-07 10:11 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-04-07 10:11 - 2012-04-07 10:11 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-04-07 10:11 - 2012-04-07 10:11 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-04-07 10:11 - 2012-04-07 10:11 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-04-07 10:11 - 2012-04-07 10:11 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-04-07 09:52 - 2012-04-07 11:30 - 0000000 ____D C:\Windows\ERDNT
2012-04-07 09:50 - 2012-04-07 11:32 - 0000000 ___AD C:\Qoobox
2012-04-07 07:27 - 2012-04-07 11:12 - 4452287 ____R (Swearware) C:\Users\Technicyst Fix\Downloads\ComboFix.exe
2012-04-06 19:33 - 2012-04-06 19:33 - 0000175 ____A C:\Users\All Users\OutlookFail.20120406.log
2012-04-06 19:33 - 2012-04-06 19:33 - 0000175 ____A C:\Users\All Users\Application Data\OutlookFail.20120406.log
2012-04-06 19:33 - 2012-04-06 19:33 - 0000175 ____A C:\ProgramData\OutlookFail.20120406.log
2012-04-06 11:19 - 2012-04-06 11:19 - 0028509 ____A C:\Users\Technicyst Fix\My Documents\DDS.txt
2012-04-06 11:19 - 2012-04-06 11:19 - 0028509 ____A C:\Users\Technicyst Fix\Documents\DDS.txt
2012-04-06 11:19 - 2012-04-06 11:19 - 0011438 ____A C:\Users\Technicyst Fix\My Documents\Attach.txt
2012-04-06 11:19 - 2012-04-06 11:19 - 0011438 ____A C:\Users\Technicyst Fix\Documents\Attach.txt
2012-04-06 10:56 - 2012-04-06 10:56 - 0000000 ____A C:\Users\Technicyst Fix\defogger_reenable
2012-04-05 23:41 - 2012-04-05 23:41 - 0000175 ____A C:\Users\All Users\OutlookFail.20120405.log
2012-04-05 23:41 - 2012-04-05 23:41 - 0000175 ____A C:\Users\All Users\Application Data\OutlookFail.20120405.log
2012-04-05 23:41 - 2012-04-05 23:41 - 0000175 ____A C:\ProgramData\OutlookFail.20120405.log
2012-04-05 18:46 - 2012-04-07 12:13 - 0000000 ____D C:\Program Files\Trend Micro
2012-04-05 18:45 - 2012-04-07 12:14 - 0000000 ____D C:\Users\All Users\Trend Micro
2012-04-05 18:45 - 2012-04-07 12:14 - 0000000 ____D C:\Users\All Users\Application Data\Trend Micro
2012-04-05 18:45 - 2012-04-07 12:14 - 0000000 ____D C:\ProgramData\Trend Micro
2012-04-05 18:31 - 2012-04-05 22:23 - 0000000 ____D C:\Program Files (x86)\Trend Micro
2012-04-04 22:27 - 2012-04-04 22:27 - 0001020 ____A C:\GEARDIFx_uninstall.log
2012-04-04 19:09 - 2012-04-07 10:58 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-04 11:31 - 2012-04-07 10:58 - 0000000 ____D C:\317d460ecafc1cdb9243
2012-04-04 11:31 - 2012-04-04 11:32 - 0000000 ____D C:\Windows\System32\EventProviders
2012-04-04 11:31 - 2012-04-04 11:31 - 0002025 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-04-04 11:31 - 2012-04-04 11:31 - 0002025 ____A C:\Users\All Users\Desktop\Adobe Reader 9.lnk
2012-04-04 11:31 - 2012-04-04 11:31 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-03-31 09:13 - 2012-03-31 09:13 - 0004674 ____A C:\GEARDIFx_install.log
2012-03-31 09:13 - 2012-03-31 09:13 - 0000000 ____D C:\Users\Technicyst Fix\Application Data\PreSonus
2012-03-31 09:13 - 2012-03-31 09:13 - 0000000 ____D C:\Users\Technicyst Fix\AppData\Roaming\PreSonus
2012-03-31 09:13 - 2012-03-31 09:13 - 0000000 ____D C:\Users\All Users\PreSonus
2012-03-31 09:13 - 2012-03-31 09:13 - 0000000 ____D C:\Users\All Users\Application Data\PreSonus
2012-03-31 09:13 - 2012-03-31 09:13 - 0000000 ____D C:\ProgramData\PreSonus
2012-03-31 09:13 - 2011-07-07 11:42 - 0034152 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-03-31 09:12 - 2012-04-07 10:58 - 0000000 ____D C:\Program Files\PreSonus
2012-03-31 09:12 - 2012-03-31 09:12 - 0001012 ____A C:\Users\Public\Desktop\Studio One 2 x64.lnk
2012-03-31 09:12 - 2012-03-31 09:12 - 0001012 ____A C:\Users\All Users\Desktop\Studio One 2 x64.lnk
2012-03-31 09:09 - 2012-03-31 09:12 - 52454952 ____A (PreSonus) C:\Users\Technicyst Fix\Downloads\PreSonus Studio One 2 Installer (x64).exe
2012-03-29 16:18 - 2012-04-07 10:58 - 0000000 ____D C:\Users\Technicyst Fix\Application Data\McAfee
2012-03-29 16:18 - 2012-04-07 10:58 - 0000000 ____D C:\Users\Technicyst Fix\AppData\Roaming\McAfee
2012-03-29 16:17 - 2012-03-29 16:17 - 0501360 ____A (McAfee, Inc.) C:\Users\Technicyst Fix\Downloads\MVTInstaller.exe
2012-03-29 11:57 - 2012-03-29 12:32 - 0000000 ____D C:\Users\Technicyst Fix\Downloads\ToonTrack.EZ.Drummer.v1.3.0.UPDATE.ONLY.WIN.OSX.Incl.Keygen-AiR
2012-03-28 14:42 - 2012-04-07 11:42 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-03-28 14:42 - 2012-03-28 14:42 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-03-28 14:42 - 2012-03-28 14:42 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-03-28 14:41 - 2012-03-28 14:41 - 0000000 ____D C:\Windows\System32\Macromed
2012-03-24 10:53 - 2012-03-24 23:35 - 0000000 ____D C:\Users\Technicyst Fix\Downloads\Impact.Soundworks.Shreddage.Electric.Rhythm.Guitar.KONTAKT.DVDR-DYNAMiCS
2012-03-19 18:00 - 2012-03-19 18:00 - 0000000 ____D C:\Users\Technicyst Fix\Local Settings\blekkotb
2012-03-19 18:00 - 2012-03-19 18:00 - 0000000 ____D C:\Users\Technicyst Fix\Local Settings\Application Data\blekkotb
2012-03-19 18:00 - 2012-03-19 18:00 - 0000000 ____D C:\Users\Technicyst Fix\AppData\Local\blekkotb
2012-03-19 17:06 - 2012-03-19 17:06 - 3440837 ____A C:\Users\Technicyst Fix\Downloads\wnr2000v3-V1.1.1.72.img
2012-03-16 23:05 - 2012-03-16 23:05 - 0000000 ____D C:\Users\Technicyst Fix\Application Data\Renoise Plugin Server
2012-03-16 23:05 - 2012-03-16 23:05 - 0000000 ____D C:\Users\Technicyst Fix\AppData\Roaming\Renoise Plugin Server
2012-03-16 19:32 - 2012-03-16 19:32 - 0000853 ____A C:\Users\Public\Desktop\Renoise (x64).lnk
2012-03-16 19:32 - 2012-03-16 19:32 - 0000853 ____A C:\Users\All Users\Desktop\Renoise (x64).lnk
2012-03-16 19:32 - 2012-03-16 19:32 - 0000000 ____D C:\Program Files\Renoise 2.8.0
2012-03-16 19:31 - 2012-03-16 19:31 - 29163564 ____A (Renoise ) C:\Users\Technicyst Fix\Downloads\Renoise_2_8_0_Demo_x64.exe
2012-03-15 03:01 - 2011-11-19 13:30 - 5504880 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-15 03:01 - 2011-11-19 09:25 - 3957616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-15 03:01 - 2011-11-19 09:25 - 3902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-14 08:20 - 2012-02-15 01:27 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-14 08:20 - 2012-02-15 00:44 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-14 08:20 - 2012-02-14 23:47 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-14 08:20 - 2012-02-14 23:46 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-14 08:20 - 2012-02-10 01:18 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-14 08:20 - 2012-02-10 01:17 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-03-14 08:20 - 2012-02-10 01:17 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-03-14 08:20 - 2012-02-10 01:17 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-03-14 08:20 - 2012-02-10 01:17 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-03-14 08:20 - 2012-02-10 00:41 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-03-14 08:20 - 2012-02-10 00:41 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-14 08:20 - 2012-02-10 00:41 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-03-14 08:20 - 2012-02-10 00:41 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-03-14 08:20 - 2012-02-10 00:41 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-03-14 08:20 - 2012-02-02 23:16 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-14 08:20 - 2012-01-25 01:27 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-14 08:20 - 2012-01-25 01:27 - 0076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-14 08:20 - 2012-01-25 01:20 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-03-13 11:44 - 2012-03-13 11:46 - 0000000 ____D C:\Program Files\QuickMediaConverter
2012-03-13 11:44 - 2012-03-13 11:44 - 0000000 ____D C:\Users\Technicyst Fix\Application Data\Cocoon Software
2012-03-13 11:44 - 2012-03-13 11:44 - 0000000 ____D C:\Users\Technicyst Fix\AppData\Roaming\Cocoon Software
2012-03-13 11:43 - 2012-03-13 11:43 - 0000000 ____D C:\Users\Technicyst Fix\Local Settings\WDSetup
2012-03-13 11:43 - 2012-03-13 11:43 - 0000000 ____D C:\Users\Technicyst Fix\Local Settings\Application Data\WDSetup
2012-03-13 11:43 - 2012-03-13 11:43 - 0000000 ____D C:\Users\Technicyst Fix\AppData\Local\WDSetup
2012-03-13 11:42 - 2012-03-13 11:42 - 32058858 ____A C:\Users\Technicyst Fix\Downloads\Install-Hd-4-5-0-2.zip
2012-03-13 11:41 - 2012-03-13 11:41 - 0463080 ____A (CNET Download.com) C:\Users\Technicyst Fix\Downloads\cnet2_Install-Hd-4-5-0-2_zip.exe
2012-03-11 11:12 - 2012-03-11 11:12 - 0000000 ____D C:\Program Files (x86)\ApecSoft
2012-03-11 11:11 - 2012-03-11 11:11 - 4782862 ____A (Apecsoft Inc. ) C:\Users\Technicyst Fix\Downloads\M2TStoAVIMP4DVDSetup.exe
2012-03-11 11:11 - 2012-03-11 11:11 - 0463080 ____A (CNET Download.com) C:\Users\Technicyst Fix\Downloads\cnet2_M2TStoAVIMP4DVDSetup_exe.exe

============ 3 Months Modified Files and Folders =============

2012-04-07 18:36 - 2012-04-07 18:36 - 0000000 ____D C:\FRST
2012-04-07 16:42 - 2011-01-20 20:44 - 0011564 ____A C:\Windows\System32\DVCState-{00000009-00000000-00000004-00001102-00000008-40071102}.rfx
2012-04-07 16:42 - 2011-01-20 20:44 - 0000924 ____A C:\Windows\System32\BMXCtrlState-{00000009-00000000-00000004-00001102-00000008-40071102}.rfx
2012-04-07 16:42 - 2011-01-20 20:44 - 0000924 ____A C:\Windows\System32\BMXBkpCtrlState-{00000009-00000000-00000004-00001102-00000008-40071102}.rfx
2012-04-07 16:42 - 2011-01-20 20:44 - 0000072 ____A C:\Windows\System32\BMXStateBkp-{00000009-00000000-00000004-00001102-00000008-40071102}.rfx
2012-04-07 16:42 - 2011-01-20 20:44 - 0000072 ____A C:\Windows\System32\BMXState-{00000009-00000000-00000004-00001102-00000008-40071102}.rfx
2012-04-07 16:41 - 2010-04-06 18:57 - 2140393472 __ASH C:\hiberfil.sys
2012-04-07 12:42 - 2010-04-06 18:57 - 0736150 ____A C:\Windows\PFRO.log
2012-04-07 12:39 - 2012-04-07 12:39 - 2073136 ____A (Kaspersky Lab ZAO) C:\Users\Technicyst Fix\Downloads\tdsskiller.exe
2012-04-07 12:14 - 2012-04-07 12:14 - 0001452 ____A C:\Users\Technicyst Fix\Desktop\Trend Micro Titanium Internet Security.lnk
2012-04-07 12:14 - 2012-04-05 18:45 - 0000000 ____D C:\Users\All Users\Trend Micro
2012-04-07 12:14 - 2012-04-05 18:45 - 0000000 ____D C:\Users\All Users\Application Data\Trend Micro
2012-04-07 12:14 - 2012-04-05 18:45 - 0000000 ____D C:\ProgramData\Trend Micro
2012-04-07 12:14 - 2009-07-14 00:13 - 0747542 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-07 12:13 - 2012-04-05 18:46 - 0000000 ____D C:\Program Files\Trend Micro
2012-04-07 12:12 - 2012-04-07 12:14 - 0144464 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
2012-04-07 12:12 - 2012-04-07 12:14 - 0105552 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmtdi.sys
2012-04-07 12:12 - 2012-04-07 12:14 - 0090704 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmactmon.sys
2012-04-07 12:12 - 2012-04-07 12:14 - 0067664 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmevtmgr.sys
2012-04-07 12:12 - 2012-04-07 12:11 - 73594856 ____A (Trend Micro Inc.) C:\Users\Technicyst Fix\Downloads\TTi_MR_Download_64bit.exe
2012-04-07 11:42 - 2012-03-28 14:42 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-07 11:34 - 2009-07-13 23:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-07 11:34 - 2009-07-13 23:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-07 11:32 - 2012-04-07 11:32 - 0025529 ____A C:\ComboFix.txt
2012-04-07 11:32 - 2012-04-07 11:13 - 0000000 ____D C:\ComboFix
2012-04-07 11:32 - 2012-04-07 09:50 - 0000000 ___AD C:\Qoobox
2012-04-07 11:32 - 2009-07-14 00:10 - 1399364 ____A C:\Windows\WindowsUpdate.log
2012-04-07 11:32 - 2009-07-13 22:20 - 0000000 __RHD C:\users\Default
2012-04-07 11:32 - 2009-07-13 22:20 - 0000000 ___RD C:\users\Public
2012-04-07 11:30 - 2012-04-07 09:52 - 0000000 ____D C:\Windows\ERDNT
2012-04-07 11:24 - 2012-04-07 11:24 - 0000000 __SHD C:\$RECYCLE.BIN
2012-04-07 11:24 - 2010-04-24 20:54 - 0000000 ____D C:\Program Files (x86)\Steam
2012-04-07 11:24 - 2009-07-13 21:34 - 0000215 ____A C:\Windows\system.ini
2012-04-07 11:22 - 2009-07-14 00:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-07 11:22 - 2009-07-13 23:51 - 0183828 ____A C:\Windows\setupact.log
2012-04-07 11:21 - 2009-07-13 21:34 - 84410368 ____A C:\Windows\System32\config\software.bak
2012-04-07 11:21 - 2009-07-13 21:34 - 27000832 ____A C:\Windows\System32\config\system.bak
2012-04-07 11:21 - 2009-07-13 21:34 - 0524288 ____A C:\Windows\System32\config\default.bak
2012-04-07 11:21 - 2009-07-13 21:34 - 0262144 ____A C:\Windows\System32\config\security.bak
2012-04-07 11:21 - 2009-07-13 21:34 - 0262144 ____A C:\Windows\System32\config\sam.bak
2012-04-07 11:20 - 2010-04-09 18:22 - 0000000 ____D C:\users\Technicyst Fix
2012-04-07 11:12 - 2012-04-07 07:27 - 4452287 ____R (Swearware) C:\Users\Technicyst Fix\Downloads\ComboFix.exe
2012-04-07 11:11 - 2010-04-06 17:28 - 0000000 ____D C:\Program Files (x86)\McAfee
2012-04-07 11:08 - 2010-04-06 17:28 - 0000000 ____D C:\Users\All Users\McAfee
2012-04-07 11:08 - 2010-04-06 17:28 - 0000000 ____D C:\Users\All Users\Application Data\McAfee
2012-04-07 11:08 - 2010-04-06 17:28 - 0000000 ____D C:\ProgramData\McAfee
2012-04-07 11:07 - 2009-07-13 23:54 - 0000174 __ASH C:\Users\All Users\Start Menu\Programs\Startup\desktop.ini
2012-04-07 11:03 - 2010-04-09 18:25 - 0000072 ____A C:\Windows\SysWOW64\ToasterLauncherLog.log
2012-04-07 11:03 - 2010-04-09 18:22 - 0000000 ____D C:\Users\Technicyst Fix\Local Settings\SoftThinks
2012-04-07 11:03 - 2010-04-09 18:22 - 0000000 ____D C:\Users\Technicyst Fix\Local Settings\Application Data\SoftThinks
2012-04-07 11:03 - 2010-04-09 18:22 - 0000000 ____D C:\Users\Technicyst Fix\AppData\Local\SoftThinks
2012-04-07 11:03 - 2010-04-06 17:16 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-04-07 11:01 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-07 10:59 - 2009-07-14 02:45 - 0000000 ____D C:\Program Files\Windows Journal
2012-04-07 10:59 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-04-07 10:59 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-04-07 10:59 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-04-07 10:59 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-04-07 10:59 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-04-07 10:59 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-04-07 10:59 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\TAPI
2012-04-07 10:59 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\sppui
2012-04-07 10:59 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\Speech
2012-04-07 10:59 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2012-04-07 10:59 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\oobe
2012-04-07 10:59 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\MUI
2012-04-07 10:59 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-04-07 10:59 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\manifeststore
2012-04-07 10:59 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2012-04-07 10:59 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-04-07 10:59 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2012-04-07 10:59 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2012-04-07 10:59 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2012-04-07 10:59 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\sppui
2012-04-07 10:59 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\Setup
2012-04-07 10:59 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\oobe
2012-04-07 10:59 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-04-07 10:59 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\manifeststore
2012-04-07 10:59 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\es-ES
2012-04-07 10:59 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\Dism
2012-04-07 10:59 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\da-DK
2012-04-07 10:59 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2012-04-07 10:59 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2012-04-07 10:59 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\servicing
2012-04-07 10:59 - 2009-07-13 22:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-04-07 10:58 - 2012-04-04 19:09 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-07 10:58 - 2012-04-04 11:31 - 0000000 ____D C:\317d460ecafc1cdb9243
2012-04-07 10:58 - 2012-03-31 09:12 - 0000000 ____D C:\Program Files\PreSonus
2012-04-07 10:58 - 2012-03-29 16:18 - 0000000 ____D C:\Users\Technicyst Fix\Application Data\McAfee
2012-04-07 10:58 - 2012-03-29 16:18 - 0000000 ____D C:\Users\Technicyst Fix\AppData\Roaming\McAfee
2012-04-07 10:58 - 2012-02-25 15:13 - 0000000 ____D C:\Program Files (x86)\McAfeeMOBK
2012-04-07 10:58 - 2012-02-25 15:13 - 0000000 ____D C:\Program Files (x86)\McAfee.com
2012-04-07 10:58 - 2012-02-25 15:12 - 0000000 ____D C:\Program Files\McAfee.com
2012-04-07 10:58 - 2012-02-25 15:12 - 0000000 ____D C:\Program Files\McAfee
2012-04-07 10:58 - 2011-11-02 15:13 - 0000000 ____D C:\Program Files\Common Files\McAfee
2012-04-07 10:58 - 2010-04-10 20:38 - 0000000 ___RD C:\Users\Technicyst Fix\Podcasts
2012-04-07 10:58 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-04-07 10:58 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\spp
2012-04-07 10:58 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\Speech
2012-04-07 10:58 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\MUI
2012-04-07 10:58 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\security
2012-04-07 10:58 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\AppCompat
2012-04-07 10:57 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\registration
2012-04-07 10:11 - 2012-04-07 10:11 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-04-07 10:11 - 2012-04-07 10:11 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-04-07 10:11 - 2012-04-07 10:11 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-04-07 10:11 - 2012-04-07 10:11 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-04-07 10:11 - 2012-04-07 10:11 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-04-07 10:11 - 2012-04-07 10:11 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-04-07 10:11 - 2012-04-07 10:11 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-04-07 10:11 - 2012-04-07 10:11 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-04-07 10:11 - 2012-04-07 10:11 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-04-07 10:11 - 2012-04-07 10:11 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-04-07 10:07 - 2010-04-13 17:36 - 0000000 ____D C:\Users\Technicyst Fix\Application Data\Propellerhead Software
2012-04-07 10:07 - 2010-04-13 17:36 - 0000000 ____D C:\Users\Technicyst Fix\AppData\Roaming\Propellerhead Software
2012-04-06 19:33 - 2012-04-06 19:33 - 0000175 ____A C:\Users\All Users\OutlookFail.20120406.log
2012-04-06 19:33 - 2012-04-06 19:33 - 0000175 ____A C:\Users\All Users\Application Data\OutlookFail.20120406.log
2012-04-06 19:33 - 2012-04-06 19:33 - 0000175 ____A C:\ProgramData\OutlookFail.20120406.log
2012-04-06 11:19 - 2012-04-06 11:19 - 0028509 ____A C:\Users\Technicyst Fix\My Documents\DDS.txt
2012-04-06 11:19 - 2012-04-06 11:19 - 0028509 ____A C:\Users\Technicyst Fix\Documents\DDS.txt
2012-04-06 11:19 - 2012-04-06 11:19 - 0011438 ____A C:\Users\Technicyst Fix\My Documents\Attach.txt
2012-04-06 11:19 - 2012-04-06 11:19 - 0011438 ____A C:\Users\Technicyst Fix\Documents\Attach.txt
2012-04-06 10:56 - 2012-04-06 10:56 - 0000000 ____A C:\Users\Technicyst Fix\defogger_reenable
2012-04-06 09:51 - 2010-04-14 19:19 - 0078669 ____A C:\Users\Technicyst Fix\My Documents\Expenses2010New.xlsx
2012-04-06 09:51 - 2010-04-14 19:19 - 0078669 ____A C:\Users\Technicyst Fix\Documents\Expenses2010New.xlsx
2012-04-05 23:41 - 2012-04-05 23:41 - 0000175 ____A C:\Users\All Users\OutlookFail.20120405.log
2012-04-05 23:41 - 2012-04-05 23:41 - 0000175 ____A C:\Users\All Users\Application Data\OutlookFail.20120405.log
2012-04-05 23:41 - 2012-04-05 23:41 - 0000175 ____A C:\ProgramData\OutlookFail.20120405.log
2012-04-05 22:23 - 2012-04-05 18:31 - 0000000 ____D C:\Program Files (x86)\Trend Micro
2012-04-04 22:27 - 2012-04-04 22:27 - 0001020 ____A C:\GEARDIFx_uninstall.log
2012-04-04 12:47 - 2009-07-14 02:44 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-04-04 12:47 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files\Windows Portable Devices
2012-04-04 12:47 - 2009-07-14 00:32 - 0000000 ____D C:\Program Files (x86)\Windows Portable Devices
2012-04-04 11:32 - 2012-04-04 11:31 - 0000000 ____D C:\Windows\System32\EventProviders
2012-04-04 11:31 - 2012-04-04 11:31 - 0002025 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-04-04 11:31 - 2012-04-04 11:31 - 0002025 ____A C:\Users\All Users\Desktop\Adobe Reader 9.lnk
2012-04-04 11:31 - 2012-04-04 11:31 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-04-04 11:31 - 2010-04-06 17:14 - 0000000 ____D C:\Users\All Users\Application Data\Adobe
2012-04-04 11:31 - 2010-04-06 17:14 - 0000000 ____D C:\Users\All Users\Adobe
2012-04-04 11:31 - 2010-04-06 17:14 - 0000000 ____D C:\ProgramData\Adobe
2012-04-04 11:30 - 2010-04-09 19:02 - 0000000 ____D C:\Users\Technicyst Fix\Local Settings\Application Data\Adobe
2012-04-04 11:30 - 2010-04-09 19:02 - 0000000 ____D C:\Users\Technicyst Fix\Local Settings\Adobe
2012-04-04 11:30 - 2010-04-09 19:02 - 0000000 ____D C:\Users\Technicyst Fix\AppData\Local\Adobe
2012-03-31 09:13 - 2012-03-31 09:13 - 0004674 ____A C:\GEARDIFx_install.log
2012-03-31 09:13 - 2012-03-31 09:13 - 0000000 ____D C:\Users\Technicyst Fix\Application Data\PreSonus
2012-03-31 09:13 - 2012-03-31 09:13 - 0000000 ____D C:\Users\Technicyst Fix\AppData\Roaming\PreSonus
2012-03-31 09:13 - 2012-03-31 09:13 - 0000000 ____D C:\Users\All Users\PreSonus
2012-03-31 09:13 - 2012-03-31 09:13 - 0000000 ____D C:\Users\All Users\Application Data\PreSonus
2012-03-31 09:13 - 2012-03-31 09:13 - 0000000 ____D C:\ProgramData\PreSonus
2012-03-31 09:12 - 2012-03-31 09:12 - 0001012 ____A C:\Users\Public\Desktop\Studio One 2 x64.lnk
2012-03-31 09:12 - 2012-03-31 09:12 - 0001012 ____A C:\Users\All Users\Desktop\Studio One 2 x64.lnk
2012-03-31 09:12 - 2012-03-31 09:09 - 52454952 ____A (PreSonus) C:\Users\Technicyst Fix\Downloads\PreSonus Studio One 2 Installer (x64).exe
2012-03-31 09:12 - 2011-10-01 07:42 - 0000000 ____D C:\Program Files\Common Files\Propellerhead Software
2012-03-29 16:17 - 2012-03-29 16:17 - 0501360 ____A (McAfee, Inc.) C:\Users\Technicyst Fix\Downloads\MVTInstaller.exe
2012-03-29 13:14 - 2011-06-10 14:05 - 0000000 ____D C:\Users\Technicyst Fix\Application Data\uTorrent
2012-03-29 13:14 - 2011-06-10 14:05 - 0000000 ____D C:\Users\Technicyst Fix\AppData\Roaming\uTorrent
2012-03-29 13:13 - 2011-06-10 16:19 - 0000000 ____D C:\Program Files\PeerBlock
2012-03-29 12:32 - 2012-03-29 11:57 - 0000000 ____D C:\Users\Technicyst Fix\Downloads\ToonTrack.EZ.Drummer.v1.3.0.UPDATE.ONLY.WIN.OSX.Incl.Keygen-AiR
2012-03-28 14:42 - 2012-03-28 14:42 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-03-28 14:42 - 2012-03-28 14:42 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-03-28 14:41 - 2012-03-28 14:41 - 0000000 ____D C:\Windows\System32\Macromed
2012-03-24 23:35 - 2012-03-24 10:53 - 0000000 ____D C:\Users\Technicyst Fix\Downloads\Impact.Soundworks.Shreddage.Electric.Rhythm.Guitar.KONTAKT.DVDR-DYNAMiCS
2012-03-19 18:00 - 2012-03-19 18:00 - 0000000 ____D C:\Users\Technicyst Fix\Local Settings\blekkotb
2012-03-19 18:00 - 2012-03-19 18:00 - 0000000 ____D C:\Users\Technicyst Fix\Local Settings\Application Data\blekkotb
2012-03-19 18:00 - 2012-03-19 18:00 - 0000000 ____D C:\Users\Technicyst Fix\AppData\Local\blekkotb
2012-03-19 17:06 - 2012-03-19 17:06 - 3440837 ____A C:\Users\Technicyst Fix\Downloads\wnr2000v3-V1.1.1.72.img
2012-03-19 17:03 - 2010-04-09 18:22 - 0000000 ____D C:\Users\Technicyst Fix\AppData\LocalLow
2012-03-18 13:29 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\NDF
2012-03-16 23:05 - 2012-03-16 23:05 - 0000000 ____D C:\Users\Technicyst Fix\Application Data\Renoise Plugin Server
2012-03-16 23:05 - 2012-03-16 23:05 - 0000000 ____D C:\Users\Technicyst Fix\AppData\Roaming\Renoise Plugin Server
2012-03-16 23:05 - 2010-09-11 16:15 - 0000000 ____D C:\Users\Technicyst Fix\Application Data\Renoise
2012-03-16 23:05 - 2010-09-11 16:15 - 0000000 ____D C:\Users\Technicyst Fix\AppData\Roaming\Renoise
2012-03-16 19:32 - 2012-03-16 19:32 - 0000853 ____A C:\Users\Public\Desktop\Renoise (x64).lnk
2012-03-16 19:32 - 2012-03-16 19:32 - 0000853 ____A C:\Users\All Users\Desktop\Renoise (x64).lnk
2012-03-16 19:32 - 2012-03-16 19:32 - 0000000 ____D C:\Program Files\Renoise 2.8.0
2012-03-16 19:31 - 2012-03-16 19:31 - 29163564 ____A (Renoise ) C:\Users\Technicyst Fix\Downloads\Renoise_2_8_0_Demo_x64.exe
2012-03-15 11:27 - 2010-04-10 01:02 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-03-15 03:19 - 2009-07-13 23:45 - 0459352 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-15 03:01 - 2010-04-09 23:58 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-03-15 03:01 - 2010-04-09 23:58 - 0000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-03-15 03:01 - 2010-04-09 23:58 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-03-13 12:17 - 2012-02-04 15:47 - 0000000 ____D C:\Users\Technicyst Fix\Application Data\MediaMonkey
2012-03-13 12:17 - 2012-02-04 15:47 - 0000000 ____D C:\Users\Technicyst Fix\AppData\Roaming\MediaMonkey
2012-03-13 11:46 - 2012-03-13 11:44 - 0000000 ____D C:\Program Files\QuickMediaConverter
2012-03-13 11:44 - 2012-03-13 11:44 - 0000000 ____D C:\Users\Technicyst Fix\Application Data\Cocoon Software
2012-03-13 11:44 - 2012-03-13 11:44 - 0000000 ____D C:\Users\Technicyst Fix\AppData\Roaming\Cocoon Software
2012-03-13 11:44 - 2009-07-13 21:34 - 0000897 ____A C:\Windows\win.ini
2012-03-13 11:43 - 2012-03-13 11:43 - 0000000 ____D C:\Users\Technicyst Fix\Local Settings\WDSetup
2012-03-13 11:43 - 2012-03-13 11:43 - 0000000 ____D C:\Users\Technicyst Fix\Local Settings\Application Data\WDSetup
2012-03-13 11:43 - 2012-03-13 11:43 - 0000000 ____D C:\Users\Technicyst Fix\AppData\Local\WDSetup
2012-03-13 11:42 - 2012-03-13 11:42 - 32058858 ____A C:\Users\Technicyst Fix\Downloads\Install-Hd-4-5-0-2.zip
2012-03-13 11:41 - 2012-03-13 11:41 - 0463080 ____A (CNET Download.com) C:\Users\Technicyst Fix\Downloads\cnet2_Install-Hd-4-5-0-2_zip.exe
2012-03-11 11:13 - 2011-12-26 11:33 - 0000000 ____D C:\HDW30_TMP
2012-03-11 11:12 - 2012-03-11 11:12 - 0000000 ____D C:\Program Files (x86)\ApecSoft
2012-03-11 11:11 - 2012-03-11 11:11 - 4782862 ____A (Apecsoft Inc. ) C:\Users\Technicyst Fix\Downloads\M2TStoAVIMP4DVDSetup.exe
2012-03-11 11:11 - 2012-03-11 11:11 - 0463080 ____A (CNET Download.com) C:\Users\Technicyst Fix\Downloads\cnet2_M2TStoAVIMP4DVDSetup_exe.exe
2012-03-08 12:21 - 2011-08-04 09:13 - 0000000 ____D C:\Users\Technicyst Fix\Desktop\Misc Albums
2012-03-07 23:09 - 2011-12-26 12:10 - 0000000 ____D C:\Users\Technicyst Fix\Panasonic Videos Backup
2012-03-05 23:54 - 2012-03-05 23:50 - 131530734 ____A C:\Users\Technicyst Fix\Downloads\Mr010Evilution-MockradarAlumni.zip
2012-03-04 17:52 - 2012-03-04 15:56 - 1471633408 ____A C:\Users\Technicyst Fix\Downloads\The.Tooth.Fairy.2.2012.AC3.DVDRip.XViD-RemixHD.avi
2012-03-04 17:19 - 2010-04-12 16:55 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-04 15:14 - 2011-06-10 14:06 - 0000000 ____D C:\Program Files (x86)\uTorrent
2012-03-04 12:27 - 2012-02-08 13:47 - 0000000 ____D C:\Users\Technicyst Fix\My Documents\PS Vita
2012-03-04 12:27 - 2012-02-08 13:47 - 0000000 ____D C:\Users\Technicyst Fix\Documents\PS Vita
2012-03-04 12:25 - 2012-03-04 12:24 - 5217720 ____A C:\Users\Technicyst Fix\Downloads\Vita_Abstract_by_Caemgen.zip
2012-03-04 10:45 - 2009-07-13 22:20 - 0000000 __RHD C:\Users\Public\Libraries
2012-03-02 10:38 - 2012-03-02 10:38 - 0013913 ____A C:\Users\Technicyst Fix\My Documents\Leo and Dog Instructions 2012.docx
2012-03-02 10:38 - 2012-03-02 10:38 - 0013913 ____A C:\Users\Technicyst Fix\Documents\Leo and Dog Instructions 2012.docx
2012-03-02 05:03 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\rescache
2012-03-02 04:22 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-03-02 04:07 - 2012-03-02 04:04 - 0004058 ____A C:\Windows\IE9_main.log
2012-03-02 04:06 - 2012-03-02 04:06 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-03-02 04:06 - 2012-03-02 04:06 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-03-02 04:06 - 2012-03-02 04:06 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-03-02 04:06 - 2012-03-02 04:06 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-03-02 04:06 - 2012-03-02 04:06 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-03-02 04:06 - 2012-03-02 04:06 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-03-02 04:06 - 2012-03-02 04:06 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-03-02 04:06 - 2012-03-02 04:06 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-03-02 04:06 - 2012-03-02 04:06 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-03-02 04:06 - 2012-03-02 04:06 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-03-02 04:06 - 2012-03-02 04:06 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-03-02 04:06 - 2012-03-02 04:06 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-03-02 04:06 - 2012-03-02 04:06 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-03-02 04:06 - 2012-03-02 04:06 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-03-02 04:06 - 2012-03-02 04:06 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-03-02 04:06 - 2012-03-02 04:06 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-03-02 04:06 - 2012-03-02 04:06 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-03-02 04:06 - 2012-03-02 04:06 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-03-02 04:06 - 2012-03-02 04:06 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-03-02 04:06 - 2012-03-02 04:06 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-03-02 04:06 - 2012-03-02 04:06 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-03-02 04:06 - 2012-03-02 04:06 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-03-02 04:06 - 2012-03-02 04:06 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-03-02 04:06 - 2012-03-02 04:06 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-03-02 04:06 - 2012-03-02 04:06 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-03-02 04:06 - 2012-03-02 04:06 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-03-02 04:06 - 2012-03-02 04:06 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-03-02 04:06 - 2012-03-02 04:06 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-03-02 04:06 - 2012-03-02 04:06 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-02-29 12:53 - 2010-04-09 18:25 - 0000000 ____D C:\Users\Technicyst Fix\Local Settings\VirtualStore
2012-02-29 12:53 - 2010-04-09 18:25 - 0000000 ____D C:\Users\Technicyst Fix\Local Settings\Application Data\VirtualStore
2012-02-29 12:53 - 2010-04-09 18:25 - 0000000 ____D C:\Users\Technicyst Fix\AppData\Local\VirtualStore
2012-02-25 14:43 - 2012-02-25 14:43 - 4258424 ____A (McAfee, Inc.) C:\Users\Technicyst Fix\Downloads\McAfeeSetup.exe
2012-02-16 04:23 - 2010-04-09 18:25 - 0000402 __ASH C:\Users\Technicyst Fix\My Documents\desktop.ini
2012-02-16 04:23 - 2010-04-09 18:25 - 0000174 __ASH C:\Users\Technicyst Fix\Start Menu\Programs\Startup\desktop.ini
2012-02-16 04:23 - 2010-04-09 18:25 - 0000174 __ASH C:\Users\Technicyst Fix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-16 04:21 - 2010-04-06 17:23 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-15 13:02 - 2010-04-16 23:04 - 0000000 ____D C:\Users\Technicyst Fix\My Documents\Media Go
2012-02-15 13:02 - 2010-04-16 23:04 - 0000000 ____D C:\Users\Technicyst Fix\Documents\Media Go
2012-02-15 01:27 - 2012-03-14 08:20 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-15 00:44 - 2012-03-14 08:20 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-14 23:47 - 2012-03-14 08:20 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-14 23:46 - 2012-03-14 08:20 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-12 15:59 - 2011-07-25 19:02 - 0000000 ____D C:\Program Files (x86)\NanoSync
2012-02-12 15:59 - 2011-01-11 11:47 - 0000000 ____D C:\Users\All Users\Cakewalk
2012-02-12 15:59 - 2011-01-11 11:47 - 0000000 ____D C:\Users\All Users\Application Data\Cakewalk
2012-02-12 15:59 - 2011-01-11 11:47 - 0000000 ____D C:\ProgramData\Cakewalk
2012-02-12 15:59 - 2010-04-16 00:10 - 0000000 ____D C:\Users\All Users\iZotope
2012-02-12 15:59 - 2010-04-16 00:10 - 0000000 ____D C:\Users\All Users\Application Data\iZotope
2012-02-12 15:59 - 2010-04-16 00:10 - 0000000 ____D C:\ProgramData\iZotope
2012-02-12 15:59 - 2010-04-15 23:55 - 0000000 ____D C:\Program Files (x86)\iZotope
2012-02-12 15:59 - 2010-04-11 00:32 - 0000000 ____D C:\Users\Technicyst Fix\Application Data\eMusic
2012-02-12 15:59 - 2010-04-11 00:32 - 0000000 ____D C:\Users\Technicyst Fix\AppData\Roaming\eMusic
2012-02-12 15:59 - 2010-04-11 00:32 - 0000000 ____D C:\Program Files (x86)\eMusic Download Manager
2012-02-12 15:53 - 2010-04-16 23:03 - 0000000 ____D C:\Program Files (x86)\Sony
2012-02-12 15:49 - 2012-02-12 15:49 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\Technicyst Fix\Downloads\mbam--setup-1.60.1.1000.exe
2012-02-10 01:18 - 2012-03-14 08:20 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-10 01:17 - 2012-03-14 08:20 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-02-10 01:17 - 2012-03-14 08:20 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-02-10 01:17 - 2012-03-14 08:20 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-02-10 01:17 - 2012-03-14 08:20 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-02-10 00:41 - 2012-03-14 08:20 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-02-10 00:41 - 2012-03-14 08:20 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-10 00:41 - 2012-03-14 08:20 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-02-10 00:41 - 2012-03-14 08:20 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-02-10 00:41 - 2012-03-14 08:20 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-02-08 13:47 - 2012-02-08 13:47 - 0000000 ____D C:\Users\Technicyst Fix\Application Data\Sony Corporation
2012-02-08 13:47 - 2012-02-08 13:47 - 0000000 ____D C:\Users\Technicyst Fix\AppData\Roaming\Sony Corporation
2012-02-08 13:46 - 2012-02-08 13:46 - 9483792 ____A (Sony Computer Entertainment Inc. ) C:\Users\Technicyst Fix\Downloads\CMASetup.exe
2012-02-08 13:46 - 2012-02-08 13:46 - 0002152 ____A C:\Users\All Users\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation®.lnk
2012-02-04 15:47 - 2012-02-04 15:47 - 0000000 ____D C:\Users\All Users\MediaMonkey
2012-02-04 15:47 - 2012-02-04 15:47 - 0000000 ____D C:\Users\All Users\Application Data\MediaMonkey
2012-02-04 15:47 - 2012-02-04 15:47 - 0000000 ____D C:\ProgramData\MediaMonkey
2012-02-04 15:47 - 2010-10-18 21:28 - 0000000 ____D C:\Program Files (x86)\MediaMonkey
2012-02-04 15:46 - 2012-02-04 15:46 - 14208792 ____A (Ventis Media Inc. ) C:\Users\Technicyst Fix\Downloads\MediaMonkey_4.0.2.1462.exe
2012-02-04 15:44 - 2010-10-18 21:28 - 0000000 ____D C:\Users\Technicyst Fix\Local Settings\MediaMonkey
2012-02-04 15:44 - 2010-10-18 21:28 - 0000000 ____D C:\Users\Technicyst Fix\Local Settings\Application Data\MediaMonkey
2012-02-04 15:44 - 2010-10-18 21:28 - 0000000 ____D C:\Users\Technicyst Fix\AppData\Local\MediaMonkey
2012-02-04 14:58 - 2012-02-04 14:58 - 0001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-02-04 14:58 - 2012-02-04 14:58 - 0001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-02-04 14:58 - 2012-02-04 14:57 - 0000000 ____D C:\Program Files\iTunes
2012-02-04 14:58 - 2012-01-05 08:56 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-02-04 14:57 - 2012-02-04 14:57 - 0000000 ____D C:\Program Files\iPod
2012-02-02 23:16 - 2012-03-14 08:20 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-29 13:20 - 2010-06-16 16:59 - 0000000 ____D C:\Users\Technicyst Fix\Application Data\Soundplant
2012-01-29 13:20 - 2010-06-16 16:59 - 0000000 ____D C:\Users\Technicyst Fix\AppData\Roaming\Soundplant
2012-01-25 13:22 - 2011-08-04 10:40 - 0024368 ____A C:\Users\Technicyst Fix\My Documents\2011WriteOffs.xlsx
2012-01-25 13:22 - 2011-08-04 10:40 - 0024368 ____A C:\Users\Technicyst Fix\Documents\2011WriteOffs.xlsx
2012-01-25 01:27 - 2012-03-14 08:20 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-25 01:27 - 2012-03-14 08:20 - 0076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-25 01:20 - 2012-03-14 08:20 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-22 14:17 - 2012-01-22 14:17 - 0485576 ____A (Catalina Marketing Corp. ) C:\Users\Technicyst Fix\Downloads\CouponActivator.exe
2012-01-22 14:17 - 2012-01-22 14:17 - 0000000 ____D C:\Users\Technicyst Fix\Application Data\Catalina Marketing Corp
2012-01-22 14:17 - 2012-01-22 14:17 - 0000000 ____D C:\Users\Technicyst Fix\AppData\Roaming\Catalina Marketing Corp
2012-01-21 12:18 - 2012-01-21 12:18 - 0010809 ____A C:\Users\Technicyst Fix\My Documents\GroceryAbs.xlsx
2012-01-21 12:18 - 2012-01-21 12:18 - 0010809 ____A C:\Users\Technicyst Fix\Documents\GroceryAbs.xlsx
2012-01-16 16:11 - 2012-01-16 16:11 - 0000000 ____D C:\Users\All Users\Grey Alien Games
2012-01-16 16:11 - 2012-01-16 16:11 - 0000000 ____D C:\Users\All Users\Application Data\Grey Alien Games
2012-01-16 16:11 - 2012-01-16 16:11 - 0000000 ____D C:\ProgramData\Grey Alien Games
2012-01-15 23:39 - 2012-01-15 23:39 - 2533070 ____A C:\Users\Technicyst Fix\Downloads\The Abs Diet - David Zinczenko.pdf
2012-01-15 14:21 - 2012-01-15 14:18 - 0000000 ____D C:\Program Files (x86)\Mystery Case Files - Ravenhearst
2012-01-15 14:21 - 2012-01-15 14:15 - 0000000 ____D C:\BigFishGamesCache
2012-01-15 14:20 - 2012-01-15 14:20 - 0000000 ____D C:\Program Files (x86)\Nightfall Mysteries - Asylum Conspiracy
2012-01-15 14:20 - 2012-01-15 14:20 - 0000000 ____D C:\Program Files (x86)\Fairway Solitaire
2012-01-15 14:19 - 2012-01-15 14:19 - 0212224 ____A (Big Fish Games) C:\Users\Technicyst Fix\Downloads\bigfishgames_p129825039_s1_l1.exe
2012-01-15 14:18 - 2012-01-15 14:18 - 0212224 ____A (Big Fish Games) C:\Users\Technicyst Fix\Downloads\bigfishgames_p129824970_s1_l1.exe
2012-01-15 14:16 - 2012-01-15 14:16 - 0000961 ____A C:\Users\Public\Desktop\Game Manager.lnk
2012-01-15 14:16 - 2012-01-15 14:16 - 0000961 ____A C:\Users\All Users\Desktop\Game Manager.lnk
2012-01-15 14:16 - 2012-01-15 14:16 - 0000000 ____D C:\Users\All Users\Big Fish Games
2012-01-15 14:16 - 2012-01-15 14:16 - 0000000 ____D C:\Users\All Users\Application Data\Big Fish Games
2012-01-15 14:16 - 2012-01-15 14:16 - 0000000 ____D C:\ProgramData\Big Fish Games
2012-01-15 14:16 - 2012-01-15 14:16 - 0000000 ____D C:\Program Files (x86)\bfgclient
2012-01-15 14:15 - 2012-01-15 14:15 - 0212224 ____A (Big Fish Games) C:\Users\Technicyst Fix\Downloads\bigfishgames_p129824707_s1_l1.exe
2012-01-11 16:34 - 2012-01-11 16:34 - 0032828 ____A C:\Users\Technicyst Fix\Downloads\bannerfans_2784191.jpg

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 8182.99 MB
Available physical RAM: 7360.71 MB
Total Pagefile: 8181.14 MB
Available Pagefile: 7352.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (LOCAL DISK ) (Fixed) (Total:456.6 GB) (Free:184.17 GB) NTFS
2 Drive d: (DATAPART1) (Fixed) (Total:931.51 GB) (Free:610.27 GB) NTFS
4 Drive f: (WD Passport) (Fixed) (Total:55.87 GB) (Free:0.28 GB) NTFS
5 Drive g: (CODEMETER) (Removable) (Total:0.04 GB) (Free:0 GB) FAT32
6 Drive h: (RECOVERY) (Fixed) (Total:9.12 GB) (Free:4.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]
7 Drive i: (KINGSTON) (Removable) (Total:7.5 GB) (Free:1.04 GB) FAT32
12 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 931 GB 0 B
Disk 2 Online 7692 MB 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B
Disk 7 Online 39 MB 0 B
Disk 8 Online 55 GB 14 MB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 9 GB 40 MB
Partition 3 Primary 456 GB 9 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 11 FAT Partition 39 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 H RECOVERY NTFS Partition 9 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C LOCAL DISK NTFS Partition 456 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 1024 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D DATAPART1 NTFS Partition 931 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7690 MB 1044 KB

======================================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 I KINGSTON FAT32 Removable 7690 MB Healthy

======================================================================================================

Partitions of Disk 7:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 39 MB 31 KB

======================================================================================================

Disk: 7
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 G CODEMETER FAT32 Removable 39 MB Healthy

======================================================================================================

Partitions of Disk 8:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 55 GB 31 KB

======================================================================================================

Disk: 8
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 10 F WD Passport NTFS Partition 55 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-30 17:50

======================= End Of Log ==========================

#8 gringo_pr

Bleepin Gringo

Malware Response Team
122,845 posts

Gender:Male
Location:Puerto rico

Posted 07 April 2012 - 08:31 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ==> ZeroAccess
2 imagedrv; C:\Windows\System32\icam4usb.dll [6656 2009-07-13] (Oak Technology Inc.)
C:\Windows\System32\icam4usb.dll
NETSVC: imagedrv

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]

#9 dreamcrasher

New Member

Members
11 posts

Posted 07 April 2012 - 09:06 PM

Here's the Fixlog. Thanks again, Gringo!

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-04-07 21:03:55 R:1
Running from I:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
imagedrv service deleted successfully.
C:\Windows\System32\icam4usb.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs imagedrv not found.

==== End of Fixlog ====

#10 gringo_pr

Bleepin Gringo

Malware Response Team
122,845 posts

Gender:Male
Location:Puerto rico

Posted 07 April 2012 - 09:18 PM

Hello

try and run tdsskiller and aswMBR now

gringo

#11 dreamcrasher

New Member

Members
11 posts

Posted 07 April 2012 - 11:54 PM

Sorry for the delay. I was able to run the programs this time. Here are the logs:

TDSSKiller:
22:37:50.0911 7024 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
22:37:51.0597 7024 ============================================================
22:37:51.0597 7024 Current date / time: 2012/04/07 22:37:51.0597
22:37:51.0597 7024 SystemInfo:
22:37:51.0597 7024
22:37:51.0597 7024 OS Version: 6.1.7600 ServicePack: 0.0
22:37:51.0597 7024 Product type: Workstation
22:37:51.0597 7024 ComputerName: TECHNICYSTFIX
22:37:51.0597 7024 UserName: Technicyst Fix
22:37:51.0597 7024 Windows directory: C:\Windows
22:37:51.0597 7024 System windows directory: C:\Windows
22:37:51.0597 7024 Running under WOW64
22:37:51.0597 7024 Processor architecture: Intel x64
22:37:51.0597 7024 Number of processors: 8
22:37:51.0597 7024 Page size: 0x1000
22:37:51.0597 7024 Boot type: Normal boot
22:37:51.0597 7024 ============================================================
22:38:00.0801 7024 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:38:00.0801 7024 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:38:00.0801 7024 Drive \Device\Harddisk2\DR2 - Size: 0x2740000 (0.04 Gb), SectorSize: 0x200, Cylinders: 0x5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:38:00.0801 7024 Drive \Device\Harddisk3\DR3 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:38:01.0129 7024 \Device\Harddisk0\DR0:
22:38:01.0129 7024 MBR used
22:38:01.0129 7024 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x123F000
22:38:01.0129 7024 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1253000, BlocksNum 0x39132800
22:38:01.0129 7024 \Device\Harddisk1\DR1:
22:38:01.0129 7024 MBR used
22:38:01.0129 7024 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
22:38:01.0129 7024 \Device\Harddisk2\DR2:
22:38:01.0129 7024 MBR used
22:38:01.0129 7024 \Device\Harddisk2\DR2\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x13986
22:38:01.0129 7024 \Device\Harddisk3\DR3:
22:38:01.0129 7024 MBR used
22:38:01.0129 7024 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FBFEBF
22:38:01.0285 7024 Initialize success
22:38:01.0285 7024 ============================================================
22:38:07.0306 4552 ============================================================
22:38:07.0306 4552 Scan started
22:38:07.0306 4552 Mode: Manual;
22:38:07.0306 4552 ============================================================
22:38:07.0681 4552 0242461333814782mcinstcleanup - ok
22:38:07.0774 4552 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
22:38:07.0774 4552 1394ohci - ok
22:38:07.0790 4552 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
22:38:07.0790 4552 ACPI - ok
22:38:07.0805 4552 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
22:38:07.0821 4552 AcpiPmi - ok
22:38:07.0915 4552 AcrSch2Svc (2fa64c2e62f1b30e2ff70578b9babdcd) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
22:38:07.0930 4552 AcrSch2Svc - ok
22:38:08.0024 4552 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:38:08.0039 4552 AdobeFlashPlayerUpdateSvc - ok
22:38:08.0071 4552 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:38:08.0102 4552 adp94xx - ok
22:38:08.0117 4552 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:38:08.0133 4552 adpahci - ok
22:38:08.0149 4552 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:38:08.0164 4552 adpu320 - ok
22:38:08.0195 4552 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:38:08.0195 4552 AeLookupSvc - ok
22:38:08.0258 4552 afcdp (ae1fce2cd1e99bea89183ba8cd320872) C:\Windows\system32\DRIVERS\afcdp.sys
22:38:08.0258 4552 afcdp - ok
22:38:08.0398 4552 afcdpsrv (af44f7e027037628f1fac3c13cde73e6) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
22:38:08.0429 4552 afcdpsrv - ok
22:38:08.0492 4552 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
22:38:08.0507 4552 AFD - ok
22:38:08.0523 4552 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
22:38:08.0523 4552 agp440 - ok
22:38:08.0539 4552 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:38:08.0539 4552 ALG - ok
22:38:08.0570 4552 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
22:38:08.0570 4552 aliide - ok
22:38:08.0585 4552 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
22:38:08.0585 4552 amdide - ok
22:38:08.0617 4552 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:38:08.0632 4552 AmdK8 - ok
22:38:08.0648 4552 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:38:08.0663 4552 AmdPPM - ok
22:38:08.0679 4552 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
22:38:08.0695 4552 amdsata - ok
22:38:08.0726 4552 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:38:08.0741 4552 amdsbs - ok
22:38:08.0741 4552 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
22:38:08.0741 4552 amdxata - ok
22:38:08.0851 4552 Amsp (18f64623e76ff58009d6f9cb9dea5d0a) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
22:38:08.0851 4552 Amsp - ok
22:38:08.0882 4552 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
22:38:08.0882 4552 AppID - ok
22:38:08.0897 4552 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:38:08.0913 4552 AppIDSvc - ok
22:38:08.0960 4552 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
22:38:08.0960 4552 Appinfo - ok
22:38:09.0053 4552 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:38:09.0069 4552 Apple Mobile Device - ok
22:38:09.0100 4552 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:38:09.0100 4552 arc - ok
22:38:09.0116 4552 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:38:09.0131 4552 arcsas - ok
22:38:09.0163 4552 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:38:09.0163 4552 AsyncMac - ok
22:38:09.0209 4552 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
22:38:09.0209 4552 atapi - ok
22:38:09.0256 4552 athr (e0fabc10635c670bd7d89fd214a405d7) C:\Windows\system32\DRIVERS\athrx.sys
22:38:09.0303 4552 athr - ok
22:38:09.0365 4552 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
22:38:09.0381 4552 AudioEndpointBuilder - ok
22:38:09.0381 4552 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
22:38:09.0397 4552 AudioSrv - ok
22:38:09.0443 4552 automap (203369064b1593fb15902736892ca49c) C:\Windows\system32\DRIVERS\automap.sys
22:38:09.0459 4552 automap - ok
22:38:09.0490 4552 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
22:38:09.0490 4552 AxInstSV - ok
22:38:09.0553 4552 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:38:09.0568 4552 b06bdrv - ok
22:38:09.0584 4552 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:38:09.0599 4552 b57nd60a - ok
22:38:09.0709 4552 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
22:38:09.0740 4552 BBSvc - ok
22:38:09.0771 4552 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:38:09.0771 4552 BDESVC - ok
22:38:09.0787 4552 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:38:09.0787 4552 Beep - ok
22:38:09.0849 4552 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
22:38:09.0865 4552 BFE - ok
22:38:09.0911 4552 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
22:38:09.0927 4552 BITS - ok
22:38:09.0943 4552 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:38:09.0958 4552 blbdrive - ok
22:38:10.0021 4552 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:38:10.0036 4552 Bonjour Service - ok
22:38:10.0052 4552 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
22:38:10.0052 4552 bowser - ok
22:38:10.0067 4552 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:38:10.0083 4552 BrFiltLo - ok
22:38:10.0099 4552 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:38:10.0114 4552 BrFiltUp - ok
22:38:10.0161 4552 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:38:10.0161 4552 BridgeMP - ok
22:38:10.0177 4552 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
22:38:10.0177 4552 Browser - ok
22:38:10.0208 4552 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:38:10.0223 4552 Brserid - ok
22:38:10.0255 4552 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:38:10.0255 4552 BrSerWdm - ok
22:38:10.0301 4552 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:38:10.0301 4552 BrUsbMdm - ok
22:38:10.0317 4552 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:38:10.0333 4552 BrUsbSer - ok
22:38:10.0348 4552 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:38:10.0364 4552 BTHMODEM - ok
22:38:10.0395 4552 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:38:10.0395 4552 bthserv - ok
22:38:10.0442 4552 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
22:38:10.0457 4552 BVRPMPR5a64 - ok
22:38:10.0489 4552 catchme - ok
22:38:10.0520 4552 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:38:10.0520 4552 cdfs - ok
22:38:10.0567 4552 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
22:38:10.0582 4552 cdrom - ok
22:38:10.0645 4552 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
22:38:10.0645 4552 CertPropSvc - ok
22:38:10.0691 4552 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
22:38:10.0707 4552 cfwids - ok
22:38:10.0754 4552 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:38:10.0769 4552 circlass - ok
22:38:10.0801 4552 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:38:10.0801 4552 CLFS - ok
22:38:10.0832 4552 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:38:10.0847 4552 clr_optimization_v2.0.50727_32 - ok
22:38:10.0863 4552 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:38:10.0879 4552 clr_optimization_v2.0.50727_64 - ok
22:38:10.0941 4552 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:38:10.0957 4552 clr_optimization_v4.0.30319_32 - ok
22:38:11.0003 4552 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:38:11.0003 4552 clr_optimization_v4.0.30319_64 - ok
22:38:11.0035 4552 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:38:11.0050 4552 CmBatt - ok
22:38:11.0097 4552 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
22:38:11.0097 4552 cmdide - ok
22:38:11.0128 4552 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
22:38:11.0144 4552 CNG - ok
22:38:11.0253 4552 CodeMeter.exe (1c15404ea8fc42dab8a7b3765ed53e58) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
22:38:11.0284 4552 CodeMeter.exe - ok
22:38:11.0362 4552 COMMONFX (b5ccc5093405dcb1485193982ccd647f) C:\Windows\system32\drivers\COMMONFX.SYS
22:38:11.0362 4552 COMMONFX - ok
22:38:11.0378 4552 COMMONFX.SYS (b5ccc5093405dcb1485193982ccd647f) C:\Windows\System32\drivers\COMMONFX.SYS
22:38:11.0378 4552 COMMONFX.SYS - ok
22:38:11.0409 4552 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:38:11.0425 4552 Compbatt - ok
22:38:11.0440 4552 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:38:11.0440 4552 CompositeBus - ok
22:38:11.0456 4552 COMSysApp - ok
22:38:11.0487 4552 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:38:11.0503 4552 crcdisk - ok
22:38:11.0549 4552 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
22:38:11.0596 4552 Creative ALchemy AL6 Licensing Service - ok
22:38:11.0612 4552 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
22:38:11.0643 4552 Creative Audio Engine Licensing Service - ok
22:38:11.0690 4552 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
22:38:11.0705 4552 CryptSvc - ok
22:38:11.0721 4552 CT20XUT (171385080a6d86fa0917eeb905f3b3d6) C:\Windows\system32\drivers\CT20XUT.SYS
22:38:11.0737 4552 CT20XUT - ok
22:38:11.0752 4552 CT20XUT.SYS (171385080a6d86fa0917eeb905f3b3d6) C:\Windows\System32\drivers\CT20XUT.SYS
22:38:11.0752 4552 CT20XUT.SYS - ok
22:38:11.0799 4552 ctac32k (d9bef22d893591f18a0a4404cef26210) C:\Windows\system32\drivers\ctac32k.sys
22:38:11.0815 4552 ctac32k - ok
22:38:11.0846 4552 ctaud2k (123ec60c8166da76fc52b28444b95233) C:\Windows\system32\drivers\ctaud2k.sys
22:38:11.0846 4552 ctaud2k - ok
22:38:11.0861 4552 CTAUDFX (e3117f747692d3de9c692a6240742876) C:\Windows\system32\drivers\CTAUDFX.SYS
22:38:11.0893 4552 CTAUDFX - ok
22:38:11.0908 4552 CTAUDFX.SYS (e3117f747692d3de9c692a6240742876) C:\Windows\System32\drivers\CTAUDFX.SYS
22:38:11.0924 4552 CTAUDFX.SYS - ok
22:38:11.0939 4552 CTEAPSFX (17697718d0df41a688161acddca0611b) C:\Windows\system32\drivers\CTEAPSFX.SYS
22:38:11.0939 4552 CTEAPSFX - ok
22:38:12.0002 4552 CTEAPSFX.SYS (17697718d0df41a688161acddca0611b) C:\Windows\System32\drivers\CTEAPSFX.SYS
22:38:12.0002 4552 CTEAPSFX.SYS - ok
22:38:12.0080 4552 CTEDSPFX (479cf27e360c4996bd281c93c91163e2) C:\Windows\system32\drivers\CTEDSPFX.SYS
22:38:12.0111 4552 CTEDSPFX - ok
22:38:12.0127 4552 CTEDSPFX.SYS (479cf27e360c4996bd281c93c91163e2) C:\Windows\System32\drivers\CTEDSPFX.SYS
22:38:12.0127 4552 CTEDSPFX.SYS - ok
22:38:12.0142 4552 CTEDSPIO (02175d1716a6648a527deaf6d98acede) C:\Windows\system32\drivers\CTEDSPIO.SYS
22:38:12.0173 4552 CTEDSPIO - ok
22:38:12.0189 4552 CTEDSPIO.SYS (02175d1716a6648a527deaf6d98acede) C:\Windows\System32\drivers\CTEDSPIO.SYS
22:38:12.0189 4552 CTEDSPIO.SYS - ok
22:38:12.0205 4552 CTEDSPSY (c839b43a9fddd0a74db72566aa8c5e9c) C:\Windows\system32\drivers\CTEDSPSY.SYS
22:38:12.0236 4552 CTEDSPSY - ok
22:38:12.0251 4552 CTEDSPSY.SYS (c839b43a9fddd0a74db72566aa8c5e9c) C:\Windows\System32\drivers\CTEDSPSY.SYS
22:38:12.0251 4552 CTEDSPSY.SYS - ok
22:38:12.0267 4552 CTERFXFX (3edfdc832c4b6446d7301262a8e20e38) C:\Windows\system32\drivers\CTERFXFX.SYS
22:38:12.0267 4552 CTERFXFX - ok
22:38:12.0283 4552 CTERFXFX.SYS (3edfdc832c4b6446d7301262a8e20e38) C:\Windows\System32\drivers\CTERFXFX.SYS
22:38:12.0283 4552 CTERFXFX.SYS - ok
22:38:12.0314 4552 CTEXFIFX (97c57b1245cc83220f8cefd4f0e88c9a) C:\Windows\system32\drivers\CTEXFIFX.SYS
22:38:12.0361 4552 CTEXFIFX - ok
22:38:12.0376 4552 CTEXFIFX.SYS (97c57b1245cc83220f8cefd4f0e88c9a) C:\Windows\System32\drivers\CTEXFIFX.SYS
22:38:12.0392 4552 CTEXFIFX.SYS - ok
22:38:12.0407 4552 CTHWIUT (b24a34a4c578a33e366e7c5b1f208615) C:\Windows\system32\drivers\CTHWIUT.SYS
22:38:12.0407 4552 CTHWIUT - ok
22:38:12.0423 4552 CTHWIUT.SYS (b24a34a4c578a33e366e7c5b1f208615) C:\Windows\System32\drivers\CTHWIUT.SYS
22:38:12.0423 4552 CTHWIUT.SYS - ok
22:38:12.0454 4552 ctprxy2k (ec1cc15b0eba6e4ff830635adbb72577) C:\Windows\system32\drivers\ctprxy2k.sys
22:38:12.0470 4552 ctprxy2k - ok
22:38:12.0485 4552 CTSBLFX (f71dc35275da590322caa4984b7298e2) C:\Windows\system32\drivers\CTSBLFX.SYS
22:38:12.0532 4552 CTSBLFX - ok
22:38:12.0657 4552 CTSBLFX.SYS (f71dc35275da590322caa4984b7298e2) C:\Windows\System32\drivers\CTSBLFX.SYS
22:38:12.0657 4552 CTSBLFX.SYS - ok
22:38:12.0688 4552 ctsfm2k (c2898531a1d40c667718c4d17b7b6535) C:\Windows\system32\drivers\ctsfm2k.sys
22:38:12.0704 4552 ctsfm2k - ok
22:38:12.0766 4552 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
22:38:12.0766 4552 DcomLaunch - ok
22:38:12.0797 4552 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:38:12.0797 4552 defragsvc - ok
22:38:12.0844 4552 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
22:38:12.0844 4552 DfsC - ok
22:38:12.0860 4552 DgiVecp - ok
22:38:12.0907 4552 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
22:38:12.0907 4552 Dhcp - ok
22:38:12.0938 4552 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:38:12.0938 4552 discache - ok
22:38:12.0969 4552 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:38:12.0969 4552 Disk - ok
22:38:12.0985 4552 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
22:38:12.0985 4552 Dnscache - ok
22:38:13.0047 4552 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
22:38:13.0063 4552 DockLoginService - ok
22:38:13.0078 4552 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
22:38:13.0078 4552 dot3svc - ok
22:38:13.0094 4552 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
22:38:13.0094 4552 DPS - ok
22:38:13.0125 4552 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:38:13.0125 4552 drmkaud - ok
22:38:13.0187 4552 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
22:38:13.0187 4552 DXGKrnl - ok
22:38:13.0234 4552 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:38:13.0234 4552 EapHost - ok
22:38:13.0297 4552 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:38:13.0609 4552 ebdrv - ok
22:38:13.0655 4552 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
22:38:13.0655 4552 EFS - ok
22:38:13.0749 4552 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
22:38:13.0749 4552 ehRecvr - ok
22:38:13.0780 4552 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:38:13.0780 4552 ehSched - ok
22:38:13.0811 4552 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:38:13.0827 4552 elxstor - ok
22:38:13.0874 4552 emupia (6d659870c46798650eb272586aefb2d5) C:\Windows\system32\drivers\emupia2k.sys
22:38:13.0874 4552 emupia - ok
22:38:13.0921 4552 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
22:38:13.0936 4552 ErrDev - ok
22:38:13.0967 4552 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:38:13.0967 4552 EventSystem - ok
22:38:13.0999 4552 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:38:13.0999 4552 exfat - ok
22:38:14.0014 4552 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:38:14.0014 4552 fastfat - ok
22:38:14.0061 4552 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
22:38:14.0061 4552 Fax - ok
22:38:14.0092 4552 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:38:14.0092 4552 fdc - ok
22:38:14.0123 4552 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:38:14.0123 4552 fdPHost - ok
22:38:14.0139 4552 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:38:14.0139 4552 FDResPub - ok
22:38:14.0170 4552 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:38:14.0170 4552 FileInfo - ok
22:38:14.0186 4552 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:38:14.0186 4552 Filetrace - ok
22:38:14.0217 4552 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:38:14.0217 4552 flpydisk - ok
22:38:14.0233 4552 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
22:38:14.0248 4552 FltMgr - ok
22:38:14.0295 4552 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
22:38:14.0295 4552 FontCache - ok
22:38:14.0373 4552 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:38:14.0373 4552 FontCache3.0.0.0 - ok
22:38:14.0389 4552 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:38:14.0389 4552 FsDepends - ok
22:38:14.0420 4552 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:38:14.0420 4552 Fs_Rec - ok
22:38:14.0451 4552 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:38:14.0451 4552 fvevol - ok
22:38:14.0467 4552 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:38:14.0482 4552 gagp30kx - ok
22:38:14.0529 4552 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:38:14.0545 4552 GEARAspiWDM - ok
22:38:14.0591 4552 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
22:38:14.0607 4552 GoToAssist - ok
22:38:14.0654 4552 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
22:38:14.0669 4552 gpsvc - ok
22:38:14.0716 4552 ha10kx2k (ff29ba67431a7ebd8b0c8d70f0b5672c) C:\Windows\system32\drivers\ha10kx2k.sys
22:38:14.0747 4552 ha10kx2k - ok
22:38:14.0763 4552 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:38:14.0763 4552 hcw85cir - ok
22:38:14.0779 4552 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:38:14.0779 4552 HDAudBus - ok
22:38:14.0794 4552 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:38:14.0810 4552 HidBatt - ok
22:38:14.0825 4552 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:38:14.0841 4552 HidBth - ok
22:38:14.0872 4552 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:38:14.0888 4552 HidIr - ok
22:38:14.0903 4552 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
22:38:14.0903 4552 hidserv - ok
22:38:14.0935 4552 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
22:38:14.0950 4552 HidUsb - ok
22:38:14.0966 4552 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
22:38:14.0966 4552 hkmsvc - ok
22:38:14.0997 4552 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
22:38:14.0997 4552 HomeGroupListener - ok
22:38:15.0044 4552 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
22:38:15.0044 4552 HomeGroupProvider - ok
22:38:15.0059 4552 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
22:38:15.0075 4552 HpSAMD - ok
22:38:15.0106 4552 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
22:38:15.0106 4552 HTTP - ok
22:38:15.0122 4552 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
22:38:15.0122 4552 hwpolicy - ok
22:38:15.0153 4552 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:38:15.0169 4552 i8042prt - ok
22:38:15.0215 4552 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
22:38:15.0231 4552 IAANTMON - ok
22:38:15.0262 4552 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
22:38:15.0262 4552 iaStor - ok
22:38:15.0293 4552 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
22:38:15.0309 4552 iaStorV - ok
22:38:15.0371 4552 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:38:15.0387 4552 idsvc - ok
22:38:15.0418 4552 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:38:15.0434 4552 iirsp - ok
22:38:15.0496 4552 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
22:38:15.0512 4552 IKEEXT - ok
22:38:15.0574 4552 IntcAzAudAddService (2a7cf87be453241fe0baa1c8651e7aa4) C:\Windows\system32\drivers\RTKVHD64.sys
22:38:15.0605 4552 IntcAzAudAddService - ok
22:38:15.0621 4552 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
22:38:15.0637 4552 intelide - ok
22:38:15.0652 4552 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:38:15.0652 4552 intelppm - ok
22:38:15.0668 4552 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:38:15.0683 4552 IPBusEnum - ok
22:38:15.0699 4552 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:38:15.0699 4552 IpFilterDriver - ok
22:38:15.0746 4552 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
22:38:15.0761 4552 iphlpsvc - ok
22:38:15.0777 4552 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:38:15.0793 4552 IPMIDRV - ok
22:38:15.0808 4552 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:38:15.0808 4552 IPNAT - ok
22:38:15.0855 4552 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
22:38:15.0871 4552 iPod Service - ok
22:38:15.0902 4552 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:38:15.0902 4552 IRENUM - ok
22:38:15.0933 4552 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
22:38:15.0949 4552 isapnp - ok
22:38:15.0964 4552 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
22:38:15.0980 4552 iScsiPrt - ok
22:38:16.0011 4552 JRAID (71235f7baa7e5e79d38157df7a0f806a) C:\Windows\system32\DRIVERS\jraid.sys
22:38:16.0011 4552 JRAID - ok
22:38:16.0027 4552 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:38:16.0042 4552 kbdclass - ok
22:38:16.0042 4552 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
22:38:16.0058 4552 kbdhid - ok
22:38:16.0105 4552 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:38:16.0105 4552 KeyIso - ok
22:38:16.0120 4552 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
22:38:16.0120 4552 KSecDD - ok
22:38:16.0136 4552 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
22:38:16.0136 4552 KSecPkg - ok
22:38:16.0151 4552 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:38:16.0151 4552 ksthunk - ok
22:38:16.0183 4552 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:38:16.0183 4552 KtmRm - ok
22:38:16.0245 4552 L6GX (fab1c54d2e9c3210036275e7122d1865) C:\Windows\system32\Drivers\L6GX64.sys
22:38:16.0276 4552 L6GX - ok
22:38:16.0323 4552 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
22:38:16.0339 4552 LanmanServer - ok
22:38:16.0339 4552 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
22:38:16.0354 4552 LanmanWorkstation - ok
22:38:16.0370 4552 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:38:16.0370 4552 lltdio - ok
22:38:16.0401 4552 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:38:16.0401 4552 lltdsvc - ok
22:38:16.0432 4552 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:38:16.0432 4552 lmhosts - ok
22:38:16.0463 4552 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:38:16.0463 4552 LSI_FC - ok
22:38:16.0495 4552 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:38:16.0495 4552 LSI_SAS - ok
22:38:16.0510 4552 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:38:16.0526 4552 LSI_SAS2 - ok
22:38:16.0541 4552 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:38:16.0557 4552 LSI_SCSI - ok
22:38:16.0573 4552 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:38:16.0573 4552 luafv - ok
22:38:16.0666 4552 McMPFSvc - ok
22:38:16.0729 4552 McShield (4a463d645b48bb487ca7df12ba5d1602) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
22:38:16.0744 4552 McShield - ok
22:38:16.0791 4552 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
22:38:16.0807 4552 Mcx2Svc - ok
22:38:16.0822 4552 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:38:16.0838 4552 megasas - ok
22:38:16.0853 4552 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:38:16.0869 4552 MegaSR - ok
22:38:16.0931 4552 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
22:38:16.0947 4552 mfeapfk - ok
22:38:16.0978 4552 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
22:38:16.0994 4552 mfeavfk - ok
22:38:17.0041 4552 mfefire (c53b7aba204d9f7e9568ec147a1485c5) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
22:38:17.0056 4552 mfefire - ok
22:38:17.0072 4552 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
22:38:17.0087 4552 mfefirek - ok
22:38:17.0134 4552 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
22:38:17.0150 4552 mfehidk - ok
22:38:17.0165 4552 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
22:38:17.0181 4552 mfenlfk - ok
22:38:17.0212 4552 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
22:38:17.0228 4552 mferkdet - ok
22:38:17.0290 4552 mfevtp (3ed58a36f7f7d60f0ef44d29810b0b80) C:\Windows\system32\mfevtps.exe
22:38:17.0290 4552 mfevtp - ok
22:38:17.0321 4552 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
22:38:17.0321 4552 mfewfpk - ok
22:38:17.0399 4552 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:38:17.0415 4552 Microsoft Office Groove Audit Service - ok
22:38:17.0446 4552 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:38:17.0446 4552 MMCSS - ok
22:38:17.0493 4552 MOBCleanup - ok
22:38:17.0524 4552 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:38:17.0524 4552 Modem - ok
22:38:17.0555 4552 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:38:17.0555 4552 monitor - ok
22:38:17.0587 4552 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:38:17.0602 4552 mouclass - ok
22:38:17.0618 4552 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:38:17.0633 4552 mouhid - ok
22:38:17.0649 4552 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
22:38:17.0665 4552 mountmgr - ok
22:38:17.0680 4552 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
22:38:17.0696 4552 mpio - ok
22:38:17.0711 4552 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:38:17.0711 4552 mpsdrv - ok
22:38:17.0774 4552 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
22:38:17.0789 4552 MpsSvc - ok
22:38:17.0805 4552 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
22:38:17.0805 4552 MRxDAV - ok
22:38:17.0821 4552 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:38:17.0821 4552 mrxsmb - ok
22:38:17.0836 4552 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:38:17.0852 4552 mrxsmb10 - ok
22:38:17.0867 4552 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:38:17.0867 4552 mrxsmb20 - ok
22:38:17.0883 4552 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
22:38:17.0883 4552 msahci - ok
22:38:17.0914 4552 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
22:38:17.0914 4552 msdsm - ok
22:38:17.0961 4552 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:38:17.0961 4552 MSDTC - ok
22:38:17.0992 4552 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:38:17.0992 4552 Msfs - ok
22:38:18.0008 4552 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:38:18.0023 4552 mshidkmdf - ok
22:38:18.0039 4552 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
22:38:18.0039 4552 msisadrv - ok
22:38:18.0070 4552 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:38:18.0086 4552 MSiSCSI - ok
22:38:18.0086 4552 msiserver - ok
22:38:18.0117 4552 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:38:18.0117 4552 MSKSSRV - ok
22:38:18.0148 4552 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:38:18.0148 4552 MSPCLOCK - ok
22:38:18.0148 4552 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:38:18.0148 4552 MSPQM - ok
22:38:18.0179 4552 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
22:38:18.0179 4552 MsRPC - ok
22:38:18.0211 4552 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
22:38:18.0211 4552 mssmbios - ok
22:38:18.0226 4552 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:38:18.0226 4552 MSTEE - ok
22:38:18.0242 4552 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:38:18.0242 4552 MTConfig - ok
22:38:18.0257 4552 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:38:18.0257 4552 Mup - ok
22:38:18.0304 4552 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
22:38:18.0304 4552 napagent - ok
22:38:18.0335 4552 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:38:18.0335 4552 NativeWifiP - ok
22:38:18.0367 4552 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
22:38:18.0382 4552 NDIS - ok
22:38:18.0398 4552 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:38:18.0398 4552 NdisCap - ok
22:38:18.0429 4552 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:38:18.0429 4552 NdisTapi - ok
22:38:18.0445 4552 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
22:38:18.0445 4552 Ndisuio - ok
22:38:18.0476 4552 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:38:18.0476 4552 NdisWan - ok
22:38:18.0507 4552 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
22:38:18.0507 4552 NDProxy - ok
22:38:18.0523 4552 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:38:18.0523 4552 NetBIOS - ok
22:38:18.0554 4552 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
22:38:18.0554 4552 NetBT - ok
22:38:18.0601 4552 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:38:18.0601 4552 Netlogon - ok
22:38:18.0632 4552 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:38:18.0632 4552 Netman - ok
22:38:18.0647 4552 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:38:18.0647 4552 netprofm - ok
22:38:18.0694 4552 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:38:18.0710 4552 NetTcpPortSharing - ok
22:38:18.0741 4552 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:38:18.0757 4552 nfrd960 - ok
22:38:18.0913 4552 NIHardwareService (503c365aa11a0e42a110a6c20632a1e8) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
22:38:18.0944 4552 NIHardwareService - ok
22:38:18.0975 4552 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
22:38:18.0991 4552 NlaSvc - ok
22:38:19.0006 4552 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:38:19.0006 4552 Npfs - ok
22:38:19.0022 4552 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:38:19.0022 4552 nsi - ok
22:38:19.0037 4552 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:38:19.0037 4552 nsiproxy - ok
22:38:19.0100 4552 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
22:38:19.0131 4552 Ntfs - ok
22:38:19.0147 4552 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:38:19.0147 4552 Null - ok
22:38:19.0318 4552 nvlddmkm (feffc8474be060ea7349a172b9810415) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:38:19.0365 4552 nvlddmkm - ok
22:38:19.0412 4552 NvnUsbAudio (42f517c2308fa6ebcd2b334f8827ca56) C:\Windows\system32\DRIVERS\nvnusbaudio.sys
22:38:19.0427 4552 NvnUsbAudio - ok
22:38:19.0443 4552 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
22:38:19.0474 4552 nvraid - ok
22:38:19.0490 4552 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
22:38:19.0505 4552 nvstor - ok
22:38:19.0521 4552 nvsvc (18aa5ff4ee3fe45a64b98589c62b7fc0) C:\Windows\system32\nvvsvc.exe
22:38:19.0537 4552 nvsvc - ok
22:38:19.0552 4552 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
22:38:19.0568 4552 nv_agp - ok
22:38:19.0646 4552 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:38:19.0677 4552 odserv - ok
22:38:19.0693 4552 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
22:38:19.0693 4552 ohci1394 - ok
22:38:19.0724 4552 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:38:19.0724 4552 ose - ok
22:38:19.0771 4552 ossrv (e26c2c2f424abe0c2a9f16536f853e08) C:\Windows\system32\drivers\ctoss2k.sys
22:38:19.0786 4552 ossrv - ok
22:38:19.0817 4552 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:38:19.0817 4552 p2pimsvc - ok
22:38:19.0849 4552 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:38:19.0849 4552 p2psvc - ok
22:38:19.0864 4552 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:38:19.0880 4552 Parport - ok
22:38:19.0895 4552 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
22:38:19.0895 4552 partmgr - ok
22:38:19.0911 4552 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:38:19.0911 4552 PcaSvc - ok
22:38:19.0942 4552 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
22:38:19.0942 4552 pci - ok
22:38:19.0958 4552 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
22:38:19.0973 4552 pciide - ok
22:38:19.0973 4552 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:38:20.0005 4552 pcmcia - ok
22:38:20.0020 4552 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:38:20.0020 4552 pcw - ok
22:38:20.0036 4552 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:38:20.0051 4552 PEAUTH - ok
22:38:20.0098 4552 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:38:20.0098 4552 PerfHost - ok
22:38:20.0161 4552 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
22:38:20.0207 4552 pla - ok
22:38:20.0254 4552 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
22:38:20.0254 4552 PlugPlay - ok
22:38:20.0285 4552 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:38:20.0285 4552 PNRPAutoReg - ok
22:38:20.0317 4552 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:38:20.0317 4552 PNRPsvc - ok
22:38:20.0363 4552 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
22:38:20.0363 4552 PolicyAgent - ok
22:38:20.0395 4552 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:38:20.0395 4552 Power - ok
22:38:20.0441 4552 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
22:38:20.0457 4552 PptpMiniport - ok
22:38:20.0473 4552 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:38:20.0488 4552 Processor - ok
22:38:20.0504 4552 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
22:38:20.0519 4552 ProfSvc - ok
22:38:20.0519 4552 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:38:20.0535 4552 ProtectedStorage - ok
22:38:20.0566 4552 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
22:38:20.0566 4552 Psched - ok
22:38:20.0613 4552 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
22:38:20.0613 4552 PxHlpa64 - ok
22:38:20.0660 4552 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:38:20.0707 4552 ql2300 - ok
22:38:20.0722 4552 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:38:20.0738 4552 ql40xx - ok
22:38:20.0753 4552 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:38:20.0753 4552 QWAVE - ok
22:38:20.0769 4552 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:38:20.0769 4552 QWAVEdrv - ok
22:38:20.0785 4552 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:38:20.0785 4552 RasAcd - ok
22:38:20.0831 4552 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:38:20.0831 4552 RasAgileVpn - ok
22:38:20.0847 4552 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:38:20.0863 4552 RasAuto - ok
22:38:20.0894 4552 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:38:20.0894 4552 Rasl2tp - ok
22:38:20.0941 4552 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
22:38:20.0956 4552 RasMan - ok
22:38:20.0972 4552 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:38:20.0972 4552 RasPppoe - ok
22:38:20.0987 4552 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:38:20.0987 4552 RasSstp - ok
22:38:21.0003 4552 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
22:38:21.0019 4552 rdbss - ok
22:38:21.0034 4552 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:38:21.0034 4552 rdpbus - ok
22:38:21.0065 4552 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:38:21.0065 4552 RDPCDD - ok
22:38:21.0081 4552 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:38:21.0081 4552 RDPENCDD - ok
22:38:21.0081 4552 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:38:21.0097 4552 RDPREFMP - ok
22:38:21.0112 4552 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
22:38:21.0112 4552 RDPWD - ok
22:38:21.0143 4552 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
22:38:21.0143 4552 rdyboost - ok
22:38:21.0175 4552 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:38:21.0175 4552 RemoteAccess - ok
22:38:21.0190 4552 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:38:21.0206 4552 RemoteRegistry - ok
22:38:21.0440 4552 RoxMediaDB10 (05fc44d32a144925eae45570029fd6e1) c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
22:38:21.0487 4552 RoxMediaDB10 - ok
22:38:21.0502 4552 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:38:21.0502 4552 RpcEptMapper - ok
22:38:21.0518 4552 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:38:21.0518 4552 RpcLocator - ok
22:38:21.0580 4552 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
22:38:21.0580 4552 RpcSs - ok
22:38:21.0627 4552 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:38:21.0643 4552 rspndr - ok
22:38:21.0674 4552 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys
22:38:21.0674 4552 RSUSBSTOR - ok
22:38:21.0721 4552 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:38:21.0736 4552 RTL8167 - ok
22:38:21.0752 4552 RxFilter - ok
22:38:21.0799 4552 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:38:21.0799 4552 SamSs - ok
22:38:21.0830 4552 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
22:38:21.0845 4552 sbp2port - ok
22:38:21.0877 4552 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:38:21.0877 4552 SCardSvr - ok
22:38:21.0892 4552 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
22:38:21.0892 4552 scfilter - ok
22:38:21.0939 4552 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
22:38:21.0955 4552 Schedule - ok
22:38:21.0986 4552 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
22:38:21.0986 4552 SCPolicySvc - ok
22:38:22.0017 4552 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
22:38:22.0017 4552 SDRSVC - ok
22:38:22.0079 4552 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
22:38:22.0111 4552 SeaPort - ok
22:38:22.0142 4552 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:38:22.0157 4552 secdrv - ok
22:38:22.0173 4552 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
22:38:22.0173 4552 seclogon - ok
22:38:22.0189 4552 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
22:38:22.0204 4552 SENS - ok
22:38:22.0204 4552 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:38:22.0220 4552 SensrSvc - ok
22:38:22.0235 4552 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:38:22.0235 4552 Serenum - ok
22:38:22.0267 4552 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:38:22.0282 4552 Serial - ok
22:38:22.0329 4552 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:38:22.0329 4552 sermouse - ok
22:38:22.0360 4552 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
22:38:22.0360 4552 SessionEnv - ok
22:38:22.0376 4552 SessionLauncher - ok
22:38:22.0391 4552 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
22:38:22.0407 4552 sffdisk - ok
22:38:22.0407 4552 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:38:22.0423 4552 sffp_mmc - ok
22:38:22.0438 4552 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
22:38:22.0438 4552 sffp_sd - ok
22:38:22.0454 4552 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:38:22.0469 4552 sfloppy - ok
22:38:22.0547 4552 SftService (e1974a92ac0914a3859359a0a8c82c68) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
22:38:22.0563 4552 SftService - ok
22:38:22.0610 4552 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:38:22.0610 4552 SharedAccess - ok
22:38:22.0625 4552 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
22:38:22.0641 4552 ShellHWDetection - ok
22:38:22.0657 4552 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:38:22.0672 4552 SiSRaid2 - ok
22:38:22.0688 4552 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:38:22.0703 4552 SiSRaid4 - ok
22:38:22.0719 4552 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:38:22.0719 4552 Smb - ok
22:38:22.0766 4552 snapman (10450f432811d7fda60a97fcc674d7b2) C:\Windows\system32\DRIVERS\snapman.sys
22:38:22.0781 4552 snapman - ok
22:38:22.0813 4552 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:38:22.0813 4552 SNMPTRAP - ok
22:38:22.0828 4552 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:38:22.0828 4552 spldr - ok
22:38:22.0891 4552 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
22:38:22.0891 4552 Spooler - ok
22:38:22.0953 4552 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
22:38:22.0969 4552 sppsvc - ok
22:38:22.0984 4552 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:38:23.0000 4552 sppuinotify - ok
22:38:23.0031 4552 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
22:38:23.0062 4552 sprtsvc_DellSupportCenter - ok
22:38:23.0109 4552 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
22:38:23.0109 4552 srv - ok
22:38:23.0125 4552 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
22:38:23.0140 4552 srv2 - ok
22:38:23.0156 4552 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
22:38:23.0156 4552 srvnet - ok
22:38:23.0187 4552 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:38:23.0187 4552 SSDPSRV - ok
22:38:23.0234 4552 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
22:38:23.0249 4552 SSPORT - ok
22:38:23.0265 4552 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:38:23.0265 4552 SstpSvc - ok
22:38:23.0312 4552 Steam Client Service - ok
22:38:23.0343 4552 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:38:23.0343 4552 stexstor - ok
22:38:23.0405 4552 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
22:38:23.0405 4552 stisvc - ok
22:38:23.0437 4552 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
22:38:23.0468 4552 stllssvr - ok
22:38:23.0515 4552 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
22:38:23.0515 4552 swenum - ok
22:38:23.0546 4552 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:38:23.0546 4552 swprv - ok
22:38:23.0608 4552 SynasUSB (bcb6aa197267d3506be2535342fc40e0) C:\Windows\system32\drivers\SynUSB64.sys
22:38:23.0608 4552 SynasUSB - ok
22:38:23.0624 4552 synusb64 (bcb6aa197267d3506be2535342fc40e0) C:\Windows\system32\DRIVERS\synusb64.sys
22:38:23.0624 4552 synusb64 - ok
22:38:23.0702 4552 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
22:38:23.0717 4552 SysMain - ok
22:38:23.0733 4552 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
22:38:23.0733 4552 TabletInputService - ok
22:38:23.0749 4552 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
22:38:23.0749 4552 TapiSrv - ok
22:38:23.0780 4552 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:38:23.0780 4552 TBS - ok
22:38:23.0827 4552 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
22:38:23.0842 4552 Tcpip - ok
22:38:23.0889 4552 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
22:38:23.0905 4552 TCPIP6 - ok
22:38:23.0920 4552 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
22:38:23.0920 4552 tcpipreg - ok
22:38:23.0951 4552 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:38:23.0951 4552 TDPIPE - ok
22:38:24.0029 4552 tdrpman273 (99527d49ee0a96fc25537c61b270a372) C:\Windows\system32\DRIVERS\tdrpm273.sys
22:38:24.0029 4552 tdrpman273 - ok
22:38:24.0045 4552 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
22:38:24.0045 4552 TDTCP - ok
22:38:24.0076 4552 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
22:38:24.0076 4552 tdx - ok
22:38:24.0107 4552 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
22:38:24.0107 4552 TermDD - ok
22:38:24.0154 4552 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
22:38:24.0170 4552 TermService - ok
22:38:24.0185 4552 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:38:24.0185 4552 Themes - ok
22:38:24.0217 4552 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:38:24.0217 4552 THREADORDER - ok
22:38:24.0248 4552 timounter (ebbaea02f0095a798000c7e06b16d41b) C:\Windows\system32\DRIVERS\timntr.sys
22:38:24.0248 4552 timounter - ok
22:38:24.0310 4552 tmactmon (73aaffdd2ac3c8814b26c440e5dd9dd4) C:\Windows\system32\DRIVERS\tmactmon.sys
22:38:24.0326 4552 tmactmon - ok
22:38:24.0373 4552 tmcomm (360e61217d4e1e333583d0c721057f70) C:\Windows\system32\DRIVERS\tmcomm.sys
22:38:24.0388 4552 tmcomm - ok
22:38:24.0435 4552 tmevtmgr (699d34eb7c670139ca23a65372bd5743) C:\Windows\system32\DRIVERS\tmevtmgr.sys
22:38:24.0435 4552 tmevtmgr - ok
22:38:24.0466 4552 tmtdi (262198efb734012bfcd17e7479ae4a09) C:\Windows\system32\DRIVERS\tmtdi.sys
22:38:24.0482 4552 tmtdi - ok
22:38:24.0497 4552 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:38:24.0497 4552 TrkWks - ok
22:38:24.0544 4552 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
22:38:24.0544 4552 TrustedInstaller - ok
22:38:24.0591 4552 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:38:24.0591 4552 tssecsrv - ok
22:38:24.0622 4552 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
22:38:24.0622 4552 tunnel - ok
22:38:24.0653 4552 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:38:24.0669 4552 uagp35 - ok
22:38:24.0685 4552 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
22:38:24.0685 4552 udfs - ok
22:38:24.0716 4552 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:38:24.0716 4552 UI0Detect - ok
22:38:24.0731 4552 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
22:38:24.0747 4552 uliagpkx - ok
22:38:24.0763 4552 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
22:38:24.0778 4552 umbus - ok
22:38:24.0809 4552 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:38:24.0809 4552 UmPass - ok
22:38:24.0841 4552 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:38:24.0841 4552 upnphost - ok
22:38:24.0872 4552 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
22:38:24.0887 4552 USBAAPL64 - ok
22:38:24.0903 4552 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
22:38:24.0919 4552 usbaudio - ok
22:38:24.0950 4552 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
22:38:24.0965 4552 usbccgp - ok
22:38:24.0981 4552 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
22:38:24.0997 4552 usbcir - ok
22:38:25.0012 4552 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
22:38:25.0028 4552 usbehci - ok
22:38:25.0059 4552 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
22:38:25.0075 4552 usbhub - ok
22:38:25.0090 4552 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
22:38:25.0106 4552 usbohci - ok
22:38:25.0137 4552 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:38:25.0153 4552 usbprint - ok
22:38:25.0184 4552 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:38:25.0199 4552 usbscan - ok
22:38:25.0215 4552 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:38:25.0231 4552 USBSTOR - ok
22:38:25.0246 4552 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\DRIVERS\usbuhci.sys
22:38:25.0246 4552 usbuhci - ok
22:38:25.0277 4552 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:38:25.0277 4552 UxSms - ok
22:38:25.0324 4552 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:38:25.0324 4552 VaultSvc - ok
22:38:25.0355 4552 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
22:38:25.0355 4552 vdrvroot - ok
22:38:25.0402 4552 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
22:38:25.0418 4552 vds - ok
22:38:25.0433 4552 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:38:25.0433 4552 vga - ok
22:38:25.0449 4552 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:38:25.0465 4552 VgaSave - ok
22:38:25.0480 4552 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
22:38:25.0496 4552 vhdmp - ok
22:38:25.0511 4552 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
22:38:25.0511 4552 viaide - ok
22:38:25.0543 4552 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
22:38:25.0543 4552 volmgr - ok
22:38:25.0558 4552 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
22:38:25.0574 4552 volmgrx - ok
22:38:25.0589 4552 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
22:38:25.0589 4552 volsnap - ok
22:38:25.0605 4552 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:38:25.0621 4552 vsmraid - ok
22:38:25.0652 4552 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
22:38:25.0667 4552 VSS - ok
22:38:25.0683 4552 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:38:25.0683 4552 vwifibus - ok
22:38:25.0714 4552 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:38:25.0714 4552 vwififlt - ok
22:38:25.0745 4552 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:38:25.0745 4552 W32Time - ok
22:38:25.0761 4552 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:38:25.0777 4552 WacomPen - ok
22:38:25.0808 4552 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:38:25.0808 4552 WANARP - ok
22:38:25.0808 4552 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:38:25.0808 4552 Wanarpv6 - ok
22:38:25.0886 4552 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:38:25.0933 4552 WatAdminSvc - ok
22:38:25.0964 4552 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
22:38:25.0995 4552 wbengine - ok
22:38:26.0011 4552 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:38:26.0011 4552 WbioSrvc - ok
22:38:26.0042 4552 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
22:38:26.0042 4552 wcncsvc - ok
22:38:26.0057 4552 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:38:26.0057 4552 WcsPlugInService - ok
22:38:26.0073 4552 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:38:26.0089 4552 Wd - ok
22:38:26.0135 4552 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
22:38:26.0135 4552 WDC_SAM - ok
22:38:26.0167 4552 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:38:26.0182 4552 Wdf01000 - ok
22:38:26.0198 4552 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:38:26.0198 4552 WdiServiceHost - ok
22:38:26.0198 4552 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:38:26.0198 4552 WdiSystemHost - ok
22:38:26.0229 4552 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
22:38:26.0229 4552 WebClient - ok
22:38:26.0245 4552 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:38:26.0245 4552 Wecsvc - ok
22:38:26.0276 4552 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:38:26.0276 4552 wercplsupport - ok
22:38:26.0307 4552 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:38:26.0307 4552 WerSvc - ok
22:38:26.0323 4552 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:38:26.0323 4552 WfpLwf - ok
22:38:26.0354 4552 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
22:38:26.0369 4552 WimFltr - ok
22:38:26.0385 4552 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:38:26.0385 4552 WIMMount - ok
22:38:26.0432 4552 WinDefend - ok
22:38:26.0447 4552 WinHttpAutoProxySvc - ok
22:38:26.0494 4552 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:38:26.0494 4552 Winmgmt - ok
22:38:26.0572 4552 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
22:38:26.0619 4552 WinRM - ok
22:38:26.0697 4552 WinUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
22:38:26.0697 4552 WinUSB - ok
22:38:26.0744 4552 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:38:26.0744 4552 Wlansvc - ok
22:38:26.0837 4552 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:38:26.0869 4552 wlidsvc - ok
22:38:26.0884 4552 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:38:26.0884 4552 WmiAcpi - ok
22:38:26.0931 4552 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:38:26.0947 4552 wmiApSrv - ok
22:38:26.0962 4552 WMPNetworkSvc - ok
22:38:27.0087 4552 WMZuneComm (45de51db0950a4b8595520ef0bafcff1) C:\Program Files\Zune\WMZuneComm.exe
22:38:27.0103 4552 WMZuneComm - ok
22:38:27.0134 4552 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:38:27.0134 4552 WPCSvc - ok
22:38:27.0165 4552 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
22:38:27.0181 4552 WPDBusEnum - ok
22:38:27.0181 4552 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:38:27.0181 4552 ws2ifsl - ok
22:38:27.0227 4552 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
22:38:27.0227 4552 wscsvc - ok
22:38:27.0243 4552 WSearch - ok
22:38:27.0290 4552 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
22:38:27.0321 4552 wuauserv - ok
22:38:27.0352 4552 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
22:38:27.0352 4552 WudfPf - ok
22:38:27.0368 4552 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:38:27.0383 4552 WUDFRd - ok
22:38:27.0383 4552 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
22:38:27.0399 4552 wudfsvc - ok
22:38:27.0415 4552 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:38:27.0415 4552 WwanSvc - ok
22:38:27.0586 4552 ZuneNetworkSvc (b79c2ce5340a5eca38ca1f74aa445d2b) C:\Program Files\Zune\ZuneNss.exe
22:38:27.0758 4552 ZuneNetworkSvc - ok
22:38:27.0805 4552 ZuneWlanCfgSvc (e2859aea054422fe40517179ae867c2d) C:\Windows\system32\ZuneWlanCfgSvc.exe
22:38:27.0836 4552 ZuneWlanCfgSvc - ok
22:38:27.0851 4552 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
22:38:27.0914 4552 \Device\Harddisk0\DR0 - ok
22:38:27.0929 4552 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
22:38:27.0929 4552 \Device\Harddisk1\DR1 - ok
22:38:28.0007 4552 MBR (0x1B8) (633150eb706c046d64591b7da0597813) \Device\Harddisk2\DR2
22:38:28.0007 4552 \Device\Harddisk2\DR2 - ok
22:38:28.0007 4552 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
22:38:28.0351 4552 \Device\Harddisk3\DR3 ( Rootkit.Boot.Sinowal.b ) - infected
22:38:28.0351 4552 \Device\Harddisk3\DR3 - detected Rootkit.Boot.Sinowal.b (0)
22:38:28.0351 4552 Boot (0x1200) (77adf653857e78a52bedc3b0c4363f0b) \Device\Harddisk0\DR0\Partition0
22:38:28.0351 4552 \Device\Harddisk0\DR0\Partition0 - ok
22:38:28.0366 4552 Boot (0x1200) (4b29cdc7db4aa22a492edfc760c522a2) \Device\Harddisk0\DR0\Partition1
22:38:28.0366 4552 \Device\Harddisk0\DR0\Partition1 - ok
22:38:28.0366 4552 Boot (0x1200) (7c1d1a03d6067db03483262a562da905) \Device\Harddisk1\DR1\Partition0
22:38:28.0366 4552 \Device\Harddisk1\DR1\Partition0 - ok
22:38:28.0382 4552 Boot (0x1200) (7cf76293069ac6db8ec1579d9ffb4e65) \Device\Harddisk2\DR2\Partition0
22:38:28.0382 4552 \Device\Harddisk2\DR2\Partition0 - ok
22:38:28.0382 4552 Boot (0x1200) (673615ca657ad18081fa0e350b800699) \Device\Harddisk3\DR3\Partition0
22:38:28.0382 4552 \Device\Harddisk3\DR3\Partition0 - ok
22:38:28.0382 4552 ============================================================
22:38:28.0382 4552 Scan finished
22:38:28.0382 4552 ============================================================
22:38:28.0397 6420 Detected object count: 1
22:38:28.0397 6420 Actual detected object count: 1
22:38:43.0108 6420 \Device\Harddisk3\DR3\# - copied to quarantine
22:38:43.0108 6420 \Device\Harddisk3\DR3 - copied to quarantine
22:38:43.0436 6420 \Device\Harddisk3\DR3 ( Rootkit.Boot.Sinowal.b ) - cured
22:38:43.0451 6420 \Device\Harddisk3\DR3 - ok
22:38:43.0451 6420 \Device\Harddisk3\DR3 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure

aswMBR:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-07 22:49:31
-----------------------------
22:49:31.697 OS Version: Windows x64 6.1.7600
22:49:31.697 Number of processors: 8 586 0x1A05
22:49:31.697 ComputerName: TECHNICYSTFIX UserName:
22:49:33.186 Initialize success
22:50:22.986 AVAST engine defs: 12040701
22:52:50.290 The log file has been saved successfully to "C:\Users\Technicyst Fix\Documents\aswMBR.txt"

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-07 22:49:31
-----------------------------
22:49:31.697 OS Version: Windows x64 6.1.7600
22:49:31.697 Number of processors: 8 586 0x1A05
22:49:31.697 ComputerName: TECHNICYSTFIX UserName:
22:49:33.186 Initialize success
22:50:22.986 AVAST engine defs: 12040701
22:52:50.290 The log file has been saved successfully to "C:\Users\Technicyst Fix\Documents\aswMBR.txt"
22:54:14.996 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:54:15.000 Disk 0 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 3
22:54:15.005 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
22:54:15.009 Disk 1 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 3
22:54:15.015 Disk 2 \Device\Harddisk2\DR2 -> \Device\000000a9
22:54:15.020 Disk 2 Vendor: Size: 953869MB BusType: 0
22:54:15.024 Disk 3 \Device\Harddisk3\DR3 -> \Device\000000aa
22:54:15.029 Disk 3 Vendor: Size: 953869MB BusType: 0
22:54:15.050 Disk 0 MBR read successfully
22:54:15.053 Disk 0 MBR scan
22:54:15.064 Disk 0 Windows VISTA default MBR code
22:54:15.068 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
22:54:15.083 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 9342 MB offset 81920
22:54:15.103 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 467557 MB offset 19214336
22:54:15.131 Disk 0 scanning C:\Windows\system32\drivers
22:54:29.015 Service scanning
22:54:56.480 Modules scanning
22:54:56.492 Disk 0 trace - called modules:
22:54:56.519 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:54:56.524 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007cf9060]
22:54:56.528 3 CLASSPNP.SYS[fffff8800183b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b75050]
22:54:58.164 AVAST engine scan C:\Windows
22:55:04.938 AVAST engine scan C:\Windows\system32
22:59:50.441 File: C:\Windows\assembly\temp\U\80000064.@ **INFECTED** Win32:Malware-gen
23:00:29.842 AVAST engine scan C:\Windows\system32\drivers
23:00:47.607 AVAST engine scan C:\Users\Technicyst Fix
23:37:50.364 AVAST engine scan C:\ProgramData
23:40:42.001 Scan finished successfully
23:52:12.826 Disk 0 MBR has been saved successfully to "C:\Users\Technicyst Fix\Documents\MBR.dat"
23:52:12.832 The log file has been saved successfully to "C:\Users\Technicyst Fix\Documents\aswMBR.txt"

#12 gringo_pr

Bleepin Gringo

Malware Response Team
122,845 posts

Gender:Male
Location:Puerto rico

Posted 08 April 2012 - 12:03 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
C:\Windows\assembly\temp\U

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following

report from Combofix
let me know of any problems you may have had
How is the computer doing now after running the script?

Gringo

#13 dreamcrasher

New Member

Members
11 posts

Posted 08 April 2012 - 12:42 AM

Computer is running much better. Thanks so much, Gringo. No problems in running Combofix. This may be my last post for the night. Need to get some sleep

Report from Combofix:

ComboFix 12-04-07.02 - Technicyst Fix 04/08/2012 0:09.2.8 - x64
Running from: c:\users\Technicyst Fix\Downloads\ComboFix.exe
Command switches used :: c:\users\Technicyst Fix\Desktop\CFScript.txt
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2012-03-08 to 2012-04-08 )))))))))))))))))))))))))))))))
.
.
2012-04-08 05:25 . 2012-04-08 05:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-08 03:38 . 2012-04-08 03:38 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-07 23:36 . 2012-04-07 23:37 -------- d-----w- C:\FRST
2012-04-07 17:14 . 2012-04-07 17:12 105552 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2012-04-07 17:14 . 2012-04-07 17:12 90704 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2012-04-07 17:14 . 2012-04-07 17:12 67664 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-04-07 17:14 . 2012-04-07 17:12 144464 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-04-05 23:46 . 2012-04-07 17:13 -------- d-----w- c:\program files\Trend Micro
2012-04-05 23:45 . 2012-04-07 17:14 -------- d-----w- c:\programdata\Trend Micro
2012-04-05 23:31 . 2012-04-06 03:23 -------- d-----w- c:\program files (x86)\Trend Micro
2012-04-05 00:09 . 2012-04-07 15:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-04 16:31 . 2012-04-04 16:32 -------- d-----w- c:\windows\system32\EventProviders
2012-04-04 16:31 . 2012-04-07 15:58 -------- d-----w- C:\317d460ecafc1cdb9243
2012-03-31 14:13 . 2012-03-31 14:13 -------- d-----w- c:\programdata\PreSonus
2012-03-31 14:13 . 2012-03-31 14:13 -------- d-----w- c:\users\Technicyst Fix\AppData\Roaming\PreSonus
2012-03-31 14:13 . 2011-07-07 16:42 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-03-31 14:12 . 2012-04-07 15:58 -------- d-----w- c:\program files\PreSonus
2012-03-29 21:18 . 2012-04-07 15:58 -------- d-----w- c:\users\Technicyst Fix\AppData\Roaming\McAfee
2012-03-28 19:42 . 2012-03-28 19:42 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-28 19:42 . 2012-03-28 19:42 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-28 19:41 . 2012-03-28 19:41 -------- d-----w- c:\windows\system32\Macromed
2012-03-19 23:00 . 2012-03-19 23:00 -------- d-----w- c:\users\Technicyst Fix\AppData\Local\blekkotb
2012-03-17 04:05 . 2012-03-17 04:05 -------- d-----w- c:\users\Technicyst Fix\AppData\Roaming\Renoise Plugin Server
2012-03-17 00:32 . 2012-03-17 00:32 -------- d-----w- c:\program files\Renoise 2.8.0
2012-03-15 08:01 . 2011-11-19 18:30 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 08:01 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 08:01 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 16:44 . 2012-03-13 16:44 -------- d-----w- c:\users\Technicyst Fix\AppData\Roaming\Cocoon Software
2012-03-13 16:44 . 2012-03-13 16:46 -------- d-----w- c:\program files\QuickMediaConverter
2012-03-13 16:43 . 2012-03-13 16:43 -------- d-----w- c:\users\Technicyst Fix\AppData\Local\WDSetup
2012-03-11 16:12 . 2012-03-11 16:12 -------- d-----w- c:\program files (x86)\ApecSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-02 09:06 . 2012-03-02 09:06 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-02 09:06 . 2012-03-02 09:06 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-02 09:06 . 2012-03-02 09:06 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-02 09:06 . 2012-03-02 09:06 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-02 09:06 . 2012-03-02 09:06 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-02 09:06 . 2012-03-02 09:06 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-02 09:06 . 2012-03-02 09:06 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-02 09:06 . 2012-03-02 09:06 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-02 09:06 . 2012-03-02 09:06 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-02 09:06 . 2012-03-02 09:06 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-02 09:06 . 2012-03-02 09:06 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-02 09:06 . 2012-03-02 09:06 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-02 09:06 . 2012-03-02 09:06 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-02 09:06 . 2012-03-02 09:06 448512 ----a-w- c:\windows\system32\html.iec
2012-03-02 09:06 . 2012-03-02 09:06 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-02 09:06 . 2012-03-02 09:06 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-02 09:06 . 2012-03-02 09:06 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-02 09:06 . 2012-03-02 09:06 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-02 09:06 . 2012-03-02 09:06 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-03-02 09:06 . 2012-03-02 09:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-03-02 09:06 . 2012-03-02 09:06 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-02 09:06 . 2012-03-02 09:06 2308096 ----a-w- c:\windows\system32\jscript9.dll
2012-03-02 09:06 . 2012-03-02 09:06 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-02 09:06 . 2012-03-02 09:06 1798656 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-03-02 09:06 . 2012-03-02 09:06 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-02 09:06 . 2012-03-02 09:06 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-02 09:06 . 2012-03-02 09:06 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-02 09:06 . 2012-03-02 09:06 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-02 09:06 . 2012-03-02 09:06 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-02 09:06 . 2012-03-02 09:06 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-02 09:06 . 2012-03-02 09:06 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-02 09:06 . 2012-03-02 09:06 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-02 09:06 . 2012-03-02 09:06 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-03-02 09:06 . 2012-03-02 09:06 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-03-02 09:06 . 2012-03-02 09:06 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-02 09:06 . 2012-03-02 09:06 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-02 09:06 . 2012-03-02 09:06 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-02 09:06 . 2012-03-02 09:06 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-02 09:06 . 2012-03-02 09:06 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-03-02 09:06 . 2012-03-02 09:06 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-02 09:06 . 2012-03-02 09:06 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-02 09:06 . 2012-03-02 09:06 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-01-22 19:17 . 2012-01-22 19:17 485576 ----a-w- c:\users\Technicyst Fix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-07_16.24.12 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-04-07 16:22 . 2012-04-07 16:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-08 05:27 . 2012-04-08 05:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-07 16:22 . 2012-04-07 16:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-08 05:27 . 2012-04-08 05:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-04-08 05:26 427032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-07 16:21 427032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-04-30 04:33 . 2012-04-08 05:26 2630828 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-328288376-2029984636-2289590902-1001-8192.dat
- 2010-04-30 04:33 . 2012-04-07 16:21 2630828 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-328288376-2029984636-2289590902-1001-8192.dat
+ 2012-04-07 17:12 . 2012-04-07 17:12 1282560 c:\windows\Installer\2ebf60.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Steam"="c:\program files (x86)\steam\steam.exe" [2011-08-03 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Dell PanelMgr"="c:\windows\Dell\PanelMgr\SSMMgr.exe" [2009-05-09 541936]
"2335dn Scan2PC"="c:\windows\twain_32\Dell\Dell2335\Scan2Pc.exe" [2008-09-26 495616]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"AsioThk32Reg"="CTASIO.DLL" [2010-02-23 51712]
"CTHelper"="CTHELPER.EXE" [2010-02-24 23040]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-02-24 23552]
"SAOB Monitor"="c:\program files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-11-16 2536448]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-02-02 5546376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-08 559616]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0242461333814782mcinstcleanup;McAfee Application Installer Cleanup (0242461333814782);c:\users\TECHNI~1\AppData\Local\Temp\024246~1.EXE [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 MOBCleanup;MOBCleanup;c:\users\Technicyst Fix\AppData\Local\Temp\MOBCleanup.exe [x]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 253600]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-04-15 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-04-15 79360]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [x]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [x]
R3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\System32\drivers\CTEAPSFX.SYS [x]
R3 CTEAPSFX;CTEAPSFX;c:\windows\system32\drivers\CTEAPSFX.SYS [x]
R3 CTEDSPFX;CTEDSPFX;c:\windows\system32\drivers\CTEDSPFX.SYS [x]
R3 CTEDSPIO;CTEDSPIO;c:\windows\system32\drivers\CTEDSPIO.SYS [x]
R3 CTEDSPSY;CTEDSPSY;c:\windows\system32\drivers\CTEDSPSY.SYS [x]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [x]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [x]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [x]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\DRIVERS\nvnusbaudio.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynUSB64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 306416]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-05-24 3246040]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2011-07-06 2304912]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-12-06 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 4948992]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 automap;Automap MIDI Driver Service;c:\windows\system32\DRIVERS\automap.sys [x]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [x]
S3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\System32\drivers\CTEDSPFX.SYS [x]
S3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\System32\drivers\CTEDSPIO.SYS [x]
S3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\System32\drivers\CTEDSPSY.SYS [x]
S3 L6GX;Service - Line 6 GX;c:\windows\system32\Drivers\L6GX64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 synusb64;eLicenser;c:\windows\system32\DRIVERS\synusb64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 19:42]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-03 8158240]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 163568]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-02-02 390720]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
imagedrv
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: line6.net
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Technicyst Fix\AppData\Roaming\Mozilla\Firefox\Profiles\ezd5qmvd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe
c:\program files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
c:\windows\SysWOW64\CTHELPER.EXE
c:\program files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
c:\program files (x86)\Creative Professional\Digital Audio System\E-MU PatchMix DSP\EmuPMixDSP.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
c:\program files (x86)\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2012-04-08 00:37:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-08 05:37
ComboFix2.txt 2012-04-07 16:32
.
Pre-Run: 197,404,557,312 bytes free
Post-Run: 197,250,129,920 bytes free
.
- - End Of File - - B73A2B5E4C180AFB7BBF3C47953761FA

#14 gringo_pr

Bleepin Gringo

Malware Response Team
122,845 posts

Gender:Male
Location:Puerto rico

Posted 08 April 2012 - 12:55 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Adobe Reader 9.5.0
Bing Bar
Java™ 6 Update 29
[/list]

Please download and install Revo Uninstaller Free
Double click Revo Uninstaller to run it.
From the list of programs double click on The Program to remove
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.

.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

click on the Free Java Download Button
click on Agree and start Free download
click on Run
click on run again
click on install
when install is complete click on close

Clean Out Temp Files

This small application you may want to keep and use once a week to keep the computer clean.

Download CCleaner from here http://www.ccleaner.com/
Run the installer to install the application.
When it gives you the option to install Yahoo toolbar uncheck the box next to it.
Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
Click Run Cleaner.
Close CCleaner.

: Malwarebytes' Anti-Malware :

I would like you to rerun MBAM
Double-click mbam icon
go to the update tab at the top
click on check for updates
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If you accidentally close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

Go Here to download HijackThis Installer
Save HijackThis Installer to your desktop.
Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed it will launch Hijackthis.
Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

In your next post I need the following

Log From MBAM
report from Hijackthis
let me know of any problems you may have had
How is the computer doing now?

Gringo

#15 dreamcrasher

New Member

Members
11 posts

Posted 08 April 2012 - 09:40 AM

This is great stuff, Gringo. I did everything you recommended in your last post. Here are my results:

Malwarebytes did not complete the first time because my Trend Micro had some sort of conflict with it. I disabled it, ran it again, and found 1 Trojan that I then removed. Here is the log on the next scan which looks clean

Log from MBAM:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.08.03

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Technicyst Fix :: TECHNICYSTFIX [administrator]

4/8/2012 9:29:47 AM
mbam-log-2012-04-08 (09-29-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201721
Time elapsed: 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Running HiJackThis:
I received a message - "For some reason your system denied write access to the Hosts file...etc." I clicked OK. The scan continues and I get the following Notepad message: "Cannot find the C:\Program Files (x86)\Trend Micro\HiJackThis\hijackthis.log file. Do you want to create a new file?" I clicked no the first time and then yes the second time, but neither generates a log file in txt format.

I see the log in the main window but it doesn't create a notepad .txt doc for me to cut and paste. Please advise. Thanks!