Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.zeroaccess, redirecting


  • This topic is locked This topic is locked
37 replies to this topic

#1 kiri_7188

kiri_7188

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:22 AM

Posted 13 February 2012 - 06:36 PM

Hello.

Today, suddenly, Firefox has started to randomly open new tabs, directing me to a website called: mediashifting.com(I also noticed an unusual slowdown). After a quick Google search(which sometimes redirected me to a site which didn't load) I found out that the cause is most likely some sort of malware.

Since I didn't have any AV software installed I downloaded Avast's, but after installing it I couldn't get it to work at all - something about the service won't starting. After a few failed re-installing attempts, I un-installed it completely(using Avast's uninstall tool) and tried to install AVG instead. However, I couldn't even get it to do that. (I'm assuming now both didn't work because of the infection)

I went ahead and tried MSE and was finally able to scan my PC. MSE found a Sirefef.B infection and tried to remove it but after the "mandatory" reboot I wasn't able to boot my OS at all and was left with a BSOD(no specific info, sorry - didn't know I might need it at the time) and had to restore the system from a previous point.
My next step was installing Malewarebyte. Scan results showed 2 Rootkit.Zeroaccess and 1 Backdoor.Agent. It tried removing them(a few times) but to no success. Everytime I scan they are still there. I want to note here that during the installation of both MSE and MBAM, error messages popped up(Once again, no specifics as I didn't know the info might be relevant at the time).


So I decided that before I do anymore damage I should seek advice from people who know what they are doing.
I followed the Preparation Guide, but I was unable to enable my firewall(I'm guessing it's because of the infection. Windows update doesn't work either) and since I'm running a 64-bit, I had to skip the GMER step.

the DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by OkComputer at 1:04:47 on 2012-02-14
Microsoft Windows 7 Ultimate 6.1.7601.1.1255.972.1033.18.8175.6002 [GMT 2:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Nightly\firefox.exe
C:\Program Files\Nightly\plugin-container.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.il/cse?cx=partner-pub-1045670103905278:twd9k5-6qt8&ie=ISO-8859-8-I&q=&sa=
mWinlogon: Userinit=userinit.exe,
uWinlogon: Shell=C:\Users\OkComputer\AppData\Local\2d47a766\X
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\OkComputer\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AVERHI~1.LNK - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
LSP: mswsock.dll
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{1F7BA3E5-CA96-4A58-A91F-32433F6B1852} : DhcpNameServer = 10.0.0.138
TCP: Interfaces\{1F7BA3E5-CA96-4A58-A91F-32433F6B1852}\E6971616E7E7 : DhcpNameServer = 10.0.0.138
TCP: Interfaces\{433C2A30-1581-4ACF-81B2-8B2A74B7905C}\3747F60702462796C6C696E676C20266167676F64737 : DhcpNameServer = 10.0.0.138
TCP: Interfaces\{6A594EC1-CE0B-47F1-B573-58315BCBF826} : DhcpNameServer = 10.74.112.1
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: IDMIEHlprObj Class: {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO-X64: IDM Helper - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun-x64: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\OkComputer\AppData\Roaming\Mozilla\Firefox\Profiles\948hhzhn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18706
FF - prefs.js: browser.search.selectedEngine - YouTube Video Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=18706&q=
FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: C:\Users\OkComputer\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 TRIDCap;AVerMedia service;C:\Windows\system32\DRIVERS\AVerTM62_x64.sys --> C:\Windows\system32\DRIVERS\AVerTM62_x64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-5-9 25640]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-5-9 30528]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
.
=============== Created Last 30 ================
.
2012-02-13 20:25:43 -------- d-----w- C:\Users\OkComputer\AppData\Roaming\Malwarebytes
2012-02-13 20:25:38 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-13 20:25:37 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-13 20:25:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-13 19:55:11 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-02-13 16:58:27 -------- d-----w- C:\ProgramData\AVAST Software
2012-02-13 16:58:27 -------- d-----w- C:\Program Files\AVAST Software
2012-02-13 14:50:57 -------- d-----w- C:\Users\OkComputer\AppData\Local\{6B8294BE-164D-4C1B-B89F-0383F936C681}
2012-02-13 14:50:43 -------- d-----w- C:\Users\OkComputer\AppData\Local\{89A63D59-BF84-462B-8BBD-638349324802}
2012-02-13 13:25:31 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-02-13 13:20:52 0 --sha-w- C:\Windows\System32\dds_log_trash.cmd
2012-02-13 13:18:10 -------- d-sh--w- C:\Users\OkComputer\AppData\Local\2d47a766
2012-02-13 02:50:18 -------- d-----w- C:\Users\OkComputer\AppData\Local\{7149F0AA-3DC0-4A34-AEE1-61B67C965896}
2012-02-13 02:50:03 -------- d-----w- C:\Users\OkComputer\AppData\Local\{3AF12D51-A430-4C6A-A84B-AC6E8724DE83}
2012-02-12 14:49:50 -------- d-----w- C:\Users\OkComputer\AppData\Local\{A666E121-C9F5-490A-8A76-AC3DCA6E6976}
2012-02-12 14:49:38 -------- d-----w- C:\Users\OkComputer\AppData\Local\{7C26CF96-8DC7-4E8B-BB2C-B05EB437F106}
2012-02-12 02:49:13 -------- d-----w- C:\Users\OkComputer\AppData\Local\{5A12A5E2-0488-49EF-BDC4-F56B3B315524}
2012-02-12 02:49:01 -------- d-----w- C:\Users\OkComputer\AppData\Local\{41F20AD5-32C7-4217-8807-E686BB41E7A7}
2012-02-11 14:48:49 -------- d-----w- C:\Users\OkComputer\AppData\Local\{D669264C-78F3-4918-A6C3-8A0C69F73BF4}
2012-02-11 14:48:37 -------- d-----w- C:\Users\OkComputer\AppData\Local\{2918964A-2C61-4829-A94C-AFCCE1014A38}
2012-02-11 02:48:25 -------- d-----w- C:\Users\OkComputer\AppData\Local\{37DE9A62-0E16-4821-833F-A8A7EF8B8705}
2012-02-11 02:48:14 -------- d-----w- C:\Users\OkComputer\AppData\Local\{D7F0F487-C8E2-4422-B9E7-7849A10482FD}
2012-02-10 14:48:01 -------- d-----w- C:\Users\OkComputer\AppData\Local\{EE6FCFB5-8C85-4A4A-9F1B-C5EDA28FE2B4}
2012-02-10 14:47:50 -------- d-----w- C:\Users\OkComputer\AppData\Local\{35F4BC67-8B91-4B94-BC30-03090AC5F198}
2012-02-10 06:28:21 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D041D7C7-22C6-48CC-8BB6-220A22255D76}\mpengine.dll
2012-02-10 02:47:37 -------- d-----w- C:\Users\OkComputer\AppData\Local\{34155398-1B10-43AF-995D-C1762E1F73B8}
2012-02-10 02:47:26 -------- d-----w- C:\Users\OkComputer\AppData\Local\{3EAA06D3-F92E-4E49-951F-BC25D70D9881}
2012-02-09 14:47:14 -------- d-----w- C:\Users\OkComputer\AppData\Local\{AAB9146B-DDC1-4EDD-9327-869D6843C38B}
2012-02-09 14:47:02 -------- d-----w- C:\Users\OkComputer\AppData\Local\{42293502-3354-49DA-9465-2102D0CA7DAD}
2012-02-09 02:46:50 -------- d-----w- C:\Users\OkComputer\AppData\Local\{C90D9AD0-17C5-478E-BD36-994866F869F8}
2012-02-09 02:46:38 -------- d-----w- C:\Users\OkComputer\AppData\Local\{05A2A6ED-DFA3-468E-95D2-2E48B33CCE18}
2012-02-08 14:46:25 -------- d-----w- C:\Users\OkComputer\AppData\Local\{739C0E39-73F4-4B74-80E5-A37174F5BE1A}
2012-02-08 14:46:14 -------- d-----w- C:\Users\OkComputer\AppData\Local\{232A8A92-97F7-4348-884A-1169FC1C3300}
2012-02-08 02:46:01 -------- d-----w- C:\Users\OkComputer\AppData\Local\{0D9486A5-1C57-4005-87F9-ECB97EE2FF40}
2012-02-08 02:45:50 -------- d-----w- C:\Users\OkComputer\AppData\Local\{2C6B6218-4303-4F06-AE5F-DD8839DFD712}
2012-02-07 14:45:37 -------- d-----w- C:\Users\OkComputer\AppData\Local\{145A3447-A082-4244-9A48-DD5A2A2565AC}
2012-02-07 14:45:26 -------- d-----w- C:\Users\OkComputer\AppData\Local\{3B890C0D-6F89-4496-AE2E-9128A5F1AF47}
2012-02-07 02:45:13 -------- d-----w- C:\Users\OkComputer\AppData\Local\{AC6F016E-E4E5-4292-B988-EF5837368C60}
2012-02-07 02:45:02 -------- d-----w- C:\Users\OkComputer\AppData\Local\{9F70973A-FE3B-4102-A047-FB288006D761}
2012-02-07 00:19:23 411648 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-02-06 14:44:49 -------- d-----w- C:\Users\OkComputer\AppData\Local\{7A761409-7A7F-48B0-A57E-BAFE0B6C953A}
2012-02-06 14:44:38 -------- d-----w- C:\Users\OkComputer\AppData\Local\{EADC666C-A3D7-4737-9D75-6FB4C457EF89}
2012-02-06 02:44:25 -------- d-----w- C:\Users\OkComputer\AppData\Local\{13A3BC6F-B812-47DE-83FB-3E6817CD89DD}
2012-02-06 02:44:14 -------- d-----w- C:\Users\OkComputer\AppData\Local\{63A59745-AF67-4AA2-B10A-61D2E76762AC}
2012-02-05 14:44:01 -------- d-----w- C:\Users\OkComputer\AppData\Local\{6A202B0A-BB8E-4CDB-A1A8-9DD82A514C41}
2012-02-05 14:43:49 -------- d-----w- C:\Users\OkComputer\AppData\Local\{76146FE7-5FFD-4FB4-8F50-59E34BEEC90A}
2012-02-05 02:43:37 -------- d-----w- C:\Users\OkComputer\AppData\Local\{4357ECE7-7698-45DB-B3A7-328F3464E0CD}
2012-02-05 02:43:25 -------- d-----w- C:\Users\OkComputer\AppData\Local\{011DAC7A-608F-4187-903A-07F62D68F626}
2012-02-04 14:43:13 -------- d-----w- C:\Users\OkComputer\AppData\Local\{0CC68565-5B59-4E64-ABE1-2F4C46A1D575}
2012-02-04 14:43:01 -------- d-----w- C:\Users\OkComputer\AppData\Local\{947748DE-598C-4E9F-8B91-A631F0D6D5C2}
2012-02-04 02:42:49 -------- d-----w- C:\Users\OkComputer\AppData\Local\{3BBFDC80-E86C-4575-B220-B6CBF9215084}
2012-02-04 02:42:37 -------- d-----w- C:\Users\OkComputer\AppData\Local\{7A529059-FD6F-4A0E-8BC8-C23707261B0B}
2012-02-03 14:42:25 -------- d-----w- C:\Users\OkComputer\AppData\Local\{E40FC643-4FF0-4947-8EE0-EE0CB876AF7E}
2012-02-03 14:42:13 -------- d-----w- C:\Users\OkComputer\AppData\Local\{4CFCB709-D82C-4ABF-A1F1-72D75C90B1C6}
2012-02-03 02:42:01 -------- d-----w- C:\Users\OkComputer\AppData\Local\{E256C2AE-4EF3-4C9F-BA6D-42958F9E8CA0}
2012-02-03 02:41:49 -------- d-----w- C:\Users\OkComputer\AppData\Local\{E28D5E83-4157-4E59-976F-7B7850EF558A}
2012-02-02 14:41:37 -------- d-----w- C:\Users\OkComputer\AppData\Local\{D4E9C953-26A5-4A29-AD43-5EF7D4EFF0AB}
2012-02-02 14:41:25 -------- d-----w- C:\Users\OkComputer\AppData\Local\{51A5FF7E-E777-490E-8B37-01AA186E0BC0}
2012-02-02 02:41:13 -------- d-----w- C:\Users\OkComputer\AppData\Local\{92CA1EB9-9FAC-4901-9217-49DD555D7844}
2012-02-02 02:41:02 -------- d-----w- C:\Users\OkComputer\AppData\Local\{E69D050D-0E8F-4A88-B93A-4489DFB8D183}
2012-02-02 00:53:29 -------- d-----w- C:\Users\OkComputer\AppData\Local\Google
2012-02-01 14:40:49 -------- d-----w- C:\Users\OkComputer\AppData\Local\{80272DF7-4C4E-458F-B973-C29536C4F1CD}
2012-02-01 14:40:37 -------- d-----w- C:\Users\OkComputer\AppData\Local\{1CD0076F-6D53-4EB3-A9B3-50AF8D4218AC}
2012-02-01 02:40:25 -------- d-----w- C:\Users\OkComputer\AppData\Local\{FB225FE8-C558-4C13-9126-9704E0BD35DE}
2012-02-01 02:40:13 -------- d-----w- C:\Users\OkComputer\AppData\Local\{8F6A77B8-852D-4B0F-B960-693070DB7312}
2012-01-31 14:40:01 -------- d-----w- C:\Users\OkComputer\AppData\Local\{9CDF59C4-52F8-42B9-A85F-9939BD07F3F1}
2012-01-31 14:39:50 -------- d-----w- C:\Users\OkComputer\AppData\Local\{E4F768C1-AEBA-44B6-B19B-42EB2D4B856C}
2012-01-31 02:39:37 -------- d-----w- C:\Users\OkComputer\AppData\Local\{1FFE6AAF-3001-4A15-838B-1C2A7FC94563}
2012-01-31 02:39:26 -------- d-----w- C:\Users\OkComputer\AppData\Local\{FADAD744-69CB-4FC7-B2C7-FA5101BC6B73}
2012-01-30 14:39:01 -------- d-----w- C:\Users\OkComputer\AppData\Local\{EC7A0C06-6102-4A97-8936-52FC9531CE53}
2012-01-30 14:38:49 -------- d-----w- C:\Users\OkComputer\AppData\Local\{727D73A0-841E-4DF5-A03D-E6DB4699EE19}
2012-01-30 02:38:37 -------- d-----w- C:\Users\OkComputer\AppData\Local\{E0F4D038-CF45-4476-A0F2-FF8807953222}
2012-01-30 02:38:25 -------- d-----w- C:\Users\OkComputer\AppData\Local\{300735D1-02AA-435F-9899-CED5C2125DB4}
2012-01-29 14:38:13 -------- d-----w- C:\Users\OkComputer\AppData\Local\{F7234266-386B-43A7-A5FB-EECCA26A97E3}
2012-01-29 14:38:01 -------- d-----w- C:\Users\OkComputer\AppData\Local\{08EB9C80-9B94-453D-936B-D7AE6583D489}
2012-01-29 02:37:49 -------- d-----w- C:\Users\OkComputer\AppData\Local\{124EC041-D044-493D-AE61-1B7BDC0C834F}
2012-01-29 02:37:37 -------- d-----w- C:\Users\OkComputer\AppData\Local\{E11CF1EC-B194-487E-943E-F2770B167EDA}
2012-01-28 14:37:25 -------- d-----w- C:\Users\OkComputer\AppData\Local\{427A882A-C322-4A6F-8D9F-00ABB91D1DD3}
2012-01-28 14:37:13 -------- d-----w- C:\Users\OkComputer\AppData\Local\{442091FA-6EB0-43C9-97F2-1FC23B65402B}
2012-01-28 02:37:00 -------- d-----w- C:\Users\OkComputer\AppData\Local\{2E4C44D2-6D82-4F02-A234-A581367B27FC}
2012-01-28 02:36:49 -------- d-----w- C:\Users\OkComputer\AppData\Local\{16176378-278A-474A-B2FD-93E471687488}
2012-01-27 14:36:35 -------- d-----w- C:\Users\OkComputer\AppData\Local\{5591C0F1-66DE-4362-B186-43581F8A9157}
2012-01-27 14:36:16 -------- d-----w- C:\Users\OkComputer\AppData\Local\{6ADA60B2-A93E-4737-B77D-E4B87692E59D}
2012-01-27 02:36:02 -------- d-----w- C:\Users\OkComputer\AppData\Local\{3757B6E3-5896-4A95-AB2E-ECDA5487CF97}
2012-01-27 02:35:51 -------- d-----w- C:\Users\OkComputer\AppData\Local\{DDE12967-2CCE-49FB-8BB5-B4E502C3B771}
2012-01-26 14:14:26 -------- d-----w- C:\Users\OkComputer\AppData\Local\{3569FD07-6212-4772-A853-7DD8EE60B28C}
2012-01-26 14:14:15 -------- d-----w- C:\Users\OkComputer\AppData\Local\{186A126B-5066-4B2B-93D4-A25210295689}
2012-01-26 02:14:02 -------- d-----w- C:\Users\OkComputer\AppData\Local\{ADC05E2A-8D91-46EA-A702-C5DB2466ABEE}
2012-01-26 02:13:51 -------- d-----w- C:\Users\OkComputer\AppData\Local\{89114337-4B84-4FC6-B4CD-34C3A8CE1CEB}
2012-01-25 14:13:39 -------- d-----w- C:\Users\OkComputer\AppData\Local\{C34B8F78-8C5A-4622-AC38-C37A393A9AC9}
2012-01-25 14:13:27 -------- d-----w- C:\Users\OkComputer\AppData\Local\{7C2A83E7-6029-43C8-AA83-5CA6E3D5B353}
2012-01-25 02:13:14 -------- d-----w- C:\Users\OkComputer\AppData\Local\{960A355F-D9C7-4B1E-8C39-13B286F49220}
2012-01-25 02:13:03 -------- d-----w- C:\Users\OkComputer\AppData\Local\{9EC274E0-ABBC-46CA-8BC0-D259905A0878}
2012-01-24 14:12:51 -------- d-----w- C:\Users\OkComputer\AppData\Local\{96484FDC-8432-4FD2-9A02-8F20FDB4E7D0}
2012-01-24 14:12:39 -------- d-----w- C:\Users\OkComputer\AppData\Local\{2D0F4605-21BF-414A-BE20-F36F9F9BA8AC}
2012-01-24 02:12:27 -------- d-----w- C:\Users\OkComputer\AppData\Local\{3C40EA8C-587F-4E10-BA9C-910947503BE8}
2012-01-24 02:12:15 -------- d-----w- C:\Users\OkComputer\AppData\Local\{FF926FB0-F7CE-4D00-8614-A7B9D210F324}
2012-01-23 14:12:03 -------- d-----w- C:\Users\OkComputer\AppData\Local\{BFA072EB-BD5A-491A-A9E0-4ED9E8E9147B}
2012-01-23 14:11:51 -------- d-----w- C:\Users\OkComputer\AppData\Local\{E5154099-3DC5-4651-BB2A-E472350968C5}
2012-01-23 02:11:38 -------- d-----w- C:\Users\OkComputer\AppData\Local\{A7DDEF81-5BB2-45C1-9276-28B1D9FA95C1}
2012-01-23 02:11:27 -------- d-----w- C:\Users\OkComputer\AppData\Local\{7FA7BFC2-BC1B-4A4A-8D35-2917CFB28663}
2012-01-22 14:07:42 -------- d-----w- C:\Users\OkComputer\AppData\Local\{A1DFE5F0-8835-42C0-B443-F9F9C26A7DDA}
2012-01-22 14:07:30 -------- d-----w- C:\Users\OkComputer\AppData\Local\{B3F6774E-76EC-43C9-837E-ADAD45221FC6}
2012-01-22 02:07:18 -------- d-----w- C:\Users\OkComputer\AppData\Local\{67EE0099-96B1-43F1-BEB7-FDC87BD58D90}
2012-01-22 02:07:06 -------- d-----w- C:\Users\OkComputer\AppData\Local\{4E1537D0-BE24-402A-80B5-8EA4F77BB069}
2012-01-21 14:06:53 -------- d-----w- C:\Users\OkComputer\AppData\Local\{D86C7796-5131-4303-9C23-3DE6A3E9976C}
2012-01-21 14:06:41 -------- d-----w- C:\Users\OkComputer\AppData\Local\{0FA40DFD-6265-4787-AD7E-17B57683396E}
2012-01-21 02:06:29 -------- d-----w- C:\Users\OkComputer\AppData\Local\{34E7548C-B7A3-4812-8CB5-F6604F62D614}
2012-01-21 02:06:16 -------- d-----w- C:\Users\OkComputer\AppData\Local\{3CE713EC-6674-42AE-9531-2F52348AF555}
2012-01-20 14:05:51 -------- d-----w- C:\Users\OkComputer\AppData\Local\{3DD72BC8-D2EC-4E67-9499-55AC9C3E73D7}
2012-01-20 14:05:39 -------- d-----w- C:\Users\OkComputer\AppData\Local\{95AB9DCF-F5A7-416D-AEB1-52BB94E54AA0}
2012-01-20 02:05:27 -------- d-----w- C:\Users\OkComputer\AppData\Local\{1DB2A7B5-3710-421C-A877-EF7D219F9D21}
2012-01-20 02:05:15 -------- d-----w- C:\Users\OkComputer\AppData\Local\{D6CE3B41-4A49-43BF-9E6B-2203DC695EEA}
2012-01-19 14:05:02 -------- d-----w- C:\Users\OkComputer\AppData\Local\{B75B3CB1-B55B-4CBC-B73F-2CE668E2D458}
2012-01-19 14:04:51 -------- d-----w- C:\Users\OkComputer\AppData\Local\{1982A4F1-7BB8-4B6F-9FE4-30A0D8A6B433}
2012-01-19 02:04:38 -------- d-----w- C:\Users\OkComputer\AppData\Local\{06E2FFFE-DB1C-4CA8-87DB-9047FD898447}
2012-01-19 02:04:27 -------- d-----w- C:\Users\OkComputer\AppData\Local\{0F1A7595-FEAA-4E8E-96DB-8E34195C574A}
2012-01-18 14:04:14 -------- d-----w- C:\Users\OkComputer\AppData\Local\{E43A98DD-971C-4CA2-97B7-1673FF775C17}
2012-01-18 14:04:03 -------- d-----w- C:\Users\OkComputer\AppData\Local\{BD335004-D377-413A-A4AC-951C705AC84C}
2012-01-18 02:03:50 -------- d-----w- C:\Users\OkComputer\AppData\Local\{B2CE6479-84AB-49B2-B489-E42B5F293A7D}
2012-01-18 02:03:39 -------- d-----w- C:\Users\OkComputer\AppData\Local\{29AE8AF3-CEA3-4B42-A59F-058F2741807B}
2012-01-17 14:03:26 -------- d-----w- C:\Users\OkComputer\AppData\Local\{B4479A08-9C2A-4524-8229-7B94EBC0D459}
2012-01-17 14:03:15 -------- d-----w- C:\Users\OkComputer\AppData\Local\{4B43E604-0FED-4E75-B1D8-BEFADE275E7A}
2012-01-17 02:03:02 -------- d-----w- C:\Users\OkComputer\AppData\Local\{F2B20E86-18B6-47D9-8B0F-7762D380A335}
2012-01-17 02:02:50 -------- d-----w- C:\Users\OkComputer\AppData\Local\{04E98A4E-A7BD-4C8E-96FB-6A992C408572}
2012-01-16 14:02:37 -------- d-----w- C:\Users\OkComputer\AppData\Local\{CB5544D8-0CE9-40DC-A58C-2882E7457981}
2012-01-16 14:02:26 -------- d-----w- C:\Users\OkComputer\AppData\Local\{3A45BB31-82A3-4E86-9112-115F372E77C5}
2012-01-16 02:02:13 -------- d-----w- C:\Users\OkComputer\AppData\Local\{09DA7751-54B3-4DF6-94E7-9B206776B4E4}
2012-01-16 02:02:01 -------- d-----w- C:\Users\OkComputer\AppData\Local\{66E1467A-153F-4CDD-86A1-F63216DE4DA9}
2012-01-15 14:01:49 -------- d-----w- C:\Users\OkComputer\AppData\Local\{08B68F77-4C36-4631-AAF2-7D8F0B083EEC}
2012-01-15 14:01:37 -------- d-----w- C:\Users\OkComputer\AppData\Local\{3D210D43-A8AB-4684-9A89-76F1065281AA}
2012-01-15 02:01:25 -------- d-----w- C:\Users\OkComputer\AppData\Local\{F7BF7530-90AA-4643-8557-2FE0A79F5324}
2012-01-15 02:01:13 -------- d-----w- C:\Users\OkComputer\AppData\Local\{5F3FAFA7-3037-4728-BEBE-8FBA2AA1B3C7}
.
==================== Find3M ====================
.
2012-02-13 13:26:54 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-12 05:59:41 30528 ----a-w- C:\Windows\GVTDrv64.sys
2012-02-12 05:59:34 25640 ----a-w- C:\Windows\gdrv.sys
2012-01-26 22:52:58 279656 ----a-w- C:\Windows\System32\MpSigStub.exe
2011-11-19 14:58:00 77312 ----a-w- C:\Windows\System32\packager.dll
2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:41:18 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:38:39 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
1601-01-01 00:00:00 0 ----a-w- C:\Windows\System32\drivers\HssDrv.sys
.
============= FINISH: 1:05:26.64 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:22 AM

Posted 16 February 2012 - 10:53 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 kiri_7188

kiri_7188
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:22 AM

Posted 16 February 2012 - 11:36 AM

Hey Gringo. Thank you for replying and help, much appreciated!

I ran Combofix, haven't encountered any troubles as much as I can tell.

Here's the log:

ComboFix 12-02-16.02 - OkComputer 02/16/2012 18:25:07.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1255.972.1033.18.8175.6866 [GMT 2:00]
Running from: c:\users\OkComputer\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\users\OkComputer\AppData\Local\2d47a766
c:\users\OkComputer\AppData\Local\2d47a766\@
c:\users\OkComputer\AppData\Local\2d47a766\U\80000000.@
c:\users\OkComputer\AppData\Local\2d47a766\U\800000cb.@
c:\users\OkComputer\AppData\Local\2d47a766\U\800000cf.@
c:\users\OkComputer\AppData\Local\2d47a766\X
c:\users\OkComputer\AppData\Roaming\IDM\idmmzcc3
c:\users\OkComputer\AppData\Roaming\IDM\idmmzcc3\chrome.manifest
c:\users\OkComputer\AppData\Roaming\IDM\idmmzcc3\chrome\idmmzcc.jar
c:\users\OkComputer\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
c:\users\OkComputer\AppData\Roaming\IDM\idmmzcc3\components\iIDMMzCC.xpt
c:\users\OkComputer\AppData\Roaming\IDM\idmmzcc3\components2\idmhelper.js
c:\users\OkComputer\AppData\Roaming\IDM\idmmzcc3\components2\idmhelper2.js
c:\users\OkComputer\AppData\Roaming\IDM\idmmzcc3\components2\idmmzcc.dll
c:\users\OkComputer\AppData\Roaming\IDM\idmmzcc3\components2\idmmzcc64.dll
c:\users\OkComputer\AppData\Roaming\IDM\idmmzcc3\components2\iIDMHelper.xpt
c:\users\OkComputer\AppData\Roaming\IDM\idmmzcc3\components2\iIDMHelper2.xpt
c:\users\OkComputer\AppData\Roaming\IDM\idmmzcc3\components2\iIDMMzCC.xpt
c:\users\OkComputer\AppData\Roaming\IDM\idmmzcc3\install.js
c:\users\OkComputer\AppData\Roaming\IDM\idmmzcc3\install.rdf
c:\users\OkComputer\AppData\Roaming\IDM\idmmzcc3\META-INF\manifest.mf
c:\users\OkComputer\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.rsa
c:\users\OkComputer\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.sf
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\00000001.@
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\system32\dac960nt.dll
c:\windows\system32\dds_log_trash.cmd
c:\windows\SysWow64\pthreadVC.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SaiNtSub
.
.
((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 )))))))))))))))))))))))))))))))
.
.
2012-02-16 16:28 . 2012-02-16 16:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-14 08:51 . 2012-02-14 08:51 8756384 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-02-13 20:25 . 2012-02-13 20:25 -------- d-----w- c:\users\OkComputer\AppData\Roaming\Malwarebytes
2012-02-13 20:25 . 2012-02-13 20:25 -------- d-----w- c:\programdata\Malwarebytes
2012-02-13 20:25 . 2012-02-13 20:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-13 20:25 . 2011-12-10 13:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-13 19:55 . 2012-02-14 06:09 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-13 16:58 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-13 16:58 . 2012-02-14 06:09 -------- d-----w- c:\program files\AVAST Software
2012-02-13 16:58 . 2012-02-13 19:23 -------- d-----w- c:\programdata\AVAST Software
2012-02-13 13:25 . 2012-02-13 13:25 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-02-10 06:28 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D041D7C7-22C6-48CC-8BB6-220A22255D76}\mpengine.dll
2012-02-07 00:19 . 2012-02-14 08:51 417440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-02-02 00:53 . 2012-02-02 00:53 -------- d-----w- c:\users\OkComputer\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-14 08:51 . 2011-05-17 18:57 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-12 05:59 . 2011-05-09 13:06 30528 ----a-w- c:\windows\GVTDrv64.sys
2012-02-12 05:59 . 2011-05-09 13:35 25640 ----a-w- c:\windows\gdrv.sys
2012-01-26 22:52 . 2011-05-09 14:04 279656 ----a-w- c:\windows\system32\MpSigStub.exe
2011-11-24 04:52 . 2011-12-14 19:46 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-23 20:45 . 2011-11-23 20:45 56832 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2011-11-23 20:45 . 2011-11-23 20:45 37888 ----a-w- c:\windows\system32\drivers\taphss.sys
2011-11-19 14:58 . 2012-01-11 00:03 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:01 . 2012-01-11 00:03 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2011-5-11 155648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-14 253600]
R3 ALSysIO;ALSysIO;c:\users\OKCOMP~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-05-09 25640]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-02-12 30528]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AVerRemote;AVerRemote;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [2009-10-31 348160]
S2 AVerScheduleService;AVerScheduleService;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [2009-12-07 397312]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2011-11-23 330072]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2011-11-23 329544]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-27 378472]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TRIDCap;AVerMedia service;c:\windows\system32\DRIVERS\AVerTM62_x64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - 7aa918d1d509ef96
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-07 08:51]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746709200-2389037254-3650209503-1000Core.job
- c:\users\OkComputer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-02 00:53]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746709200-2389037254-3650209503-1000UA.job
- c:\users\OkComputer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-02 00:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2011-11-23 20:45 287048 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-05 444752]
.
[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]
[HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-03-02 15:23 85232 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-03 11464296]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"combofix"="c:\combofix\CF23366.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2010-08-23 2552320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
SaiNtSub
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.il/cse?cx=partner-pub-1045670103905278:twd9k5-6qt8&ie=ISO-8859-8-I&q=&sa=
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\OkComputer\AppData\Roaming\Mozilla\Firefox\Profiles\948hhzhn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18706
FF - prefs.js: browser.search.selectedEngine - YouTube Video Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=18706&q=
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\7aa918d1d509ef96]
"ImagePath"="\SystemRoot\System32\Drivers\7aa918d1d509ef96.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1746709200-2389037254-3650209503-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):c3,c3,bf,79,97,38,f3,50,0b,fb,27,87,7d,f3,db,a2,f7,61,08,de,66,
48,aa,ce,72,63,92,b8,a4,cf,4e,a5,8e,40,e1,7d,06,10,3d,88,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1746709200-2389037254-3650209503-1000_Classes\Wow6432Node\CLSID\{e809738b-d40a-417f-98a1-05ec2b904bb2}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000001a
"Therad"=dword:00000002
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_160_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_160_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_160.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_160.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_160.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_160.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-02-16 18:34:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-16 16:34
.
Pre-Run: 586,192,633,856 bytes free
Post-Run: 587,898,081,280 bytes free
.
- - End Of File - - 519F6C669564DD3AEC68EFF3F64ADDF9

Edited by kiri_7188, 16 February 2012 - 11:37 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:22 AM

Posted 16 February 2012 - 11:51 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 kiri_7188

kiri_7188
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:22 AM

Posted 16 February 2012 - 12:23 PM

When I ran TDSSKiller an error window popped up: "Can't load driver".
I pressed ok, the initialization continued to 100% anyway and I was able to scan. Here's the log:

[aswMBR gave a similar error: "Initialize error c0000001 - driver not loaded".
Was still able to scan after downloading the extra definitions. The log is at the bottom of this post]


18:57:35.0415 2932 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
18:57:35.0680 2932 ============================================================
18:57:35.0680 2932 Current date / time: 2012/02/16 18:57:35.0680
18:57:35.0680 2932 SystemInfo:
18:57:35.0680 2932
18:57:35.0680 2932 OS Version: 6.1.7601 ServicePack: 1.0
18:57:35.0680 2932 Product type: Workstation
18:57:35.0680 2932 ComputerName: OK-COMPUTER
18:57:35.0680 2932 UserName: OkComputer
18:57:35.0680 2932 Windows directory: C:\Windows
18:57:35.0680 2932 System windows directory: C:\Windows
18:57:35.0680 2932 Running under WOW64
18:57:35.0680 2932 Processor architecture: Intel x64
18:57:35.0680 2932 Number of processors: 4
18:57:35.0680 2932 Page size: 0x1000
18:57:35.0680 2932 Boot type: Normal boot
18:57:35.0680 2932 ============================================================
18:57:54.0493 2932 !crdlk
18:57:54.0493 2932 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
18:57:54.0525 2932 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'A'
18:57:54.0540 2932 \Device\Harddisk0\DR0:
18:57:54.0540 2932 MBR used
18:57:54.0540 2932 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
18:57:54.0540 2932 \Device\Harddisk1\DR1:
18:57:54.0540 2932 MBR used
18:57:54.0540 2932 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:57:54.0540 2932 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
18:57:54.0556 2932 Initialize success
18:57:54.0556 2932 ============================================================
18:58:06.0927 1964 ============================================================
18:58:06.0927 1964 Scan started
18:58:06.0927 1964 Mode: Manual;
18:58:06.0927 1964 ============================================================
18:58:07.0441 1964 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:58:07.0441 1964 1394ohci - ok
18:58:07.0441 1964 Suspicious service (NoAccess): 7aa918d1d509ef96
18:58:07.0473 1964 7aa918d1d509ef96 (035c26c52bb1ead2ddea66b9f0ec9261) C:\Windows\System32\Drivers\7aa918d1d509ef96.sys
18:58:07.0473 1964 Suspicious file (NoAccess): C:\Windows\System32\Drivers\7aa918d1d509ef96.sys. md5: 035c26c52bb1ead2ddea66b9f0ec9261
18:58:07.0473 1964 7aa918d1d509ef96 ( LockedService.Multi.Generic ) - warning
18:58:07.0473 1964 7aa918d1d509ef96 - detected LockedService.Multi.Generic (1)
18:58:07.0519 1964 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:58:07.0519 1964 ACPI - ok
18:58:07.0535 1964 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:58:07.0535 1964 AcpiPmi - ok
18:58:07.0629 1964 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:58:07.0629 1964 adp94xx - ok
18:58:07.0675 1964 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:58:07.0675 1964 adpahci - ok
18:58:07.0707 1964 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:58:07.0707 1964 adpu320 - ok
18:58:07.0785 1964 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
18:58:07.0785 1964 AFD - ok
18:58:07.0816 1964 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:58:07.0816 1964 agp440 - ok
18:58:07.0831 1964 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:58:07.0847 1964 aliide - ok
18:58:07.0956 1964 ALSysIO - ok
18:58:07.0972 1964 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:58:07.0987 1964 amdide - ok
18:58:08.0019 1964 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:58:08.0019 1964 AmdK8 - ok
18:58:08.0034 1964 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:58:08.0034 1964 AmdPPM - ok
18:58:08.0065 1964 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:58:08.0065 1964 amdsata - ok
18:58:08.0097 1964 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:58:08.0097 1964 amdsbs - ok
18:58:08.0112 1964 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:58:08.0112 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\amdxata.sys. md5: 540daf1cea6094886d72126fd7c33048
18:58:08.0128 1964 amdxata ( LockedFile.Multi.Generic ) - warning
18:58:08.0128 1964 amdxata - detected LockedFile.Multi.Generic (1)
18:58:08.0159 1964 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:58:08.0159 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\appid.sys. md5: 89a69c3f2f319b43379399547526d952
18:58:08.0159 1964 AppID ( LockedFile.Multi.Generic ) - warning
18:58:08.0159 1964 AppID - detected LockedFile.Multi.Generic (1)
18:58:08.0221 1964 AppleCharger (301aa64f9643bc453d90a66c4c0e7204) C:\Windows\system32\DRIVERS\AppleCharger.sys
18:58:08.0221 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\AppleCharger.sys. md5: 301aa64f9643bc453d90a66c4c0e7204
18:58:08.0237 1964 AppleCharger ( LockedFile.Multi.Generic ) - warning
18:58:08.0237 1964 AppleCharger - detected LockedFile.Multi.Generic (1)
18:58:08.0268 1964 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:58:08.0268 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\arc.sys. md5: c484f8ceb1717c540242531db7845c4e
18:58:08.0268 1964 arc ( LockedFile.Multi.Generic ) - warning
18:58:08.0268 1964 arc - detected LockedFile.Multi.Generic (1)
18:58:08.0299 1964 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:58:08.0299 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\arcsas.sys. md5: 019af6924aefe7839f61c830227fe79c
18:58:08.0299 1964 arcsas ( LockedFile.Multi.Generic ) - warning
18:58:08.0299 1964 arcsas - detected LockedFile.Multi.Generic (1)
18:58:08.0331 1964 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:58:08.0331 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\asyncmac.sys. md5: 769765ce2cc62867468cea93969b2242
18:58:08.0346 1964 AsyncMac ( LockedFile.Multi.Generic ) - warning
18:58:08.0346 1964 AsyncMac - detected LockedFile.Multi.Generic (1)
18:58:08.0409 1964 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:58:08.0409 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\atapi.sys. md5: 02062c0b390b7729edc9e69c680a6f3c
18:58:08.0424 1964 atapi ( LockedFile.Multi.Generic ) - warning
18:58:08.0424 1964 atapi - detected LockedFile.Multi.Generic (1)
18:58:08.0518 1964 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:58:08.0518 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\bxvbda.sys. md5: 3e5b191307609f7514148c6832bb0842
18:58:08.0518 1964 b06bdrv ( LockedFile.Multi.Generic ) - warning
18:58:08.0518 1964 b06bdrv - detected LockedFile.Multi.Generic (1)
18:58:08.0533 1964 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:58:08.0533 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\b57nd60a.sys. md5: b5ace6968304a3900eeb1ebfd9622df2
18:58:08.0533 1964 b57nd60a ( LockedFile.Multi.Generic ) - warning
18:58:08.0533 1964 b57nd60a - detected LockedFile.Multi.Generic (1)
18:58:08.0596 1964 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:58:08.0596 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\Beep.sys. md5: 16a47ce2decc9b099349a5f840654746
18:58:08.0596 1964 Beep ( LockedFile.Multi.Generic ) - warning
18:58:08.0596 1964 Beep - detected LockedFile.Multi.Generic (1)
18:58:08.0658 1964 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:58:08.0658 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\blbdrive.sys. md5: 61583ee3c3a17003c4acd0475646b4d3
18:58:08.0658 1964 blbdrive ( LockedFile.Multi.Generic ) - warning
18:58:08.0658 1964 blbdrive - detected LockedFile.Multi.Generic (1)
18:58:08.0689 1964 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:58:08.0689 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\bowser.sys. md5: 6c02a83164f5cc0a262f4199f0871cf5
18:58:08.0705 1964 bowser ( LockedFile.Multi.Generic ) - warning
18:58:08.0705 1964 bowser - detected LockedFile.Multi.Generic (1)
18:58:08.0721 1964 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:58:08.0721 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\BrFiltLo.sys. md5: f09eee9edc320b5e1501f749fde686c8
18:58:08.0736 1964 BrFiltLo ( LockedFile.Multi.Generic ) - warning
18:58:08.0736 1964 BrFiltLo - detected LockedFile.Multi.Generic (1)
18:58:08.0752 1964 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:58:08.0752 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\BrFiltUp.sys. md5: b114d3098e9bdb8bea8b053685831be6
18:58:08.0752 1964 BrFiltUp ( LockedFile.Multi.Generic ) - warning
18:58:08.0752 1964 BrFiltUp - detected LockedFile.Multi.Generic (1)
18:58:08.0783 1964 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:58:08.0783 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\bridge.sys. md5: 5c2f352a4e961d72518261257aae204b
18:58:08.0783 1964 BridgeMP ( LockedFile.Multi.Generic ) - warning
18:58:08.0783 1964 BridgeMP - detected LockedFile.Multi.Generic (1)
18:58:08.0814 1964 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:58:08.0814 1964 Suspicious file (NoAccess): C:\Windows\System32\Drivers\Brserid.sys. md5: 43bea8d483bf1870f018e2d02e06a5bd
18:58:08.0814 1964 Brserid ( LockedFile.Multi.Generic ) - warning
18:58:08.0814 1964 Brserid - detected LockedFile.Multi.Generic (1)
18:58:08.0830 1964 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:58:08.0830 1964 Suspicious file (NoAccess): C:\Windows\System32\Drivers\BrSerWdm.sys. md5: a6eca2151b08a09caceca35c07f05b42
18:58:08.0830 1964 BrSerWdm ( LockedFile.Multi.Generic ) - warning
18:58:08.0830 1964 BrSerWdm - detected LockedFile.Multi.Generic (1)
18:58:08.0861 1964 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:58:08.0861 1964 Suspicious file (NoAccess): C:\Windows\System32\Drivers\BrUsbMdm.sys. md5: b79968002c277e869cf38bd22cd61524
18:58:08.0861 1964 BrUsbMdm ( LockedFile.Multi.Generic ) - warning
18:58:08.0861 1964 BrUsbMdm - detected LockedFile.Multi.Generic (1)
18:58:08.0877 1964 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:58:08.0877 1964 Suspicious file (NoAccess): C:\Windows\System32\Drivers\BrUsbSer.sys. md5: a87528880231c54e75ea7a44943b38bf
18:58:08.0877 1964 BrUsbSer ( LockedFile.Multi.Generic ) - warning
18:58:08.0877 1964 BrUsbSer - detected LockedFile.Multi.Generic (1)
18:58:08.0892 1964 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:58:08.0892 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\bthmodem.sys. md5: 9da669f11d1f894ab4eb69bf546a42e8
18:58:08.0892 1964 BTHMODEM ( LockedFile.Multi.Generic ) - warning
18:58:08.0892 1964 BTHMODEM - detected LockedFile.Multi.Generic (1)
18:58:08.0908 1964 catchme - ok
18:58:08.0955 1964 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:58:08.0955 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\cdfs.sys. md5: b8bd2bb284668c84865658c77574381a
18:58:08.0955 1964 cdfs ( LockedFile.Multi.Generic ) - warning
18:58:08.0955 1964 cdfs - detected LockedFile.Multi.Generic (1)
18:58:09.0001 1964 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:58:09.0001 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\cdrom.sys. md5: f036ce71586e93d94dab220d7bdf4416
18:58:09.0017 1964 cdrom ( LockedFile.Multi.Generic ) - warning
18:58:09.0017 1964 cdrom - detected LockedFile.Multi.Generic (1)
18:58:09.0064 1964 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:58:09.0064 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\circlass.sys. md5: d7cd5c4e1b71fa62050515314cfb52cf
18:58:09.0064 1964 circlass ( LockedFile.Multi.Generic ) - warning
18:58:09.0064 1964 circlass - detected LockedFile.Multi.Generic (1)
18:58:09.0126 1964 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:58:09.0126 1964 Suspicious file (NoAccess): C:\Windows\system32\CLFS.sys. md5: fe1ec06f2253f691fe36217c592a0206
18:58:09.0142 1964 CLFS ( LockedFile.Multi.Generic ) - warning
18:58:09.0142 1964 CLFS - detected LockedFile.Multi.Generic (1)
18:58:09.0220 1964 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:58:09.0220 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\CmBatt.sys. md5: 0840155d0bddf1190f84a663c284bd33
18:58:09.0220 1964 CmBatt ( LockedFile.Multi.Generic ) - warning
18:58:09.0220 1964 CmBatt - detected LockedFile.Multi.Generic (1)
18:58:09.0251 1964 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:58:09.0251 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\cmdide.sys. md5: e19d3f095812725d88f9001985b94edd
18:58:09.0251 1964 cmdide ( LockedFile.Multi.Generic ) - warning
18:58:09.0251 1964 cmdide - detected LockedFile.Multi.Generic (1)
18:58:09.0298 1964 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:58:09.0298 1964 Suspicious file (NoAccess): C:\Windows\system32\Drivers\cng.sys. md5: c4943b6c962e4b82197542447ad599f4
18:58:09.0298 1964 CNG ( LockedFile.Multi.Generic ) - warning
18:58:09.0298 1964 CNG - detected LockedFile.Multi.Generic (1)
18:58:09.0329 1964 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:58:09.0329 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\compbatt.sys. md5: 102de219c3f61415f964c88e9085ad14
18:58:09.0329 1964 Compbatt ( LockedFile.Multi.Generic ) - warning
18:58:09.0329 1964 Compbatt - detected LockedFile.Multi.Generic (1)
18:58:09.0360 1964 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:58:09.0360 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\CompositeBus.sys. md5: 03edb043586cceba243d689bdda370a8
18:58:09.0360 1964 CompositeBus ( LockedFile.Multi.Generic ) - warning
18:58:09.0360 1964 CompositeBus - detected LockedFile.Multi.Generic (1)
18:58:09.0391 1964 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:58:09.0391 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\crcdisk.sys. md5: 1c827878a998c18847245fe1f34ee597
18:58:09.0407 1964 crcdisk ( LockedFile.Multi.Generic ) - warning
18:58:09.0407 1964 crcdisk - detected LockedFile.Multi.Generic (1)
18:58:09.0454 1964 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
18:58:09.0454 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\csc.sys. md5: 54da3dfd29ed9f1619b6f53f3ce55e49
18:58:09.0469 1964 CSC ( LockedFile.Multi.Generic ) - warning
18:58:09.0469 1964 CSC - detected LockedFile.Multi.Generic (1)
18:58:09.0501 1964 dc3d (7f61fbe259c18666d8ddf862f13a5eb0) C:\Windows\system32\DRIVERS\dc3d.sys
18:58:09.0501 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\dc3d.sys. md5: 7f61fbe259c18666d8ddf862f13a5eb0
18:58:09.0501 1964 dc3d ( LockedFile.Multi.Generic ) - warning
18:58:09.0501 1964 dc3d - detected LockedFile.Multi.Generic (1)
18:58:09.0579 1964 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:58:09.0579 1964 Suspicious file (NoAccess): C:\Windows\system32\Drivers\dfsc.sys. md5: 9bb2ef44eaa163b29c4a4587887a0fe4
18:58:09.0594 1964 DfsC ( LockedFile.Multi.Generic ) - warning
18:58:09.0594 1964 DfsC - detected LockedFile.Multi.Generic (1)
18:58:09.0641 1964 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:58:09.0641 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\discache.sys. md5: 13096b05847ec78f0977f2c0f79e9ab3
18:58:09.0641 1964 discache ( LockedFile.Multi.Generic ) - warning
18:58:09.0641 1964 discache - detected LockedFile.Multi.Generic (1)
18:58:09.0657 1964 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:58:09.0657 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\disk.sys. md5: 9819eee8b5ea3784ec4af3b137a5244c
18:58:09.0657 1964 Disk ( LockedFile.Multi.Generic ) - warning
18:58:09.0657 1964 Disk - detected LockedFile.Multi.Generic (1)
18:58:09.0781 1964 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:58:09.0797 1964 drmkaud - ok
18:58:09.0969 1964 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:58:09.0969 1964 Suspicious file (NoAccess): C:\Windows\System32\drivers\dxgkrnl.sys. md5: f5bee30450e18e6b83a5012c100616fd
18:58:09.0969 1964 DXGKrnl ( LockedFile.Multi.Generic ) - warning
18:58:09.0969 1964 DXGKrnl - detected LockedFile.Multi.Generic (1)
18:58:10.0062 1964 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:58:10.0062 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\evbda.sys. md5: dc5d737f51be844d8c82c695eb17372f
18:58:10.0062 1964 ebdrv ( LockedFile.Multi.Generic ) - warning
18:58:10.0062 1964 ebdrv - detected LockedFile.Multi.Generic (1)
18:58:10.0109 1964 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:58:10.0109 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\elxstor.sys. md5: 0e5da5369a0fcaea12456dd852545184
18:58:10.0125 1964 elxstor ( LockedFile.Multi.Generic ) - warning
18:58:10.0125 1964 elxstor - detected LockedFile.Multi.Generic (1)
18:58:10.0156 1964 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:58:10.0156 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\errdev.sys. md5: 34a3c54752046e79a126e15c51db409b
18:58:10.0156 1964 ErrDev ( LockedFile.Multi.Generic ) - warning
18:58:10.0156 1964 ErrDev - detected LockedFile.Multi.Generic (1)
18:58:10.0203 1964 etdrv (84486624268e078255bc7aa47f0960bc) C:\Windows\etdrv.sys
18:58:10.0203 1964 Suspicious file (NoAccess): C:\Windows\etdrv.sys. md5: 84486624268e078255bc7aa47f0960bc
18:58:10.0203 1964 etdrv ( LockedFile.Multi.Generic ) - warning
18:58:10.0203 1964 etdrv - detected LockedFile.Multi.Generic (1)
18:58:10.0249 1964 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:58:10.0249 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\exfat.sys. md5: a510c654ec00c1e9bdd91eeb3a59823b
18:58:10.0265 1964 exfat ( LockedFile.Multi.Generic ) - warning
18:58:10.0265 1964 exfat - detected LockedFile.Multi.Generic (1)
18:58:10.0281 1964 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:58:10.0281 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\fastfat.sys. md5: 0adc83218b66a6db380c330836f3e36d
18:58:10.0281 1964 fastfat ( LockedFile.Multi.Generic ) - warning
18:58:10.0281 1964 fastfat - detected LockedFile.Multi.Generic (1)
18:58:10.0327 1964 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:58:10.0327 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\fdc.sys. md5: d765d19cd8ef61f650c384f62fac00ab
18:58:10.0327 1964 fdc ( LockedFile.Multi.Generic ) - warning
18:58:10.0327 1964 fdc - detected LockedFile.Multi.Generic (1)
18:58:10.0390 1964 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:58:10.0390 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\fileinfo.sys. md5: 655661be46b5f5f3fd454e2c3095b930
18:58:10.0390 1964 FileInfo ( LockedFile.Multi.Generic ) - warning
18:58:10.0390 1964 FileInfo - detected LockedFile.Multi.Generic (1)
18:58:10.0405 1964 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:58:10.0405 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\filetrace.sys. md5: 5f671ab5bc87eea04ec38a6cd5962a47
18:58:10.0421 1964 Filetrace ( LockedFile.Multi.Generic ) - warning
18:58:10.0421 1964 Filetrace - detected LockedFile.Multi.Generic (1)
18:58:10.0437 1964 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:58:10.0437 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\flpydisk.sys. md5: c172a0f53008eaeb8ea33fe10e177af5
18:58:10.0437 1964 flpydisk ( LockedFile.Multi.Generic ) - warning
18:58:10.0437 1964 flpydisk - detected LockedFile.Multi.Generic (1)
18:58:10.0483 1964 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:58:10.0483 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\fltmgr.sys. md5: da6b67270fd9db3697b20fce94950741
18:58:10.0483 1964 FltMgr ( LockedFile.Multi.Generic ) - warning
18:58:10.0483 1964 FltMgr - detected LockedFile.Multi.Generic (1)
18:58:10.0530 1964 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:58:10.0530 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\FsDepends.sys. md5: d43703496149971890703b4b1b723eac
18:58:10.0530 1964 FsDepends ( LockedFile.Multi.Generic ) - warning
18:58:10.0530 1964 FsDepends - detected LockedFile.Multi.Generic (1)
18:58:10.0546 1964 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:58:10.0546 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\Fs_Rec.sys. md5: e95ef8547de20cf0603557c0cf7a9462
18:58:10.0546 1964 Fs_Rec ( LockedFile.Multi.Generic ) - warning
18:58:10.0546 1964 Fs_Rec - detected LockedFile.Multi.Generic (1)
18:58:10.0593 1964 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:58:10.0593 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\fvevol.sys. md5: 1f7b25b858fa27015169fe95e54108ed
18:58:10.0593 1964 fvevol ( LockedFile.Multi.Generic ) - warning
18:58:10.0593 1964 fvevol - detected LockedFile.Multi.Generic (1)
18:58:10.0624 1964 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:58:10.0624 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\gagp30kx.sys. md5: 8c778d335c9d272cfd3298ab02abe3b6
18:58:10.0624 1964 gagp30kx ( LockedFile.Multi.Generic ) - warning
18:58:10.0624 1964 gagp30kx - detected LockedFile.Multi.Generic (1)
18:58:10.0655 1964 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
18:58:10.0655 1964 Suspicious file (NoAccess): C:\Windows\gdrv.sys. md5: 7907e14f9bcf3a4689c9a74a1a873cb6
18:58:10.0655 1964 gdrv ( LockedFile.Multi.Generic ) - warning
18:58:10.0655 1964 gdrv - detected LockedFile.Multi.Generic (1)
18:58:10.0717 1964 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
18:58:10.0717 1964 Suspicious file (NoAccess): C:\Windows\GVTDrv64.sys. md5: 8126331fbd4ed29eb3b356f9c905064d
18:58:10.0717 1964 GVTDrv64 ( LockedFile.Multi.Generic ) - warning
18:58:10.0717 1964 GVTDrv64 - detected LockedFile.Multi.Generic (1)
18:58:10.0749 1964 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:58:10.0749 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\hcw85cir.sys. md5: f2523ef6460fc42405b12248338ab2f0
18:58:10.0764 1964 hcw85cir ( LockedFile.Multi.Generic ) - warning
18:58:10.0764 1964 hcw85cir - detected LockedFile.Multi.Generic (1)
18:58:10.0811 1964 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:58:10.0811 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\HdAudio.sys. md5: 975761c778e33cd22498059b91e7373a
18:58:10.0811 1964 HdAudAddService ( LockedFile.Multi.Generic ) - warning
18:58:10.0811 1964 HdAudAddService - detected LockedFile.Multi.Generic (1)
18:58:10.0858 1964 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:58:10.0858 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\HDAudBus.sys. md5: 97bfed39b6b79eb12cddbfeed51f56bb
18:58:10.0873 1964 HDAudBus ( LockedFile.Multi.Generic ) - warning
18:58:10.0873 1964 HDAudBus - detected LockedFile.Multi.Generic (1)
18:58:10.0905 1964 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:58:10.0905 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\HidBatt.sys. md5: 78e86380454a7b10a5eb255dc44a355f
18:58:10.0905 1964 HidBatt ( LockedFile.Multi.Generic ) - warning
18:58:10.0905 1964 HidBatt - detected LockedFile.Multi.Generic (1)
18:58:10.0951 1964 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:58:10.0951 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidbth.sys. md5: 7fd2a313f7afe5c4dab14798c48dd104
18:58:10.0951 1964 HidBth ( LockedFile.Multi.Generic ) - warning
18:58:10.0951 1964 HidBth - detected LockedFile.Multi.Generic (1)
18:58:10.0983 1964 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:58:10.0983 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidir.sys. md5: 0a77d29f311b88cfae3b13f9c1a73825
18:58:10.0983 1964 HidIr ( LockedFile.Multi.Generic ) - warning
18:58:10.0983 1964 HidIr - detected LockedFile.Multi.Generic (1)
18:58:11.0014 1964 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:58:11.0014 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidusb.sys. md5: 9592090a7e2b61cd582b612b6df70536
18:58:11.0014 1964 HidUsb ( LockedFile.Multi.Generic ) - warning
18:58:11.0014 1964 HidUsb - detected LockedFile.Multi.Generic (1)
18:58:11.0061 1964 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:58:11.0061 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\HpSAMD.sys. md5: 39d2abcd392f3d8a6dce7b60ae7b8efc
18:58:11.0076 1964 HpSAMD ( LockedFile.Multi.Generic ) - warning
18:58:11.0076 1964 HpSAMD - detected LockedFile.Multi.Generic (1)
18:58:11.0139 1964 HssDrv (a60c877e1cd3aa2e4e5ccd8af305c0f1) C:\Windows\system32\DRIVERS\HssDrv.sys
18:58:11.0139 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\HssDrv.sys. md5: a60c877e1cd3aa2e4e5ccd8af305c0f1
18:58:11.0139 1964 HssDrv ( LockedFile.Multi.Generic ) - warning
18:58:11.0139 1964 HssDrv - detected LockedFile.Multi.Generic (1)
18:58:11.0232 1964 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:58:11.0232 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\HTTP.sys. md5: 0ea7de1acb728dd5a369fd742d6eee28
18:58:11.0248 1964 HTTP ( LockedFile.Multi.Generic ) - warning
18:58:11.0248 1964 HTTP - detected LockedFile.Multi.Generic (1)
18:58:11.0279 1964 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:58:11.0279 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\hwpolicy.sys. md5: a5462bd6884960c9dc85ed49d34ff392
18:58:11.0279 1964 hwpolicy ( LockedFile.Multi.Generic ) - warning
18:58:11.0279 1964 hwpolicy - detected LockedFile.Multi.Generic (1)
18:58:11.0310 1964 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:58:11.0310 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\i8042prt.sys. md5: fa55c73d4affa7ee23ac4be53b4592d3
18:58:11.0310 1964 i8042prt ( LockedFile.Multi.Generic ) - warning
18:58:11.0310 1964 i8042prt - detected LockedFile.Multi.Generic (1)
18:58:11.0341 1964 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:58:11.0341 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\iaStorV.sys. md5: aaaf44db3bd0b9d1fb6969b23ecc8366
18:58:11.0341 1964 iaStorV ( LockedFile.Multi.Generic ) - warning
18:58:11.0341 1964 iaStorV - detected LockedFile.Multi.Generic (1)
18:58:11.0373 1964 IDMWFP (ecb18e43ab0302406d4a9a643209d4f0) C:\Windows\system32\DRIVERS\idmwfp.sys
18:58:11.0373 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\idmwfp.sys. md5: ecb18e43ab0302406d4a9a643209d4f0
18:58:11.0388 1964 IDMWFP ( LockedFile.Multi.Generic ) - warning
18:58:11.0388 1964 IDMWFP - detected LockedFile.Multi.Generic (1)
18:58:11.0419 1964 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:58:11.0419 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\iirsp.sys. md5: 5c18831c61933628f5bb0ea2675b9d21
18:58:11.0419 1964 iirsp ( LockedFile.Multi.Generic ) - warning
18:58:11.0419 1964 iirsp - detected LockedFile.Multi.Generic (1)
18:58:11.0529 1964 IntcAzAudAddService (491dadcc74327fabc85e0ab80af8f204) C:\Windows\system32\drivers\RTKVHD64.sys
18:58:11.0529 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\RTKVHD64.sys. md5: 491dadcc74327fabc85e0ab80af8f204
18:58:11.0544 1964 IntcAzAudAddService ( LockedFile.Multi.Generic ) - warning
18:58:11.0544 1964 IntcAzAudAddService - detected LockedFile.Multi.Generic (1)
18:58:11.0575 1964 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:58:11.0575 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\intelide.sys. md5: f00f20e70c6ec3aa366910083a0518aa
18:58:11.0591 1964 intelide ( LockedFile.Multi.Generic ) - warning
18:58:11.0591 1964 intelide - detected LockedFile.Multi.Generic (1)
18:58:11.0622 1964 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:58:11.0622 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\intelppm.sys. md5: ada036632c664caa754079041cf1f8c1
18:58:11.0638 1964 intelppm ( LockedFile.Multi.Generic ) - warning
18:58:11.0638 1964 intelppm - detected LockedFile.Multi.Generic (1)
18:58:11.0685 1964 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:58:11.0700 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: c9f0e1bd74365a8771590e9008d22ab6
18:58:11.0700 1964 IpFilterDriver ( LockedFile.Multi.Generic ) - warning
18:58:11.0700 1964 IpFilterDriver - detected LockedFile.Multi.Generic (1)
18:58:11.0731 1964 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:58:11.0731 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\IPMIDrv.sys. md5: 0fc1aea580957aa8817b8f305d18ca3a
18:58:11.0747 1964 IPMIDRV ( LockedFile.Multi.Generic ) - warning
18:58:11.0747 1964 IPMIDRV - detected LockedFile.Multi.Generic (1)
18:58:11.0763 1964 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:58:11.0763 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\ipnat.sys. md5: af9b39a7e7b6caa203b3862582e9f2d0
18:58:11.0763 1964 IPNAT ( LockedFile.Multi.Generic ) - warning
18:58:11.0763 1964 IPNAT - detected LockedFile.Multi.Generic (1)
18:58:11.0778 1964 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:58:11.0778 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\irenum.sys. md5: 3abf5e7213eb28966d55d58b515d5ce9
18:58:11.0778 1964 IRENUM ( LockedFile.Multi.Generic ) - warning
18:58:11.0778 1964 IRENUM - detected LockedFile.Multi.Generic (1)
18:58:11.0809 1964 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:58:11.0809 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\isapnp.sys. md5: 2f7b28dc3e1183e5eb418df55c204f38
18:58:11.0809 1964 isapnp ( LockedFile.Multi.Generic ) - warning
18:58:11.0809 1964 isapnp - detected LockedFile.Multi.Generic (1)
18:58:11.0841 1964 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:58:11.0841 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\msiscsi.sys. md5: d931d7309deb2317035b07c9f9e6b0bd
18:58:11.0856 1964 iScsiPrt ( LockedFile.Multi.Generic ) - warning
18:58:11.0856 1964 iScsiPrt - detected LockedFile.Multi.Generic (1)
18:58:11.0887 1964 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
18:58:11.0887 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\kbdclass.sys. md5: bc02336f1cba7dcc7d1213bb588a68a5
18:58:11.0887 1964 kbdclass ( LockedFile.Multi.Generic ) - warning
18:58:11.0887 1964 kbdclass - detected LockedFile.Multi.Generic (1)
18:58:11.0919 1964 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:58:11.0919 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\kbdhid.sys. md5: 0705eff5b42a9db58548eec3b26bb484
18:58:11.0919 1964 kbdhid ( LockedFile.Multi.Generic ) - warning
18:58:11.0919 1964 kbdhid - detected LockedFile.Multi.Generic (1)
18:58:11.0981 1964 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:58:11.0981 1964 Suspicious file (NoAccess): C:\Windows\system32\Drivers\ksecdd.sys. md5: da1e991a61cfdd755a589e206b97644b
18:58:11.0981 1964 KSecDD ( LockedFile.Multi.Generic ) - warning
18:58:11.0981 1964 KSecDD - detected LockedFile.Multi.Generic (1)
18:58:12.0012 1964 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:58:12.0012 1964 Suspicious file (NoAccess): C:\Windows\system32\Drivers\ksecpkg.sys. md5: 7e33198d956943a4f11a5474c1e9106f
18:58:12.0012 1964 KSecPkg ( LockedFile.Multi.Generic ) - warning
18:58:12.0012 1964 KSecPkg - detected LockedFile.Multi.Generic (1)
18:58:12.0028 1964 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:58:12.0028 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\ksthunk.sys. md5: 6869281e78cb31a43e969f06b57347c4
18:58:12.0043 1964 ksthunk ( LockedFile.Multi.Generic ) - warning
18:58:12.0043 1964 ksthunk - detected LockedFile.Multi.Generic (1)
18:58:12.0121 1964 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:58:12.0121 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 1538831cf8ad2979a04c423779465827
18:58:12.0121 1964 lltdio ( LockedFile.Multi.Generic ) - warning
18:58:12.0121 1964 lltdio - detected LockedFile.Multi.Generic (1)
18:58:12.0184 1964 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:58:12.0184 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_fc.sys. md5: 1a93e54eb0ece102495a51266dcdb6a6
18:58:12.0199 1964 LSI_FC ( LockedFile.Multi.Generic ) - warning
18:58:12.0199 1964 LSI_FC - detected LockedFile.Multi.Generic (1)
18:58:12.0215 1964 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:58:12.0215 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_sas.sys. md5: 1047184a9fdc8bdbff857175875ee810
18:58:12.0231 1964 LSI_SAS ( LockedFile.Multi.Generic ) - warning
18:58:12.0231 1964 LSI_SAS - detected LockedFile.Multi.Generic (1)
18:58:12.0246 1964 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:58:12.0246 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_sas2.sys. md5: 30f5c0de1ee8b5bc9306c1f0e4a75f93
18:58:12.0246 1964 LSI_SAS2 ( LockedFile.Multi.Generic ) - warning
18:58:12.0246 1964 LSI_SAS2 - detected LockedFile.Multi.Generic (1)
18:58:12.0262 1964 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:58:12.0262 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_scsi.sys. md5: 0504eacaff0d3c8aed161c4b0d369d4a
18:58:12.0277 1964 LSI_SCSI ( LockedFile.Multi.Generic ) - warning
18:58:12.0277 1964 LSI_SCSI - detected LockedFile.Multi.Generic (1)
18:58:12.0293 1964 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:58:12.0293 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\luafv.sys. md5: 43d0f98e1d56ccddb0d5254cff7b356e
18:58:12.0309 1964 luafv ( LockedFile.Multi.Generic ) - warning
18:58:12.0309 1964 luafv - detected LockedFile.Multi.Generic (1)
18:58:12.0340 1964 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
18:58:12.0340 1964 MBAMProtector - ok
18:58:12.0402 1964 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:58:12.0402 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\megasas.sys. md5: a55805f747c6edb6a9080d7c633bd0f4
18:58:12.0402 1964 megasas ( LockedFile.Multi.Generic ) - warning
18:58:12.0402 1964 megasas - detected LockedFile.Multi.Generic (1)
18:58:12.0418 1964 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:58:12.0418 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\MegaSR.sys. md5: baf74ce0072480c3b6b7c13b2a94d6b3
18:58:12.0433 1964 MegaSR ( LockedFile.Multi.Generic ) - warning
18:58:12.0433 1964 MegaSR - detected LockedFile.Multi.Generic (1)
18:58:12.0480 1964 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys
18:58:12.0480 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\HECIx64.sys. md5: 1c6e73fc46b509eff9d0086aa37132df
18:58:12.0496 1964 MEIx64 ( LockedFile.Multi.Generic ) - warning
18:58:12.0496 1964 MEIx64 - detected LockedFile.Multi.Generic (1)
18:58:12.0543 1964 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:58:12.0543 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\modem.sys. md5: 800ba92f7010378b09f9ed9270f07137
18:58:12.0543 1964 Modem ( LockedFile.Multi.Generic ) - warning
18:58:12.0543 1964 Modem - detected LockedFile.Multi.Generic (1)
18:58:12.0589 1964 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:58:12.0589 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\monitor.sys. md5: b03d591dc7da45ece20b3b467e6aadaa
18:58:12.0605 1964 monitor ( LockedFile.Multi.Generic ) - warning
18:58:12.0605 1964 monitor - detected LockedFile.Multi.Generic (1)
18:58:12.0621 1964 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
18:58:12.0621 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\mouclass.sys. md5: 7d27ea49f3c1f687d357e77a470aea99
18:58:12.0621 1964 mouclass ( LockedFile.Multi.Generic ) - warning
18:58:12.0621 1964 mouclass - detected LockedFile.Multi.Generic (1)
18:58:12.0667 1964 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:58:12.0667 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mouhid.sys. md5: d3bf052c40b0c4166d9fd86a4288c1e6
18:58:12.0667 1964 mouhid ( LockedFile.Multi.Generic ) - warning
18:58:12.0667 1964 mouhid - detected LockedFile.Multi.Generic (1)
18:58:12.0714 1964 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:58:12.0714 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\mountmgr.sys. md5: 32e7a3d591d671a6df2db515a5cbe0fa
18:58:12.0714 1964 mountmgr ( LockedFile.Multi.Generic ) - warning
18:58:12.0714 1964 mountmgr - detected LockedFile.Multi.Generic (1)
18:58:12.0745 1964 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:58:12.0745 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\mpio.sys. md5: a44b420d30bd56e145d6a2bc8768ec58
18:58:12.0761 1964 mpio ( LockedFile.Multi.Generic ) - warning
18:58:12.0761 1964 mpio - detected LockedFile.Multi.Generic (1)
18:58:12.0777 1964 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:58:12.0777 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\mpsdrv.sys. md5: 6c38c9e45ae0ea2fa5e551f2ed5e978f
18:58:12.0777 1964 mpsdrv ( LockedFile.Multi.Generic ) - warning
18:58:12.0777 1964 mpsdrv - detected LockedFile.Multi.Generic (1)
18:58:12.0823 1964 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:58:12.0823 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\mrxdav.sys. md5: dc722758b8261e1abafd31a3c0a66380
18:58:12.0839 1964 MRxDAV ( LockedFile.Multi.Generic ) - warning
18:58:12.0839 1964 MRxDAV - detected LockedFile.Multi.Generic (1)
18:58:12.0870 1964 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:58:12.0870 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: a5d9106a73dc88564c825d317cac68ac
18:58:12.0870 1964 mrxsmb ( LockedFile.Multi.Generic ) - warning
18:58:12.0870 1964 mrxsmb - detected LockedFile.Multi.Generic (1)
18:58:12.0917 1964 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:58:12.0917 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: d711b3c1d5f42c0c2415687be09fc163
18:58:12.0917 1964 mrxsmb10 ( LockedFile.Multi.Generic ) - warning
18:58:12.0917 1964 mrxsmb10 - detected LockedFile.Multi.Generic (1)
18:58:12.0948 1964 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:58:12.0948 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: 9423e9d355c8d303e76b8cfbd8a5c30c
18:58:12.0948 1964 mrxsmb20 ( LockedFile.Multi.Generic ) - warning
18:58:12.0948 1964 mrxsmb20 - detected LockedFile.Multi.Generic (1)
18:58:12.0964 1964 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:58:12.0964 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\msahci.sys. md5: c25f0bafa182cbca2dd3c851c2e75796
18:58:12.0979 1964 msahci ( LockedFile.Multi.Generic ) - warning
18:58:12.0979 1964 msahci - detected LockedFile.Multi.Generic (1)
18:58:12.0995 1964 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:58:12.0995 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\msdsm.sys. md5: db801a638d011b9633829eb6f663c900
18:58:12.0995 1964 msdsm ( LockedFile.Multi.Generic ) - warning
18:58:12.0995 1964 msdsm - detected LockedFile.Multi.Generic (1)
18:58:13.0042 1964 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:58:13.0042 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\Msfs.sys. md5: aa3fb40e17ce1388fa1bedab50ea8f96
18:58:13.0057 1964 Msfs ( LockedFile.Multi.Generic ) - warning
18:58:13.0057 1964 Msfs - detected LockedFile.Multi.Generic (1)
18:58:13.0073 1964 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:58:13.0073 1964 Suspicious file (NoAccess): C:\Windows\System32\drivers\mshidkmdf.sys. md5: f9d215a46a8b9753f61767fa72a20326
18:58:13.0073 1964 mshidkmdf ( LockedFile.Multi.Generic ) - warning
18:58:13.0073 1964 mshidkmdf - detected LockedFile.Multi.Generic (1)
18:58:13.0120 1964 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:58:13.0120 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\msisadrv.sys. md5: d916874bbd4f8b07bfb7fa9b3ccae29d
18:58:13.0120 1964 msisadrv ( LockedFile.Multi.Generic ) - warning
18:58:13.0120 1964 msisadrv - detected LockedFile.Multi.Generic (1)
18:58:13.0167 1964 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:58:13.0167 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 49ccf2c4fea34ffad8b1b59d49439366
18:58:13.0167 1964 MSKSSRV ( LockedFile.Multi.Generic ) - warning
18:58:13.0167 1964 MSKSSRV - detected LockedFile.Multi.Generic (1)
18:58:13.0182 1964 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:58:13.0182 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: bdd71ace35a232104ddd349ee70e1ab3
18:58:13.0198 1964 MSPCLOCK ( LockedFile.Multi.Generic ) - warning
18:58:13.0198 1964 MSPCLOCK - detected LockedFile.Multi.Generic (1)
18:58:13.0213 1964 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:58:13.0213 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSPQM.sys. md5: 4ed981241db27c3383d72092b618a1d0
18:58:13.0213 1964 MSPQM ( LockedFile.Multi.Generic ) - warning
18:58:13.0213 1964 MSPQM - detected LockedFile.Multi.Generic (1)
18:58:13.0260 1964 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:58:13.0260 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\MsRPC.sys. md5: 759a9eeb0fa9ed79da1fb7d4ef78866d
18:58:13.0260 1964 MsRPC ( LockedFile.Multi.Generic ) - warning
18:58:13.0260 1964 MsRPC - detected LockedFile.Multi.Generic (1)
18:58:13.0276 1964 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:58:13.0276 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\mssmbios.sys. md5: 0eed230e37515a0eaee3c2e1bc97b288
18:58:13.0291 1964 mssmbios ( LockedFile.Multi.Generic ) - warning
18:58:13.0291 1964 mssmbios - detected LockedFile.Multi.Generic (1)
18:58:13.0307 1964 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:58:13.0307 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSTEE.sys. md5: 2e66f9ecb30b4221a318c92ac2250779
18:58:13.0307 1964 MSTEE ( LockedFile.Multi.Generic ) - warning
18:58:13.0307 1964 MSTEE - detected LockedFile.Multi.Generic (1)
18:58:13.0323 1964 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:58:13.0323 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 7ea404308934e675bffde8edf0757bcd
18:58:13.0338 1964 MTConfig ( LockedFile.Multi.Generic ) - warning
18:58:13.0338 1964 MTConfig - detected LockedFile.Multi.Generic (1)
18:58:13.0369 1964 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:58:13.0369 1964 Suspicious file (NoAccess): C:\Windows\system32\Drivers\mup.sys. md5: f9a18612fd3526fe473c1bda678d61c8
18:58:13.0369 1964 Mup ( LockedFile.Multi.Generic ) - warning
18:58:13.0369 1964 Mup - detected LockedFile.Multi.Generic (1)
18:58:13.0432 1964 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:58:13.0432 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 1ea3749c4114db3e3161156ffffa6b33
18:58:13.0447 1964 NativeWifiP ( LockedFile.Multi.Generic ) - warning
18:58:13.0447 1964 NativeWifiP - detected LockedFile.Multi.Generic (1)
18:58:13.0525 1964 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:58:13.0525 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\ndis.sys. md5: 79b47fd40d9a817e932f9d26fac0a81c
18:58:13.0541 1964 NDIS ( LockedFile.Multi.Generic ) - warning
18:58:13.0541 1964 NDIS - detected LockedFile.Multi.Generic (1)
18:58:13.0557 1964 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:58:13.0557 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 9f9a1f53aad7da4d6fef5bb73ab811ac
18:58:13.0572 1964 NdisCap ( LockedFile.Multi.Generic ) - warning
18:58:13.0572 1964 NdisCap - detected LockedFile.Multi.Generic (1)
18:58:13.0603 1964 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:58:13.0603 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: 30639c932d9fef22b31268fe25a1b6e5
18:58:13.0603 1964 NdisTapi ( LockedFile.Multi.Generic ) - warning
18:58:13.0603 1964 NdisTapi - detected LockedFile.Multi.Generic (1)
18:58:13.0650 1964 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:58:13.0650 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: 136185f9fb2cc61e573e676aa5402356
18:58:13.0650 1964 Ndisuio ( LockedFile.Multi.Generic ) - warning
18:58:13.0650 1964 Ndisuio - detected LockedFile.Multi.Generic (1)
18:58:13.0697 1964 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:58:13.0697 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 53f7305169863f0a2bddc49e116c2e11
18:58:13.0713 1964 NdisWan ( LockedFile.Multi.Generic ) - warning
18:58:13.0713 1964 NdisWan - detected LockedFile.Multi.Generic (1)
18:58:13.0744 1964 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:58:13.0744 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\NDProxy.sys. md5: 015c0d8e0e0421b4cfd48cffe2825879
18:58:13.0759 1964 NDProxy ( LockedFile.Multi.Generic ) - warning
18:58:13.0759 1964 NDProxy - detected LockedFile.Multi.Generic (1)
18:58:13.0775 1964 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:58:13.0775 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\netbios.sys. md5: 86743d9f5d2b1048062b14b1d84501c4
18:58:13.0791 1964 NetBIOS ( LockedFile.Multi.Generic ) - warning
18:58:13.0791 1964 NetBIOS - detected LockedFile.Multi.Generic (1)
18:58:13.0837 1964 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:58:13.0837 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\netbt.sys. md5: 09594d1089c523423b32a4229263f068
18:58:13.0837 1964 NetBT ( LockedFile.Multi.Generic ) - warning
18:58:13.0837 1964 NetBT - detected LockedFile.Multi.Generic (1)
18:58:13.0915 1964 netr7364 (f3a1d8b7317939813568992d1bfdde37) C:\Windows\system32\DRIVERS\netr7364.sys
18:58:13.0915 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\netr7364.sys. md5: f3a1d8b7317939813568992d1bfdde37
18:58:13.0915 1964 netr7364 ( LockedFile.Multi.Generic ) - warning
18:58:13.0915 1964 netr7364 - detected LockedFile.Multi.Generic (1)
18:58:13.0978 1964 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:58:13.0978 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nfrd960.sys. md5: 77889813be4d166cdab78ddba990da92
18:58:13.0993 1964 nfrd960 ( LockedFile.Multi.Generic ) - warning
18:58:13.0993 1964 nfrd960 - detected LockedFile.Multi.Generic (1)
18:58:14.0025 1964 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:58:14.0025 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\Npfs.sys. md5: 1e4c4ab5c9b8dd13179bbdc75a2a01f7
18:58:14.0040 1964 Npfs ( LockedFile.Multi.Generic ) - warning
18:58:14.0040 1964 Npfs - detected LockedFile.Multi.Generic (1)
18:58:14.0087 1964 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:58:14.0087 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\nsiproxy.sys. md5: e7f5ae18af4168178a642a9247c63001
18:58:14.0087 1964 nsiproxy ( LockedFile.Multi.Generic ) - warning
18:58:14.0087 1964 nsiproxy - detected LockedFile.Multi.Generic (1)
18:58:14.0149 1964 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:58:14.0149 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\Ntfs.sys. md5: a2f74975097f52a00745f9637451fdd8
18:58:14.0149 1964 Ntfs ( LockedFile.Multi.Generic ) - warning
18:58:14.0149 1964 Ntfs - detected LockedFile.Multi.Generic (1)
18:58:14.0181 1964 NuidFltr (9924bdc1882f8c92335e26483bd1fb24) C:\Windows\system32\DRIVERS\NuidFltr.sys
18:58:14.0181 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\NuidFltr.sys. md5: 9924bdc1882f8c92335e26483bd1fb24
18:58:14.0181 1964 NuidFltr ( LockedFile.Multi.Generic ) - warning
18:58:14.0181 1964 NuidFltr - detected LockedFile.Multi.Generic (1)
18:58:14.0227 1964 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:58:14.0227 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\Null.sys. md5: 9899284589f75fa8724ff3d16aed75c1
18:58:14.0227 1964 Null ( LockedFile.Multi.Generic ) - warning
18:58:14.0227 1964 Null - detected LockedFile.Multi.Generic (1)
18:58:14.0274 1964 nusb3hub (c25cc69829e976c67b34152334eeddd1) C:\Windows\system32\DRIVERS\nusb3hub.sys
18:58:14.0274 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nusb3hub.sys. md5: c25cc69829e976c67b34152334eeddd1
18:58:14.0274 1964 nusb3hub ( LockedFile.Multi.Generic ) - warning
18:58:14.0274 1964 nusb3hub - detected LockedFile.Multi.Generic (1)
18:58:14.0305 1964 nusb3xhc (20bc4b57a6dba0447adb3b623c200f8e) C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:58:14.0305 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nusb3xhc.sys. md5: 20bc4b57a6dba0447adb3b623c200f8e
18:58:14.0305 1964 nusb3xhc ( LockedFile.Multi.Generic ) - warning
18:58:14.0305 1964 nusb3xhc - detected LockedFile.Multi.Generic (1)
18:58:14.0352 1964 NVHDA (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers\nvhda64v.sys
18:58:14.0352 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\nvhda64v.sys. md5: 857fb74754ebff94ee3ad40788740916
18:58:14.0352 1964 NVHDA ( LockedFile.Multi.Generic ) - warning
18:58:14.0352 1964 NVHDA - detected LockedFile.Multi.Generic (1)
18:58:14.0555 1964 nvlddmkm (483db4efc499696298aed4c9daec2fef) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:58:14.0555 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nvlddmkm.sys. md5: 483db4efc499696298aed4c9daec2fef
18:58:14.0602 1964 nvlddmkm ( LockedFile.Multi.Generic ) - warning
18:58:14.0602 1964 nvlddmkm - detected LockedFile.Multi.Generic (1)
18:58:14.0633 1964 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:58:14.0633 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\nvraid.sys. md5: 0a92cb65770442ed0dc44834632f66ad
18:58:14.0633 1964 nvraid ( LockedFile.Multi.Generic ) - warning
18:58:14.0633 1964 nvraid - detected LockedFile.Multi.Generic (1)
18:58:14.0664 1964 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:58:14.0664 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\nvstor.sys. md5: dab0e87525c10052bf65f06152f37e4a
18:58:14.0680 1964 nvstor ( LockedFile.Multi.Generic ) - warning
18:58:14.0680 1964 nvstor - detected LockedFile.Multi.Generic (1)
18:58:14.0711 1964 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:58:14.0711 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\nv_agp.sys. md5: 270d7cd42d6e3979f6dd0146650f0e05
18:58:14.0711 1964 nv_agp ( LockedFile.Multi.Generic ) - warning
18:58:14.0711 1964 nv_agp - detected LockedFile.Multi.Generic (1)
18:58:14.0758 1964 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:58:14.0758 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\ohci1394.sys. md5: 3589478e4b22ce21b41fa1bfc0b8b8a0
18:58:14.0758 1964 ohci1394 ( LockedFile.Multi.Generic ) - warning
18:58:14.0758 1964 ohci1394 - detected LockedFile.Multi.Generic (1)
18:58:14.0820 1964 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:58:14.0820 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\parport.sys. md5: 0086431c29c35be1dbc43f52cc273887
18:58:14.0820 1964 Parport ( LockedFile.Multi.Generic ) - warning
18:58:14.0820 1964 Parport - detected LockedFile.Multi.Generic (1)
18:58:14.0898 1964 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:58:14.0898 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\partmgr.sys. md5: 871eadac56b0a4c6512bbe32753ccf79
18:58:14.0898 1964 partmgr ( LockedFile.Multi.Generic ) - warning
18:58:14.0898 1964 partmgr - detected LockedFile.Multi.Generic (1)
18:58:14.0945 1964 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:58:14.0945 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\pci.sys. md5: 94575c0571d1462a0f70bde6bd6ee6b3
18:58:14.0961 1964 pci ( LockedFile.Multi.Generic ) - warning
18:58:14.0961 1964 pci - detected LockedFile.Multi.Generic (1)
18:58:14.0976 1964 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:58:14.0976 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\pciide.sys. md5: b5b8b5ef2e5cb34df8dcf8831e3534fa
18:58:14.0976 1964 pciide ( LockedFile.Multi.Generic ) - warning
18:58:14.0976 1964 pciide - detected LockedFile.Multi.Generic (1)
18:58:15.0007 1964 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:58:15.0007 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\pcmcia.sys. md5: b2e81d4e87ce48589f98cb8c05b01f2f
18:58:15.0007 1964 pcmcia ( LockedFile.Multi.Generic ) - warning
18:58:15.0007 1964 pcmcia - detected LockedFile.Multi.Generic (1)
18:58:15.0039 1964 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:58:15.0039 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\pcw.sys. md5: d6b9c2e1a11a3a4b26a182ffef18f603
18:58:15.0054 1964 pcw ( LockedFile.Multi.Generic ) - warning
18:58:15.0054 1964 pcw - detected LockedFile.Multi.Generic (1)
18:58:15.0070 1964 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:58:15.0070 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\peauth.sys. md5: 68769c3356b3be5d1c732c97b9a80d6e
18:58:15.0085 1964 PEAUTH ( LockedFile.Multi.Generic ) - warning
18:58:15.0085 1964 PEAUTH - detected LockedFile.Multi.Generic (1)
18:58:15.0179 1964 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
18:58:15.0179 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\point64.sys. md5: 33328fa8a580885ab0065be6db266e9f
18:58:15.0179 1964 Point64 ( LockedFile.Multi.Generic ) - warning
18:58:15.0179 1964 Point64 - detected LockedFile.Multi.Generic (1)
18:58:15.0226 1964 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:58:15.0226 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\raspptp.sys. md5: f92a2c41117a11a00be01ca01a7fcde9
18:58:15.0226 1964 PptpMiniport ( LockedFile.Multi.Generic ) - warning
18:58:15.0226 1964 PptpMiniport - detected LockedFile.Multi.Generic (1)
18:58:15.0257 1964 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:58:15.0257 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\processr.sys. md5: 0d922e23c041efb1c3fac2a6f943c9bf
18:58:15.0257 1964 Processor ( LockedFile.Multi.Generic ) - warning
18:58:15.0257 1964 Processor - detected LockedFile.Multi.Generic (1)
18:58:15.0319 1964 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:58:15.0319 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\pacer.sys. md5: 0557cf5a2556bd58e26384169d72438d
18:58:15.0319 1964 Psched ( LockedFile.Multi.Generic ) - warning
18:58:15.0319 1964 Psched - detected LockedFile.Multi.Generic (1)
18:58:15.0366 1964 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:58:15.0366 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ql2300.sys. md5: a53a15a11ebfd21077463ee2c7afeef0
18:58:15.0366 1964 ql2300 ( LockedFile.Multi.Generic ) - warning
18:58:15.0366 1964 ql2300 - detected LockedFile.Multi.Generic (1)
18:58:15.0397 1964 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:58:15.0397 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ql40xx.sys. md5: 4f6d12b51de1aaeff7dc58c4d75423c8
18:58:15.0397 1964 ql40xx ( LockedFile.Multi.Generic ) - warning
18:58:15.0397 1964 ql40xx - detected LockedFile.Multi.Generic (1)
18:58:15.0429 1964 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:58:15.0429 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\qwavedrv.sys. md5: 76707bb36430888d9ce9d705398adb6c
18:58:15.0444 1964 QWAVEdrv ( LockedFile.Multi.Generic ) - warning
18:58:15.0444 1964 QWAVEdrv - detected LockedFile.Multi.Generic (1)
18:58:15.0460 1964 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:58:15.0460 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 5a0da8ad5762fa2d91678a8a01311704
18:58:15.0460 1964 RasAcd ( LockedFile.Multi.Generic ) - warning
18:58:15.0460 1964 RasAcd - detected LockedFile.Multi.Generic (1)
18:58:15.0491 1964 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:58:15.0491 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 7ecff9b22276b73f43a99a15a6094e90
18:58:15.0491 1964 RasAgileVpn ( LockedFile.Multi.Generic ) - warning
18:58:15.0491 1964 RasAgileVpn - detected LockedFile.Multi.Generic (1)
18:58:15.0538 1964 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:58:15.0538 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: 471815800ae33e6f1c32fb1b97c490ca
18:58:15.0538 1964 Rasl2tp ( LockedFile.Multi.Generic ) - warning
18:58:15.0538 1964 Rasl2tp - detected LockedFile.Multi.Generic (1)
18:58:15.0569 1964 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:58:15.0569 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 855c9b1cd4756c5e9a2aa58a15f58c25
18:58:15.0585 1964 RasPppoe ( LockedFile.Multi.Generic ) - warning
18:58:15.0585 1964 RasPppoe - detected LockedFile.Multi.Generic (1)
18:58:15.0585 1964 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:58:15.0585 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rassstp.sys. md5: e8b1e447b008d07ff47d016c2b0eeecb
18:58:15.0600 1964 RasSstp ( LockedFile.Multi.Generic ) - warning
18:58:15.0600 1964 RasSstp - detected LockedFile.Multi.Generic (1)
18:58:15.0631 1964 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:58:15.0631 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rdbss.sys. md5: 77f665941019a1594d887a74f301fa2f
18:58:15.0631 1964 rdbss ( LockedFile.Multi.Generic ) - warning
18:58:15.0631 1964 rdbss - detected LockedFile.Multi.Generic (1)
18:58:15.0647 1964 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:58:15.0647 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 302da2a0539f2cf54d7c6cc30c1f2d8d
18:58:15.0663 1964 rdpbus ( LockedFile.Multi.Generic ) - warning
18:58:15.0663 1964 rdpbus - detected LockedFile.Multi.Generic (1)
18:58:15.0678 1964 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:58:15.0678 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: cea6cc257fc9b7715f1c2b4849286d24
18:58:15.0678 1964 RDPCDD ( LockedFile.Multi.Generic ) - warning
18:58:15.0678 1964 RDPCDD - detected LockedFile.Multi.Generic (1)
18:58:15.0725 1964 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
18:58:15.0725 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdpdr.sys. md5: 1b6163c503398b23ff8b939c67747683
18:58:15.0725 1964 RDPDR ( LockedFile.Multi.Generic ) - warning
18:58:15.0725 1964 RDPDR - detected LockedFile.Multi.Generic (1)
18:58:15.0756 1964 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:58:15.0756 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdpencdd.sys. md5: bb5971a4f00659529a5c44831af22365
18:58:15.0772 1964 RDPENCDD ( LockedFile.Multi.Generic ) - warning
18:58:15.0772 1964 RDPENCDD - detected LockedFile.Multi.Generic (1)
18:58:15.0787 1964 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:58:15.0787 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdprefmp.sys. md5: 216f3fa57533d98e1f74ded70113177a
18:58:15.0803 1964 RDPREFMP ( LockedFile.Multi.Generic ) - warning
18:58:15.0803 1964 RDPREFMP - detected LockedFile.Multi.Generic (1)
18:58:15.0850 1964 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
18:58:15.0850 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdpvideominiport.sys. md5: 70cba1a0c98600a2aa1863479b35cb90
18:58:15.0850 1964 RdpVideoMiniport ( LockedFile.Multi.Generic ) - warning
18:58:15.0850 1964 RdpVideoMiniport - detected LockedFile.Multi.Generic (1)
18:58:15.0897 1964 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
18:58:15.0897 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\RDPWD.sys. md5: 15b66c206b5cb095bab980553f38ed23
18:58:15.0897 1964 RDPWD ( LockedFile.Multi.Generic ) - warning
18:58:15.0897 1964 RDPWD - detected LockedFile.Multi.Generic (1)
18:58:15.0943 1964 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:58:15.0943 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdyboost.sys. md5: 34ed295fa0121c241bfef24764fc4520
18:58:15.0975 1964 rdyboost ( LockedFile.Multi.Generic ) - warning
18:58:15.0975 1964 rdyboost - detected LockedFile.Multi.Generic (1)
18:58:16.0053 1964 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:58:16.0053 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rspndr.sys. md5: ddc86e4f8e7456261e637e3552e804ff
18:58:16.0053 1964 rspndr ( LockedFile.Multi.Generic ) - warning
18:58:16.0053 1964 rspndr - detected LockedFile.Multi.Generic (1)
18:58:16.0131 1964 RTL8167 (b15c021c2c9bb217a799d9532e8f04d4) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:58:16.0131 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\Rt64win7.sys. md5: b15c021c2c9bb217a799d9532e8f04d4
18:58:16.0131 1964 RTL8167 ( LockedFile.Multi.Generic ) - warning
18:58:16.0131 1964 RTL8167 - detected LockedFile.Multi.Generic (1)
18:58:16.0162 1964 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
18:58:16.0162 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\vms3cap.sys. md5: e60c0a09f997826c7627b244195ab581
18:58:16.0177 1964 s3cap ( LockedFile.Multi.Generic ) - warning
18:58:16.0177 1964 s3cap - detected LockedFile.Multi.Generic (1)
18:58:16.0224 1964 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:58:16.0224 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\sbp2port.sys. md5: ac03af3329579fffb455aa2daabbe22b
18:58:16.0224 1964 sbp2port ( LockedFile.Multi.Generic ) - warning
18:58:16.0224 1964 sbp2port - detected LockedFile.Multi.Generic (1)
18:58:16.0287 1964 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:58:16.0287 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\scfilter.sys. md5: 253f38d0d7074c02ff8deb9836c97d2b
18:58:16.0287 1964 scfilter ( LockedFile.Multi.Generic ) - warning
18:58:16.0287 1964 scfilter - detected LockedFile.Multi.Generic (1)
18:58:16.0333 1964 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:58:16.0333 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\secdrv.sys. md5: 3ea8a16169c26afbeb544e0e48421186
18:58:16.0349 1964 secdrv ( LockedFile.Multi.Generic ) - warning
18:58:16.0349 1964 secdrv - detected LockedFile.Multi.Generic (1)
18:58:16.0411 1964 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:58:16.0411 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\serenum.sys. md5: cb624c0035412af0debec78c41f5ca1b
18:58:16.0427 1964 Serenum ( LockedFile.Multi.Generic ) - warning
18:58:16.0427 1964 Serenum - detected LockedFile.Multi.Generic (1)
18:58:16.0474 1964 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:58:16.0474 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\serial.sys. md5: c1d8e28b2c2adfaec4ba89e9fda69bd6
18:58:16.0474 1964 Serial ( LockedFile.Multi.Generic ) - warning
18:58:16.0474 1964 Serial - detected LockedFile.Multi.Generic (1)
18:58:16.0521 1964 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:58:16.0521 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 1c545a7d0691cc4a027396535691c3e3
18:58:16.0521 1964 sermouse ( LockedFile.Multi.Generic ) - warning
18:58:16.0521 1964 sermouse - detected LockedFile.Multi.Generic (1)
18:58:16.0583 1964 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:58:16.0583 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\sffdisk.sys. md5: a554811bcd09279536440c964ae35bbf
18:58:16.0583 1964 sffdisk ( LockedFile.Multi.Generic ) - warning
18:58:16.0583 1964 sffdisk - detected LockedFile.Multi.Generic (1)
18:58:16.0614 1964 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:58:16.0614 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\sffp_mmc.sys. md5: ff414f0baefeba59bc6c04b3db0b87bf
18:58:16.0614 1964 sffp_mmc ( LockedFile.Multi.Generic ) - warning
18:58:16.0614 1964 sffp_mmc - detected LockedFile.Multi.Generic (1)
18:58:16.0630 1964 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:58:16.0630 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\sffp_sd.sys. md5: dd85b78243a19b59f0637dcf284da63c
18:58:16.0646 1964 sffp_sd ( LockedFile.Multi.Generic ) - warning
18:58:16.0646 1964 sffp_sd - detected LockedFile.Multi.Generic (1)
18:58:16.0677 1964 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:58:16.0677 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sfloppy.sys. md5: a9d601643a1647211a1ee2ec4e433ff4
18:58:16.0677 1964 sfloppy ( LockedFile.Multi.Generic ) - warning
18:58:16.0677 1964 sfloppy - detected LockedFile.Multi.Generic (1)
18:58:16.0724 1964 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:58:16.0724 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\SiSRaid2.sys. md5: 843caf1e5fde1ffd5ff768f23a51e2e1
18:58:16.0724 1964 SiSRaid2 ( LockedFile.Multi.Generic ) - warning
18:58:16.0724 1964 SiSRaid2 - detected LockedFile.Multi.Generic (1)
18:58:16.0755 1964 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:58:16.0755 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sisraid4.sys. md5: 6a6c106d42e9ffff8b9fcb4f754f6da4
18:58:16.0755 1964 SiSRaid4 ( LockedFile.Multi.Generic ) - warning
18:58:16.0755 1964 SiSRaid4 - detected LockedFile.Multi.Generic (1)
18:58:16.0786 1964 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:58:16.0786 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\smb.sys. md5: 548260a7b8654e024dc30bf8a7c5baa4
18:58:16.0786 1964 Smb ( LockedFile.Multi.Generic ) - warning
18:58:16.0786 1964 Smb - detected LockedFile.Multi.Generic (1)
18:58:16.0833 1964 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:58:16.0833 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\spldr.sys. md5: b9e31e5cacdfe584f34f730a677803f9
18:58:16.0848 1964 spldr ( LockedFile.Multi.Generic ) - warning
18:58:16.0848 1964 spldr - detected LockedFile.Multi.Generic (1)
18:58:16.0911 1964 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:58:16.0911 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srv.sys. md5: 441fba48bff01fdb9d5969ebc1838f0b
18:58:16.0911 1964 srv ( LockedFile.Multi.Generic ) - warning
18:58:16.0911 1964 srv - detected LockedFile.Multi.Generic (1)
18:58:16.0958 1964 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:58:16.0958 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srv2.sys. md5: b4adebbf5e3677cce9651e0f01f7cc28
18:58:16.0958 1964 srv2 ( LockedFile.Multi.Generic ) - warning
18:58:16.0958 1964 srv2 - detected LockedFile.Multi.Generic (1)
18:58:17.0004 1964 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:58:17.0004 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srvnet.sys. md5: 27e461f0be5bff5fc737328f749538c3
18:58:17.0020 1964 srvnet ( LockedFile.Multi.Generic ) - warning
18:58:17.0020 1964 srvnet - detected LockedFile.Multi.Generic (1)
18:58:17.0082 1964 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:58:17.0082 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\stexstor.sys. md5: f3817967ed533d08327dc73bc4d5542a
18:58:17.0082 1964 stexstor ( LockedFile.Multi.Generic ) - warning
18:58:17.0082 1964 stexstor - detected LockedFile.Multi.Generic (1)
18:58:17.0114 1964 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
18:58:17.0114 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\vmstorfl.sys. md5: 7785dc213270d2fc066538daf94087e7
18:58:17.0114 1964 storflt ( LockedFile.Multi.Generic ) - warning
18:58:17.0114 1964 storflt - detected LockedFile.Multi.Generic (1)
18:58:17.0145 1964 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
18:58:17.0145 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\storvsc.sys. md5: d34e4943d5ac096c8edeebfd80d76e23
18:58:17.0145 1964 storvsc ( LockedFile.Multi.Generic ) - warning
18:58:17.0145 1964 storvsc - detected LockedFile.Multi.Generic (1)
18:58:17.0176 1964 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:58:17.0176 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\swenum.sys. md5: d01ec09b6711a5f8e7e6564a4d0fbc90
18:58:17.0176 1964 swenum ( LockedFile.Multi.Generic ) - warning
18:58:17.0176 1964 swenum - detected LockedFile.Multi.Generic (1)
18:58:17.0207 1964 Synth3dVsc - ok
18:58:17.0254 1964 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
18:58:17.0254 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\taphss.sys. md5: f33fdc72298df4bf9813a55d21f4eb31
18:58:17.0254 1964 taphss ( LockedFile.Multi.Generic ) - warning
18:58:17.0254 1964 taphss - detected LockedFile.Multi.Generic (1)
18:58:17.0348 1964 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:58:17.0348 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\tcpip.sys. md5: fc62769e7bff2896035aeed399108162
18:58:17.0363 1964 Tcpip ( LockedFile.Multi.Generic ) - warning
18:58:17.0363 1964 Tcpip - detected LockedFile.Multi.Generic (1)
18:58:17.0394 1964 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:58:17.0394 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tcpip.sys. md5: fc62769e7bff2896035aeed399108162
18:58:17.0410 1964 TCPIP6 ( LockedFile.Multi.Generic ) - warning
18:58:17.0410 1964 TCPIP6 - detected LockedFile.Multi.Generic (1)
18:58:17.0441 1964 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:58:17.0441 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\tcpipreg.sys. md5: df687e3d8836bfb04fcc0615bf15a519
18:58:17.0457 1964 tcpipreg ( LockedFile.Multi.Generic ) - warning
18:58:17.0457 1964 tcpipreg - detected LockedFile.Multi.Generic (1)
18:58:17.0488 1964 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:58:17.0488 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\tdpipe.sys. md5: 3371d21011695b16333a3934340c4e7c
18:58:17.0488 1964 TDPIPE ( LockedFile.Multi.Generic ) - warning
18:58:17.0488 1964 TDPIPE - detected LockedFile.Multi.Generic (1)
18:58:17.0504 1964 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:58:17.0504 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\tdtcp.sys. md5: e4245bda3190a582d55ed09e137401a9
18:58:17.0504 1964 TDTCP ( LockedFile.Multi.Generic ) - warning
18:58:17.0504 1964 TDTCP - detected LockedFile.Multi.Generic (1)
18:58:17.0550 1964 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:58:17.0550 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tdx.sys. md5: ddad5a7ab24d8b65f8d724f5c20fd806
18:58:17.0550 1964 tdx ( LockedFile.Multi.Generic ) - warning
18:58:17.0550 1964 tdx - detected LockedFile.Multi.Generic (1)
18:58:17.0582 1964 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:58:17.0582 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\termdd.sys. md5: 561e7e1f06895d78de991e01dd0fb6e5
18:58:17.0582 1964 TermDD ( LockedFile.Multi.Generic ) - warning
18:58:17.0582 1964 TermDD - detected LockedFile.Multi.Generic (1)
18:58:17.0644 1964 TRIDCap (c6f8efec239db21218ba6369bae62aaf) C:\Windows\system32\DRIVERS\AVerTM62_x64.sys
18:58:17.0644 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\AVerTM62_x64.sys. md5: c6f8efec239db21218ba6369bae62aaf
18:58:17.0644 1964 TRIDCap ( LockedFile.Multi.Generic ) - warning
18:58:17.0644 1964 TRIDCap - detected LockedFile.Multi.Generic (1)
18:58:17.0706 1964 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:58:17.0706 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: ce18b2cdfc837c99e5fae9ca6cba5d30
18:58:17.0706 1964 tssecsrv ( LockedFile.Multi.Generic ) - warning
18:58:17.0706 1964 tssecsrv - detected LockedFile.Multi.Generic (1)
18:58:17.0738 1964 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:58:17.0738 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\tsusbflt.sys. md5: d11c783e3ef9a3c52c0ebe83cc5000e9
18:58:17.0753 1964 TsUsbFlt ( LockedFile.Multi.Generic ) - warning
18:58:17.0753 1964 TsUsbFlt - detected LockedFile.Multi.Generic (1)
18:58:17.0753 1964 tsusbhub - ok
18:58:17.0816 1964 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:58:17.0816 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tunnel.sys. md5: 3566a8daafa27af944f5d705eaa64894
18:58:17.0816 1964 tunnel ( LockedFile.Multi.Generic ) - warning
18:58:17.0816 1964 tunnel - detected LockedFile.Multi.Generic (1)
18:58:17.0831 1964 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:58:17.0831 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\uagp35.sys. md5: b4dd609bd7e282bfc683cec7eaaaad67
18:58:17.0831 1964 uagp35 ( LockedFile.Multi.Generic ) - warning
18:58:17.0831 1964 uagp35 - detected LockedFile.Multi.Generic (1)
18:58:17.0878 1964 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:58:17.0878 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\udfs.sys. md5: ff4232a1a64012baa1fd97c7b67df593
18:58:17.0878 1964 udfs ( LockedFile.Multi.Generic ) - warning
18:58:17.0878 1964 udfs - detected LockedFile.Multi.Generic (1)
18:58:17.0940 1964 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:58:17.0940 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\uliagpkx.sys. md5: 4bfe1bc28391222894cbf1e7d0e42320
18:58:17.0940 1964 uliagpkx ( LockedFile.Multi.Generic ) - warning
18:58:17.0940 1964 uliagpkx - detected LockedFile.Multi.Generic (1)
18:58:17.0987 1964 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:58:17.0987 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\umbus.sys. md5: dc54a574663a895c8763af0fa1ff7561
18:58:17.0987 1964 umbus ( LockedFile.Multi.Generic ) - warning
18:58:17.0987 1964 umbus - detected LockedFile.Multi.Generic (1)
18:58:18.0018 1964 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:58:18.0018 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\umpass.sys. md5: b2e8e8cb557b156da5493bbddcc1474d
18:58:18.0018 1964 UmPass ( LockedFile.Multi.Generic ) - warning
18:58:18.0018 1964 UmPass - detected LockedFile.Multi.Generic (1)
18:58:18.0112 1964 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
18:58:18.0112 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbccgp.sys. md5: 6f1a3157a1c89435352ceb543cdb359c
18:58:18.0128 1964 usbccgp ( LockedFile.Multi.Generic ) - warning
18:58:18.0128 1964 usbccgp - detected LockedFile.Multi.Generic (1)
18:58:18.0159 1964 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:58:18.0159 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbcir.sys. md5: af0892a803fdda7492f595368e3b68e7
18:58:18.0174 1964 usbcir ( LockedFile.Multi.Generic ) - warning
18:58:18.0174 1964 usbcir - detected LockedFile.Multi.Generic (1)
18:58:18.0190 1964 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
18:58:18.0190 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbehci.sys. md5: c025055fe7b87701eb042095df1a2d7b
18:58:18.0206 1964 usbehci ( LockedFile.Multi.Generic ) - warning
18:58:18.0206 1964 usbehci - detected LockedFile.Multi.Generic (1)
18:58:18.0252 1964 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:58:18.0252 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbhub.sys. md5: 287c6c9410b111b68b52ca298f7b8c24
18:58:18.0252 1964 usbhub ( LockedFile.Multi.Generic ) - warning
18:58:18.0252 1964 usbhub - detected LockedFile.Multi.Generic (1)
18:58:18.0268 1964 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:58:18.0268 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbohci.sys. md5: 9840fc418b4cbd632d3d0a667a725c31
18:58:18.0284 1964 usbohci ( LockedFile.Multi.Generic ) - warning
18:58:18.0284 1964 usbohci - detected LockedFile.Multi.Generic (1)
18:58:18.0299 1964 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:58:18.0299 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 73188f58fb384e75c4063d29413cee3d
18:58:18.0299 1964 usbprint ( LockedFile.Multi.Generic ) - warning
18:58:18.0299 1964 usbprint - detected LockedFile.Multi.Generic (1)
18:58:18.0330 1964 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:58:18.0330 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: fed648b01349a3c8395a5169db5fb7d6
18:58:18.0346 1964 USBSTOR ( LockedFile.Multi.Generic ) - warning
18:58:18.0346 1964 USBSTOR - detected LockedFile.Multi.Generic (1)
18:58:18.0362 1964 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:58:18.0362 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbuhci.sys. md5: 62069a34518bcf9c1fd9e74b3f6db7cd
18:58:18.0362 1964 usbuhci ( LockedFile.Multi.Generic ) - warning
18:58:18.0362 1964 usbuhci - detected LockedFile.Multi.Generic (1)
18:58:18.0408 1964 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:58:18.0408 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\vdrvroot.sys. md5: c5c876ccfc083ff3b128f933823e87bd
18:58:18.0408 1964 vdrvroot ( LockedFile.Multi.Generic ) - warning
18:58:18.0408 1964 vdrvroot - detected LockedFile.Multi.Generic (1)
18:58:18.0440 1964 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:58:18.0440 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: da4da3f5e02943c2dc8c6ed875de68dd
18:58:18.0455 1964 vga ( LockedFile.Multi.Generic ) - warning
18:58:18.0455 1964 vga - detected LockedFile.Multi.Generic (1)
18:58:18.0486 1964 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:58:18.0486 1964 Suspicious file (NoAccess): C:\Windows\System32\drivers\vga.sys. md5: 53e92a310193cb3c03bea963de7d9cfc
18:58:18.0502 1964 VgaSave ( LockedFile.Multi.Generic ) - warning
18:58:18.0502 1964 VgaSave - detected LockedFile.Multi.Generic (1)
18:58:18.0502 1964 VGPU - ok
18:58:18.0549 1964 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:58:18.0549 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\vhdmp.sys. md5: 2ce2df28c83aeaf30084e1b1eb253cbb
18:58:18.0549 1964 vhdmp ( LockedFile.Multi.Generic ) - warning
18:58:18.0549 1964 vhdmp - detected LockedFile.Multi.Generic (1)
18:58:18.0564 1964 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:58:18.0564 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\viaide.sys. md5: e5689d93ffe4e5d66c0178761240dd54
18:58:18.0580 1964 viaide ( LockedFile.Multi.Generic ) - warning
18:58:18.0580 1964 viaide - detected LockedFile.Multi.Generic (1)
18:58:18.0627 1964 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
18:58:18.0627 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\vmbus.sys. md5: 86ea3e79ae350fea5331a1303054005f
18:58:18.0627 1964 vmbus ( LockedFile.Multi.Generic ) - warning
18:58:18.0627 1964 vmbus - detected LockedFile.Multi.Generic (1)
18:58:18.0658 1964 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
18:58:18.0658 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\VMBusHID.sys. md5: 7de90b48f210d29649380545db45a187
18:58:18.0658 1964 VMBusHID ( LockedFile.Multi.Generic ) - warning
18:58:18.0658 1964 VMBusHID - detected LockedFile.Multi.Generic (1)
18:58:18.0689 1964 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:58:18.0689 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgr.sys. md5: d2aafd421940f640b407aefaaebd91b0
18:58:18.0689 1964 volmgr ( LockedFile.Multi.Generic ) - warning
18:58:18.0689 1964 volmgr - detected LockedFile.Multi.Generic (1)
18:58:18.0736 1964 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:58:18.0736 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgrx.sys. md5: a255814907c89be58b79ef2f189b843b
18:58:18.0736 1964 volmgrx ( LockedFile.Multi.Generic ) - warning
18:58:18.0736 1964 volmgrx - detected LockedFile.Multi.Generic (1)
18:58:18.0767 1964 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:58:18.0767 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\volsnap.sys. md5: 0d08d2f3b3ff84e433346669b5e0f639
18:58:18.0767 1964 volsnap ( LockedFile.Multi.Generic ) - warning
18:58:18.0767 1964 volsnap - detected LockedFile.Multi.Generic (1)
18:58:18.0798 1964 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:58:18.0798 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 5e2016ea6ebaca03c04feac5f330d997
18:58:18.0798 1964 vsmraid ( LockedFile.Multi.Generic ) - warning
18:58:18.0798 1964 vsmraid - detected LockedFile.Multi.Generic (1)
18:58:18.0830 1964 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:58:18.0830 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwifibus.sys. md5: 36d4720b72b5c5d9cb2b9c29e9df67a1
18:58:18.0830 1964 vwifibus ( LockedFile.Multi.Generic ) - warning
18:58:18.0830 1964 vwifibus - detected LockedFile.Multi.Generic (1)
18:58:18.0876 1964 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:58:18.0876 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 6a3d66263414ff0d6fa754c646612f3f
18:58:18.0892 1964 vwififlt ( LockedFile.Multi.Generic ) - warning
18:58:18.0892 1964 vwififlt - detected LockedFile.Multi.Generic (1)
18:58:18.0908 1964 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
18:58:18.0908 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwifimp.sys. md5: 6a638fc4bfddc4d9b186c28c91bd1a01
18:58:18.0923 1964 vwifimp ( LockedFile.Multi.Generic ) - warning
18:58:18.0923 1964 vwifimp - detected LockedFile.Multi.Generic (1)
18:58:18.0954 1964 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:58:18.0954 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wacompen.sys. md5: 4e9440f4f152a7b944cb1663d3935a3e
18:58:18.0954 1964 WacomPen ( LockedFile.Multi.Generic ) - warning
18:58:18.0954 1964 WacomPen - detected LockedFile.Multi.Generic (1)
18:58:18.0986 1964 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:58:18.0986 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356afd78a6ed4457169241ac3965230c
18:58:19.0001 1964 WANARP ( LockedFile.Multi.Generic ) - warning
18:58:19.0001 1964 WANARP - detected LockedFile.Multi.Generic (1)
18:58:19.0001 1964 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:58:19.0001 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356afd78a6ed4457169241ac3965230c
18:58:19.0001 1964 Wanarpv6 ( LockedFile.Multi.Generic ) - warning
18:58:19.0001 1964 Wanarpv6 - detected LockedFile.Multi.Generic (1)
18:58:19.0079 1964 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:58:19.0079 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wd.sys. md5: 72889e16ff12ba0f235467d6091b17dc
18:58:19.0079 1964 Wd ( LockedFile.Multi.Generic ) - warning
18:58:19.0079 1964 Wd - detected LockedFile.Multi.Generic (1)
18:58:19.0126 1964 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:58:19.0126 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\Wdf01000.sys. md5: 441bd2d7b4f98134c3a4f9fa570fd250
18:58:19.0142 1964 Wdf01000 ( LockedFile.Multi.Generic ) - warning
18:58:19.0142 1964 Wdf01000 - detected LockedFile.Multi.Generic (1)
18:58:19.0235 1964 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:58:19.0235 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611b23304bf067451a9fdee01fbdd725
18:58:19.0235 1964 WfpLwf ( LockedFile.Multi.Generic ) - warning
18:58:19.0235 1964 WfpLwf - detected LockedFile.Multi.Generic (1)
18:58:19.0266 1964 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:58:19.0266 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\wimmount.sys. md5: 05ecaec3e4529a7153b3136ceb49f0ec
18:58:19.0282 1964 WIMMount ( LockedFile.Multi.Generic ) - warning
18:58:19.0282 1964 WIMMount - detected LockedFile.Multi.Generic (1)
18:58:19.0422 1964 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:58:19.0422 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: fe88b288356e7b47b74b13372add906d
18:58:19.0422 1964 WinUsb ( LockedFile.Multi.Generic ) - warning
18:58:19.0422 1964 WinUsb - detected LockedFile.Multi.Generic (1)
18:58:19.0469 1964 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:58:19.0469 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\wmiacpi.sys. md5: f6ff8944478594d0e414d3f048f0d778
18:58:19.0485 1964 WmiAcpi ( LockedFile.Multi.Generic ) - warning
18:58:19.0485 1964 WmiAcpi - detected LockedFile.Multi.Generic (1)
18:58:19.0547 1964 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:58:19.0547 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6bcc1d7d2fd2453957c5479a32364e52
18:58:19.0547 1964 ws2ifsl ( LockedFile.Multi.Generic ) - warning
18:58:19.0547 1964 ws2ifsl - detected LockedFile.Multi.Generic (1)
18:58:19.0610 1964 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:58:19.0610 1964 Suspicious file (NoAccess): C:\Windows\system32\drivers\WudfPf.sys. md5: d3381dc54c34d79b22cee0d65ba91b7c
18:58:19.0625 1964 WudfPf ( LockedFile.Multi.Generic ) - warning
18:58:19.0625 1964 WudfPf - detected LockedFile.Multi.Generic (1)
18:58:19.0641 1964 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:58:19.0641 1964 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: cf8d590be3373029d57af80914190682
18:58:19.0656 1964 WUDFRd ( LockedFile.Multi.Generic ) - warning
18:58:19.0656 1964 WUDFRd - detected LockedFile.Multi.Generic (1)
18:58:19.0719 1964 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:58:19.0719 1964 \Device\Harddisk0\DR0 - ok
18:58:19.0734 1964 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
18:58:19.0781 1964 \Device\Harddisk1\DR1 - ok
18:58:19.0781 1964 Boot (0x1200) (c4ba3200e7a499434e4afe83f7c8ec08) \Device\Harddisk0\DR0\Partition0
18:58:19.0781 1964 \Device\Harddisk0\DR0\Partition0 - ok
18:58:19.0781 1964 Boot (0x1200) (9828167a3d8f01602294f8ffa62f1627) \Device\Harddisk1\DR1\Partition0
18:58:19.0781 1964 \Device\Harddisk1\DR1\Partition0 - ok
18:58:19.0797 1964 Boot (0x1200) (b7191899941abfa825d6456c3460b28a) \Device\Harddisk1\DR1\Partition1
18:58:19.0797 1964 \Device\Harddisk1\DR1\Partition1 - ok
18:58:19.0797 1964 ============================================================
18:58:19.0797 1964 Scan finished
18:58:19.0797 1964 ============================================================
18:58:19.0812 4712 Detected object count: 243
18:58:19.0812 4712 Actual detected object count: 243
18:58:28.0361 4712 7aa918d1d509ef96 ( LockedService.Multi.Generic ) - skipped by user
18:58:28.0361 4712 7aa918d1d509ef96 ( LockedService.Multi.Generic ) - User select action: Skip
18:58:28.0361 4712 amdxata ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0361 4712 amdxata ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0361 4712 AppID ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0361 4712 AppID ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0361 4712 AppleCharger ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0361 4712 AppleCharger ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0361 4712 arc ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0361 4712 arc ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0361 4712 arcsas ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0361 4712 arcsas ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0361 4712 AsyncMac ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0361 4712 AsyncMac ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0361 4712 atapi ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0361 4712 atapi ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0361 4712 b06bdrv ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0361 4712 b06bdrv ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0361 4712 b57nd60a ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0361 4712 b57nd60a ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0361 4712 Beep ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0361 4712 Beep ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0377 4712 blbdrive ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0377 4712 blbdrive ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0377 4712 bowser ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0377 4712 bowser ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0377 4712 BrFiltLo ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0377 4712 BrFiltLo ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0377 4712 BrFiltUp ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0377 4712 BrFiltUp ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0377 4712 BridgeMP ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0377 4712 BridgeMP ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0377 4712 Brserid ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0377 4712 Brserid ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0377 4712 BrSerWdm ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0377 4712 BrSerWdm ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0377 4712 BrUsbMdm ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0377 4712 BrUsbMdm ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0377 4712 BrUsbSer ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0377 4712 BrUsbSer ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0377 4712 BTHMODEM ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0377 4712 BTHMODEM ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0377 4712 cdfs ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0377 4712 cdfs ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0377 4712 cdrom ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0377 4712 cdrom ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0377 4712 circlass ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0377 4712 circlass ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0377 4712 CLFS ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0377 4712 CLFS ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0377 4712 CmBatt ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0377 4712 CmBatt ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0377 4712 cmdide ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0377 4712 cmdide ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0377 4712 CNG ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0377 4712 CNG ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0377 4712 Compbatt ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0377 4712 Compbatt ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0377 4712 CompositeBus ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0377 4712 CompositeBus ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0377 4712 crcdisk ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0377 4712 crcdisk ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0377 4712 CSC ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0377 4712 CSC ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0377 4712 dc3d ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0377 4712 dc3d ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0377 4712 DfsC ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0377 4712 DfsC ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0377 4712 discache ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0377 4712 discache ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0392 4712 Disk ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0392 4712 Disk ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0392 4712 DXGKrnl ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0392 4712 DXGKrnl ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0392 4712 ebdrv ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0392 4712 ebdrv ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0392 4712 elxstor ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0392 4712 elxstor ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0392 4712 ErrDev ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0392 4712 ErrDev ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0392 4712 etdrv ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0392 4712 etdrv ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0392 4712 exfat ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0392 4712 exfat ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0392 4712 fastfat ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0392 4712 fastfat ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0392 4712 fdc ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0392 4712 fdc ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0392 4712 FileInfo ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0392 4712 FileInfo ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0392 4712 Filetrace ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0392 4712 Filetrace ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0392 4712 flpydisk ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0392 4712 flpydisk ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0392 4712 FltMgr ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0392 4712 FltMgr ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0392 4712 FsDepends ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0392 4712 FsDepends ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0392 4712 Fs_Rec ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0392 4712 Fs_Rec ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0392 4712 fvevol ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0392 4712 fvevol ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0392 4712 gagp30kx ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0392 4712 gagp30kx ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0392 4712 gdrv ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0392 4712 gdrv ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0392 4712 GVTDrv64 ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0392 4712 GVTDrv64 ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0392 4712 hcw85cir ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0392 4712 hcw85cir ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0392 4712 HdAudAddService ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0392 4712 HdAudAddService ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0392 4712 HDAudBus ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0392 4712 HDAudBus ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0392 4712 HidBatt ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0392 4712 HidBatt ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0408 4712 HidBth ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0408 4712 HidBth ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0408 4712 HidIr ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0408 4712 HidIr ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0408 4712 HidUsb ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0408 4712 HidUsb ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0408 4712 HpSAMD ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0408 4712 HpSAMD ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0408 4712 HssDrv ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0408 4712 HssDrv ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0408 4712 HTTP ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0408 4712 HTTP ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0408 4712 hwpolicy ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0408 4712 hwpolicy ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0408 4712 i8042prt ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0408 4712 i8042prt ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0408 4712 iaStorV ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0408 4712 iaStorV ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0408 4712 IDMWFP ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0408 4712 IDMWFP ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0408 4712 iirsp ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0408 4712 iirsp ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0408 4712 IntcAzAudAddService ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0408 4712 IntcAzAudAddService ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0408 4712 intelide ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0408 4712 intelide ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0408 4712 intelppm ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0408 4712 intelppm ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0408 4712 IpFilterDriver ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0408 4712 IpFilterDriver ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0408 4712 IPMIDRV ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0408 4712 IPMIDRV ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0408 4712 IPNAT ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0408 4712 IPNAT ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0408 4712 IRENUM ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0408 4712 IRENUM ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0408 4712 isapnp ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0408 4712 isapnp ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0408 4712 iScsiPrt ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0408 4712 iScsiPrt ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0408 4712 kbdclass ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0408 4712 kbdclass ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0408 4712 kbdhid ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0408 4712 kbdhid ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0408 4712 KSecDD ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0408 4712 KSecDD ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0408 4712 KSecPkg ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0408 4712 KSecPkg ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0408 4712 ksthunk ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0408 4712 ksthunk ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0424 4712 lltdio ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0424 4712 lltdio ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0424 4712 LSI_FC ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0424 4712 LSI_FC ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0424 4712 LSI_SAS ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0424 4712 LSI_SAS ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0424 4712 LSI_SAS2 ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0424 4712 LSI_SAS2 ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0424 4712 LSI_SCSI ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0424 4712 LSI_SCSI ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0424 4712 luafv ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0424 4712 luafv ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0424 4712 megasas ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0424 4712 megasas ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0424 4712 MegaSR ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0424 4712 MegaSR ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0424 4712 MEIx64 ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0424 4712 MEIx64 ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0424 4712 Modem ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0424 4712 Modem ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0424 4712 monitor ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0424 4712 monitor ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0424 4712 mouclass ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0424 4712 mouclass ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0424 4712 mouhid ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0424 4712 mouhid ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0424 4712 mountmgr ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0424 4712 mountmgr ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0424 4712 mpio ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0424 4712 mpio ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0424 4712 mpsdrv ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0424 4712 mpsdrv ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0424 4712 MRxDAV ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0424 4712 MRxDAV ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0424 4712 mrxsmb ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0424 4712 mrxsmb ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0424 4712 mrxsmb10 ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0424 4712 mrxsmb10 ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0424 4712 mrxsmb20 ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0424 4712 mrxsmb20 ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0424 4712 msahci ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0424 4712 msahci ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0424 4712 msdsm ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0424 4712 msdsm ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0424 4712 Msfs ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0424 4712 Msfs ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0424 4712 mshidkmdf ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0424 4712 mshidkmdf ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0424 4712 msisadrv ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0424 4712 msisadrv ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0424 4712 MSKSSRV ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0424 4712 MSKSSRV ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0439 4712 MSPCLOCK ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0439 4712 MSPCLOCK ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0439 4712 MSPQM ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0439 4712 MSPQM ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0439 4712 MsRPC ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0439 4712 MsRPC ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0439 4712 mssmbios ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0439 4712 mssmbios ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0439 4712 MSTEE ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0439 4712 MSTEE ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0439 4712 MTConfig ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0439 4712 MTConfig ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0439 4712 Mup ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0439 4712 Mup ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0439 4712 NativeWifiP ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0439 4712 NativeWifiP ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0439 4712 NDIS ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0439 4712 NDIS ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0439 4712 NdisCap ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0439 4712 NdisCap ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0439 4712 NdisTapi ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0439 4712 NdisTapi ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0439 4712 Ndisuio ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0439 4712 Ndisuio ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0439 4712 NdisWan ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0439 4712 NdisWan ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0439 4712 NDProxy ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0439 4712 NDProxy ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0439 4712 NetBIOS ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0439 4712 NetBIOS ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0439 4712 NetBT ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0439 4712 NetBT ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0439 4712 netr7364 ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0439 4712 netr7364 ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0439 4712 nfrd960 ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0439 4712 nfrd960 ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0439 4712 Npfs ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0439 4712 Npfs ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0439 4712 nsiproxy ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0439 4712 nsiproxy ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0439 4712 Ntfs ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0439 4712 Ntfs ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0439 4712 NuidFltr ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0439 4712 NuidFltr ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0439 4712 Null ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0439 4712 Null ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0439 4712 nusb3hub ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0439 4712 nusb3hub ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0439 4712 nusb3xhc ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0439 4712 nusb3xhc ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0439 4712 NVHDA ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0439 4712 NVHDA ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0455 4712 nvlddmkm ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0455 4712 nvlddmkm ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0455 4712 nvraid ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0455 4712 nvraid ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0455 4712 nvstor ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0455 4712 nvstor ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0455 4712 nv_agp ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0455 4712 nv_agp ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0455 4712 ohci1394 ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0455 4712 ohci1394 ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0455 4712 Parport ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0455 4712 Parport ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0455 4712 partmgr ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0455 4712 partmgr ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0455 4712 pci ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0455 4712 pci ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0455 4712 pciide ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0455 4712 pciide ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0455 4712 pcmcia ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0455 4712 pcmcia ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0455 4712 pcw ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0455 4712 pcw ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0455 4712 PEAUTH ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0455 4712 PEAUTH ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0455 4712 Point64 ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0455 4712 Point64 ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0455 4712 PptpMiniport ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0455 4712 PptpMiniport ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0455 4712 Processor ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0455 4712 Processor ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0455 4712 Psched ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0455 4712 Psched ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0455 4712 ql2300 ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0455 4712 ql2300 ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0455 4712 ql40xx ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0455 4712 ql40xx ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0455 4712 QWAVEdrv ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0455 4712 QWAVEdrv ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0455 4712 RasAcd ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0455 4712 RasAcd ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0455 4712 RasAgileVpn ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0455 4712 RasAgileVpn ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0455 4712 Rasl2tp ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0455 4712 Rasl2tp ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0455 4712 RasPppoe ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0455 4712 RasPppoe ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0455 4712 RasSstp ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0455 4712 RasSstp ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0455 4712 rdbss ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0455 4712 rdbss ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0455 4712 rdpbus ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0455 4712 rdpbus ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0455 4712 RDPCDD ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0455 4712 RDPCDD ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0455 4712 RDPDR ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0455 4712 RDPDR ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0470 4712 RDPENCDD ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0470 4712 RDPENCDD ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0470 4712 RDPREFMP ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0470 4712 RDPREFMP ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0470 4712 RdpVideoMiniport ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0470 4712 RdpVideoMiniport ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0470 4712 RDPWD ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0470 4712 RDPWD ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0470 4712 rdyboost ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0470 4712 rdyboost ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0470 4712 rspndr ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0470 4712 rspndr ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0470 4712 RTL8167 ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0470 4712 RTL8167 ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0470 4712 s3cap ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0470 4712 s3cap ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0470 4712 sbp2port ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0470 4712 sbp2port ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0470 4712 scfilter ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0470 4712 scfilter ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0470 4712 secdrv ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0470 4712 secdrv ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0470 4712 Serenum ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0470 4712 Serenum ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0470 4712 Serial ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0470 4712 Serial ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0470 4712 sermouse ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0470 4712 sermouse ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0470 4712 sffdisk ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0470 4712 sffdisk ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0470 4712 sffp_mmc ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0470 4712 sffp_mmc ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0470 4712 sffp_sd ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0470 4712 sffp_sd ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0470 4712 sfloppy ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0470 4712 sfloppy ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0470 4712 SiSRaid2 ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0470 4712 SiSRaid2 ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0470 4712 SiSRaid4 ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0470 4712 SiSRaid4 ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0470 4712 Smb ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0470 4712 Smb ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0470 4712 spldr ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0470 4712 spldr ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0470 4712 srv ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0470 4712 srv ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0470 4712 srv2 ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0470 4712 srv2 ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0470 4712 srvnet ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0470 4712 srvnet ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0470 4712 stexstor ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0470 4712 stexstor ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0486 4712 storflt ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0486 4712 storflt ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0486 4712 storvsc ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0486 4712 storvsc ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0486 4712 swenum ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0486 4712 swenum ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0486 4712 taphss ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0486 4712 taphss ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0486 4712 Tcpip ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0486 4712 Tcpip ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0486 4712 TCPIP6 ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0486 4712 TCPIP6 ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0486 4712 tcpipreg ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0486 4712 tcpipreg ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0486 4712 TDPIPE ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0486 4712 TDPIPE ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0486 4712 TDTCP ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0486 4712 TDTCP ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0486 4712 tdx ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0486 4712 tdx ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0486 4712 TermDD ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0486 4712 TermDD ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0486 4712 TRIDCap ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0486 4712 TRIDCap ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0486 4712 tssecsrv ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0486 4712 tssecsrv ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0486 4712 TsUsbFlt ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0486 4712 TsUsbFlt ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0486 4712 tunnel ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0486 4712 tunnel ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0486 4712 uagp35 ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0486 4712 uagp35 ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0486 4712 udfs ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0486 4712 udfs ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0486 4712 uliagpkx ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0486 4712 uliagpkx ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0486 4712 umbus ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0486 4712 umbus ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0486 4712 UmPass ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0486 4712 UmPass ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0486 4712 usbccgp ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0486 4712 usbccgp ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0486 4712 usbcir ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0486 4712 usbcir ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0486 4712 usbehci ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0486 4712 usbehci ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0486 4712 usbhub ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0486 4712 usbhub ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0486 4712 usbohci ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0486 4712 usbohci ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0486 4712 usbprint ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0486 4712 usbprint ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0486 4712 USBSTOR ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0486 4712 USBSTOR ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0502 4712 usbuhci ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0502 4712 usbuhci ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0502 4712 vdrvroot ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0502 4712 vdrvroot ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0502 4712 vga ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0502 4712 vga ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0502 4712 VgaSave ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0502 4712 VgaSave ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0502 4712 vhdmp ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0502 4712 vhdmp ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0502 4712 viaide ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0502 4712 viaide ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0502 4712 vmbus ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0502 4712 vmbus ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0502 4712 VMBusHID ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0502 4712 VMBusHID ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0502 4712 volmgr ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0502 4712 volmgr ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0502 4712 volmgrx ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0502 4712 volmgrx ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0502 4712 volsnap ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0502 4712 volsnap ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0502 4712 vsmraid ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0502 4712 vsmraid ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0502 4712 vwifibus ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0502 4712 vwifibus ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0502 4712 vwififlt ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0502 4712 vwififlt ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0502 4712 vwifimp ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0502 4712 vwifimp ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0502 4712 WacomPen ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0502 4712 WacomPen ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0502 4712 WANARP ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0502 4712 WANARP ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0502 4712 Wanarpv6 ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0502 4712 Wanarpv6 ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0502 4712 Wd ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0502 4712 Wd ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0502 4712 Wdf01000 ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0502 4712 Wdf01000 ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0502 4712 WfpLwf ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0502 4712 WfpLwf ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0502 4712 WIMMount ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0502 4712 WIMMount ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0502 4712 WinUsb ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0502 4712 WinUsb ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0502 4712 WmiAcpi ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0502 4712 WmiAcpi ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0502 4712 ws2ifsl ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0502 4712 ws2ifsl ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0502 4712 WudfPf ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0502 4712 WudfPf ( LockedFile.Multi.Generic ) - User select action: Skip
18:58:28.0502 4712 WUDFRd ( LockedFile.Multi.Generic ) - skipped by user
18:58:28.0502 4712 WUDFRd ( LockedFile.Multi.Generic ) - User select action: Skip

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-16 19:03:19
-----------------------------
19:03:19.423 OS Version: Windows x64 6.1.7601 Service Pack 1
19:03:19.423 Number of processors: 4 586 0x2A07
19:03:19.423 ComputerName: OK-COMPUTER UserName: OkComputer
19:03:19.953 Initialze error C0000001 - driver not loaded
19:16:48.614 AVAST engine defs: 12021600
19:16:55.962 Service scanning
19:16:56.352 Service 7aa918d1d509ef96 C:\Windows\System32\Drivers\7aa918d1d509ef96.sys **HIDDEN**
19:16:57.148 Modules scanning
19:16:57.148 Disk 0 trace - called modules:
19:16:57.148
19:16:57.928 AVAST engine scan C:\Windows
19:17:00.065 AVAST engine scan C:\Windows\system32
19:17:06.866 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-JQ [Trj]
19:18:42.385 File: C:\Windows\assembly\tmp\loader.tlb **SUSPICIOUS**
19:18:42.417 File: C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6} **SUSPICIOUS**
19:18:43.150 AVAST engine scan C:\Windows\system32\drivers
19:18:54.553 AVAST engine scan C:\Users\OkComputer
19:21:10.430 AVAST engine scan C:\ProgramData
19:21:28.994 Scan finished successfully
19:21:42.082 The log file has been saved successfully to "C:\Users\OkComputer\Desktop\aswMBR.txt"

Edited by kiri_7188, 16 February 2012 - 12:24 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:22 AM

Posted 16 February 2012 - 12:44 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 kiri_7188

kiri_7188
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:22 AM

Posted 16 February 2012 - 01:05 PM

Didn't have to restart. Should I?
Can't really tell much about how my pc is doing. It seems like the random-opening of new tabs has stopped but I still can't use windows update.

ComboFix 12-02-16.02 - OkComputer 02/16/2012 19:49:52.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1255.972.1033.18.8175.6308 [GMT 2:00]
Running from: c:\users\OkComputer\Desktop\ComboFix.exe
Command switches used :: c:\users\OkComputer\Desktop\CFScript.txt.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\tmp\U
.
.
((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 )))))))))))))))))))))))))))))))
.
.
2012-02-16 17:53 . 2012-02-16 17:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-16 16:51 . 2012-02-16 16:51 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D041D7C7-22C6-48CC-8BB6-220A22255D76}\offreg.dll
2012-02-14 08:51 . 2012-02-14 08:51 8756384 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-02-13 20:25 . 2012-02-13 20:25 -------- d-----w- c:\users\OkComputer\AppData\Roaming\Malwarebytes
2012-02-13 20:25 . 2012-02-13 20:25 -------- d-----w- c:\programdata\Malwarebytes
2012-02-13 20:25 . 2012-02-13 20:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-13 20:25 . 2011-12-10 13:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-13 19:55 . 2012-02-14 06:09 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-13 16:58 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-13 16:58 . 2012-02-14 06:09 -------- d-----w- c:\program files\AVAST Software
2012-02-13 16:58 . 2012-02-13 19:23 -------- d-----w- c:\programdata\AVAST Software
2012-02-13 13:25 . 2012-02-13 13:25 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-02-10 06:28 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D041D7C7-22C6-48CC-8BB6-220A22255D76}\mpengine.dll
2012-02-07 00:19 . 2012-02-14 08:51 417440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-02-02 00:53 . 2012-02-02 00:53 -------- d-----w- c:\users\OkComputer\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-14 08:51 . 2011-05-17 18:57 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-26 22:52 . 2011-05-09 14:04 279656 ----a-w- c:\windows\system32\MpSigStub.exe
2011-11-24 04:52 . 2011-12-14 19:46 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 14:58 . 2012-01-11 00:03 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:01 . 2012-01-11 00:03 67072 ----a-w- c:\windows\SysWow64\packager.dll
1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- c:\windows\system32\drivers\HssDrv.sys ERROR(0x00000005)
1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- c:\windows\gdrv.sys ERROR(0x00000005)
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\asyncmac.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\kbdclass.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\ndis.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\ntfs.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\null.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\tcpip.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\tdx.sys
.
[7] 2011-06-23 . 90EFDB506F6140EEA9DEE398D9449D86 . 3912576 . . [6.1.7601.21755] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntoskrnl.exe
[7] 2011-06-23 . DFB0E9F902FDAB7CD2E180E4072D45DD . 3902336 . . [6.1.7600.16841] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16841_none_6c2dffca1559c47c\ntoskrnl.exe
[7] 2011-06-23 . FB58ABD5E1F75A2CF713C9DFF0EC0804 . 3912576 . . [6.1.7601.17640] .. c:\windows\ERDNT\cache86\ntoskrnl.exe
[7] 2011-06-23 . FB58ABD5E1F75A2CF713C9DFF0EC0804 . 3912576 . . [6.1.7601.17640] .. c:\windows\SysWOW64\ntoskrnl.exe
[7] 2011-06-23 . FB58ABD5E1F75A2CF713C9DFF0EC0804 . 3912576 . . [6.1.7601.17640] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntoskrnl.exe
[7] 2011-06-23 . 638A384E9968036D42BDBDE499A1C8B8 . 3911552 . . [6.1.7600.20994] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20994_none_6c848dd72e9d3c00\ntoskrnl.exe
[7] 2011-04-09 . 0F4A148499CC6FA5D84A0F1587869051 . 3911552 . . [6.1.7600.20941] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20941_none_6cb79c952e776446\ntoskrnl.exe
[7] 2011-04-09 . D9FD1D6337F15AAF2012C69909615DB5 . 3901824 . . [6.1.7600.16792] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16792_none_6bf8ee9215816c61\ntoskrnl.exe
[7] 2011-04-09 . 5D21C487F79F8245E799071589E035BF . 3912576 . . [6.1.7601.17592] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntoskrnl.exe
[7] 2011-04-09 . D385343510B75545EC5DB3A64C2D2492 . 3912576 . . [6.1.7601.21701] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntoskrnl.exe
[7] 2010-11-20 . 2088D9994332583EDB3C561DE31EA5AD . 3911040 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntoskrnl.exe
[7] 2010-10-27 . 776201760B5692F10DDA3BE85B54F213 . 3901824 . . [6.1.7600.16695] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_6bfbed8a157ebb3f\ntoskrnl.exe
[7] 2010-10-27 . C6169F5FDC8399E0C6C0729AB6EF2EF8 . 3911552 . . [6.1.7600.20826] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_6cd23bf92e62adf0\ntoskrnl.exe
[7] 2009-07-14 . B9D673F7707219DFD264891A26C21ECB . 3899472 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_6c06b7c41576a7d9\ntoskrnl.exe
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((( SnapShot@2012-02-16_16.30.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-02-16 16:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-16 16:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-02-16 16:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-16 16:41 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-16 16:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-16 16:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-02-16 16:43 30782 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-11 12:24 . 2012-02-16 16:45 69244 c:\windows\system32\perfc00D.dat
- 2011-05-11 12:24 . 2012-02-14 00:08 69244 c:\windows\system32\perfc00D.dat
- 2011-05-09 13:38 . 2012-02-16 16:31 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-09 13:38 . 2012-02-16 16:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-09 13:38 . 2012-02-16 16:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-09 13:38 . 2012-02-16 16:31 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-09 13:38 . 2012-02-16 16:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-09 13:38 . 2012-02-16 16:31 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-09 13:38 . 2012-02-16 16:31 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-09 13:38 . 2012-02-16 17:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-09 13:38 . 2012-02-16 16:31 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-09 13:38 . 2012-02-16 17:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-09 13:07 . 2012-02-16 16:43 8134 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1746709200-2389037254-3650209503-1000_UserData.bin
+ 2012-02-13 21:34 . 2012-02-16 16:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-13 21:34 . 2012-02-16 16:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-13 21:34 . 2012-02-16 16:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-13 21:34 . 2012-02-16 16:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-05-10 12:41 . 2012-02-14 00:08 388542 c:\windows\system32\perfh011.dat
+ 2011-05-10 12:41 . 2012-02-16 16:45 388542 c:\windows\system32\perfh011.dat
+ 2011-05-11 12:24 . 2012-02-16 16:45 361676 c:\windows\system32\perfh00D.dat
- 2011-05-11 12:24 . 2012-02-14 00:08 361676 c:\windows\system32\perfh00D.dat
- 2009-07-14 02:36 . 2012-02-14 00:08 616032 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-16 16:45 616032 c:\windows\system32\perfh009.dat
- 2011-05-10 12:41 . 2012-02-14 00:08 106412 c:\windows\system32\perfc011.dat
+ 2011-05-10 12:41 . 2012-02-16 16:45 106412 c:\windows\system32\perfc011.dat
- 2009-07-14 02:36 . 2012-02-14 00:08 106412 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-02-16 16:45 106412 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2011-5-11 155648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-14 253600]
R3 ALSysIO;ALSysIO;c:\users\OKCOMP~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-05-09 25640]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-02-12 30528]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AVerRemote;AVerRemote;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [2009-10-31 348160]
S2 AVerScheduleService;AVerScheduleService;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [2009-12-07 397312]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2011-11-23 330072]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2011-11-23 329544]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-27 378472]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TRIDCap;AVerMedia service;c:\windows\system32\DRIVERS\AVerTM62_x64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - 7aa918d1d509ef96
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-07 08:51]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746709200-2389037254-3650209503-1000Core.job
- c:\users\OkComputer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-02 00:53]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746709200-2389037254-3650209503-1000UA.job
- c:\users\OkComputer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-02 00:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-05 444752]
.
[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]
[HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-03-02 15:23 85232 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-03 11464296]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2010-08-23 2552320]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
SaiNtSub
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.il/cse?cx=partner-pub-1045670103905278:twd9k5-6qt8&ie=ISO-8859-8-I&q=&sa=
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\OkComputer\AppData\Roaming\Mozilla\Firefox\Profiles\948hhzhn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18706
FF - prefs.js: browser.search.selectedEngine - YouTube Video Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=18706&q=
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\7aa918d1d509ef96]
"ImagePath"="\SystemRoot\System32\Drivers\7aa918d1d509ef96.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1746709200-2389037254-3650209503-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):c3,c3,bf,79,97,38,f3,50,0b,fb,27,87,7d,f3,db,a2,f7,61,08,de,66,
48,aa,ce,72,63,92,b8,a4,cf,4e,a5,8e,40,e1,7d,06,10,3d,88,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1746709200-2389037254-3650209503-1000_Classes\Wow6432Node\CLSID\{e809738b-d40a-417f-98a1-05ec2b904bb2}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000001a
"Therad"=dword:00000002
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_160_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_160_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_160.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_160.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_160.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_160.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-16 19:54:37
ComboFix-quarantined-files.txt 2012-02-16 17:54
ComboFix2.txt 2012-02-16 16:34
.
Pre-Run: 587,865,112,576 bytes free
Post-Run: 587,916,431,360 bytes free
.
- - End Of File - - 04CEA89617D80CA15B45905683A7EAC8

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:22 AM

Posted 16 February 2012 - 01:48 PM

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 kiri_7188

kiri_7188
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:22 AM

Posted 16 February 2012 - 02:16 PM

I followed your instructions but when I tried to run the file(g:\frst64), I got this message:
"The tool will be closed now. You need to run the tool once more".

I tried to type it again a couple of times but got the same result.

Edited by kiri_7188, 16 February 2012 - 02:18 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:22 AM

Posted 16 February 2012 - 02:47 PM

Hello


remake the usb and make sure to add - e:\frst64.exe

Edited by gringo_pr, 16 February 2012 - 02:48 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 kiri_7188

kiri_7188
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:22 AM

Posted 16 February 2012 - 03:05 PM

Same result. I'll give more details:
After pressing Enter, a window opens up that says: "Set up will be finalized in 10[or so] seconds".
Then it starts to count down until it says "Done".
Then the error(?) message pops up and all I can do is press Ok on it.

Maybe I didn't prepare the flash drive right?
All i had to do was to download and copy FRST64. exe file to it?
Does it matter if the drive has other files on it?

#12 kiri_7188

kiri_7188
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:22 AM

Posted 17 February 2012 - 07:54 AM

I tried it again with a different flash drive:

Formatted it
Copied FRST64 to it
Restarted
Got to the System Recovery Options
Command Prompt
Typed: "g:\frst64.exe" [ "g:\frst64" - works just as well ]
"The set up will be finalized in 7 seconds"
*Count down* - "Done."
"The tool will be closed now. You need to run the tool once more."
Press "Ok"
Nothing happens
Try typing again X10
Same result x10

May I ask in what part of the process are we? Still trying to identify/confirm the infection? Checking the damage?
The fact that we can't even scan the damn thing is pretty scary.


Edit: Don't want to bump for no reason, so hopefully you haven't read this post yet.
I noticed that when I tried running Combofix with the CFScript, I accidentally named it: "CFScript.txt.txt". Maybe I should try to run it again, this time with he right file name?

Edited by kiri_7188, 17 February 2012 - 10:22 AM.


#13 kiri_7188

kiri_7188
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:22 AM

Posted 17 February 2012 - 04:29 PM

Okay, so I was bored(and restless) and decided to try again(for the 5th time today) and it worked(maybe the tool got updated or something)!

Here's the log:

Scan result of Farbar Recovery Scan Tool Version: 17-02-2012 (L)
Ran by SYSTEM at 2012-02-17 23:16:10
Running from G:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11464296 2010-09-03] (Realtek Semiconductor)
HKLM\...\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" [1860496 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2399632 2011-04-13] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart [1234216 2010-03-25] (Nero AG)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2011-01-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKU\OkComputer\...\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup [221184 2005-02-16] (InstallShield Software Corporation)
HKLM\...\RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe [2552320 2010-08-23] (Gigabyte Technology CO., LTD.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

==================== Services (Whitelisted) ======

3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253600 2012-02-14] (Adobe Systems Incorporated)
3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [348160 2009-10-30] (AVerMedia)
2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [397312 2009-12-06] ()
2 DES2 Service; "C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe" [68136 2009-06-17] ()
2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [330072 2011-11-23] ()
2 HssSrv; C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe [363336 2011-11-23] (AnchorFree Inc.)
3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [77520 2011-11-23] ()
2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [329544 2011-11-23] ()
3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-03] (Macrovision Corporation)
2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2655768 2010-10-05] (Intel Corporation)

========================== Drivers (Whitelisted) =============

0 7aa918d1d509ef96; C:\Windows\System32\Drivers\7aa918d1d509ef96.sys [46528 2012-02-13] ()
1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 etdrv; \??\C:\Windows\etdrv.sys [25640 2011-05-09] (Windows ® Server 2003 DDK provider)
3 gdrv; \??\C:\Windows\gdrv.sys [25640 2012-02-11] (Windows ® Server 2003 DDK provider)
3 GVTDrv64; \??\C:\Windows\GVTDrv64.sys [30528 2012-02-11] ()
3 HssDrv; C:\Windows\System32\DRIVERS\HssDrv.sys [56832 2011-11-23] (AnchorFree Inc.)
2 IDMWFP; C:\Windows\System32\DRIVERS\idmwfp.sys [142936 2011-01-25] (Tonec Inc.)
3 netr7364; C:\Windows\System32\DRIVERS\netr7364.sys [729152 2011-10-04] (Ralink Technology, Corp.)
3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [37888 2011-11-23] (AnchorFree Inc)
3 TRIDCap; C:\Windows\System32\DRIVERS\AVerTM62_x64.sys [863872 2010-03-21] (AVerMedia TECHNOLOGIES, Inc. )
3 ALSysIO; \??\C:\Users\OKCOMP~1\AppData\Local\Temp\ALSysIO64.sys [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: SaiNtSub

============ One Month Created Files and Folders ==============

2012-02-17 13:12 - 2012-02-17 13:12 - 1381727 ____A C:\Users\OkComputer\Desktop\FRST64.exe
2012-02-17 05:47 - 2012-02-17 05:47 - 0116016 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\01921992.sys
2012-02-17 05:47 - 2012-02-17 05:47 - 0003760 ____A C:\TDSSKiller.2.7.13.0_17.02.2012_15.47.16_log.txt
2012-02-17 05:44 - 2012-02-17 05:44 - 0003872 ____A C:\TDSSKiller.2.7.13.0_17.02.2012_15.44.23_log.txt
2012-02-17 05:41 - 2012-02-17 05:41 - 0003872 ____A C:\TDSSKiller.2.7.13.0_17.02.2012_15.41.25_log.txt
2012-02-17 05:37 - 2012-02-17 05:38 - 0003872 ____A C:\TDSSKiller.2.7.13.0_17.02.2012_15.37.57_log.txt
2012-02-17 04:19 - 2012-02-17 04:19 - 0004478 ____A C:\TDSSKiller.2.7.13.0_17.02.2012_14.19.07_log.txt
2012-02-16 12:12 - 2012-02-16 12:13 - 0003872 ____A C:\TDSSKiller.2.7.13.0_16.02.2012_22.12.58_log.txt
2012-02-16 10:00 - 2012-02-16 10:00 - 0003760 ____A C:\TDSSKiller.2.7.13.0_16.02.2012_20.00.05_log.txt
2012-02-16 09:54 - 2012-02-16 09:54 - 0024759 ____A C:\ComboFix.txt
2012-02-16 09:21 - 2012-02-16 09:21 - 0001330 ____A C:\Users\OkComputer\Desktop\aswMBR.txt
2012-02-16 08:59 - 2012-02-16 09:01 - 0003760 ____A C:\TDSSKiller.2.7.13.0_16.02.2012_18.59.47_log.txt
2012-02-16 08:57 - 2012-02-16 08:59 - 0269278 ____A C:\TDSSKiller.2.7.13.0_16.02.2012_18.57.35_log.txt
2012-02-16 08:54 - 2012-02-16 08:57 - 4733440 ____A (AVAST Software) C:\Users\OkComputer\Desktop\aswMBR.exe
2012-02-16 08:30 - 2012-02-16 18:44 - 0000000 ____D C:\$RECYCLE.BIN
2012-02-16 08:28 - 2012-02-16 08:28 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-02-16 08:28 - 2012-02-16 08:28 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-02-16 08:28 - 2012-02-16 08:28 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-02-16 08:28 - 2012-02-16 08:28 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-02-16 08:28 - 2012-02-16 08:28 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-02-16 08:28 - 2012-02-16 08:28 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-02-16 08:28 - 2012-02-16 08:28 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-02-16 08:28 - 2012-02-16 08:28 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-02-16 08:28 - 2012-02-16 08:28 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-02-16 08:28 - 2012-02-16 08:28 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-02-16 08:24 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-02-16 08:24 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-02-16 08:24 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-02-16 08:24 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-02-16 08:24 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-02-16 08:24 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-02-16 08:24 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-02-16 08:24 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-02-16 08:23 - 2012-02-16 09:54 - 0000000 ____D C:\Qoobox
2012-02-16 08:23 - 2012-02-16 08:33 - 0000000 ____D C:\Windows\ERDNT
2012-02-16 08:19 - 2012-02-16 08:20 - 4406022 ____R (Swearware) C:\Users\OkComputer\Desktop\ComboFix.exe
2012-02-14 00:51 - 2012-02-14 00:51 - 8756384 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-02-13 15:05 - 2012-02-13 15:05 - 0012893 ____A C:\Users\OkComputer\Desktop\Attach.txt
2012-02-13 14:04 - 2012-02-17 05:43 - 2060336 ____A (Kaspersky Lab ZAO) C:\Users\OkComputer\Desktop\tdsskiller.exe
2012-02-13 13:52 - 2012-02-13 13:52 - 0000482 ____A C:\Users\OkComputer\Desktop\defogger_disable.log
2012-02-13 13:52 - 2012-02-13 13:52 - 0000000 ____A C:\Users\OkComputer\defogger_reenable
2012-02-13 13:49 - 2012-02-13 13:49 - 0050477 ____A C:\Users\OkComputer\Desktop\Defogger.exe
2012-02-13 13:29 - 2012-02-17 04:18 - 0153824 ____A C:\Windows\ntbtlog.txt
2012-02-13 12:25 - 2012-02-13 12:25 - 0000000 ____D C:\Users\OkComputer\AppData\Roaming\Malwarebytes
2012-02-13 12:25 - 2012-02-13 12:25 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-02-13 12:25 - 2012-02-13 12:25 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-02-13 12:11 - 2012-02-13 12:11 - 312150105 ____A C:\Windows\MEMORY.DMP
2012-02-13 12:11 - 2012-02-13 12:11 - 0281280 ____A C:\Windows\Minidump\021312-26988-01.dmp
2012-02-13 12:11 - 2012-02-13 12:11 - 0000000 ____D C:\Windows\Minidump
2012-02-13 12:11 - 2012-02-13 12:11 - 0000000 ____A C:\Windows\SysWOW64\cd.dat
2012-02-13 11:55 - 2012-02-13 22:09 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-02-13 08:58 - 2012-02-13 22:09 - 0000000 ____D C:\Program Files\AVAST Software
2012-02-13 08:58 - 2012-02-13 11:23 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-02-13 08:58 - 2012-02-13 11:23 - 0000000 ____D C:\ProgramData\AVAST Software
2012-02-13 08:58 - 2012-02-13 08:58 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2012-02-13 08:58 - 2011-11-28 10:01 - 0256960 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-02-13 06:50 - 2012-02-13 06:51 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{6B8294BE-164D-4C1B-B89F-0383F936C681}
2012-02-13 06:50 - 2012-02-13 06:50 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{89A63D59-BF84-462B-8BBD-638349324802}
2012-02-13 05:25 - 2012-02-13 05:25 - 0000000 __SHD C:\Windows\System32\%APPDATA%
2012-02-13 05:19 - 2012-02-13 05:19 - 0046528 ____A C:\Windows\System32\Drivers\7aa918d1d509ef96.sys
2012-02-12 18:50 - 2012-02-12 18:50 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{7149F0AA-3DC0-4A34-AEE1-61B67C965896}
2012-02-12 18:50 - 2012-02-12 18:50 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{3AF12D51-A430-4C6A-A84B-AC6E8724DE83}
2012-02-12 06:49 - 2012-02-12 06:50 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{A666E121-C9F5-490A-8A76-AC3DCA6E6976}
2012-02-12 06:49 - 2012-02-12 06:49 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{7C26CF96-8DC7-4E8B-BB2C-B05EB437F106}
2012-02-11 18:49 - 2012-02-11 18:49 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{5A12A5E2-0488-49EF-BDC4-F56B3B315524}
2012-02-11 18:49 - 2012-02-11 18:49 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{41F20AD5-32C7-4217-8807-E686BB41E7A7}
2012-02-11 06:48 - 2012-02-11 06:48 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{D669264C-78F3-4918-A6C3-8A0C69F73BF4}
2012-02-11 06:48 - 2012-02-11 06:48 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{2918964A-2C61-4829-A94C-AFCCE1014A38}
2012-02-10 18:48 - 2012-02-10 18:48 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{D7F0F487-C8E2-4422-B9E7-7849A10482FD}
2012-02-10 18:48 - 2012-02-10 18:48 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{37DE9A62-0E16-4821-833F-A8A7EF8B8705}
2012-02-10 06:48 - 2012-02-10 06:48 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{EE6FCFB5-8C85-4A4A-9F1B-C5EDA28FE2B4}
2012-02-10 06:47 - 2012-02-10 06:48 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{35F4BC67-8B91-4B94-BC30-03090AC5F198}
2012-02-09 18:47 - 2012-02-09 18:47 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{3EAA06D3-F92E-4E49-951F-BC25D70D9881}
2012-02-09 18:47 - 2012-02-09 18:47 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{34155398-1B10-43AF-995D-C1762E1F73B8}
2012-02-09 06:47 - 2012-02-09 06:47 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{AAB9146B-DDC1-4EDD-9327-869D6843C38B}
2012-02-09 06:47 - 2012-02-09 06:47 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{42293502-3354-49DA-9465-2102D0CA7DAD}
2012-02-08 18:46 - 2012-02-08 18:47 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{C90D9AD0-17C5-478E-BD36-994866F869F8}
2012-02-08 18:46 - 2012-02-08 18:46 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{05A2A6ED-DFA3-468E-95D2-2E48B33CCE18}
2012-02-08 06:46 - 2012-02-08 06:46 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{739C0E39-73F4-4B74-80E5-A37174F5BE1A}
2012-02-08 06:46 - 2012-02-08 06:46 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{232A8A92-97F7-4348-884A-1169FC1C3300}
2012-02-07 18:46 - 2012-02-07 18:46 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{0D9486A5-1C57-4005-87F9-ECB97EE2FF40}
2012-02-07 18:45 - 2012-02-07 18:46 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{2C6B6218-4303-4F06-AE5F-DD8839DFD712}
2012-02-07 06:45 - 2012-02-07 06:45 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{3B890C0D-6F89-4496-AE2E-9128A5F1AF47}
2012-02-07 06:45 - 2012-02-07 06:45 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{145A3447-A082-4244-9A48-DD5A2A2565AC}
2012-02-06 18:45 - 2012-02-06 18:45 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{AC6F016E-E4E5-4292-B988-EF5837368C60}
2012-02-06 18:45 - 2012-02-06 18:45 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{9F70973A-FE3B-4102-A047-FB288006D761}
2012-02-06 16:19 - 2012-02-17 13:10 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-02-06 16:19 - 2012-02-14 00:51 - 0417440 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-02-06 06:44 - 2012-02-06 06:45 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{7A761409-7A7F-48B0-A57E-BAFE0B6C953A}
2012-02-06 06:44 - 2012-02-06 06:44 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{EADC666C-A3D7-4737-9D75-6FB4C457EF89}
2012-02-05 18:44 - 2012-02-05 18:44 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{63A59745-AF67-4AA2-B10A-61D2E76762AC}
2012-02-05 18:44 - 2012-02-05 18:44 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{13A3BC6F-B812-47DE-83FB-3E6817CD89DD}
2012-02-05 06:44 - 2012-02-05 06:44 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{6A202B0A-BB8E-4CDB-A1A8-9DD82A514C41}
2012-02-05 06:43 - 2012-02-05 06:44 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{76146FE7-5FFD-4FB4-8F50-59E34BEEC90A}
2012-02-04 18:43 - 2012-02-04 18:43 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{4357ECE7-7698-45DB-B3A7-328F3464E0CD}
2012-02-04 18:43 - 2012-02-04 18:43 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{011DAC7A-608F-4187-903A-07F62D68F626}
2012-02-04 06:43 - 2012-02-04 06:43 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{947748DE-598C-4E9F-8B91-A631F0D6D5C2}
2012-02-04 06:43 - 2012-02-04 06:43 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{0CC68565-5B59-4E64-ABE1-2F4C46A1D575}
2012-02-03 18:42 - 2012-02-03 18:42 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{7A529059-FD6F-4A0E-8BC8-C23707261B0B}
2012-02-03 18:42 - 2012-02-03 18:42 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{3BBFDC80-E86C-4575-B220-B6CBF9215084}
2012-02-03 06:42 - 2012-02-03 06:42 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{E40FC643-4FF0-4947-8EE0-EE0CB876AF7E}
2012-02-03 06:42 - 2012-02-03 06:42 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{4CFCB709-D82C-4ABF-A1F1-72D75C90B1C6}
2012-02-02 18:42 - 2012-02-02 18:42 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{E256C2AE-4EF3-4C9F-BA6D-42958F9E8CA0}
2012-02-02 18:41 - 2012-02-02 18:42 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{E28D5E83-4157-4E59-976F-7B7850EF558A}
2012-02-02 06:41 - 2012-02-02 06:41 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{D4E9C953-26A5-4A29-AD43-5EF7D4EFF0AB}
2012-02-02 06:41 - 2012-02-02 06:41 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{51A5FF7E-E777-490E-8B37-01AA186E0BC0}
2012-02-01 18:41 - 2012-02-01 18:41 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{E69D050D-0E8F-4A88-B93A-4489DFB8D183}
2012-02-01 18:41 - 2012-02-01 18:41 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{92CA1EB9-9FAC-4901-9217-49DD555D7844}
2012-02-01 16:53 - 2012-02-17 12:58 - 0000928 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746709200-2389037254-3650209503-1000UA.job
2012-02-01 16:53 - 2012-02-16 16:58 - 0000876 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746709200-2389037254-3650209503-1000Core.job
2012-02-01 16:53 - 2012-02-01 16:53 - 0000000 ____D C:\Users\OkComputer\AppData\Local\Google
2012-02-01 06:40 - 2012-02-01 06:41 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{80272DF7-4C4E-458F-B973-C29536C4F1CD}
2012-02-01 06:40 - 2012-02-01 06:40 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{1CD0076F-6D53-4EB3-A9B3-50AF8D4218AC}
2012-01-31 18:40 - 2012-01-31 18:40 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{FB225FE8-C558-4C13-9126-9704E0BD35DE}
2012-01-31 18:40 - 2012-01-31 18:40 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{8F6A77B8-852D-4B0F-B960-693070DB7312}
2012-01-31 06:40 - 2012-01-31 06:40 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{9CDF59C4-52F8-42B9-A85F-9939BD07F3F1}
2012-01-31 06:39 - 2012-01-31 06:40 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{E4F768C1-AEBA-44B6-B19B-42EB2D4B856C}
2012-01-30 18:39 - 2012-01-30 18:39 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{FADAD744-69CB-4FC7-B2C7-FA5101BC6B73}
2012-01-30 18:39 - 2012-01-30 18:39 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{1FFE6AAF-3001-4A15-838B-1C2A7FC94563}
2012-01-30 06:39 - 2012-01-30 06:39 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{EC7A0C06-6102-4A97-8936-52FC9531CE53}
2012-01-30 06:38 - 2012-01-30 06:39 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{727D73A0-841E-4DF5-A03D-E6DB4699EE19}
2012-01-29 18:38 - 2012-01-29 18:38 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{E0F4D038-CF45-4476-A0F2-FF8807953222}
2012-01-29 18:38 - 2012-01-29 18:38 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{300735D1-02AA-435F-9899-CED5C2125DB4}
2012-01-29 06:38 - 2012-01-29 06:38 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{F7234266-386B-43A7-A5FB-EECCA26A97E3}
2012-01-29 06:38 - 2012-01-29 06:38 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{08EB9C80-9B94-453D-936B-D7AE6583D489}
2012-01-28 18:37 - 2012-01-28 18:38 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{124EC041-D044-493D-AE61-1B7BDC0C834F}
2012-01-28 18:37 - 2012-01-28 18:37 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{E11CF1EC-B194-487E-943E-F2770B167EDA}
2012-01-28 06:37 - 2012-01-28 06:37 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{442091FA-6EB0-43C9-97F2-1FC23B65402B}
2012-01-28 06:37 - 2012-01-28 06:37 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{427A882A-C322-4A6F-8D9F-00ABB91D1DD3}
2012-01-27 18:37 - 2012-01-27 18:37 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{2E4C44D2-6D82-4F02-A234-A581367B27FC}
2012-01-27 18:36 - 2012-01-27 18:37 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{16176378-278A-474A-B2FD-93E471687488}
2012-01-27 06:36 - 2012-01-27 06:36 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{6ADA60B2-A93E-4737-B77D-E4B87692E59D}
2012-01-27 06:36 - 2012-01-27 06:36 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{5591C0F1-66DE-4362-B186-43581F8A9157}
2012-01-26 18:36 - 2012-01-26 18:36 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{3757B6E3-5896-4A95-AB2E-ECDA5487CF97}
2012-01-26 18:35 - 2012-01-26 18:36 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{DDE12967-2CCE-49FB-8BB5-B4E502C3B771}
2012-01-26 06:14 - 2012-01-26 06:14 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{3569FD07-6212-4772-A853-7DD8EE60B28C}
2012-01-26 06:14 - 2012-01-26 06:14 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{186A126B-5066-4B2B-93D4-A25210295689}
2012-01-25 18:14 - 2012-01-25 18:14 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{ADC05E2A-8D91-46EA-A702-C5DB2466ABEE}
2012-01-25 18:13 - 2012-01-25 18:14 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{89114337-4B84-4FC6-B4CD-34C3A8CE1CEB}
2012-01-25 17:26 - 2011-11-16 22:49 - 0152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-01-25 17:26 - 2011-11-16 22:49 - 0095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-01-25 17:26 - 2011-11-16 22:44 - 0459232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-01-25 17:26 - 2011-11-16 22:35 - 1447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-01-25 17:26 - 2011-11-16 22:35 - 0395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-01-25 17:26 - 2011-11-16 22:35 - 0340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-01-25 17:26 - 2011-11-16 22:35 - 0136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-01-25 17:26 - 2011-11-16 22:35 - 0029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-01-25 17:26 - 2011-11-16 22:35 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-01-25 17:26 - 2011-11-16 22:33 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-01-25 17:26 - 2011-11-16 21:35 - 0314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2012-01-25 17:26 - 2011-11-16 21:34 - 0224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-01-25 17:26 - 2011-11-16 21:34 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-01-25 17:26 - 2011-11-16 21:28 - 0096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-01-25 06:13 - 2012-01-25 06:13 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{C34B8F78-8C5A-4622-AC38-C37A393A9AC9}
2012-01-25 06:13 - 2012-01-25 06:13 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{7C2A83E7-6029-43C8-AA83-5CA6E3D5B353}
2012-01-24 18:13 - 2012-01-24 18:13 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{9EC274E0-ABBC-46CA-8BC0-D259905A0878}
2012-01-24 18:13 - 2012-01-24 18:13 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{960A355F-D9C7-4B1E-8C39-13B286F49220}
2012-01-24 06:12 - 2012-01-24 06:13 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{96484FDC-8432-4FD2-9A02-8F20FDB4E7D0}
2012-01-24 06:12 - 2012-01-24 06:12 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{2D0F4605-21BF-414A-BE20-F36F9F9BA8AC}
2012-01-23 18:12 - 2012-01-23 18:12 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{FF926FB0-F7CE-4D00-8614-A7B9D210F324}
2012-01-23 18:12 - 2012-01-23 18:12 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{3C40EA8C-587F-4E10-BA9C-910947503BE8}
2012-01-23 06:12 - 2012-01-23 06:12 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{BFA072EB-BD5A-491A-A9E0-4ED9E8E9147B}
2012-01-23 06:11 - 2012-01-23 06:12 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{E5154099-3DC5-4651-BB2A-E472350968C5}
2012-01-22 18:11 - 2012-01-22 18:11 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{A7DDEF81-5BB2-45C1-9276-28B1D9FA95C1}
2012-01-22 18:11 - 2012-01-22 18:11 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{7FA7BFC2-BC1B-4A4A-8D35-2917CFB28663}
2012-01-22 06:07 - 2012-01-22 06:07 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{B3F6774E-76EC-43C9-837E-ADAD45221FC6}
2012-01-22 06:07 - 2012-01-22 06:07 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{A1DFE5F0-8835-42C0-B443-F9F9C26A7DDA}
2012-01-21 18:07 - 2012-01-21 18:07 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{67EE0099-96B1-43F1-BEB7-FDC87BD58D90}
2012-01-21 18:07 - 2012-01-21 18:07 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{4E1537D0-BE24-402A-80B5-8EA4F77BB069}
2012-01-21 06:06 - 2012-01-21 06:07 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{D86C7796-5131-4303-9C23-3DE6A3E9976C}
2012-01-21 06:06 - 2012-01-21 06:06 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{0FA40DFD-6265-4787-AD7E-17B57683396E}
2012-01-20 18:06 - 2012-01-20 18:06 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{3CE713EC-6674-42AE-9531-2F52348AF555}
2012-01-20 18:06 - 2012-01-20 18:06 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{34E7548C-B7A3-4812-8CB5-F6604F62D614}
2012-01-20 06:05 - 2012-01-20 06:06 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{3DD72BC8-D2EC-4E67-9499-55AC9C3E73D7}
2012-01-20 06:05 - 2012-01-20 06:05 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{95AB9DCF-F5A7-416D-AEB1-52BB94E54AA0}
2012-01-19 18:05 - 2012-01-19 18:05 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{D6CE3B41-4A49-43BF-9E6B-2203DC695EEA}
2012-01-19 18:05 - 2012-01-19 18:05 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{1DB2A7B5-3710-421C-A877-EF7D219F9D21}
2012-01-19 06:05 - 2012-01-19 06:05 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{B75B3CB1-B55B-4CBC-B73F-2CE668E2D458}
2012-01-19 06:04 - 2012-01-19 06:05 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{1982A4F1-7BB8-4B6F-9FE4-30A0D8A6B433}
2012-01-18 18:04 - 2012-01-18 18:04 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{0F1A7595-FEAA-4E8E-96DB-8E34195C574A}
2012-01-18 18:04 - 2012-01-18 18:04 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{06E2FFFE-DB1C-4CA8-87DB-9047FD898447}
2012-01-18 06:04 - 2012-01-18 06:04 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{E43A98DD-971C-4CA2-97B7-1673FF775C17}
2012-01-18 06:04 - 2012-01-18 06:04 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{BD335004-D377-413A-A4AC-951C705AC84C}


============ 3 Months Modified Files and Folders =============

2012-02-17 23:16 - 2012-02-17 23:16 - 0000000 ____D C:\FRST
2012-02-17 13:12 - 2012-02-17 13:12 - 1381727 ____A C:\Users\OkComputer\Desktop\FRST64.exe
2012-02-17 13:10 - 2012-02-06 16:19 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-02-17 13:10 - 2011-05-09 05:17 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-02-17 13:10 - 2011-05-09 05:17 - 0000000 ____D C:\ProgramData\NVIDIA
2012-02-17 13:10 - 2011-05-09 04:47 - 2134401024 __ASH C:\hiberfil.sys
2012-02-17 13:10 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-02-17 13:10 - 2009-07-13 20:51 - 6544912 ____A C:\Windows\setupact.log
2012-02-17 13:09 - 2011-05-09 07:57 - 0000000 ____D C:\Users\OkComputer\AppData\Roaming\uTorrent
2012-02-17 13:09 - 2011-05-09 06:09 - 0000000 ____D C:\Users\OkComputer\AppData\Roaming\mIRC
2012-02-17 12:58 - 2012-02-01 16:53 - 0000928 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746709200-2389037254-3650209503-1000UA.job
2012-02-17 08:49 - 2011-09-04 05:36 - 0000000 ____D C:\Program Files\Nightly
2012-02-17 05:53 - 2011-05-09 04:40 - 0009712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-02-17 05:53 - 2011-05-09 04:40 - 0009712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-02-17 05:50 - 2011-05-11 04:24 - 0361676 ____A C:\Windows\System32\perfh00D.dat
2012-02-17 05:50 - 2011-05-11 04:24 - 0069244 ____A C:\Windows\System32\perfc00D.dat
2012-02-17 05:50 - 2011-05-10 04:41 - 0388542 ____A C:\Windows\System32\perfh011.dat
2012-02-17 05:50 - 2011-05-10 04:41 - 0106412 ____A C:\Windows\System32\perfc011.dat
2012-02-17 05:50 - 2009-07-13 21:13 - 1639614 ____A C:\Windows\System32\PerfStringBackup.INI
2012-02-17 05:47 - 2012-02-17 05:47 - 0116016 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\01921992.sys
2012-02-17 05:47 - 2012-02-17 05:47 - 0003760 ____A C:\TDSSKiller.2.7.13.0_17.02.2012_15.47.16_log.txt
2012-02-17 05:47 - 2011-05-09 06:09 - 0000000 ____D C:\Program Files (x86)\mIRC
2012-02-17 05:44 - 2012-02-17 05:44 - 0003872 ____A C:\TDSSKiller.2.7.13.0_17.02.2012_15.44.23_log.txt
2012-02-17 05:43 - 2012-02-13 14:04 - 2060336 ____A (Kaspersky Lab ZAO) C:\Users\OkComputer\Desktop\tdsskiller.exe
2012-02-17 05:41 - 2012-02-17 05:41 - 0003872 ____A C:\TDSSKiller.2.7.13.0_17.02.2012_15.41.25_log.txt
2012-02-17 05:38 - 2012-02-17 05:37 - 0003872 ____A C:\TDSSKiller.2.7.13.0_17.02.2012_15.37.57_log.txt
2012-02-17 04:19 - 2012-02-17 04:19 - 0004478 ____A C:\TDSSKiller.2.7.13.0_17.02.2012_14.19.07_log.txt
2012-02-17 04:18 - 2012-02-13 13:29 - 0153824 ____A C:\Windows\ntbtlog.txt
2012-02-17 04:16 - 2011-09-20 17:03 - 0000000 ____D C:\Users\OkComputer\AppData\Local\ElevatedDiagnostics
2012-02-16 18:53 - 2011-09-20 17:56 - 0000000 ____D C:\Users\OkComputer\Desktop\Tobaku Datenroku Kaiji Volume 1
2012-02-16 18:44 - 2012-02-16 08:30 - 0000000 ____D C:\$RECYCLE.BIN
2012-02-16 16:58 - 2012-02-01 16:53 - 0000876 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746709200-2389037254-3650209503-1000Core.job
2012-02-16 12:13 - 2012-02-16 12:12 - 0003872 ____A C:\TDSSKiller.2.7.13.0_16.02.2012_22.12.58_log.txt
2012-02-16 11:28 - 2011-05-09 04:44 - 0016256 ____A C:\Windows\PFRO.log
2012-02-16 10:00 - 2012-02-16 10:00 - 0003760 ____A C:\TDSSKiller.2.7.13.0_16.02.2012_20.00.05_log.txt
2012-02-16 09:58 - 2011-05-09 04:46 - 1739047 ____A C:\Windows\WindowsUpdate.log
2012-02-16 09:54 - 2012-02-16 09:54 - 0024759 ____A C:\ComboFix.txt
2012-02-16 09:54 - 2012-02-16 08:23 - 0000000 ____D C:\Qoobox
2012-02-16 09:53 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-02-16 09:21 - 2012-02-16 09:21 - 0001330 ____A C:\Users\OkComputer\Desktop\aswMBR.txt
2012-02-16 09:01 - 2012-02-16 08:59 - 0003760 ____A C:\TDSSKiller.2.7.13.0_16.02.2012_18.59.47_log.txt
2012-02-16 08:59 - 2012-02-16 08:57 - 0269278 ____A C:\TDSSKiller.2.7.13.0_16.02.2012_18.57.35_log.txt
2012-02-16 08:57 - 2012-02-16 08:54 - 4733440 ____A (AVAST Software) C:\Users\OkComputer\Desktop\aswMBR.exe
2012-02-16 08:34 - 2011-05-11 08:36 - 0000000 ____D C:\users\user
2012-02-16 08:34 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-02-16 08:34 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-02-16 08:33 - 2012-02-16 08:23 - 0000000 ____D C:\Windows\ERDNT
2012-02-16 08:30 - 2006-11-02 04:34 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-02-16 08:29 - 2009-07-13 18:34 - 58720256 ____A C:\Windows\System32\config\software.bak
2012-02-16 08:29 - 2009-07-13 18:34 - 20971520 ____A C:\Windows\System32\config\system.bak
2012-02-16 08:29 - 2009-07-13 18:34 - 0524288 ____A C:\Windows\System32\config\default.bak
2012-02-16 08:29 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\security.bak
2012-02-16 08:29 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\sam.bak
2012-02-16 08:28 - 2012-02-16 08:28 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-02-16 08:28 - 2012-02-16 08:28 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-02-16 08:28 - 2012-02-16 08:28 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-02-16 08:28 - 2012-02-16 08:28 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-02-16 08:28 - 2012-02-16 08:28 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-02-16 08:28 - 2012-02-16 08:28 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-02-16 08:28 - 2012-02-16 08:28 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-02-16 08:28 - 2012-02-16 08:28 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-02-16 08:28 - 2012-02-16 08:28 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-02-16 08:28 - 2012-02-16 08:28 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-02-16 08:20 - 2012-02-16 08:19 - 4406022 ____R (Swearware) C:\Users\OkComputer\Desktop\ComboFix.exe
2012-02-14 00:51 - 2012-02-14 00:51 - 8756384 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-02-14 00:51 - 2012-02-06 16:19 - 0417440 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-02-14 00:51 - 2011-05-17 10:57 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-02-13 22:09 - 2012-02-13 11:55 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-02-13 22:09 - 2012-02-13 08:58 - 0000000 ____D C:\Program Files\AVAST Software
2012-02-13 22:09 - 2011-05-09 15:49 - 0000000 ____D C:\Users\All Users\MFAData
2012-02-13 22:09 - 2011-05-09 15:49 - 0000000 ____D C:\ProgramData\MFAData
2012-02-13 22:09 - 2009-07-13 23:45 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-02-13 22:09 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-02-13 15:05 - 2012-02-13 15:05 - 0012893 ____A C:\Users\OkComputer\Desktop\Attach.txt
2012-02-13 13:52 - 2012-02-13 13:52 - 0000482 ____A C:\Users\OkComputer\Desktop\defogger_disable.log
2012-02-13 13:52 - 2012-02-13 13:52 - 0000000 ____A C:\Users\OkComputer\defogger_reenable
2012-02-13 13:52 - 2011-05-09 04:41 - 0000000 ____D C:\users\OkComputer
2012-02-13 13:49 - 2012-02-13 13:49 - 0050477 ____A C:\Users\OkComputer\Desktop\Defogger.exe
2012-02-13 12:25 - 2012-02-13 12:25 - 0000000 ____D C:\Users\OkComputer\AppData\Roaming\Malwarebytes
2012-02-13 12:25 - 2012-02-13 12:25 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-02-13 12:25 - 2012-02-13 12:25 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-02-13 12:11 - 2012-02-13 12:11 - 312150105 ____A C:\Windows\MEMORY.DMP
2012-02-13 12:11 - 2012-02-13 12:11 - 0281280 ____A C:\Windows\Minidump\021312-26988-01.dmp
2012-02-13 12:11 - 2012-02-13 12:11 - 0000000 ____D C:\Windows\Minidump
2012-02-13 12:11 - 2012-02-13 12:11 - 0000000 ____A C:\Windows\SysWOW64\cd.dat
2012-02-13 12:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-02-13 11:23 - 2012-02-13 08:58 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-02-13 11:23 - 2012-02-13 08:58 - 0000000 ____D C:\ProgramData\AVAST Software
2012-02-13 08:58 - 2012-02-13 08:58 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2012-02-13 08:08 - 2011-10-25 04:15 - 0023793 ____A C:\Users\OkComputer\Desktop\Berserk_20_TLv1.ass
2012-02-13 06:51 - 2012-02-13 06:50 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{6B8294BE-164D-4C1B-B89F-0383F936C681}
2012-02-13 06:50 - 2012-02-13 06:50 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{89A63D59-BF84-462B-8BBD-638349324802}
2012-02-13 06:50 - 2011-05-09 07:59 - 0000000 ____D C:\Users\OkComputer\AppData\Local\Windows Live
2012-02-13 05:25 - 2012-02-13 05:25 - 0000000 __SHD C:\Windows\System32\%APPDATA%
2012-02-13 05:19 - 2012-02-13 05:19 - 0046528 ____A C:\Windows\System32\Drivers\7aa918d1d509ef96.sys
2012-02-12 18:50 - 2012-02-12 18:50 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{7149F0AA-3DC0-4A34-AEE1-61B67C965896}
2012-02-12 18:50 - 2012-02-12 18:50 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{3AF12D51-A430-4C6A-A84B-AC6E8724DE83}
2012-02-12 06:50 - 2012-02-12 06:49 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{A666E121-C9F5-490A-8A76-AC3DCA6E6976}
2012-02-12 06:49 - 2012-02-12 06:49 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{7C26CF96-8DC7-4E8B-BB2C-B05EB437F106}
2012-02-11 21:59 - 2011-05-09 05:35 - 0025640 ____A (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2012-02-11 21:59 - 2011-05-09 05:06 - 0030528 ____A C:\Windows\GVTDrv64.sys
2012-02-11 21:58 - 2011-05-09 07:57 - 0000000 ____D C:\Program Files (x86)\uTorrent
2012-02-11 18:49 - 2012-02-11 18:49 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{5A12A5E2-0488-49EF-BDC4-F56B3B315524}
2012-02-11 18:49 - 2012-02-11 18:49 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{41F20AD5-32C7-4217-8807-E686BB41E7A7}
2012-02-11 06:48 - 2012-02-11 06:48 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{D669264C-78F3-4918-A6C3-8A0C69F73BF4}
2012-02-11 06:48 - 2012-02-11 06:48 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{2918964A-2C61-4829-A94C-AFCCE1014A38}
2012-02-10 18:48 - 2012-02-10 18:48 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{D7F0F487-C8E2-4422-B9E7-7849A10482FD}
2012-02-10 18:48 - 2012-02-10 18:48 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{37DE9A62-0E16-4821-833F-A8A7EF8B8705}
2012-02-10 06:48 - 2012-02-10 06:48 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{EE6FCFB5-8C85-4A4A-9F1B-C5EDA28FE2B4}
2012-02-10 06:48 - 2012-02-10 06:47 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{35F4BC67-8B91-4B94-BC30-03090AC5F198}
2012-02-09 18:47 - 2012-02-09 18:47 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{3EAA06D3-F92E-4E49-951F-BC25D70D9881}
2012-02-09 18:47 - 2012-02-09 18:47 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{34155398-1B10-43AF-995D-C1762E1F73B8}
2012-02-09 08:51 - 2011-05-09 17:30 - 0006736 ____A C:\Users\OkComputer\Desktop\New Text Document (2).txt
2012-02-09 06:47 - 2012-02-09 06:47 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{AAB9146B-DDC1-4EDD-9327-869D6843C38B}
2012-02-09 06:47 - 2012-02-09 06:47 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{42293502-3354-49DA-9465-2102D0CA7DAD}
2012-02-08 18:47 - 2012-02-08 18:46 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{C90D9AD0-17C5-478E-BD36-994866F869F8}
2012-02-08 18:46 - 2012-02-08 18:46 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{05A2A6ED-DFA3-468E-95D2-2E48B33CCE18}
2012-02-08 06:46 - 2012-02-08 06:46 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{739C0E39-73F4-4B74-80E5-A37174F5BE1A}
2012-02-08 06:46 - 2012-02-08 06:46 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{232A8A92-97F7-4348-884A-1169FC1C3300}
2012-02-07 18:46 - 2012-02-07 18:46 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{0D9486A5-1C57-4005-87F9-ECB97EE2FF40}
2012-02-07 18:46 - 2012-02-07 18:45 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{2C6B6218-4303-4F06-AE5F-DD8839DFD712}
2012-02-07 06:45 - 2012-02-07 06:45 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{3B890C0D-6F89-4496-AE2E-9128A5F1AF47}
2012-02-07 06:45 - 2012-02-07 06:45 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{145A3447-A082-4244-9A48-DD5A2A2565AC}
2012-02-07 04:31 - 2012-01-04 02:50 - 0000000 ____D C:\Program Files (x86)\Biztrade
2012-02-06 18:45 - 2012-02-06 18:45 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{AC6F016E-E4E5-4292-B988-EF5837368C60}
2012-02-06 18:45 - 2012-02-06 18:45 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{9F70973A-FE3B-4102-A047-FB288006D761}
2012-02-06 14:34 - 2011-05-25 15:22 - 0000000 ____D C:\Users\OkComputer\Downloads\Video
2012-02-06 06:45 - 2012-02-06 06:44 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{7A761409-7A7F-48B0-A57E-BAFE0B6C953A}
2012-02-06 06:44 - 2012-02-06 06:44 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{EADC666C-A3D7-4737-9D75-6FB4C457EF89}
2012-02-05 18:44 - 2012-02-05 18:44 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{63A59745-AF67-4AA2-B10A-61D2E76762AC}
2012-02-05 18:44 - 2012-02-05 18:44 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{13A3BC6F-B812-47DE-83FB-3E6817CD89DD}
2012-02-05 06:44 - 2012-02-05 06:44 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{6A202B0A-BB8E-4CDB-A1A8-9DD82A514C41}
2012-02-05 06:44 - 2012-02-05 06:43 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{76146FE7-5FFD-4FB4-8F50-59E34BEEC90A}
2012-02-04 18:43 - 2012-02-04 18:43 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{4357ECE7-7698-45DB-B3A7-328F3464E0CD}
2012-02-04 18:43 - 2012-02-04 18:43 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{011DAC7A-608F-4187-903A-07F62D68F626}
2012-02-04 06:43 - 2012-02-04 06:43 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{947748DE-598C-4E9F-8B91-A631F0D6D5C2}
2012-02-04 06:43 - 2012-02-04 06:43 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{0CC68565-5B59-4E64-ABE1-2F4C46A1D575}
2012-02-03 18:42 - 2012-02-03 18:42 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{7A529059-FD6F-4A0E-8BC8-C23707261B0B}
2012-02-03 18:42 - 2012-02-03 18:42 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{3BBFDC80-E86C-4575-B220-B6CBF9215084}
2012-02-03 06:42 - 2012-02-03 06:42 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{E40FC643-4FF0-4947-8EE0-EE0CB876AF7E}
2012-02-03 06:42 - 2012-02-03 06:42 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{4CFCB709-D82C-4ABF-A1F1-72D75C90B1C6}
2012-02-02 18:42 - 2012-02-02 18:42 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{E256C2AE-4EF3-4C9F-BA6D-42958F9E8CA0}
2012-02-02 18:42 - 2012-02-02 18:41 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{E28D5E83-4157-4E59-976F-7B7850EF558A}
2012-02-02 06:41 - 2012-02-02 06:41 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{D4E9C953-26A5-4A29-AD43-5EF7D4EFF0AB}
2012-02-02 06:41 - 2012-02-02 06:41 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{51A5FF7E-E777-490E-8B37-01AA186E0BC0}
2012-02-01 18:41 - 2012-02-01 18:41 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{E69D050D-0E8F-4A88-B93A-4489DFB8D183}
2012-02-01 18:41 - 2012-02-01 18:41 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{92CA1EB9-9FAC-4901-9217-49DD555D7844}
2012-02-01 16:53 - 2012-02-01 16:53 - 0000000 ____D C:\Users\OkComputer\AppData\Local\Google
2012-02-01 06:41 - 2012-02-01 06:40 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{80272DF7-4C4E-458F-B973-C29536C4F1CD}
2012-02-01 06:40 - 2012-02-01 06:40 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{1CD0076F-6D53-4EB3-A9B3-50AF8D4218AC}
2012-01-31 18:40 - 2012-01-31 18:40 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{FB225FE8-C558-4C13-9126-9704E0BD35DE}
2012-01-31 18:40 - 2012-01-31 18:40 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{8F6A77B8-852D-4B0F-B960-693070DB7312}
2012-01-31 06:40 - 2012-01-31 06:40 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{9CDF59C4-52F8-42B9-A85F-9939BD07F3F1}
2012-01-31 06:40 - 2012-01-31 06:39 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{E4F768C1-AEBA-44B6-B19B-42EB2D4B856C}
2012-01-30 18:39 - 2012-01-30 18:39 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{FADAD744-69CB-4FC7-B2C7-FA5101BC6B73}
2012-01-30 18:39 - 2012-01-30 18:39 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{1FFE6AAF-3001-4A15-838B-1C2A7FC94563}
2012-01-30 06:39 - 2012-01-30 06:39 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{EC7A0C06-6102-4A97-8936-52FC9531CE53}
2012-01-30 06:39 - 2012-01-30 06:38 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{727D73A0-841E-4DF5-A03D-E6DB4699EE19}
2012-01-29 18:38 - 2012-01-29 18:38 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{E0F4D038-CF45-4476-A0F2-FF8807953222}
2012-01-29 18:38 - 2012-01-29 18:38 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{300735D1-02AA-435F-9899-CED5C2125DB4}
2012-01-29 06:38 - 2012-01-29 06:38 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{F7234266-386B-43A7-A5FB-EECCA26A97E3}
2012-01-29 06:38 - 2012-01-29 06:38 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{08EB9C80-9B94-453D-936B-D7AE6583D489}
2012-01-28 18:38 - 2012-01-28 18:37 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{124EC041-D044-493D-AE61-1B7BDC0C834F}
2012-01-28 18:37 - 2012-01-28 18:37 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{E11CF1EC-B194-487E-943E-F2770B167EDA}
2012-01-28 06:37 - 2012-01-28 06:37 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{442091FA-6EB0-43C9-97F2-1FC23B65402B}
2012-01-28 06:37 - 2012-01-28 06:37 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{427A882A-C322-4A6F-8D9F-00ABB91D1DD3}
2012-01-27 18:37 - 2012-01-27 18:37 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{2E4C44D2-6D82-4F02-A234-A581367B27FC}
2012-01-27 18:37 - 2012-01-27 18:36 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{16176378-278A-474A-B2FD-93E471687488}
2012-01-27 06:36 - 2012-01-27 06:36 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{6ADA60B2-A93E-4737-B77D-E4B87692E59D}
2012-01-27 06:36 - 2012-01-27 06:36 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{5591C0F1-66DE-4362-B186-43581F8A9157}
2012-01-26 18:36 - 2012-01-26 18:36 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{3757B6E3-5896-4A95-AB2E-ECDA5487CF97}
2012-01-26 18:36 - 2012-01-26 18:35 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{DDE12967-2CCE-49FB-8BB5-B4E502C3B771}
2012-01-26 14:52 - 2011-05-09 06:04 - 0279656 ____A (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-01-26 06:14 - 2012-01-26 06:14 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{3569FD07-6212-4772-A853-7DD8EE60B28C}
2012-01-26 06:14 - 2012-01-26 06:14 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{186A126B-5066-4B2B-93D4-A25210295689}
2012-01-25 18:14 - 2012-01-25 18:14 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{ADC05E2A-8D91-46EA-A702-C5DB2466ABEE}
2012-01-25 18:14 - 2012-01-25 18:13 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{89114337-4B84-4FC6-B4CD-34C3A8CE1CEB}
2012-01-25 06:13 - 2012-01-25 06:13 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{C34B8F78-8C5A-4622-AC38-C37A393A9AC9}
2012-01-25 06:13 - 2012-01-25 06:13 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{7C2A83E7-6029-43C8-AA83-5CA6E3D5B353}
2012-01-24 18:13 - 2012-01-24 18:13 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{9EC274E0-ABBC-46CA-8BC0-D259905A0878}
2012-01-24 18:13 - 2012-01-24 18:13 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{960A355F-D9C7-4B1E-8C39-13B286F49220}
2012-01-24 06:13 - 2012-01-24 06:12 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{96484FDC-8432-4FD2-9A02-8F20FDB4E7D0}
2012-01-24 06:12 - 2012-01-24 06:12 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{2D0F4605-21BF-414A-BE20-F36F9F9BA8AC}
2012-01-23 18:12 - 2012-01-23 18:12 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{FF926FB0-F7CE-4D00-8614-A7B9D210F324}
2012-01-23 18:12 - 2012-01-23 18:12 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{3C40EA8C-587F-4E10-BA9C-910947503BE8}
2012-01-23 06:12 - 2012-01-23 06:12 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{BFA072EB-BD5A-491A-A9E0-4ED9E8E9147B}
2012-01-23 06:12 - 2012-01-23 06:11 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{E5154099-3DC5-4651-BB2A-E472350968C5}
2012-01-22 18:11 - 2012-01-22 18:11 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{A7DDEF81-5BB2-45C1-9276-28B1D9FA95C1}
2012-01-22 18:11 - 2012-01-22 18:11 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{7FA7BFC2-BC1B-4A4A-8D35-2917CFB28663}
2012-01-22 06:07 - 2012-01-22 06:07 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{B3F6774E-76EC-43C9-837E-ADAD45221FC6}
2012-01-22 06:07 - 2012-01-22 06:07 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{A1DFE5F0-8835-42C0-B443-F9F9C26A7DDA}
2012-01-22 05:26 - 2011-05-09 04:16 - 0000000 ____D C:\Users\OkComputer\AppData\LocalLow
2012-01-21 18:07 - 2012-01-21 18:07 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{67EE0099-96B1-43F1-BEB7-FDC87BD58D90}
2012-01-21 18:07 - 2012-01-21 18:07 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{4E1537D0-BE24-402A-80B5-8EA4F77BB069}
2012-01-21 06:07 - 2012-01-21 06:06 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{D86C7796-5131-4303-9C23-3DE6A3E9976C}
2012-01-21 06:06 - 2012-01-21 06:06 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{0FA40DFD-6265-4787-AD7E-17B57683396E}
2012-01-20 18:06 - 2012-01-20 18:06 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{3CE713EC-6674-42AE-9531-2F52348AF555}
2012-01-20 18:06 - 2012-01-20 18:06 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{34E7548C-B7A3-4812-8CB5-F6604F62D614}
2012-01-20 06:06 - 2012-01-20 06:05 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{3DD72BC8-D2EC-4E67-9499-55AC9C3E73D7}
2012-01-20 06:05 - 2012-01-20 06:05 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{95AB9DCF-F5A7-416D-AEB1-52BB94E54AA0}
2012-01-19 18:05 - 2012-01-19 18:05 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{D6CE3B41-4A49-43BF-9E6B-2203DC695EEA}
2012-01-19 18:05 - 2012-01-19 18:05 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{1DB2A7B5-3710-421C-A877-EF7D219F9D21}
2012-01-19 06:05 - 2012-01-19 06:05 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{B75B3CB1-B55B-4CBC-B73F-2CE668E2D458}
2012-01-19 06:05 - 2012-01-19 06:04 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{1982A4F1-7BB8-4B6F-9FE4-30A0D8A6B433}
2012-01-18 18:04 - 2012-01-18 18:04 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{0F1A7595-FEAA-4E8E-96DB-8E34195C574A}
2012-01-18 18:04 - 2012-01-18 18:04 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{06E2FFFE-DB1C-4CA8-87DB-9047FD898447}
2012-01-18 14:02 - 2011-07-02 11:19 - 0000000 ____D C:\Program Files (x86)\PS3 Media Server
2012-01-18 06:04 - 2012-01-18 06:04 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{E43A98DD-971C-4CA2-97B7-1673FF775C17}
2012-01-18 06:04 - 2012-01-18 06:04 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{BD335004-D377-413A-A4AC-951C705AC84C}
2012-01-17 18:04 - 2012-01-17 18:03 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{B2CE6479-84AB-49B2-B489-E42B5F293A7D}
2012-01-17 18:03 - 2012-01-17 18:03 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{29AE8AF3-CEA3-4B42-A59F-058F2741807B}
2012-01-17 06:03 - 2012-01-17 06:03 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{B4479A08-9C2A-4524-8229-7B94EBC0D459}
2012-01-17 06:03 - 2012-01-17 06:03 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{4B43E604-0FED-4E75-B1D8-BEFADE275E7A}
2012-01-16 18:03 - 2012-01-16 18:03 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{F2B20E86-18B6-47D9-8B0F-7762D380A335}
2012-01-16 18:03 - 2012-01-16 18:02 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{04E98A4E-A7BD-4C8E-96FB-6A992C408572}
2012-01-16 06:02 - 2012-01-16 06:02 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{CB5544D8-0CE9-40DC-A58C-2882E7457981}
2012-01-16 06:02 - 2012-01-16 06:02 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{3A45BB31-82A3-4E86-9112-115F372E77C5}
2012-01-15 18:02 - 2012-01-15 18:02 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{66E1467A-153F-4CDD-86A1-F63216DE4DA9}
2012-01-15 18:02 - 2012-01-15 18:02 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{09DA7751-54B3-4DF6-94E7-9B206776B4E4}
2012-01-15 07:59 - 2011-06-19 13:37 - 0000000 ____D C:\Users\OkComputer\AppData\Roaming\WinFF
2012-01-15 06:01 - 2012-01-15 06:01 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{3D210D43-A8AB-4684-9A89-76F1065281AA}
2012-01-15 06:01 - 2012-01-15 06:01 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{08B68F77-4C36-4631-AAF2-7D8F0B083EEC}
2012-01-14 18:01 - 2012-01-14 18:01 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{F7BF7530-90AA-4643-8557-2FE0A79F5324}
2012-01-14 18:01 - 2012-01-14 18:01 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{5F3FAFA7-3037-4728-BEBE-8FBA2AA1B3C7}
2012-01-14 06:01 - 2012-01-14 06:01 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{BC052DD9-9F8E-4BDD-91BA-6620642EB8F1}
2012-01-14 06:01 - 2012-01-14 06:00 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{6E7C28B2-5ED8-4363-840D-FA6A1BFB4905}
2012-01-13 18:00 - 2012-01-13 18:00 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{C10F81FD-D1B3-4169-AF9B-088A8742B8EA}
2012-01-13 18:00 - 2012-01-13 18:00 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{0CBC6869-4667-4713-96A8-9C7ED58998DD}
2012-01-13 06:00 - 2012-01-13 06:00 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{D87E36D3-337E-405E-B6B8-B3A274F79A5F}
2012-01-13 06:00 - 2012-01-13 06:00 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{CC8CC2D7-6FA1-496E-8B5A-D3FFFDDC10CB}
2012-01-12 17:59 - 2012-01-12 17:59 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{35D1AC2A-4853-487E-871C-43B9B48524EF}
2012-01-12 17:59 - 2012-01-12 17:59 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{313D16CB-5FA4-43CD-A86B-27EFAE4CB5A2}
2012-01-12 05:59 - 2012-01-12 05:59 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{FE962EED-0F09-4613-B984-AFAEC41DF288}
2012-01-12 05:59 - 2012-01-12 05:58 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{B7A92F76-8551-417A-A977-BCC066E0033E}
2012-01-11 17:58 - 2012-01-11 17:58 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{FE0CAE85-965F-4435-BBAD-F3BA1C27B700}
2012-01-11 17:58 - 2012-01-11 17:58 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{AD1B62B7-9325-478F-82ED-E498DC174DC6}
2012-01-11 05:58 - 2012-01-11 05:58 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{E248BDAF-1401-4A38-AC68-4AED79B4F637}
2012-01-11 05:58 - 2012-01-11 05:58 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{A9638518-FF29-442B-9A2F-DDBEAA131057}
2012-01-10 17:57 - 2012-01-10 17:57 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{FDD7619E-58EA-480B-B8A0-535F6FDBA521}
2012-01-10 17:57 - 2012-01-10 17:57 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{C29B4446-1E6C-47D0-9FDA-6FB9C211BCB3}
2012-01-10 17:02 - 2011-05-10 03:58 - 54008112 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-01-10 05:57 - 2012-01-10 05:57 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{E7AD335C-BA70-43F9-B8F2-4DB4956EE7BD}
2012-01-10 05:57 - 2012-01-10 05:57 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{A4B6E5A1-305D-440D-AF45-40DB802F0D9A}
2012-01-09 17:57 - 2012-01-09 17:56 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{7F23013C-1E6B-43D1-A2DC-C5A8F43E3E31}
2012-01-09 17:56 - 2012-01-09 17:56 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{F0AB43CC-A440-4A30-BA54-E78EA11E88E6}
2012-01-09 05:56 - 2012-01-09 05:56 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{E5748F52-AFD0-4F97-AD57-21A7D96C2C5E}
2012-01-09 05:56 - 2012-01-09 05:56 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{60F325A4-F98F-44D0-8267-CA2DA4FB4461}
2012-01-08 17:56 - 2012-01-08 17:56 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{EF1A2FC5-D819-4966-8E83-877462391EDD}
2012-01-08 17:56 - 2012-01-08 17:55 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{9DAAC7BA-661F-4F49-924E-9ADBDB249369}
2012-01-08 05:55 - 2012-01-08 05:55 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{DE2E0D0A-F104-4287-AE6B-50D5D6A1C994}
2012-01-08 05:55 - 2012-01-08 05:55 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{D8F3EE0A-225C-4C3D-BCF6-A40D685A4F78}
2012-01-07 17:55 - 2012-01-07 17:55 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{A9139A8E-2E61-4CC0-BBCF-E69FCE23CD8F}
2012-01-07 17:55 - 2012-01-07 17:55 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{5B113E21-5B60-4BC9-978E-2E4427940D1E}
2012-01-07 05:55 - 2012-01-07 05:54 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{7A186C2E-7780-43EE-A82C-60A89A6CF380}
2012-01-07 05:54 - 2012-01-07 05:54 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{033CB872-9F33-4DE3-86E9-352D7A7685AD}
2012-01-06 17:54 - 2012-01-06 17:54 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{7FE924A7-26C2-4247-8389-3B1F68F8FEF6}
2012-01-06 17:54 - 2012-01-06 17:54 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{3F4188FE-0D3E-4650-B169-36E7BEA3D7A3}
2012-01-06 16:29 - 2012-01-06 16:29 - 0000000 ____D C:\Users\OkComputer\Desktop\Vagabond- Volume 24
2012-01-06 05:54 - 2012-01-06 05:54 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{06934A68-6EBB-457B-8100-65954645455B}
2012-01-06 05:54 - 2012-01-06 05:53 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{9517FEB9-449A-4EB6-9D54-5127D499691B}
2012-01-05 18:20 - 2012-01-05 18:20 - 0000000 ____D C:\Users\OkComputer\Desktop\Vagabond- Volume 25
2012-01-05 17:53 - 2012-01-05 17:53 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{CDA0DE45-0156-4AD8-82FC-AA7B417CD6ED}
2012-01-05 17:53 - 2012-01-05 17:53 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{58E24055-835D-4ABB-B6A7-350B01E70F41}
2012-01-05 05:53 - 2012-01-05 05:53 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{FB453144-C9C3-4120-BC9E-4E44BE9B9EDA}
2012-01-05 05:53 - 2012-01-05 05:53 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{9CDBC27A-A248-4940-9A0E-CA863AB6D052}
2012-01-05 03:28 - 2012-01-14 15:07 - 0000000 ____D C:\Users\OkComputer\Desktop\Tor Browser
2012-01-04 17:53 - 2012-01-04 17:52 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{F2C54662-13D0-4B20-B365-3D4D9AD39E92}
2012-01-04 17:52 - 2012-01-04 17:52 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{680B98B0-5E84-451C-8261-88DDEB0B1146}
2012-01-04 05:52 - 2012-01-04 05:52 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{F802C1A1-B84C-451E-886B-04FD3632740F}
2012-01-04 05:52 - 2012-01-04 05:52 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{811F8238-64B4-4FE7-BF96-09F77B052971}
2012-01-04 02:50 - 2012-01-04 02:50 - 0000982 ____A C:\Users\Public\Desktop\Biztrade.lnk
2012-01-03 17:52 - 2012-01-03 17:52 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{6E860812-9C49-4037-92B4-2762BD9D4B33}
2012-01-03 17:52 - 2012-01-03 17:51 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{7CFD7546-525D-4D54-A616-52B895B6647A}
2012-01-03 05:51 - 2012-01-03 05:51 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{E04703C7-7F9F-448C-80F7-A3F166E9F144}
2012-01-03 05:51 - 2012-01-03 05:51 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{58B46BB4-5622-4360-97F3-263F5C185501}
2012-01-02 17:51 - 2012-01-02 17:51 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{4246F6E3-6790-4500-8CE9-AAB5A1FBC055}
2012-01-02 17:51 - 2012-01-02 17:51 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{1A52AD7E-4843-400E-8179-48C8251C966C}
2012-01-02 05:50 - 2012-01-02 05:50 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{932AEC8A-CAE4-42CB-8BA9-39FFFFD64797}
2012-01-02 05:50 - 2012-01-02 05:50 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{5BB7AFA1-CD14-4A4C-9625-14EC8C33E501}
2012-01-01 17:50 - 2012-01-01 17:50 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{F57F7533-DDC2-469F-A279-1702334C189E}
2012-01-01 17:50 - 2012-01-01 17:50 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{444ECD07-F681-4C38-B160-8976DD08D473}
2012-01-01 05:50 - 2012-01-01 05:50 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{7E95401A-22E2-4360-801E-8BB9DD06EED1}
2012-01-01 05:50 - 2012-01-01 05:49 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{06143383-C84D-4347-BDE6-086FB5C90393}
2011-12-31 17:49 - 2011-12-31 17:49 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{D43B84E5-0A39-430C-9D04-3722D1876FFE}
2011-12-31 17:49 - 2011-12-31 17:49 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{1A7FF734-50E9-45B8-97B0-0D88841C5071}
2011-12-31 05:48 - 2011-12-31 05:48 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{31EBCD15-ED7F-4F0C-B7D1-1213BBA0BA0D}
2011-12-31 05:48 - 2011-12-31 05:48 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{13A11C40-126C-40A6-82E3-2A4911B34B20}
2011-12-30 17:48 - 2011-12-30 17:48 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{74E892E1-364E-4074-B456-90661A371F9E}
2011-12-30 17:48 - 2011-12-30 17:48 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{52BD333C-5B2A-4E72-9F6E-C246B8739DD1}
2011-12-30 05:47 - 2011-12-30 05:47 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{AE0BCC68-F267-4AC3-9CD0-03FA97AAE516}
2011-12-30 05:47 - 2011-12-30 05:47 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{59F20872-49C5-4AF5-BB9C-0A51BDFDF39D}
2011-12-29 17:47 - 2011-12-29 17:47 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{8D5C26DA-15C5-44A9-BD08-115ED8AF0756}
2011-12-29 17:47 - 2011-12-29 17:47 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{08A1C7FB-1488-44CF-B6A4-5613C2361BBC}
2011-12-29 13:52 - 2011-05-10 10:27 - 0000000 ____D C:\Users\OkComputer\AppData\Local\Microsoft Games
2011-12-29 05:47 - 2011-12-29 05:46 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{43F7F7A3-4E6E-4BF9-A118-3DF5C07C5948}
2011-12-29 05:46 - 2011-12-29 05:46 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{E8087341-BC03-4AF1-8B28-E10AD6ABAA14}
2011-12-28 17:46 - 2011-12-28 17:46 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{11F571AB-0301-4533-90DA-D961AB7CF96B}
2011-12-28 17:46 - 2011-12-28 17:46 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{04C0EA0C-A89A-4AF6-BB23-40371E0276BE}
2011-12-28 05:46 - 2011-12-28 05:46 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{C7F64E0D-96DF-4FB4-B794-01EEB7C0C7D9}
2011-12-28 05:46 - 2011-12-28 05:45 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{7E407415-1B7A-4895-97F8-53585483B2F6}
2011-12-27 17:45 - 2011-12-27 17:45 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{F3BB2603-C5AA-4295-83A8-15806ADEDAE7}
2011-12-27 17:45 - 2011-12-27 17:45 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{ACC519E5-0D17-447A-A591-A27B8BADC5D4}
2011-12-27 05:45 - 2011-12-27 05:45 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{B54F8C05-C18F-4153-B140-6D77DB64183C}
2011-12-27 05:45 - 2011-12-27 05:45 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{AFBBA425-4411-4AA5-B58A-6D4C6C2075B0}
2011-12-26 17:45 - 2011-12-26 17:44 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{E814D845-0D77-4B99-8F1F-445EE48E279B}
2011-12-26 17:44 - 2011-12-26 17:44 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{A79CB24D-99C1-474C-9871-0496B4C88650}
2011-12-26 05:44 - 2011-12-26 05:44 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{3A969E70-06EB-4951-A36D-CD37F6002400}
2011-12-26 05:44 - 2011-12-26 05:44 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{2F8B73B6-2E13-405D-904E-D2090E51A9D2}
2011-12-25 17:44 - 2011-12-25 17:44 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{C6E34C36-BB83-4553-9892-5FFA269548E9}
2011-12-25 17:44 - 2011-12-25 17:43 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{4F04F0DD-C420-4B4E-AC52-CCDC70CF91F9}
2011-12-25 05:43 - 2011-12-25 05:43 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{7C84DF5B-B314-43CF-8DFB-6457A89C03D7}
2011-12-25 05:43 - 2011-12-25 05:43 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{580DEA51-C00E-479E-98D8-8053A91535F9}
2011-12-25 00:54 - 2012-01-16 08:21 - 8717691 ____A C:\Users\OkComputer\Desktop\01 The Daily Mail_[plixid.com].mp3
2011-12-25 00:54 - 2012-01-16 08:21 - 10866001 ____A C:\Users\OkComputer\Desktop\02 Staircase_[plixid.com].mp3
2011-12-24 17:43 - 2011-12-24 17:43 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{ECA62040-08B1-4734-9E3A-2C4EC6BBFB9F}
2011-12-24 17:43 - 2011-12-24 17:43 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{BD1081FC-EEF5-4CE5-BADF-06BD6E215447}
2011-12-24 05:43 - 2011-12-24 05:42 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{95D2BAB4-C833-46D7-A64A-94DD2281503E}
2011-12-24 05:42 - 2011-12-24 05:42 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{D1DE7307-B325-42CD-8756-CA60047BDE93}
2011-12-23 17:42 - 2011-12-23 17:42 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{8F93DD44-AC06-4D7D-92FB-A2E79F486F3E}
2011-12-23 17:42 - 2011-12-23 17:42 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{4083AD00-FEAB-458A-A08B-2F8F1373DC9B}
2011-12-23 05:42 - 2011-12-23 05:42 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{DD08AA3B-C1B9-44FB-A2DE-FBC5644E3D86}
2011-12-23 05:42 - 2011-12-23 05:41 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{F884601C-C697-4AA2-AA70-53A10A24E06A}
2011-12-22 17:41 - 2011-12-22 17:41 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{F7845432-D7AA-4A5C-B39D-AA48D1EC2DE3}
2011-12-22 17:41 - 2011-12-22 17:41 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{3162FF37-212F-46D7-ADA8-70CEA4E10BE9}
2011-12-22 05:41 - 2011-12-22 05:41 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{A70EAF7C-78E1-44C3-92C9-7E4DF59B9A3B}
2011-12-22 05:41 - 2011-12-22 05:41 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{3D0834C8-D081-491E-A0F9-FC858981FC00}
2011-12-21 17:41 - 2011-12-21 17:40 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{7641B2A6-698C-4E5D-B96A-F7D2C6327D7D}
2011-12-21 17:40 - 2011-12-21 17:40 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{C1EBA571-61C5-45C6-A965-9F138F536F6C}
2011-12-21 05:40 - 2011-12-21 05:40 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{BE18DD28-AD28-4DAB-B28E-12C3D6B35FED}
2011-12-21 05:40 - 2011-12-21 05:40 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{31A12227-37C2-4129-B186-8AF1FAFCFFCF}
2011-12-20 17:40 - 2011-12-20 17:40 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{48F4BC1D-52F9-4F1E-A300-9443BF2D9CB5}
2011-12-20 17:40 - 2011-12-20 17:39 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{7D142256-8205-442C-BE58-EBEA73F91E67}
2011-12-20 05:39 - 2011-12-20 05:39 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{5BD70F50-FD6B-48E3-852D-D621EC19F552}
2011-12-20 05:39 - 2011-12-20 05:39 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{37E108BC-4059-4E4F-9320-7E1B8813C4C0}
2011-12-19 17:39 - 2011-12-19 17:39 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{7532D0EB-C631-4735-9D44-18A3CAC0364D}
2011-12-19 17:39 - 2011-12-19 17:39 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{0F56DF77-AC73-430D-9F45-14192DC397C2}
2011-12-19 05:39 - 2011-12-19 05:38 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{0A0718C0-D485-4E30-A161-222B74863C4B}
2011-12-19 05:38 - 2011-12-19 05:38 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{767EFEF7-638F-4B07-8089-36AD1D07F996}
2011-12-18 17:38 - 2011-12-18 17:38 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{946DD922-33D1-4F69-938E-8A386895759E}
2011-12-18 17:38 - 2011-12-18 17:38 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{4776FBB8-9992-4756-B681-411EF19BAC36}
2011-12-18 05:38 - 2011-12-18 05:38 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{CDB21B0A-96E8-4699-826B-806482005AB9}
2011-12-18 05:38 - 2011-12-18 05:37 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{927E9865-1510-46A4-8C7C-31F31E700D2C}
2011-12-17 17:37 - 2011-12-17 17:37 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{B8E41F1A-7824-4DF7-A7CD-10309A52B838}
2011-12-17 17:37 - 2011-12-17 17:37 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{64181107-BA78-4CE5-A0AF-20CE7A0B244B}
2011-12-17 05:37 - 2011-12-17 05:37 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{AFAFE9A6-5AD5-47BE-A9BB-E7C8873184F8}
2011-12-17 05:37 - 2011-12-17 05:37 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{2AD8E309-D407-4488-8AD2-287B219A4060}
2011-12-16 17:37 - 2011-12-16 17:36 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{280CC32A-2F21-46FF-B83C-D3627DFB91AB}
2011-12-16 17:36 - 2011-12-16 17:36 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{19AF0D87-9309-4EED-BA6A-B1A5357ACA98}
2011-12-16 05:36 - 2011-12-16 05:36 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{FAF22D2E-BBFF-4494-ABE5-98F80313A388}
2011-12-16 05:36 - 2011-12-16 05:36 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{4D0E5F08-FF21-4EF8-94CB-F91E0F09D585}
2011-12-15 17:36 - 2011-12-15 17:36 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{E3EAC46A-C259-4F54-A69E-C6599752C008}
2011-12-15 17:36 - 2011-12-15 17:35 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{7F82C574-6EB5-4437-9DA2-F07F33BFF4A4}
2011-12-15 05:35 - 2011-12-15 05:35 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{98C0B3A2-1C02-4629-9412-25FC68BFAFD4}
2011-12-15 05:35 - 2011-12-15 05:35 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{517906BE-0F41-401A-B5CC-7B1EEA6ACFCD}
2011-12-14 19:31 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2011-12-14 19:05 - 2009-07-13 20:45 - 5287184 ____A C:\Windows\System32\FNTCACHE.DAT
2011-12-14 17:35 - 2011-12-14 17:35 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{24FB900A-BA91-437D-B5C7-5DEEA09CB1C8}
2011-12-14 17:35 - 2011-12-14 17:34 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{CA1FCBCA-55A2-4BDE-9CE3-0BABE46C3AD9}
2011-12-14 17:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ja-JP
2011-12-14 17:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\he-IL
2011-12-14 17:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ja-JP
2011-12-14 17:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\he-IL
2011-12-14 05:34 - 2011-12-14 05:34 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{D667D818-1679-4BBD-8334-0EBADD4638BE}
2011-12-14 05:34 - 2011-12-14 05:34 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{3A6CB767-0F75-44CA-B230-C4469751C6A7}
2011-12-13 17:34 - 2011-12-13 17:34 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{97335FE9-E6C1-4DCD-9BE6-B838FDAA87C9}
2011-12-13 17:34 - 2011-12-13 17:34 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{56F38BBD-93B2-4236-96A4-060EEE681A7F}
2011-12-13 05:33 - 2011-12-13 05:33 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{F1BB74E7-4F2C-4D04-B533-C8BC5B4E4DF9}
2011-12-13 05:33 - 2011-12-13 05:33 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{D79168B1-4E60-409E-B691-379E5E3FAD9D}
2011-12-12 17:33 - 2011-12-12 17:33 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{E3B0E010-8DFE-4738-97CA-2A26DD5CBE21}
2011-12-12 17:33 - 2011-12-12 17:33 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{6C7FA4EB-04D1-49C3-9E40-C02558F7318A}
2011-12-12 05:33 - 2011-12-12 05:33 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{47180D02-7290-4732-9D1B-DFF05513E651}
2011-12-12 05:32 - 2011-12-12 05:32 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{4B1891E4-24C5-4C9D-82C4-1764A80254F8}
2011-12-11 17:32 - 2011-12-11 17:32 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{B1B6F345-7C6D-4225-BEA1-08F7B25344B8}
2011-12-11 17:32 - 2011-12-11 17:32 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{041EDB89-6D7D-464C-8C67-F000CAD37CCD}
2011-12-11 05:32 - 2011-12-11 05:32 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{D8F19C95-4727-43EA-B500-E63D1FCA6052}
2011-12-11 05:32 - 2011-12-11 05:32 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{9CF89E55-50E6-4120-8E61-437EF0A6BB68}
2011-12-10 17:31 - 2011-12-10 17:31 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{422C6DA1-A585-42E8-B1C3-77E07AC50B64}
2011-12-10 17:31 - 2011-12-10 17:31 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{0C3FBECA-3098-4BD0-8D5B-CE8DC709CE7D}
2011-12-10 16:25 - 2011-12-10 16:24 - 0000000 ____D C:\Program Files (x86)\Hotspot Shield
2011-12-10 16:25 - 2011-12-10 16:24 - 0000000 ____D C:\Hotspot Shield
2011-12-10 05:31 - 2011-12-10 05:31 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{A6F29D4C-4E2F-429E-9588-554E9A9D9E3F}
2011-12-10 05:31 - 2011-12-10 05:31 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{57A2DB5C-CF92-4EDD-867B-DBE5269B8D94}
2011-12-09 17:31 - 2011-12-09 17:31 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{84513B86-F2A0-4AFF-9252-CE8CF50BFFE2}
2011-12-09 17:31 - 2011-12-09 17:30 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{D45E5A8F-A88B-44DD-A9C0-09A3C26F913B}
2011-12-09 05:30 - 2011-12-09 05:30 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{B0EFC99E-9A78-453C-AACE-65013FBF25B7}
2011-12-09 05:30 - 2011-12-09 05:30 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{036022A0-52DC-4DE3-886A-10D481308A47}
2011-12-08 17:30 - 2011-12-08 17:30 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{C3154EB1-DCC5-49C0-89DE-6C48545E8BD4}
2011-12-08 17:30 - 2011-12-08 17:30 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{C077119A-F0C2-47BD-8334-07C7B441F4DB}
2011-12-08 05:30 - 2011-12-08 05:29 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{CE81D4F7-B194-4822-8F80-1A8F0A50A040}
2011-12-08 05:29 - 2011-12-08 05:29 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{28EFF064-1F8B-406D-A839-B1ED56B01E20}
2011-12-07 17:29 - 2011-12-07 17:29 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{75B88C13-FD40-4940-BED3-C111BCCB1976}
2011-12-07 17:29 - 2011-12-07 17:29 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{61F39190-A00E-4A76-A6C3-749FCC63D417}
2011-12-07 05:29 - 2011-12-07 05:29 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{FF3869E0-1180-4288-8938-65C97472E944}
2011-12-07 05:29 - 2011-12-07 05:28 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{74CD20CF-98B3-4CFB-8168-D48D9A2072DF}
2011-12-06 17:28 - 2011-12-06 17:28 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{F695B1AF-F768-42B9-AF9D-236F6CA6456F}
2011-12-06 17:28 - 2011-12-06 17:28 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{E082D45D-2060-4EAA-879E-68EE7980B14E}
2011-12-06 05:28 - 2011-12-06 05:28 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{AA62CE21-F2E2-43C2-904F-79308D10A370}
2011-12-06 05:28 - 2011-12-06 05:28 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{2107603B-8EA5-4F94-907E-1A28D1534DC3}
2011-12-05 17:28 - 2011-12-05 17:27 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{C28A1D82-F7BC-4E78-AAA8-A15945AE1114}
2011-12-05 17:27 - 2011-12-05 17:27 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{6F620758-8DA5-4D3B-BDBB-555B1D8D1001}
2011-12-05 05:27 - 2011-12-05 05:27 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{CBF7FA5C-01FF-463C-AD76-966869B78A8E}
2011-12-05 05:27 - 2011-12-05 05:27 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{5ED6FE7F-06D0-450F-A158-1213B03A30CA}
2011-12-04 17:32 - 2011-12-04 17:32 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{8BE09925-F46D-4C4C-8EA5-A42A0E364499}
2011-12-04 05:32 - 2011-12-04 05:31 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{D123965C-75B2-4795-A117-03E9C045328A}
2011-12-04 05:31 - 2011-12-04 05:31 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{818602D3-03BC-4A8C-8702-E5DF4D0096DF}
2011-12-03 17:31 - 2011-12-03 17:31 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{D0F608B4-DA39-4593-AB6F-8FC157FD2222}
2011-12-03 17:31 - 2011-12-03 17:31 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{40699645-9E34-456B-AEEB-69292F27EE1F}
2011-12-03 05:31 - 2011-12-03 05:31 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{BB514A76-EEDF-44E6-822D-369706F57A44}
2011-12-03 05:31 - 2011-12-03 05:30 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{9B06D24C-E56D-45C6-9362-1F5FEAA86272}
2011-12-02 17:30 - 2011-12-02 17:30 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{95648101-147C-434F-8EB2-4CEA9C6A19A5}
2011-12-02 17:30 - 2011-12-02 17:30 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{75D5D083-A6B5-4DC1-9E66-5EC265F261CC}
2011-12-02 05:30 - 2011-12-02 05:30 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{8924C8B8-364E-4DD9-89A0-F725C4C807AC}
2011-12-02 05:30 - 2011-12-02 05:30 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{2C339D5B-C94E-4DD2-BC47-5C20A3D47322}
2011-12-01 17:30 - 2011-12-01 17:29 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{860C4A1D-EE10-41DF-8423-D3481C2E8898}
2011-12-01 17:29 - 2011-12-01 17:29 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{64958C98-8BD6-4A2D-8803-FE755932DC3F}
2011-12-01 05:29 - 2011-12-01 05:29 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{C4932EA9-786C-4668-B3CD-E4F9ECD80AB8}
2011-12-01 05:29 - 2011-12-01 05:29 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{B56724B3-6157-4CC1-B562-A6C29946EFBE}
2011-11-30 17:29 - 2011-11-30 17:29 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{B5E5D623-C7B7-4802-8207-71FCEA1A8BD5}
2011-11-30 17:29 - 2011-11-30 17:28 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{44BFD7AC-E294-4441-9118-C12804C1FF6F}
2011-11-30 05:28 - 2011-11-30 05:28 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{A4C17BA9-D81E-4935-84AE-0A6ACB21B763}
2011-11-30 05:28 - 2011-11-30 05:28 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{528B6A78-2D24-40CF-A423-348BC868704A}
2011-11-29 17:28 - 2011-11-29 17:28 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{BD1CDF23-F9C1-497D-AC8B-1B9596D97524}
2011-11-29 17:28 - 2011-11-29 17:28 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{81F6E487-E2A1-4141-AEA2-216B0257023F}
2011-11-29 05:27 - 2011-11-29 05:27 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{82E3C17E-83BC-4557-9FA9-7E5F5827AFA8}
2011-11-29 05:27 - 2011-11-29 05:27 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{2F2FE491-1F6D-4C22-B85F-47AA36006B54}
2011-11-28 17:27 - 2011-11-28 17:27 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{E73198CC-9CEF-4D05-AE77-8885A48F7A52}
2011-11-28 17:27 - 2011-11-28 17:27 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{BD400530-CBD4-4949-85FC-6DB3AFEE863F}
2011-11-28 10:01 - 2012-02-13 08:58 - 0256960 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2011-11-28 05:27 - 2011-11-28 05:26 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{807FFA30-69A3-41B5-9A59-3CB4BF7F2853}
2011-11-28 05:26 - 2011-11-28 05:26 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{1F1AF4B8-46CB-4C82-AF97-D2DE00F48140}
2011-11-27 17:26 - 2011-11-27 17:26 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{A14A9D7F-26C0-4CED-8379-2533F51CBAF7}
2011-11-27 17:26 - 2011-11-27 17:26 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{74CFD390-D130-4FA5-B4D5-05D0500C2E5C}
2011-11-27 05:26 - 2011-11-27 05:25 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{2B095F15-8506-4B94-8E96-39C04074EB4A}
2011-11-27 05:25 - 2011-11-27 05:25 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{C6F2D96E-B78D-444B-A3A1-0D565FD8457F}
2011-11-26 17:25 - 2011-11-26 17:25 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{F635722F-CF1C-488C-A335-3103A0E7DF41}
2011-11-26 17:25 - 2011-11-26 17:25 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{317529C0-5A07-4931-AA72-B5F836744D59}
2011-11-26 05:25 - 2011-11-26 05:25 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{E0600F8A-425B-42A4-AF77-A35E5D35014F}
2011-11-26 05:25 - 2011-11-26 05:24 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{4A459E8A-7807-438F-94C7-804A24FB1485}
2011-11-25 17:24 - 2011-11-25 17:24 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{A061A70E-ADF4-4D6C-AB92-35094E8E1BC0}
2011-11-25 17:24 - 2011-11-25 17:24 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{7CF1B6A5-B1D5-4414-AD62-EE1192ADA15F}
2011-11-25 05:24 - 2011-11-25 05:24 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{CC02105A-90B8-4BA8-9B18-AF80131B5422}
2011-11-25 05:24 - 2011-11-25 05:24 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{456FDEFC-3FA4-41DD-8F88-5F6544B4248A}
2011-11-24 17:24 - 2011-11-24 17:23 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{72A44F8A-9E4A-4350-B726-7A138A1A6BB6}
2011-11-24 17:23 - 2011-11-24 17:23 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{25901857-0FA6-482A-A8BF-C4FBE5CDB90D}
2011-11-24 05:23 - 2011-11-24 05:23 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{E4C985CB-B3BF-4CC5-B18E-78FD767FAAD1}
2011-11-24 05:23 - 2011-11-24 05:23 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{2DF7446F-824E-4313-99B8-DDB9BCF573AA}
2011-11-23 20:52 - 2011-12-14 11:46 - 3145216 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-23 17:23 - 2011-11-23 17:23 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{035C4A71-59E2-4D52-A592-F636ED52BFAB}
2011-11-23 17:23 - 2011-11-23 17:22 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{A9F875B7-0478-4491-97DB-659A094326DB}
2011-11-23 12:45 - 2011-11-23 12:45 - 0056832 ____A (AnchorFree Inc.) C:\Windows\System32\Drivers\HssDrv.sys
2011-11-23 12:45 - 2011-11-23 12:45 - 0037888 ____A (AnchorFree Inc) C:\Windows\System32\Drivers\taphss.sys
2011-11-23 05:22 - 2011-11-23 05:22 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{54F5EECA-89FF-4C05-AD62-0E3C01944EAB}
2011-11-23 05:22 - 2011-11-23 05:22 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{21AAE8DF-049F-4766-8D36-3C20E938556B}
2011-11-22 17:22 - 2011-11-22 17:22 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{F04E5D41-C9A4-475A-A7D8-A90616AACE67}
2011-11-22 17:22 - 2011-11-22 17:22 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{D82A6550-258D-41CD-8F25-6E2AE2EDF72B}
2011-11-22 05:22 - 2011-11-22 05:21 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{AEE0F375-5488-40DB-B819-BDA826544D38}
2011-11-22 05:21 - 2011-11-22 05:21 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{17477E18-4FE8-49B9-ACBA-CA877F780BE7}
2011-11-21 17:21 - 2011-11-21 17:21 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{6D8A9C63-2FB0-410C-98BE-4AF4E38582FB}
2011-11-21 17:21 - 2011-11-21 17:21 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{22851C66-C0AD-41F1-BBDB-2EFF54B7D9E9}
2011-11-21 05:21 - 2011-11-21 05:21 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{8B841176-C4FE-426D-A333-E41BC17D46C9}
2011-11-21 05:21 - 2011-11-21 05:20 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{DFBC6500-4491-4B4E-AA91-1A55C299348D}
2011-11-20 17:20 - 2011-11-20 17:20 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{ECAB2284-6C64-495E-AF25-C78E25129733}
2011-11-20 17:20 - 2011-11-20 17:20 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{53E64522-0876-40E6-811F-D397A53AE414}
2011-11-20 05:20 - 2011-11-20 05:20 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{B3E2507B-4E2E-43C8-8C71-FE323306B129}
2011-11-20 05:20 - 2011-11-20 05:20 - 0000000 ____D C:\Users\OkComputer\AppData\Local\{633EEF3F-B5D0-477D-9E72-783D1414C3D6}

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8175.37 MB
Available physical RAM: 7380.28 MB
Total Pagefile: 8173.52 MB
Available Pagefile: 7373 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:542.88 GB) NTFS
2 Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: () (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (New Volume) (Fixed) (Total:465.76 GB) (Free:465.65 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB
Disk 1 Online 931 GB 0 B
Disk 2 Online 7633 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 1024 KB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y New Volume NTFS Partition 465 GB Healthy

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System Rese NTFS Partition 100 MB Healthy

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 931 GB Healthy

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7633 MB 16 KB

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 7633 MB Healthy



==========================================================

Last Boot: 2012-02-08 18:44

======================= End Of Log ==========================

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:22 AM

Posted 17 February 2012 - 09:59 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

File::
C:\Windows\system32\consrv.dll


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 kiri_7188

kiri_7188
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:22 AM

Posted 17 February 2012 - 10:30 PM

Hey Gringo!

Ran Combofix with the script - problems free.
Seems like Windows Firewall is working again and my Firefox stopped with the redirecting and the opening of unwanted tabs completely but I still get an error message every time I try to check for Windows updates. TDSSKiller and aswMBR still fail to initialize - I'm assuming it's relevant.

ComboFix 12-02-16.02 - OkComputer 02/18/2012 5:04.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1255.972.1033.18.8175.5990 [GMT 2:00]
Running from: c:\users\OkComputer\Desktop\ComboFix.exe
Command switches used :: c:\users\OkComputer\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\system32\consrv.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\consrv.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-01-18 to 2012-02-18 )))))))))))))))))))))))))))))))
.
.
2012-02-18 07:16 . 2012-02-18 07:16 -------- d-----w- C:\FRST
2012-02-18 03:07 . 2012-02-18 03:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-17 13:47 . 2012-02-17 13:47 116016 ----a-w- c:\windows\system32\drivers\01921992.sys
2012-02-16 16:51 . 2012-02-17 22:57 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D041D7C7-22C6-48CC-8BB6-220A22255D76}\offreg.dll
2012-02-14 08:51 . 2012-02-14 08:51 8756384 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-02-13 20:25 . 2012-02-13 20:25 -------- d-----w- c:\users\OkComputer\AppData\Roaming\Malwarebytes
2012-02-13 20:25 . 2012-02-13 20:25 -------- d-----w- c:\programdata\Malwarebytes
2012-02-13 19:55 . 2012-02-14 06:09 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-13 16:58 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-13 16:58 . 2012-02-14 06:09 -------- d-----w- c:\program files\AVAST Software
2012-02-13 16:58 . 2012-02-13 19:23 -------- d-----w- c:\programdata\AVAST Software
2012-02-13 13:25 . 2012-02-13 13:25 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-02-10 06:28 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D041D7C7-22C6-48CC-8BB6-220A22255D76}\mpengine.dll
2012-02-07 00:19 . 2012-02-14 08:51 417440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-02-02 00:53 . 2012-02-02 00:53 -------- d-----w- c:\users\OkComputer\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-14 08:51 . 2011-05-17 18:57 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-12 05:59 . 2011-05-09 13:06 30528 ----a-w- c:\windows\GVTDrv64.sys
2012-02-12 05:59 . 2011-05-09 13:35 25640 ----a-w- c:\windows\gdrv.sys
2012-01-26 22:52 . 2011-05-09 14:04 279656 ----a-w- c:\windows\system32\MpSigStub.exe
2011-11-24 04:52 . 2011-12-14 19:46 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-23 20:45 . 2011-11-23 20:45 56832 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2011-11-23 20:45 . 2011-11-23 20:45 37888 ----a-w- c:\windows\system32\drivers\taphss.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-16_16.30.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-02-16 16:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-18 03:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-02-16 16:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-18 03:09 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-16 16:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-18 03:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-02-17 21:20 30910 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-05-11 12:24 . 2012-02-14 00:08 69244 c:\windows\system32\perfc00D.dat
+ 2011-05-11 12:24 . 2012-02-17 21:22 69244 c:\windows\system32\perfc00D.dat
- 2011-05-09 12:40 . 2012-02-14 11:51 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-09 12:40 . 2012-02-16 19:29 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-02-14 11:51 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-16 19:29 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-09 13:38 . 2012-02-18 03:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-09 13:38 . 2012-02-16 16:31 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-09 13:38 . 2012-02-18 03:09 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-09 13:38 . 2012-02-16 16:31 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-09 13:38 . 2012-02-16 16:31 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-09 13:38 . 2012-02-18 03:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-09 13:38 . 2012-02-18 03:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-09 13:38 . 2012-02-16 16:31 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-09 13:38 . 2012-02-18 03:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-09 13:38 . 2012-02-16 16:31 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-09 13:07 . 2012-02-17 21:20 8440 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1746709200-2389037254-3650209503-1000_UserData.bin
+ 2012-02-17 12:22 . 2012-02-18 03:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-13 21:34 . 2012-02-16 16:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-13 21:34 . 2012-02-16 16:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-17 12:22 . 2012-02-18 03:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-05-10 12:41 . 2012-02-14 00:08 388542 c:\windows\system32\perfh011.dat
+ 2011-05-10 12:41 . 2012-02-17 21:22 388542 c:\windows\system32\perfh011.dat
- 2011-05-11 12:24 . 2012-02-14 00:08 361676 c:\windows\system32\perfh00D.dat
+ 2011-05-11 12:24 . 2012-02-17 21:22 361676 c:\windows\system32\perfh00D.dat
- 2009-07-14 02:36 . 2012-02-14 00:08 616032 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-17 21:22 616032 c:\windows\system32\perfh009.dat
- 2011-05-10 12:41 . 2012-02-14 00:08 106412 c:\windows\system32\perfc011.dat
+ 2011-05-10 12:41 . 2012-02-17 21:22 106412 c:\windows\system32\perfc011.dat
+ 2009-07-14 02:36 . 2012-02-17 21:22 106412 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-02-14 00:08 106412 c:\windows\system32\perfc009.dat
- 2011-05-09 12:40 . 2012-02-14 11:51 294912 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-09 12:40 . 2012-02-16 19:29 294912 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2011-5-11 155648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-14 253600]
R3 ALSysIO;ALSysIO;c:\users\OKCOMP~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-05-09 25640]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-02-12 30528]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AVerRemote;AVerRemote;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [2009-10-31 348160]
S2 AVerScheduleService;AVerScheduleService;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [2009-12-07 397312]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2011-11-23 330072]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2011-11-23 329544]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-27 378472]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TRIDCap;AVerMedia service;c:\windows\system32\DRIVERS\AVerTM62_x64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - 7aa918d1d509ef96
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-07 08:51]
.
2012-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746709200-2389037254-3650209503-1000Core.job
- c:\users\OkComputer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-02 00:53]
.
2012-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746709200-2389037254-3650209503-1000UA.job
- c:\users\OkComputer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-02 00:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-05 444752]
.
[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]
[HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-03-02 15:23 85232 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-03 11464296]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2010-08-23 2552320]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
SaiNtSub
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.il/cse?cx=partner-pub-1045670103905278:twd9k5-6qt8&ie=ISO-8859-8-I&q=&sa=
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\OkComputer\AppData\Roaming\Mozilla\Firefox\Profiles\948hhzhn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18706
FF - prefs.js: browser.search.selectedEngine - YouTube Video Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=18706&q=
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\7aa918d1d509ef96]
"ImagePath"="\SystemRoot\System32\Drivers\7aa918d1d509ef96.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1746709200-2389037254-3650209503-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):c3,c3,bf,79,97,38,f3,50,0b,fb,27,87,7d,f3,db,a2,f7,61,08,de,66,
48,aa,ce,72,63,92,b8,a4,cf,4e,a5,8e,40,e1,7d,06,10,3d,88,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1746709200-2389037254-3650209503-1000_Classes\Wow6432Node\CLSID\{e809738b-d40a-417f-98a1-05ec2b904bb2}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000001a
"Therad"=dword:00000002
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_160_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_160_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_160.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_160.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_160.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_160.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-02-18 05:12:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-18 03:12
ComboFix2.txt 2012-02-16 17:54
ComboFix3.txt 2012-02-16 16:34
.
Pre-Run: 585,088,569,344 bytes free
Post-Run: 584,815,095,808 bytes free
.
- - End Of File - - E4DAFC462546ABCA37FF7F8DA73F4A2E

Edited by kiri_7188, 17 February 2012 - 10:31 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users