Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zero access rootkit, random tabs of suspicious ads!


  • This topic is locked This topic is locked
28 replies to this topic

#1 Zitbegone

Zitbegone

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 01 April 2012 - 02:20 PM

Original Post


Initially got an attack from Smart HDD on my original account. It would not let me open taskmanager when I press ctrl+alt+delete. It hid all of my files in my desktop as well took away the ability to go to my documents, pictures and such on the start menu. Dozens of messages would appear. It seemed that when I would find ways to try the solve the problem, the virus would do much more severe things, I would hear random sound clip. It restarted my laptop and when logging back on the same account, it ended up leaving my desktop empty being only able to move the cursor. I did not have an anti-virus program so was left defenseless. I decided to log on my dad's account where I find that the virus has not affected it. I was desperate so I went to account management to delete my file thinking it would stop the attack.
After deleting my account, I made a new account admin through my dad's account. Everything seemed fine, I downloaded some of my programs back such as a different internet browser, messenger and such. However being on the internet, I noticed to recieve random tabs of suspicious advertisement, sometimes these tabs would not let me leave until I click one of the options in a pop-up window prompting me to use taskmanager to stop my browser's process.I downloaded several anti-virus to figure out if I still had a virus. Scanning my laptop gave the message that consrv.dll was behind these ads. My anti-virus would give me the choice of removing it. Having it removed, my anti-virus would tell me to reboot the laptop where I find that my laptop cannot properly restore itself as it says that it is missing something. That is when the time consuming start-up restore process would occur. Having finished the restoration, I would log on to find out that the anti-virus I had downloaded is gone. I would then check around my C:/ files and sure enough find the consrv.dll remains in my computer. I would google specifically about consrv.dll and how to properly remove it. Methods involving changing some binaries in regedit and then deleting the file yet again would result in the same restore start-up. I've tried fixing the problem several times.

I would greatly appreciate any assistance on this matter!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Kenneth at 14:32:52 on 2012-04-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.2086 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\UnHackMe\hackmon.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Video Web Camera\traybar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=MAGW
uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
mStart Page = hxxp://www.bing.com/?pc=MAGW
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [CLMLServer] "c:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
mRun: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{033E4F97-3BE2-4024-A51F-5346C59A8C63} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{033E4F97-3BE2-4024-A51F-5346C59A8C63}\2454C4C4938333 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{033E4F97-3BE2-4024-A51F-5346C59A8C63}\3596C667563747275674 : DhcpNameServer = 64.71.255.198
TCP: Interfaces\{033E4F97-3BE2-4024-A51F-5346C59A8C63}\4534443524D27457563747 : DhcpNameServer = 67.69.184.199 67.69.184.7
TCP: Interfaces\{033E4F97-3BE2-4024-A51F-5346C59A8C63}\4596D6F6478697723702642756560275966496 : DhcpNameServer = 173.243.32.50 8.8.8.8
TCP: Interfaces\{033E4F97-3BE2-4024-A51F-5346C59A8C63}\C696E6B6379737 : DhcpNameServer = 192.168.1.1 64.71.255.198
TCP: Interfaces\{BBFEAC0A-FA12-47E6-A9BA-FA3419FC2192} : DhcpNameServer = 64.71.255.198
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [CLMLServer] "c:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
mRun-x64: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kenneth\AppData\Roaming\Mozilla\Firefox\Profiles\12ezsh30.default\
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-11-5 841248]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-29 652360]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-6-28 255744]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-10-21 243232]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 253600]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-10-21 225280]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-01 14:34:03 -------- d-----we C:\Windows\system64
2012-04-01 10:51:46 -------- d-----w- C:\Users\Kenneth\AppData\Local\ElevatedDiagnostics
2012-04-01 10:40:24 39184 ----a-w- C:\Windows\SysWow64\Partizan.exe
2012-04-01 10:40:24 35816 ----a-w- C:\Windows\SysWow64\drivers\Partizan.sys
2012-04-01 10:40:21 2 --shatr- C:\Windows\winstart.bat
2012-04-01 10:40:16 12800 ----a-w- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys
2012-04-01 10:40:12 -------- dc----w- C:\Program Files (x86)\UnHackMe
2012-04-01 10:32:34 -------- d-----w- C:\Users\Kenneth\AppData\Local\{2F0C8BAE-0972-4A78-BE72-EB0AD7F7A7DE}
2012-04-01 08:37:43 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-04-01 08:33:52 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-03-31 22:00:18 -------- d-----w- C:\Users\Kenneth\AppData\Local\{DB25D9EE-59B5-4A88-99EA-06D13D113C2E}
2012-03-31 14:10:41 -------- d-----w- C:\Users\Kenneth\AppData\Roaming\uTorrent
2012-03-31 11:01:41 -------- d-----w- C:\Users\Kenneth\AppData\Roaming\AVG2012
2012-03-31 11:00:16 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-03-31 11:00:09 -------- dc----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-03-31 11:00:09 -------- dc----w- C:\Program Files (x86)\AVG Secure Search
2012-03-31 10:59:01 -------- d--h--w- C:\ProgramData\Common Files
2012-03-31 10:56:56 -------- dc----w- C:\$AVG
2012-03-31 10:56:56 -------- d-----w- C:\ProgramData\AVG2012
2012-03-31 10:55:37 -------- dc----w- C:\Program Files (x86)\AVG
2012-03-31 10:25:35 -------- d-----w- C:\ProgramData\MFAData
2012-03-31 10:21:59 -------- d-----w- C:\Users\Kenneth\AppData\Local\WinZip
2012-03-31 09:59:54 -------- d-----w- C:\Users\Kenneth\AppData\Local\Diagnostics
2012-03-30 05:11:23 -------- d-----w- C:\Users\Kenneth\AppData\Roaming\Malwarebytes
2012-03-30 05:09:21 -------- d-----w- C:\Users\Kenneth\AppData\Local\Mozilla
2012-03-30 05:09:07 -------- d-----w- C:\Users\Kenneth\AppData\Roaming\Advanced Chemistry Development
2012-03-30 05:08:44 -------- d-----w- C:\Users\Kenneth\AppData\Local\{EF36EF6B-6C64-4E49-8CE8-8ED6C634ECD9}
2012-03-30 03:03:02 -------- d-----w- C:\Users\Kenneth\AppData\Local\CrashDumps
2012-03-30 03:02:19 -------- d-----w- C:\Users\Kenneth\AppData\Local\SoftGrid Client
2012-03-30 03:02:14 -------- d-----w- C:\Users\Kenneth\AppData\Roaming\SoftGrid Client
2012-03-29 19:20:40 -------- d-----w- C:\Users\Kenneth\AppData\Local\Apple
2012-03-29 19:17:10 -------- d-----w- C:\Users\Kenneth\AppData\Local\Apple Computer
2012-03-29 16:26:49 -------- d-----w- C:\Users\Kenneth\AppData\Roaming\Tific
2012-03-29 16:26:48 -------- d-----w- C:\Users\Kenneth\AppData\Local\Symantec
2012-03-29 16:09:04 -------- d-----w- C:\Users\Kenneth\AppData\Local\{3B488ED2-E74A-4F63-99FC-FD5436F0AE75}
2012-03-29 16:08:43 -------- d-----w- C:\Users\Kenneth\Tracing
2012-03-29 16:00:59 -------- d-----w- C:\Windows\en
2012-03-29 15:41:30 19352 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-29 15:39:18 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\189c7db21cd0dc201\DXSETUP.exe
2012-03-29 15:39:17 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\189c7db21cd0dc201\DSETUP.dll
2012-03-29 15:39:17 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\189c7db21cd0dc201\dsetup32.dll
2012-03-29 15:38:27 -------- d-----w- C:\Users\Kenneth\AppData\Local\Windows Live
2012-03-29 15:31:53 -------- d-----w- C:\Users\Kenneth\AppData\Local\Opera
2012-03-29 15:27:40 -------- d-----w- C:\Users\Kenneth\AppData\Local\ATI
2012-03-29 15:27:12 -------- d-----w- C:\Users\Kenneth\AppData\Local\Power2Go
2012-03-29 14:37:24 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-29 14:37:23 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-29 14:37:23 -------- dc----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-29 14:18:47 8738464 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-03-29 13:50:11 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-29 13:48:34 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-03-29 13:45:25 99328 ---ha-w- C:\ProgramData\2jFf5J64.exe
2012-03-27 14:23:48 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C0CC4C37-92A8-40B4-9DA3-3BA95EEA35BD}\mpengine.dll
2012-03-20 12:38:32 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-20 12:38:32 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 07:06:43 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 07:06:42 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 07:06:42 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-13 18:24:51 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-13 18:24:47 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-13 18:24:46 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-13 18:17:05 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 18:17:05 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 18:17:05 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-13 18:17:05 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-13 18:17:02 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-13 18:17:02 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 18:17:02 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-08 22:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 22:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
.
==================== Find3M ====================
.
2012-03-29 14:18:54 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 13:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-31 08:46:48 36944 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
.
============= FINISH: 14:33:47.59 ===============

Attached Files


Edited by Zitbegone, 01 April 2012 - 02:21 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:11 AM

Posted 01 April 2012 - 11:49 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Zitbegone

Zitbegone
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 02 April 2012 - 01:01 AM

Well, it did give me the "Illegal operation..." message, wouldn't let open any programs. I actually used taskmanager to open my internet browser. But here's my log after using combofix:

ComboFix 12-04-01.01 - Kenneth 04/02/2012 1:34.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.2454 [GMT -4:00]
Running from: c:\users\Kenneth\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\2jFf5J64.exe
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))
.
.
2012-04-02 05:44 . 2012-04-02 05:44 -------- d-----w- c:\users\Silvestre Garay\AppData\Local\temp
2012-04-02 05:44 . 2012-04-02 05:44 -------- d-----w- c:\users\Ron is GAY\AppData\Local\temp
2012-04-02 05:44 . 2012-04-02 05:44 -------- d-----w- c:\users\owner\AppData\Local\temp
2012-04-02 05:44 . 2012-04-02 05:44 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-04-02 05:44 . 2012-04-02 05:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-01 10:40 . 2012-04-01 10:40 39184 ----a-w- c:\windows\SysWow64\Partizan.exe
2012-04-01 10:40 . 2012-04-01 10:40 35816 ----a-w- c:\windows\SysWow64\drivers\Partizan.sys
2012-04-01 10:40 . 2012-04-01 10:40 2 --shatr- c:\windows\winstart.bat
2012-04-01 10:40 . 2012-01-23 21:01 12800 ----a-w- c:\windows\SysWow64\drivers\UnHackMeDrv.sys
2012-04-01 10:40 . 2012-04-01 18:04 -------- dc----w- c:\program files (x86)\UnHackMe
2012-04-01 08:37 . 2012-04-01 14:28 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-04-01 08:33 . 2012-04-01 14:28 -------- d-----w- c:\windows\system32\drivers\AVG
2012-03-31 11:00 . 2012-03-31 11:01 -------- d-----w- c:\programdata\AVG Secure Search
2012-03-31 11:00 . 2012-04-01 00:55 -------- dc----w- c:\program files (x86)\AVG Secure Search
2012-03-31 11:00 . 2012-04-01 00:55 -------- dc----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-03-31 10:59 . 2012-03-31 10:59 -------- d--h--w- c:\programdata\Common Files
2012-03-31 10:56 . 2012-04-01 14:26 -------- d-----w- c:\programdata\AVG2012
2012-03-31 10:56 . 2012-03-31 10:56 -------- dc----w- C:\$AVG
2012-03-31 10:55 . 2012-04-01 00:49 -------- dc----w- c:\program files (x86)\AVG
2012-03-31 10:25 . 2012-04-01 14:26 -------- d-----w- c:\programdata\MFAData
2012-03-30 04:45 . 2012-03-30 05:01 -------- d-----w- c:\users\Silvestre Garay\AppData\Roaming\Advanced Chemistry Development
2012-03-30 04:44 . 2012-03-30 04:44 -------- d-----w- c:\users\Silvestre Garay\AppData\Local\WinZip
2012-03-29 16:00 . 2012-03-29 16:00 -------- d-----w- c:\windows\en
2012-03-29 15:42 . 2012-04-01 00:50 -------- dc----w- c:\program files\Windows Live
2012-03-29 15:41 . 2012-03-29 15:41 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-29 15:39 . 2012-03-29 15:39 537432 -c--a-w- c:\program files (x86)\Common Files\Windows Live\.cache\189c7db21cd0dc201\DXSETUP.exe
2012-03-29 15:39 . 2012-03-29 15:39 89944 -c--a-w- c:\program files (x86)\Common Files\Windows Live\.cache\189c7db21cd0dc201\DSETUP.dll
2012-03-29 15:39 . 2012-03-29 15:39 1801048 -c--a-w- c:\program files (x86)\Common Files\Windows Live\.cache\189c7db21cd0dc201\dsetup32.dll
2012-03-29 15:26 . 2012-04-01 14:34 -------- d-----w- c:\users\Kenneth
2012-03-29 15:01 . 2012-03-29 15:01 -------- d-----w- c:\users\Silvestre Garay\AppData\Roaming\Malwarebytes
2012-03-29 14:53 . 2012-03-29 14:53 -------- d-----w- c:\users\Silvestre Garay\AppData\Roaming\Tific
2012-03-29 14:53 . 2012-03-29 14:53 -------- d-----w- c:\users\Silvestre Garay\AppData\Local\Symantec
2012-03-29 14:37 . 2012-04-01 00:50 -------- d-----w- c:\programdata\Malwarebytes
2012-03-29 14:37 . 2012-04-01 14:28 -------- dc----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-29 14:37 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 14:18 . 2012-03-29 14:18 8738464 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-29 13:50 . 2012-03-29 14:18 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-29 13:50 . 2012-04-01 00:51 -------- d-----w- c:\windows\system32\Macromed
2012-03-29 13:48 . 2012-04-02 05:46 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-27 14:23 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0CC4C37-92A8-40B4-9DA3-3BA95EEA35BD}\mpengine.dll
2012-03-20 12:38 . 2012-03-20 12:38 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-20 12:38 . 2012-03-20 12:38 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 07:06 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 07:06 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 07:06 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 18:24 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 18:24 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 18:24 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 18:17 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 18:17 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 18:17 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 18:17 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 18:17 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 18:17 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 18:17 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-11 05:52 . 2012-04-01 00:50 -------- d--h--w- c:\programdata\WinZip
2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 22:37 . 2012-03-08 22:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-29 14:18 . 2011-06-01 01:46 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 13:18 . 2011-06-01 01:05 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-31 08:46 . 2012-01-31 08:46 36944 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2012-01-04 10:44 . 2012-02-16 05:38 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 05:38 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2010-06-28 258304]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2010-07-15 600688]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"CLMLServer"="c:\program files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Silvestre Garay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\axcifda]
2012-04-01 18:46 10752 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\axcifda.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan\0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-02-26 841248]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2010-01-08 23584]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-06-28 255744]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 14:18]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-10-09 508472]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-10 206208]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2010-02-26 818720]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"combofix"="c:\combofix\CF29334.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AdfuUd
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/?pc=MAGW
mStart Page = hxxp://www.bing.com/?pc=MAGW
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Kenneth\AppData\Roaming\Mozilla\Firefox\Profiles\12ezsh30.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\UnHackMe\hackmon.exe
.
**************************************************************************
.
Completion time: 2012-04-02 01:54:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-02 05:54
ComboFix2.txt 2012-04-01 13:41
.
Pre-Run: 417,035,591,680 bytes free
Post-Run: 416,722,026,496 bytes free
.
- - End Of File - - 0F713947CA6E56292915F090855ACEBA

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:11 AM

Posted 02 April 2012 - 06:40 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Zitbegone

Zitbegone
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 02 April 2012 - 08:57 AM

After rebooting the laptop when you said to if I got the "Illegal operation" message, it failed to restore so it went on to the restart repair and brought my laptop back to the same state as before the combofix. It actually removed the combofix program from my desktop. Should I continue with the TDSS killer and the aswMBR?

Edited by Zitbegone, 02 April 2012 - 09:03 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:11 AM

Posted 02 April 2012 - 09:03 AM

Hello

NO do this first please.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Zitbegone

Zitbegone
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 02 April 2012 - 09:28 AM

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 02-04-2012 10:19:39
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [508472 2009-10-09] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [818720 2010-02-26] (Acer Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k [258304 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe" [600688 2010-07-15] (Chicony)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-01] (Dritek System Inc.)
HKLM-x32\...\Run: [CLMLServer] "c:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253672 2011-01-07] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2011-01-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2012-01-13] (Malwarebytes Corporation)
HKU\Kenneth\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Silvestre Garay\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKLM-x32\...\runonceex: [Flags] 128
HKLM-x32\...\runonceex: [Title] UnHackMe Rootkit Check
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 AdfuUd; C:\Windows\System32\jaguar.dll [6656 2009-07-13] (Oak Technology Inc.)
3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253600 2012-03-29] (Adobe Systems Incorporated)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 GREGService; C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-13] (Malwarebytes Corporation)
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [64856 2009-02-26] (Microsoft Corporation)
2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation)
2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [255744 2010-06-28] (NewTech Infosystems, Inc.)
2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll [x]

========================== Drivers (Whitelisted) =============

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)
3 NTIDrvr; C:\Windows\System32\Drivers\NTIDrvr.sys [18432 2009-05-05] (NewTech Infosystems, Inc.)
0 Partizan; C:\Windows\SysWow64\Drivers\Partizan.sys [35816 2012-04-01] (Greatis Software)
3 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [16896 2009-05-05] (NewTech Infosystems Corporation)
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: AdfuUd

============ One Month Created Files and Folders ==============

2012-04-02 10:19 - 2012-04-02 10:20 - 0000000 ___DC C:\FRST
2012-04-02 05:50 - 2012-04-02 05:50 - 0000000 ____D C:\Users\Kenneth\AppData\Local\{82286383-BDFE-489F-8443-68C9EAC9E021}
2012-04-02 05:48 - 2012-04-02 05:48 - 0000000 ____D C:\Windows\system64
2012-04-01 21:54 - 2012-04-01 21:54 - 0020237 ___AC C:\ComboFix.txt
2012-04-01 20:01 - 2012-04-01 20:01 - 0000162 ___AH C:\Users\Kenneth\Desktop\~$Teflon.docx
2012-04-01 19:48 - 2012-04-01 19:59 - 0034304 ____A C:\Users\Kenneth\Desktop\Teflon.doc
2012-04-01 19:45 - 2012-04-01 19:45 - 0043008 ____A C:\Users\Kenneth\Desktop\Teflon.docx.dot
2012-04-01 15:39 - 2012-04-01 19:39 - 0019046 ____A C:\Users\Kenneth\Desktop\Teflon.docx
2012-04-01 15:11 - 2012-04-01 15:11 - 0000000 ____D C:\Users\Kenneth\AppData\Local\{D3D86321-3FEA-411F-9488-9D036F25E9DD}
2012-04-01 10:35 - 2012-04-01 10:35 - 0023553 ____A C:\Users\Kenneth\Desktop\DDS.txt
2012-04-01 10:35 - 2012-04-01 10:35 - 0018430 ____A C:\Users\Kenneth\Desktop\Attach.txt
2012-04-01 05:31 - 2012-04-01 05:31 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-04-01 05:31 - 2012-04-01 05:31 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-04-01 05:31 - 2012-04-01 05:31 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-04-01 05:31 - 2012-04-01 05:31 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-04-01 05:31 - 2012-04-01 05:31 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-04-01 05:31 - 2012-04-01 05:31 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-04-01 05:31 - 2012-04-01 05:31 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-04-01 05:31 - 2012-04-01 05:31 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-04-01 05:31 - 2012-04-01 05:31 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-04-01 05:31 - 2012-04-01 05:31 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-04-01 05:12 - 2012-04-02 02:26 - 0000000 ____D C:\Windows\ERDNT
2012-04-01 05:12 - 2012-04-01 21:55 - 0000000 ___DC C:\Qoobox
2012-04-01 02:51 - 2012-04-01 02:52 - 0000000 ____D C:\Users\Kenneth\AppData\Local\ElevatedDiagnostics
2012-04-01 02:51 - 2012-04-01 02:51 - 0000398 ___AC C:\rkill.log
2012-04-01 02:40 - 2012-04-02 02:26 - 0000000 ___DC C:\Program Files (x86)\UnHackMe
2012-04-01 02:40 - 2012-04-01 04:04 - 0000000 ____D C:\Users\Public\Documents\regruninfo
2012-04-01 02:40 - 2012-04-01 02:42 - 0000000 ____D C:\Users\Kenneth\Documents\RegRun2
2012-04-01 02:40 - 2012-04-01 02:40 - 0039184 ____A (Greatis Software) C:\Windows\SysWOW64\Partizan.exe
2012-04-01 02:40 - 2012-04-01 02:40 - 0035816 ____A (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2012-04-01 02:40 - 2012-04-01 02:40 - 0000950 ____A C:\Users\Kenneth\Desktop\UnHackMe.lnk
2012-04-01 02:40 - 2012-04-01 02:40 - 0000002 RASHOT C:\Windows\winstart.bat
2012-04-01 02:40 - 2012-04-01 02:40 - 0000002 RASHOT C:\Windows\SysWOW64\CONFIG.NT
2012-04-01 02:40 - 2012-04-01 02:40 - 0000002 RASHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2012-04-01 02:40 - 2012-01-23 13:01 - 0012800 ____A (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys
2012-04-01 02:35 - 2012-04-01 02:39 - 11347294 ____A C:\Users\Kenneth\Downloads\unhackme.zip
2012-04-01 02:32 - 2012-04-01 02:32 - 0000000 ____D C:\Users\Kenneth\AppData\Local\{2F0C8BAE-0972-4A78-BE72-EB0AD7F7A7DE}
2012-04-01 00:37 - 2012-04-01 06:28 - 0000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-04-01 00:33 - 2012-04-01 06:28 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2012-03-31 14:00 - 2012-03-31 14:00 - 0000000 ____D C:\Users\Kenneth\AppData\Local\{DB25D9EE-59B5-4A88-99EA-06D13D113C2E}
2012-03-31 12:20 - 2012-03-31 12:20 - 0649332 ____A C:\Users\Kenneth\Documents\Scan0001.pdf
2012-03-31 09:39 - 2012-03-31 09:39 - 0098985 ____A C:\Users\Kenneth\Downloads\DeSmuME.zip
2012-03-31 06:40 - 2012-03-31 06:47 - 12507410 ____A C:\Users\Kenneth\Downloads\McGraw-Hill Ryerson - High School Chemistry 12 v3.pdf
2012-03-31 06:14 - 2012-03-31 06:22 - 38327566 ____A C:\Users\Kenneth\Desktop\Nelson chem 12 -1.pdf
2012-03-31 06:14 - 2012-03-31 06:14 - 0000000 ____D C:\Users\Kenneth\Downloads\BillyVan-BitTorrent
2012-03-31 06:10 - 2012-03-31 16:55 - 0000000 ____D C:\Users\Kenneth\AppData\Roaming\uTorrent
2012-03-31 05:43 - 2012-03-31 05:43 - 0012270 ____A C:\Users\Kenneth\Desktop\Nelson_Chemistry_12.6051292.TPB.torrent
2012-03-31 05:42 - 2012-03-31 05:42 - 0012270 ____A C:\Users\Kenneth\Downloads\Nelson_Chemistry_12.6051292.TPB.torrent
2012-03-31 03:01 - 2012-03-31 03:01 - 0000000 ____D C:\Users\Kenneth\AppData\Roaming\AVG2012
2012-03-31 03:00 - 2012-03-31 16:55 - 0000000 ___DC C:\Program Files (x86)\AVG Secure Search
2012-03-31 03:00 - 2012-03-31 03:01 - 0000000 ____D C:\Users\All Users\AVG Secure Search
2012-03-31 03:00 - 2012-03-31 03:01 - 0000000 ____D C:\ProgramData\AVG Secure Search
2012-03-31 02:56 - 2012-04-01 06:26 - 0000000 ____D C:\Users\All Users\AVG2012
2012-03-31 02:56 - 2012-04-01 06:26 - 0000000 ____D C:\ProgramData\AVG2012
2012-03-31 02:56 - 2012-03-31 02:56 - 0000000 ___DC C:\$AVG
2012-03-31 02:55 - 2012-03-31 16:49 - 0000000 ___DC C:\Program Files (x86)\AVG
2012-03-31 02:25 - 2012-04-01 06:26 - 0000000 ____D C:\Users\All Users\MFAData
2012-03-31 02:25 - 2012-04-01 06:26 - 0000000 ____D C:\ProgramData\MFAData
2012-03-31 02:24 - 2012-03-31 02:25 - 3867712 ____A (AVG Technologies) C:\Users\Kenneth\Downloads\avg_isct_stb_all_2012_2126_free.exe
2012-03-31 02:21 - 2012-03-31 02:21 - 2048299 ____A C:\Users\Kenneth\Downloads\tdsskiller.zip
2012-03-31 02:21 - 2012-03-31 02:21 - 0000000 ____D C:\Users\Kenneth\AppData\Local\WinZip
2012-03-31 02:19 - 2012-03-31 02:19 - 0001574 ___AC C:\MAKEMSI_VBSCA-Kaspersky Security Scan(1.0.0.500)-Saturday.log
2012-03-31 02:14 - 2012-03-31 16:50 - 0000000 ____D C:\Users\Kenneth\AppData\Roaming\Skype
2012-03-30 09:55 - 2012-04-01 20:07 - 0000584 ____A C:\Users\Kenneth\Documents\grstyles.stl
2012-03-29 21:29 - 2012-03-29 21:30 - 0281980 ____A C:\Users\Kenneth\Desktop\huf-skyline.jpg
2012-03-29 21:11 - 2012-03-29 21:11 - 0000000 ____D C:\Users\Kenneth\AppData\Roaming\Malwarebytes
2012-03-29 21:09 - 2012-03-31 16:50 - 0000000 ____D C:\Users\Kenneth\AppData\Roaming\Mozilla
2012-03-29 21:09 - 2012-03-31 16:50 - 0000000 ____D C:\Users\Kenneth\AppData\Local\Mozilla
2012-03-29 21:09 - 2012-03-29 21:09 - 0001921 ____A C:\Users\Kenneth\Documents\template.cfg
2012-03-29 21:09 - 2012-03-29 21:09 - 0000012 ____A C:\Users\Kenneth\Documents\UserStl.sk
2012-03-29 21:09 - 2012-03-29 21:09 - 0000000 ____D C:\Users\Kenneth\AppData\Roaming\Advanced Chemistry Development
2012-03-29 21:08 - 2012-03-31 02:00 - 0000000 ____D C:\Users\Kenneth\AppData\Local\{EF36EF6B-6C64-4E49-8CE8-8ED6C634ECD9}
2012-03-29 21:07 - 2012-03-29 21:07 - 0000584 ____A C:\Users\Silvestre Garay\Documents\grstyles.stl
2012-03-29 21:05 - 2012-03-29 21:05 - 0000012 ____A C:\Users\Silvestre Garay\Documents\UserStl.sk
2012-03-29 21:01 - 2012-03-29 21:01 - 0001921 ____A C:\Users\Silvestre Garay\Documents\template.cfg
2012-03-29 20:45 - 2012-03-29 21:01 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Roaming\Advanced Chemistry Development
2012-03-29 20:44 - 2012-03-29 20:44 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\WinZip
2012-03-29 20:14 - 2012-03-29 20:47 - 108894663 ____A (Microsoft Corporation) C:\Users\Silvestre Garay\Downloads\X17-75058.exe.part
2012-03-29 19:03 - 2012-04-01 20:02 - 0000000 ____D C:\Users\Kenneth\AppData\Local\CrashDumps
2012-03-29 19:03 - 2012-03-29 19:03 - 0000162 ___AH C:\Users\Silvestre Garay\Documents\~$Activity3Assignment2GasVolumeandTemperatureReport.doc
2012-03-29 19:02 - 2012-04-02 02:25 - 0000000 ____D C:\Users\Kenneth\AppData\Roaming\SoftGrid Client
2012-03-29 19:02 - 2012-03-29 19:02 - 0000162 ___AH C:\Users\Silvestre Garay\Downloads\~$it 13 K Optimization.doc
2012-03-29 19:02 - 2012-03-29 19:02 - 0000000 ____D C:\Users\Kenneth\AppData\Local\SoftGrid Client
2012-03-29 11:20 - 2012-03-29 11:20 - 0000000 ____D C:\Users\Kenneth\AppData\Local\Apple
2012-03-29 11:17 - 2012-03-29 11:17 - 0000000 ____D C:\Users\Kenneth\AppData\Local\Apple Computer
2012-03-29 09:48 - 2012-04-01 15:27 - 0000000 ____D C:\Users\Kenneth\Documents\My Received Files
2012-03-29 08:26 - 2012-03-29 08:26 - 0000000 ____D C:\Users\Kenneth\AppData\Roaming\Tific
2012-03-29 08:26 - 2012-03-29 08:26 - 0000000 ____D C:\Users\Kenneth\AppData\Local\Symantec
2012-03-29 08:09 - 2012-03-29 08:09 - 0000000 ____D C:\Users\Kenneth\AppData\Local\{3B488ED2-E74A-4F63-99FC-FD5436F0AE75}
2012-03-29 08:08 - 2012-04-02 05:49 - 0000000 ____D C:\Users\Kenneth\Tracing
2012-03-29 08:00 - 2012-03-29 08:00 - 0000000 ____D C:\Windows\en
2012-03-29 07:42 - 2012-03-31 16:50 - 0000000 ___DC C:\Program Files\Windows Live
2012-03-29 07:38 - 2012-03-29 08:07 - 0000000 ____D C:\Users\Kenneth\AppData\Local\Windows Live
2012-03-29 07:37 - 2012-03-29 07:37 - 1287528 ____A (Microsoft Corporation) C:\Users\Kenneth\Documents\wlsetup-web.exe
2012-03-29 07:31 - 2012-03-31 16:50 - 0000000 ____D C:\Users\Kenneth\AppData\Roaming\Opera
2012-03-29 07:31 - 2012-03-31 16:50 - 0000000 ____D C:\Users\Kenneth\AppData\Local\Opera
2012-03-29 07:27 - 2012-04-01 20:01 - 0108840 ____A C:\Users\Kenneth\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-29 07:27 - 2012-03-31 16:50 - 0000000 ____D C:\Users\Kenneth\AppData\Roaming\Adobe
2012-03-29 07:27 - 2012-03-30 19:34 - 0000000 ____D C:\Users\Kenneth\AppData\Roaming\Apple Computer
2012-03-29 07:27 - 2012-03-29 07:27 - 0000000 ____D C:\Users\Kenneth\AppData\Roaming\Sony Corporation
2012-03-29 07:27 - 2012-03-29 07:27 - 0000000 ____D C:\Users\Kenneth\AppData\Roaming\ATI
2012-03-29 07:27 - 2012-03-29 07:27 - 0000000 ____D C:\Users\Kenneth\AppData\Local\Power2Go
2012-03-29 07:27 - 2012-03-29 07:27 - 0000000 ____D C:\Users\Kenneth\AppData\Local\ATI
2012-03-29 07:26 - 2012-04-02 05:49 - 0000000 ____D C:\users\Kenneth
2012-03-29 07:26 - 2012-03-31 16:50 - 0000000 ____D C:\Users\Kenneth\AppData\Roaming\Macromedia
2012-03-29 07:26 - 2012-03-31 16:50 - 0000000 ____D C:\Users\Kenneth\AppData\LocalLow
2012-03-29 07:26 - 2012-03-31 06:29 - 0000000 ____D C:\Users\Kenneth\AppData\Local\Adobe
2012-03-29 07:26 - 2012-03-31 05:41 - 0000000 ____D C:\Users\Kenneth\AppData\Local\VirtualStore
2012-03-29 07:26 - 2012-03-29 07:26 - 0000174 ___SH C:\Users\Kenneth\Start Menu\Programs\Startup\desktop.ini
2012-03-29 07:26 - 2012-03-29 07:26 - 0000174 ___SH C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-03-29 07:26 - 2012-03-29 07:26 - 0000020 ___SH C:\Users\Kenneth\ntuser.ini
2012-03-29 07:26 - 2012-03-29 07:26 - 0000000 __SHD C:\Users\Kenneth\Templates
2012-03-29 07:26 - 2012-03-29 07:26 - 0000000 __SHD C:\Users\Kenneth\Start Menu
2012-03-29 07:26 - 2012-03-29 07:26 - 0000000 __SHD C:\Users\Kenneth\PrintHood
2012-03-29 07:26 - 2012-03-29 07:26 - 0000000 __SHD C:\Users\Kenneth\NetHood
2012-03-29 07:26 - 2012-03-29 07:26 - 0000000 __SHD C:\Users\Kenneth\My Documents
2012-03-29 07:26 - 2012-03-29 07:26 - 0000000 __SHD C:\Users\Kenneth\Documents\My Videos
2012-03-29 07:26 - 2012-03-29 07:26 - 0000000 __SHD C:\Users\Kenneth\Documents\My Pictures
2012-03-29 07:26 - 2012-03-29 07:26 - 0000000 __SHD C:\Users\Kenneth\Documents\My Music
2012-03-29 07:26 - 2012-03-29 07:26 - 0000000 __SHD C:\Users\Kenneth\AppData\Local\Temporary Internet Files
2012-03-29 07:26 - 2012-03-29 07:26 - 0000000 __SHD C:\Users\Kenneth\AppData\Local\History
2012-03-29 07:26 - 2011-06-24 10:38 - 0000000 ____D C:\Users\Kenneth\AppData\Local\Microsoft Help
2012-03-29 07:26 - 2010-10-21 17:19 - 0000000 ____D C:\Users\Kenneth\AppData\Roaming\Media Center Programs
2012-03-29 07:01 - 2012-03-29 07:01 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Roaming\Malwarebytes
2012-03-29 06:53 - 2012-03-29 06:53 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Roaming\Tific
2012-03-29 06:53 - 2012-03-29 06:53 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\Symantec
2012-03-29 06:53 - 2012-03-29 06:53 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\{C58AD453-D4F8-475E-8BF1-35C6DEB6AE9A}
2012-03-29 06:37 - 2012-04-01 06:28 - 0000000 ___DC C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-29 06:37 - 2012-03-31 16:50 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-03-29 06:37 - 2012-03-31 16:50 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-03-29 06:37 - 2011-12-10 11:24 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-29 06:18 - 2012-03-29 06:18 - 8738464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-03-29 06:09 - 2012-03-29 06:13 - 0000200 ___AH C:\Users\All Users\-X6IB979BkLUXLLr
2012-03-29 06:09 - 2012-03-29 06:13 - 0000200 ___AH C:\ProgramData\-X6IB979BkLUXLLr
2012-03-29 06:09 - 2012-03-29 06:13 - 0000000 ___AH C:\Users\All Users\-X6IB979BkLUXLL
2012-03-29 06:09 - 2012-03-29 06:13 - 0000000 ___AH C:\ProgramData\-X6IB979BkLUXLL
2012-03-29 05:50 - 2012-04-02 06:15 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-03-29 05:50 - 2012-03-31 16:51 - 0000000 ____D C:\Windows\System32\Macromed
2012-03-29 05:50 - 2012-03-29 06:18 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-03-29 05:48 - 2012-04-02 05:49 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-03-29 05:45 - 2012-03-29 06:13 - 0099328 ___AH C:\Users\All Users\2jFf5J64.exe
2012-03-29 05:45 - 2012-03-29 06:13 - 0099328 ___AH C:\ProgramData\2jFf5J64.exe
2012-03-17 08:52 - 2012-03-17 08:52 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\{D3BE4200-188B-4501-9670-0F3416045B44}
2012-03-17 08:51 - 2012-03-17 08:52 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\{6F0E5D0C-5C2B-47B6-A7D8-2FB1C220487E}
2012-03-15 15:51 - 2012-03-15 15:52 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\{C78B8F50-1D04-40E3-882D-EC00B0AA07ED}
2012-03-15 15:51 - 2012-03-15 15:51 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\{BE9BD560-EC32-4CBB-85DF-25CCC92AC73F}
2012-03-13 23:06 - 2011-11-19 07:20 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-13 23:06 - 2011-11-19 06:50 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-13 23:06 - 2011-11-19 06:50 - 3913584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-13 10:24 - 2012-02-09 22:36 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-13 10:24 - 2012-02-09 21:38 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-13 10:24 - 2012-02-02 20:34 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-13 10:17 - 2012-02-16 22:38 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-13 10:17 - 2012-02-16 21:34 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-13 10:17 - 2012-02-16 20:58 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-13 10:17 - 2012-02-16 20:57 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-13 10:17 - 2012-01-24 22:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-13 10:17 - 2012-01-24 22:38 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-13 10:17 - 2012-01-24 22:33 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-03-10 21:52 - 2012-03-31 16:50 - 0000000 ___HD C:\Users\All Users\WinZip
2012-03-10 21:52 - 2012-03-31 16:50 - 0000000 ___HD C:\ProgramData\WinZip
2012-03-10 21:52 - 2012-03-31 16:50 - 0000000 ___DC C:\Program Files\WinZip
2012-03-08 14:50 - 2012-03-08 14:50 - 0049016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sirenacm.dll
2012-03-08 14:37 - 2012-03-08 14:37 - 0302448 ____A (Microsoft Corporation) C:\Windows\WLXPGSS.SCR
2012-03-03 13:04 - 2012-03-03 13:04 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\{FF540818-CCDC-48F0-A372-26D972700470}
2012-03-03 13:03 - 2012-03-03 13:03 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\{0D1B1B90-8089-4AFA-8DBF-60E9BC6E9DB8}

============ 3 Months Modified Files and Folders =============

2012-04-02 10:20 - 2012-04-02 10:19 - 0000000 ___DC C:\FRST
2012-04-02 06:16 - 2010-11-05 15:22 - 1252545 ____A C:\Windows\WindowsUpdate.log
2012-04-02 06:15 - 2012-03-29 05:50 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-02 05:57 - 2009-07-13 20:45 - 0017600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-02 05:57 - 2009-07-13 20:45 - 0017600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-02 05:50 - 2012-04-02 05:50 - 0000000 ____D C:\Users\Kenneth\AppData\Local\{82286383-BDFE-489F-8443-68C9EAC9E021}
2012-04-02 05:50 - 2011-12-12 06:46 - 0000908 ___AH C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2138139425-1338123400-944751944-1000UA.job
2012-04-02 05:49 - 2012-03-29 08:08 - 0000000 ____D C:\Users\Kenneth\Tracing
2012-04-02 05:49 - 2012-03-29 07:26 - 0000000 ____D C:\users\Kenneth
2012-04-02 05:49 - 2012-03-29 05:48 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-02 05:48 - 2012-04-02 05:48 - 0000000 ____D C:\Windows\system64
2012-04-02 05:48 - 2010-11-05 15:18 - 3018608640 __ASH C:\hiberfil.sys
2012-04-02 05:48 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-02 05:48 - 2009-07-13 20:51 - 0335443 ____A C:\Windows\setupact.log
2012-04-02 05:48 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\System32\config\TxR
2012-04-02 02:27 - 2012-01-13 09:59 - 0000000 ____D C:\users\Ron is GAY
2012-04-02 02:27 - 2012-01-13 09:54 - 0000000 ____D C:\users\Guest
2012-04-02 02:27 - 2011-06-23 17:18 - 0000000 ____D C:\users\Silvestre Garay
2012-04-02 02:26 - 2012-04-01 05:12 - 0000000 ____D C:\Windows\ERDNT
2012-04-02 02:26 - 2012-04-01 02:40 - 0000000 ___DC C:\Program Files (x86)\UnHackMe
2012-04-02 02:26 - 2011-05-31 19:07 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-02 02:26 - 2011-05-31 16:56 - 0000000 ____D C:\Program Files (x86)\Opera
2012-04-02 02:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-04-02 02:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-04-02 02:26 - 2009-07-13 19:18 - 0000000 _SHDC C:\$Recycle.Bin
2012-04-02 02:25 - 2012-03-29 19:02 - 0000000 ____D C:\Users\Kenneth\AppData\Roaming\SoftGrid Client
2012-04-02 02:25 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-04-01 21:55 - 2012-04-01 05:12 - 0000000 ___DC C:\Qoobox
2012-04-01 21:54 - 2012-04-01 21:54 - 0020237 ___AC C:\ComboFix.txt
2012-04-01 21:45 - 2009-07-13 18:34 - 69206016 ____A C:\Windows\System32\config\software.bak
2012-04-01 21:45 - 2009-07-13 18:34 - 16515072 ____A C:\Windows\System32\config\system.bak
2012-04-01 21:45 - 2009-07-13 18:34 - 1048576 ____A C:\Windows\System32\config\default.bak
2012-04-01 21:45 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\security.bak
2012-04-01 21:45 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\sam.bak
2012-04-01 20:07 - 2012-03-30 09:55 - 0000584 ____A C:\Users\Kenneth\Documents\grstyles.stl
2012-04-01 20:02 - 2012-03-29 19:03 - 0000000 ____D C:\Users\Kenneth\AppData\Local\CrashDumps
2012-04-01 20:01 - 2012-04-01 20:01 - 0000162 ___AH C:\Users\Kenneth\Desktop\~$Teflon.docx
2012-04-01 20:01 - 2012-03-29 07:27 - 0108840 ____A C:\Users\Kenneth\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-01 19:59 - 2012-04-01 19:48 - 0034304 ____A C:\Users\Kenneth\Desktop\Teflon.doc
2012-04-01 19:45 - 2012-04-01 19:45 - 0043008 ____A C:\Users\Kenneth\Desktop\Teflon.docx.dot
2012-04-01 19:39 - 2012-04-01 15:39 - 0019046 ____A C:\Users\Kenneth\Desktop\Teflon.docx
2012-04-01 15:27 - 2012-03-29 09:48 - 0000000 ____D C:\Users\Kenneth\Documents\My Received Files
2012-04-01 15:11 - 2012-04-01 15:11 - 0000000 ____D C:\Users\Kenneth\AppData\Local\{D3D86321-3FEA-411F-9488-9D036F25E9DD}
2012-04-01 10:35 - 2012-04-01 10:35 - 0023553 ____A C:\Users\Kenneth\Desktop\DDS.txt
2012-04-01 10:35 - 2012-04-01 10:35 - 0018430 ____A C:\Users\Kenneth\Desktop\Attach.txt
2012-04-01 06:28 - 2012-04-01 00:37 - 0000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-04-01 06:28 - 2012-04-01 00:33 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2012-04-01 06:28 - 2012-03-29 06:37 - 0000000 ___DC C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-01 06:28 - 2012-02-20 20:40 - 0000000 ___DC C:\Program Files (x86)\iTunes
2012-04-01 06:28 - 2011-10-13 06:29 - 0000000 ___DC C:\Program Files (x86)\Bonjour
2012-04-01 06:28 - 2010-11-05 15:30 - 0000000 ____D C:\Program Files (x86)\Video Web Camera
2012-04-01 06:28 - 2009-07-13 21:32 - 0000000 ___DC C:\Program Files\Windows Sidebar
2012-04-01 06:28 - 2009-07-13 21:32 - 0000000 ___DC C:\Program Files\Windows Photo Viewer
2012-04-01 06:26 - 2012-03-31 02:56 - 0000000 ____D C:\Users\All Users\AVG2012
2012-04-01 06:26 - 2012-03-31 02:56 - 0000000 ____D C:\ProgramData\AVG2012
2012-04-01 06:26 - 2012-03-31 02:25 - 0000000 ____D C:\Users\All Users\MFAData
2012-04-01 06:26 - 2012-03-31 02:25 - 0000000 ____D C:\ProgramData\MFAData
2012-04-01 05:31 - 2012-04-01 05:31 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-04-01 05:31 - 2012-04-01 05:31 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-04-01 05:31 - 2012-04-01 05:31 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-04-01 05:31 - 2012-04-01 05:31 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-04-01 05:31 - 2012-04-01 05:31 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-04-01 05:31 - 2012-04-01 05:31 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-04-01 05:31 - 2012-04-01 05:31 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-04-01 05:31 - 2012-04-01 05:31 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-04-01 05:31 - 2012-04-01 05:31 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-04-01 05:31 - 2012-04-01 05:31 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-04-01 04:04 - 2012-04-01 02:40 - 0000000 ____D C:\Users\Public\Documents\regruninfo
2012-04-01 02:52 - 2012-04-01 02:51 - 0000000 ____D C:\Users\Kenneth\AppData\Local\ElevatedDiagnostics
2012-04-01 02:51 - 2012-04-01 02:51 - 0000398 ___AC C:\rkill.log
2012-04-01 02:42 - 2012-04-01 02:40 - 0000000 ____D C:\Users\Kenneth\Documents\RegRun2
2012-04-01 02:40 - 2012-04-01 02:40 - 0039184 ____A (Greatis Software) C:\Windows\SysWOW64\Partizan.exe
2012-04-01 02:40 - 2012-04-01 02:40 - 0035816 ____A (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2012-04-01 02:40 - 2012-04-01 02:40 - 0000950 ____A C:\Users\Kenneth\Desktop\UnHackMe.lnk
2012-04-01 02:40 - 2012-04-01 02:40 - 0000002 RASHOT C:\Windows\winstart.bat
2012-04-01 02:40 - 2012-04-01 02:40 - 0000002 RASHOT C:\Windows\SysWOW64\CONFIG.NT
2012-04-01 02:40 - 2012-04-01 02:40 - 0000002 RASHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2012-04-01 02:39 - 2012-04-01 02:35 - 11347294 ____A C:\Users\Kenneth\Downloads\unhackme.zip
2012-04-01 02:32 - 2012-04-01 02:32 - 0000000 ____D C:\Users\Kenneth\AppData\Local\{2F0C8BAE-0972-4A78-BE72-EB0AD7F7A7DE}
2012-04-01 00:09 - 2011-12-12 06:46 - 0000856 ___AH C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2138139425-1338123400-944751944-1000Core.job
2012-03-31 16:58 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2012-03-31 16:55 - 2012-03-31 06:10 - 0000000 ____D C:\Users\Kenneth\AppData\Roaming\uTorrent
2012-03-31 16:55 - 2012-03-31 03:00 - 0000000 ___DC C:\Program Files (x86)\AVG Secure Search
2012-03-31 16:52 - 2010-10-21 17:25 - 0000000 ____D C:\Windows\SysWOW64\Drivers\nti
2012-03-31 16:52 - 2010-10-21 17:19 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-03-31 16:52 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\winrm
2012-03-31 16:52 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\WCN
2012-03-31 16:52 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\slmgr
2012-03-31 16:52 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2012-03-31 16:52 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2012-03-31 16:52 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Web
2012-03-31 16:52 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Vss
2012-03-31 16:52 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\spp
2012-03-31 16:52 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Speech
2012-03-31 16:52 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\MUI
2012-03-31 16:52 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-03-31 16:52 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\InstallShield
2012-03-31 16:52 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\IME
2012-03-31 16:52 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-03-31 16:51 - 2012-03-29 05:50 - 0000000 ____D C:\Windows\System32\Macromed
2012-03-31 16:51 - 2011-07-01 09:19 - 0000000 ____D C:\Windows\System32\SPReview
2012-03-31 16:51 - 2011-07-01 09:17 - 0000000 ____D C:\Windows\System32\EventProviders
2012-03-31 16:51 - 2011-06-01 06:39 - 0000000 ____D C:\Windows\SysWOW64\Adobe
2012-03-31 16:51 - 2010-11-05 16:14 - 0000000 ____D C:\Windows\NAPP_Dism_Log
2012-03-31 16:51 - 2010-10-21 17:21 - 0000000 ____D C:\Windows\oem
2012-03-31 16:51 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\winrm
2012-03-31 16:51 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\WCN
2012-03-31 16:51 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\slmgr
2012-03-31 16:51 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2012-03-31 16:51 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WindowsPowerShell
2012-03-31 16:51 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WinBioPlugIns
2012-03-31 16:51 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Performance
2012-03-31 16:51 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\Setup
2012-03-31 16:51 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\ServiceProfiles
2012-03-31 16:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\com
2012-03-31 16:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-03-31 16:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spp
2012-03-31 16:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spool
2012-03-31 16:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Speech
2012-03-31 16:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\SMI
2012-03-31 16:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NetworkList
2012-03-31 16:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\MUI
2012-03-31 16:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Msdtc
2012-03-31 16:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-03-31 16:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\IME
2012-03-31 16:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2012-03-31 16:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\com
2012-03-31 16:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Speech
2012-03-31 16:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2012-03-31 16:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\security
2012-03-31 16:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\schemas
2012-03-31 16:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Resources
2012-03-31 16:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-03-31 16:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-03-31 16:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PLA
2012-03-31 16:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\IME
2012-03-31 16:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Help
2012-03-31 16:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Globalization
2012-03-31 16:51 - 2009-03-12 01:30 - 0000000 ___HD C:\Windows\LP
2012-03-31 16:50 - 2012-03-31 02:14 - 0000000 ____D C:\Users\Kenneth\AppData\Roaming\Skype
2012-03-31 16:50 - 2012-03-29 21:09 - 0000000 ____D C:\Users\Kenneth\AppData\Roaming\Mozilla
2012-03-31 16:50 - 2012-03-29 21:09 - 0000000 ____D C:\Users\Kenneth\AppData\Local\Mozilla
2012-03-31 16:50 - 2012-03-29 07:42 - 0000000 ___DC C:\Program Files\Windows Live
2012-03-31 16:50 - 2012-03-29 07:31 - 0000000 ____D C:\Users\Kenneth\AppData\Roaming\Opera
2012-03-31 16:50 - 2012-03-29 07:31 - 0000000 ____D C:\Users\Kenneth\AppData\Local\Opera
2012-03-31 16:50 - 2012-03-29 07:27 - 0000000 ____D C:\Users\Kenneth\AppData\Roaming\Adobe
2012-03-31 16:50 - 2012-03-29 07:26 - 0000000 ____D C:\Users\Kenneth\AppData\Roaming\Macromedia
2012-03-31 16:50 - 2012-03-29 07:26 - 0000000 ____D C:\Users\Kenneth\AppData\LocalLow
2012-03-31 16:50 - 2012-03-29 06:37 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-03-31 16:50 - 2012-03-29 06:37 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-03-31 16:50 - 2012-03-10 21:52 - 0000000 ___HD C:\Users\All Users\WinZip
2012-03-31 16:50 - 2012-03-10 21:52 - 0000000 ___HD C:\ProgramData\WinZip
2012-03-31 16:50 - 2012-03-10 21:52 - 0000000 ___DC C:\Program Files\WinZip
2012-03-31 16:50 - 2012-02-20 20:40 - 0000000 ___DC C:\Program Files\iTunes
2012-03-31 16:50 - 2012-02-20 20:40 - 0000000 ___DC C:\Program Files\iPod
2012-03-31 16:50 - 2012-01-08 18:10 - 0000000 ___DC C:\Program Files\Adobe
2012-03-31 16:50 - 2012-01-08 18:09 - 0000000 ___DC C:\Program Files\Common Files\Adobe
2012-03-31 16:50 - 2012-01-05 18:02 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Roaming\Skype
2012-03-31 16:50 - 2011-12-09 21:29 - 0000000 ___DC C:\Program Files (x86)\Electronic Arts
2012-03-31 16:50 - 2011-12-09 21:02 - 0000000 ___DC C:\Program Files (x86)\EA GAMES
2012-03-31 16:50 - 2011-11-19 20:32 - 0000000 ___DC C:\Program Files (x86)\VideoLAN
2012-03-31 16:50 - 2011-11-07 11:08 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Roaming\TP
2012-03-31 16:50 - 2011-10-16 16:11 - 0000000 __HDC C:\Riot Games
2012-03-31 16:50 - 2011-09-14 05:30 - 0000000 ___DC C:\Program Files (x86)\QuickTime
2012-03-31 16:50 - 2011-09-11 19:03 - 0000000 ___HD C:\Users\All Users\Sony Corporation
2012-03-31 16:50 - 2011-09-11 19:03 - 0000000 ___HD C:\ProgramData\Sony Corporation
2012-03-31 16:50 - 2011-09-11 19:03 - 0000000 ___DC C:\Program Files\Sony
2012-03-31 16:50 - 2011-08-29 12:37 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\HP
2012-03-31 16:50 - 2011-07-12 17:14 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Roaming\Adobe
2012-03-31 16:50 - 2011-07-12 17:09 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Roaming\Opera
2012-03-31 16:50 - 2011-07-12 17:09 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\Opera
2012-03-31 16:50 - 2011-07-12 17:07 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Roaming\Mozilla
2012-03-31 16:50 - 2011-07-12 17:07 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\Mozilla
2012-03-31 16:50 - 2011-06-23 17:22 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Roaming\SoftGrid Client
2012-03-31 16:50 - 2011-06-23 17:18 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Roaming\Macromedia
2012-03-31 16:50 - 2011-06-23 17:18 - 0000000 ____D C:\Users\Silvestre Garay\AppData\LocalLow
2012-03-31 16:50 - 2011-06-23 17:12 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
2012-03-31 16:50 - 2011-06-23 17:12 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2012-03-31 16:50 - 2011-06-23 17:08 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2012-03-31 16:50 - 2011-06-11 05:02 - 0000000 ____D C:\Program Files (x86)\Pando Networks
2012-03-31 16:50 - 2011-06-07 14:47 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-03-31 16:50 - 2011-06-01 05:40 - 0000000 ____D C:\Program Files (x86)\MSECache
2012-03-31 16:50 - 2011-05-31 19:39 - 0000000 ___HD C:\Users\All Users\Apple Computer
2012-03-31 16:50 - 2011-05-31 19:39 - 0000000 ___HD C:\ProgramData\Apple Computer
2012-03-31 16:50 - 2011-05-31 19:38 - 0000000 ___HD C:\Users\All Users\Apple
2012-03-31 16:50 - 2011-05-31 19:38 - 0000000 ___HD C:\ProgramData\Apple
2012-03-31 16:50 - 2011-05-31 19:38 - 0000000 ___DC C:\Program Files\Common Files\Apple
2012-03-31 16:50 - 2011-05-31 18:32 - 0000000 ___DC C:\Program Files (x86)\Java
2012-03-31 16:50 - 2011-05-31 17:06 - 0000000 ___HD C:\Users\All Users\Skype
2012-03-31 16:50 - 2011-05-31 17:06 - 0000000 ___HD C:\ProgramData\Skype
2012-03-31 16:50 - 2011-05-31 16:50 - 0000000 ___DC C:\Program Files\Microsoft Office
2012-03-31 16:50 - 2011-05-31 16:50 - 0000000 ___DC C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-03-31 16:50 - 2011-05-31 15:30 - 0000000 ___HD C:\Users\All Users\HP Photo Creations
2012-03-31 16:50 - 2011-05-31 15:30 - 0000000 ___HD C:\Users\All Users\HP
2012-03-31 16:50 - 2011-05-31 15:30 - 0000000 ___HD C:\ProgramData\HP Photo Creations
2012-03-31 16:50 - 2011-05-31 15:30 - 0000000 ___HD C:\ProgramData\HP
2012-03-31 16:50 - 2011-05-31 15:30 - 0000000 ___DC C:\Program Files (x86)\HP
2012-03-31 16:50 - 2011-05-31 15:29 - 0000000 ___DC C:\Program Files\HP
2012-03-31 16:50 - 2011-05-31 15:21 - 0000000 ___HD C:\Users\All Users\OEM_E471269A730D
2012-03-31 16:50 - 2011-05-31 15:21 - 0000000 ___HD C:\ProgramData\OEM_E471269A730D
2012-03-31 16:50 - 2011-05-31 15:21 - 0000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2012-03-31 16:50 - 2011-05-31 15:21 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2012-03-31 16:50 - 2011-05-31 15:21 - 0000000 ____D C:\Program Files (x86)\OEM
2012-03-31 16:50 - 2010-11-05 15:41 - 0000000 ___DC C:\Program Files (x86)\Microsoft Office
2012-03-31 16:50 - 2010-11-05 15:39 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-03-31 16:50 - 2010-11-05 15:38 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-03-31 16:50 - 2010-11-05 15:33 - 0000000 ___HD C:\Users\All Users\CyberLink
2012-03-31 16:50 - 2010-11-05 15:33 - 0000000 ___HD C:\ProgramData\CyberLink
2012-03-31 16:50 - 2010-11-05 15:33 - 0000000 ___DC C:\Program Files (x86)\Cyberlink
2012-03-31 16:50 - 2010-11-05 15:31 - 0000000 ___DC C:\Program Files (x86)\Launch Manager
2012-03-31 16:50 - 2010-11-05 15:30 - 0000000 ___DC C:\Program Files\Synaptics
2012-03-31 16:50 - 2010-11-05 15:28 - 0000000 ___DC C:\Program Files\CONEXANT
2012-03-31 16:50 - 2010-11-05 15:28 - 0000000 ___DC C:\Program Files\Broadcom
2012-03-31 16:50 - 2010-11-05 15:25 - 0000000 ___DC C:\Program Files\ATI
2012-03-31 16:50 - 2010-10-21 17:26 - 0000000 ___HD C:\Users\All Users\WildTangent
2012-03-31 16:50 - 2010-10-21 17:26 - 0000000 ___HD C:\ProgramData\WildTangent
2012-03-31 16:50 - 2010-10-21 17:26 - 0000000 ___DC C:\Program Files (x86)\Gateway Games
2012-03-31 16:50 - 2010-10-21 17:25 - 0000000 ___HD C:\Users\All Users\Symantec
2012-03-31 16:50 - 2010-10-21 17:25 - 0000000 ___HD C:\Users\All Users\oem
2012-03-31 16:50 - 2010-10-21 17:25 - 0000000 ___HD C:\ProgramData\Symantec
2012-03-31 16:50 - 2010-10-21 17:25 - 0000000 ___HD C:\ProgramData\oem
2012-03-31 16:50 - 2010-10-21 17:25 - 0000000 ____D C:\Program Files (x86)\Symantec
2012-03-31 16:50 - 2010-10-21 17:25 - 0000000 ____D C:\Program Files (x86)\NewTech Infosystems
2012-03-31 16:50 - 2010-10-21 17:24 - 0000000 ___DC C:\Program Files\Preload
2012-03-31 16:50 - 2010-10-21 17:23 - 0000000 ___HD C:\Users\All Users\Gateway
2012-03-31 16:50 - 2010-10-21 17:23 - 0000000 ___HD C:\ProgramData\Gateway
2012-03-31 16:50 - 2010-10-21 17:23 - 0000000 ___DC C:\Program Files\Gateway
2012-03-31 16:50 - 2010-10-21 17:21 - 0000000 ___DC C:\Program Files (x86)\Gateway
2012-03-31 16:50 - 2010-10-21 17:20 - 0000000 ___HD C:\Users\All Users\Norton
2012-03-31 16:50 - 2010-10-21 17:20 - 0000000 ___HD C:\ProgramData\Norton
2012-03-31 16:50 - 2010-10-21 17:19 - 0000000 ___DC C:\Program Files\Windows Journal
2012-03-31 16:50 - 2010-10-21 17:18 - 0000000 ___HD C:\Users\All Users\Adobe
2012-03-31 16:50 - 2010-10-21 17:18 - 0000000 ___HD C:\ProgramData\Adobe
2012-03-31 16:50 - 2010-10-21 17:17 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-03-31 16:50 - 2010-10-21 17:14 - 0000000 __HDC C:\Program Files (x86)\InstallShield Installation Information
2012-03-31 16:50 - 2010-10-21 17:14 - 0000000 ____D C:\Program Files (x86)\Realtek
2012-03-31 16:50 - 2009-07-13 21:32 - 0000000 ___DC C:\Program Files\Windows Defender
2012-03-31 16:50 - 2009-07-13 21:32 - 0000000 ___DC C:\Program Files\Reference Assemblies
2012-03-31 16:50 - 2009-07-13 21:32 - 0000000 ___DC C:\Program Files\MSBuild
2012-03-31 16:50 - 2009-07-13 21:32 - 0000000 ___DC C:\Program Files\Microsoft Games
2012-03-31 16:50 - 2009-07-13 21:32 - 0000000 ___DC C:\Program Files\DVD Maker
2012-03-31 16:50 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-03-31 16:50 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-03-31 16:50 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Reference Assemblies
2012-03-31 16:50 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\MSBuild
2012-03-31 16:50 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Public
2012-03-31 16:50 - 2009-07-13 19:20 - 0000000 ___DC C:\Program Files\Windows NT
2012-03-31 16:50 - 2009-07-13 19:20 - 0000000 ___DC C:\Program Files\Common Files\System
2012-03-31 16:50 - 2009-07-13 19:20 - 0000000 ___DC C:\Program Files\Common Files\SpeechEngines
2012-03-31 16:50 - 2009-07-13 19:20 - 0000000 ___DC C:\Program Files\Common Files\Microsoft Shared
2012-03-31 16:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Branding
2012-03-31 16:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-03-31 16:50 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files (x86)\Windows NT
2012-03-31 16:49 - 2012-03-31 02:55 - 0000000 ___DC C:\Program Files (x86)\AVG
2012-03-31 16:49 - 2012-02-06 16:37 - 0000000 ___DC C:\Program Files (x86)\ACDFREE12
2012-03-31 16:49 - 2012-01-06 20:31 - 0000000 __HDC C:\Adobe Photoshop CS5.1
2012-03-31 16:49 - 2011-09-14 05:25 - 0000000 ___DC C:\Program Files (x86)\Apple Software Update
2012-03-31 16:49 - 2011-07-06 20:01 - 0000000 __HDC C:\AeriaGames
2012-03-31 16:49 - 2011-05-31 18:34 - 0000000 __HDC C:\.jagex_cache_32
2012-03-31 16:49 - 2011-05-31 15:22 - 0000000 ___DC C:\Program Files (x86)\Barnes & Noble
2012-03-31 16:49 - 2010-11-05 15:27 - 0000000 ___DC C:\Program Files (x86)\AMD
2012-03-31 16:49 - 2010-11-05 15:25 - 0000000 ___DC C:\Program Files (x86)\ATI Technologies
2012-03-31 16:49 - 2010-10-21 17:18 - 0000000 ___DC C:\Program Files (x86)\Adobe
2012-03-31 16:49 - 2010-10-21 17:03 - 0000000 __HDC C:\OEM
2012-03-31 14:00 - 2012-03-31 14:00 - 0000000 ____D C:\Users\Kenneth\AppData\Local\{DB25D9EE-59B5-4A88-99EA-06D13D113C2E}
2012-03-31 12:20 - 2012-03-31 12:20 - 0649332 ____A C:\Users\Kenneth\Documents\Scan0001.pdf
2012-03-31 09:39 - 2012-03-31 09:39 - 0098985 ____A C:\Users\Kenneth\Downloads\DeSmuME.zip
2012-03-31 06:47 - 2012-03-31 06:40 - 12507410 ____A C:\Users\Kenneth\Downloads\McGraw-Hill Ryerson - High School Chemistry 12 v3.pdf
2012-03-31 06:29 - 2012-03-29 07:26 - 0000000 ____D C:\Users\Kenneth\AppData\Local\Adobe
2012-03-31 06:22 - 2012-03-31 06:14 - 38327566 ____A C:\Users\Kenneth\Desktop\Nelson chem 12 -1.pdf
2012-03-31 06:14 - 2012-03-31 06:14 - 0000000 ____D C:\Users\Kenneth\Downloads\BillyVan-BitTorrent
2012-03-31 05:43 - 2012-03-31 05:43 - 0012270 ____A C:\Users\Kenneth\Desktop\Nelson_Chemistry_12.6051292.TPB.torrent
2012-03-31 05:42 - 2012-03-31 05:42 - 0012270 ____A C:\Users\Kenneth\Downloads\Nelson_Chemistry_12.6051292.TPB.torrent
2012-03-31 05:41 - 2012-03-29 07:26 - 0000000 ____D C:\Users\Kenneth\AppData\Local\VirtualStore
2012-03-31 03:01 - 2012-03-31 03:01 - 0000000 ____D C:\Users\Kenneth\AppData\Roaming\AVG2012
2012-03-31 03:01 - 2012-03-31 03:00 - 0000000 ____D C:\Users\All Users\AVG Secure Search
2012-03-31 03:01 - 2012-03-31 03:00 - 0000000 ____D C:\ProgramData\AVG Secure Search
2012-03-31 02:56 - 2012-03-31 02:56 - 0000000 ___DC C:\$AVG
2012-03-31 02:25 - 2012-03-31 02:24 - 3867712 ____A (AVG Technologies) C:\Users\Kenneth\Downloads\avg_isct_stb_all_2012_2126_free.exe
2012-03-31 02:21 - 2012-03-31 02:21 - 2048299 ____A C:\Users\Kenneth\Downloads\tdsskiller.zip
2012-03-31 02:21 - 2012-03-31 02:21 - 0000000 ____D C:\Users\Kenneth\AppData\Local\WinZip
2012-03-31 02:19 - 2012-03-31 02:19 - 0001574 ___AC C:\MAKEMSI_VBSCA-Kaspersky Security Scan(1.0.0.500)-Saturday.log
2012-03-31 02:08 - 2011-05-31 16:47 - 1152338 ____A C:\Windows\PFRO.log
2012-03-31 02:05 - 2011-06-11 07:20 - 0000000 ___HD C:\Users\All Users\NexonUS
2012-03-31 02:05 - 2011-06-11 07:20 - 0000000 ___HD C:\ProgramData\NexonUS
2012-03-31 02:05 - 2010-10-21 17:19 - 0000000 ___HD C:\Users\All Users\NortonInstaller
2012-03-31 02:05 - 2010-10-21 17:19 - 0000000 ___HD C:\ProgramData\NortonInstaller
2012-03-31 02:04 - 2011-06-11 07:20 - 0000000 ___DC C:\Nexon
2012-03-31 02:00 - 2012-03-29 21:08 - 0000000 ____D C:\Users\Kenneth\AppData\Local\{EF36EF6B-6C64-4E49-8CE8-8ED6C634ECD9}
2012-03-30 19:34 - 2012-03-29 07:27 - 0000000 ____D C:\Users\Kenneth\AppData\Roaming\Apple Computer
2012-03-29 21:30 - 2012-03-29 21:29 - 0281980 ____A C:\Users\Kenneth\Desktop\huf-skyline.jpg
2012-03-29 21:11 - 2012-03-29 21:11 - 0000000 ____D C:\Users\Kenneth\AppData\Roaming\Malwarebytes
2012-03-29 21:09 - 2012-03-29 21:09 - 0001921 ____A C:\Users\Kenneth\Documents\template.cfg
2012-03-29 21:09 - 2012-03-29 21:09 - 0000012 ____A C:\Users\Kenneth\Documents\UserStl.sk
2012-03-29 21:09 - 2012-03-29 21:09 - 0000000 ____D C:\Users\Kenneth\AppData\Roaming\Advanced Chemistry Development
2012-03-29 21:07 - 2012-03-29 21:07 - 0000584 ____A C:\Users\Silvestre Garay\Documents\grstyles.stl
2012-03-29 21:05 - 2012-03-29 21:05 - 0000012 ____A C:\Users\Silvestre Garay\Documents\UserStl.sk
2012-03-29 21:01 - 2012-03-29 21:01 - 0001921 ____A C:\Users\Silvestre Garay\Documents\template.cfg
2012-03-29 21:01 - 2012-03-29 20:45 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Roaming\Advanced Chemistry Development
2012-03-29 20:47 - 2012-03-29 20:14 - 108894663 ____A (Microsoft Corporation) C:\Users\Silvestre Garay\Downloads\X17-75058.exe.part
2012-03-29 20:44 - 2012-03-29 20:44 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\WinZip
2012-03-29 20:13 - 2011-10-16 07:03 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\CrashDumps
2012-03-29 19:04 - 2011-07-12 18:36 - 0000000 ____D C:\Users\Silvestre Garay\Tracing
2012-03-29 19:03 - 2012-03-29 19:03 - 0000162 ___AH C:\Users\Silvestre Garay\Documents\~$Activity3Assignment2GasVolumeandTemperatureReport.doc
2012-03-29 19:02 - 2012-03-29 19:02 - 0000162 ___AH C:\Users\Silvestre Garay\Downloads\~$it 13 K Optimization.doc
2012-03-29 19:02 - 2012-03-29 19:02 - 0000000 ____D C:\Users\Kenneth\AppData\Local\SoftGrid Client
2012-03-29 11:20 - 2012-03-29 11:20 - 0000000 ____D C:\Users\Kenneth\AppData\Local\Apple
2012-03-29 11:17 - 2012-03-29 11:17 - 0000000 ____D C:\Users\Kenneth\AppData\Local\Apple Computer
2012-03-29 08:26 - 2012-03-29 08:26 - 0000000 ____D C:\Users\Kenneth\AppData\Roaming\Tific
2012-03-29 08:26 - 2012-03-29 08:26 - 0000000 ____D C:\Users\Kenneth\AppData\Local\Symantec
2012-03-29 08:09 - 2012-03-29 08:09 - 0000000 ____D C:\Users\Kenneth\AppData\Local\{3B488ED2-E74A-4F63-99FC-FD5436F0AE75}
2012-03-29 08:07 - 2012-03-29 07:38 - 0000000 ____D C:\Users\Kenneth\AppData\Local\Windows Live
2012-03-29 08:00 - 2012-03-29 08:00 - 0000000 ____D C:\Windows\en
2012-03-29 07:40 - 2010-11-05 15:39 - 0032180 ____A C:\Windows\DirectX.log
2012-03-29 07:37 - 2012-03-29 07:37 - 1287528 ____A (Microsoft Corporation) C:\Users\Kenneth\Documents\wlsetup-web.exe
2012-03-29 07:27 - 2012-03-29 07:27 - 0000000 ____D C:\Users\Kenneth\AppData\Roaming\Sony Corporation
2012-03-29 07:27 - 2012-03-29 07:27 - 0000000 ____D C:\Users\Kenneth\AppData\Roaming\ATI
2012-03-29 07:27 - 2012-03-29 07:27 - 0000000 ____D C:\Users\Kenneth\AppData\Local\Power2Go
2012-03-29 07:27 - 2012-03-29 07:27 - 0000000 ____D C:\Users\Kenneth\AppData\Local\ATI
2012-03-29 07:26 - 2012-03-29 07:26 - 0000174 ___SH C:\Users\Kenneth\Start Menu\Programs\Startup\desktop.ini
2012-03-29 07:26 - 2012-03-29 07:26 - 0000174 ___SH C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-03-29 07:26 - 2012-03-29 07:26 - 0000020 ___SH C:\Users\Kenneth\ntuser.ini
2012-03-29 07:26 - 2012-03-29 07:26 - 0000000 __SHD C:\Users\Kenneth\Templates
2012-03-29 07:26 - 2012-03-29 07:26 - 0000000 __SHD C:\Users\Kenneth\Start Menu
2012-03-29 07:26 - 2012-03-29 07:26 - 0000000 __SHD C:\Users\Kenneth\PrintHood
2012-03-29 07:26 - 2012-03-29 07:26 - 0000000 __SHD C:\Users\Kenneth\NetHood
2012-03-29 07:26 - 2012-03-29 07:26 - 0000000 __SHD C:\Users\Kenneth\My Documents
2012-03-29 07:26 - 2012-03-29 07:26 - 0000000 __SHD C:\Users\Kenneth\Documents\My Videos
2012-03-29 07:26 - 2012-03-29 07:26 - 0000000 __SHD C:\Users\Kenneth\Documents\My Pictures
2012-03-29 07:26 - 2012-03-29 07:26 - 0000000 __SHD C:\Users\Kenneth\Documents\My Music
2012-03-29 07:26 - 2012-03-29 07:26 - 0000000 __SHD C:\Users\Kenneth\AppData\Local\Temporary Internet Files
2012-03-29 07:26 - 2012-03-29 07:26 - 0000000 __SHD C:\Users\Kenneth\AppData\Local\History
2012-03-29 07:11 - 2011-05-31 15:20 - 0000000 ___HD C:\users\owner
2012-03-29 07:01 - 2012-03-29 07:01 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Roaming\Malwarebytes
2012-03-29 06:53 - 2012-03-29 06:53 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Roaming\Tific
2012-03-29 06:53 - 2012-03-29 06:53 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\Symantec
2012-03-29 06:53 - 2012-03-29 06:53 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\{C58AD453-D4F8-475E-8BF1-35C6DEB6AE9A}
2012-03-29 06:18 - 2012-03-29 06:18 - 8738464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-03-29 06:18 - 2012-03-29 05:50 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-03-29 06:18 - 2011-05-31 17:46 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-03-29 06:13 - 2012-03-29 06:09 - 0000200 ___AH C:\Users\All Users\-X6IB979BkLUXLLr
2012-03-29 06:13 - 2012-03-29 06:09 - 0000200 ___AH C:\ProgramData\-X6IB979BkLUXLLr
2012-03-29 06:13 - 2012-03-29 06:09 - 0000000 ___AH C:\Users\All Users\-X6IB979BkLUXLL
2012-03-29 06:13 - 2012-03-29 06:09 - 0000000 ___AH C:\ProgramData\-X6IB979BkLUXLL
2012-03-29 06:13 - 2012-03-29 05:45 - 0099328 ___AH C:\Users\All Users\2jFf5J64.exe
2012-03-29 06:13 - 2012-03-29 05:45 - 0099328 ___AH C:\ProgramData\2jFf5J64.exe
2012-03-26 00:29 - 2009-07-13 21:13 - 0727334 ____A C:\Windows\System32\PerfStringBackup.INI
2012-03-17 08:52 - 2012-03-17 08:52 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\{D3BE4200-188B-4501-9670-0F3416045B44}
2012-03-17 08:52 - 2012-03-17 08:51 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\{6F0E5D0C-5C2B-47B6-A7D8-2FB1C220487E}
2012-03-15 15:52 - 2012-03-15 15:51 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\{C78B8F50-1D04-40E3-882D-EC00B0AA07ED}
2012-03-15 15:51 - 2012-03-15 15:51 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\{BE9BD560-EC32-4CBB-85DF-25CCC92AC73F}
2012-03-15 04:32 - 2011-06-11 05:02 - 0000000 ___HD C:\Users\All Users\PMB Files
2012-03-15 04:32 - 2011-06-11 05:02 - 0000000 ___HD C:\ProgramData\PMB Files
2012-03-13 23:24 - 2009-07-13 20:45 - 4971576 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-13 23:02 - 2011-07-01 13:44 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-13 23:01 - 2011-06-23 17:07 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-03-13 23:01 - 2011-06-23 17:07 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-03-08 14:50 - 2012-03-08 14:50 - 0049016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sirenacm.dll
2012-03-08 14:37 - 2012-03-08 14:37 - 0302448 ____A (Microsoft Corporation) C:\Windows\WLXPGSS.SCR
2012-03-03 13:04 - 2012-03-03 13:04 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\{FF540818-CCDC-48F0-A372-26D972700470}
2012-03-03 13:03 - 2012-03-03 13:03 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\{0D1B1B90-8089-4AFA-8DBF-60E9BC6E9DB8}
2012-03-03 13:03 - 2011-06-23 17:19 - 0000174 __ASH C:\Users\Silvestre Garay\Start Menu\Programs\Startup\desktop.ini
2012-03-03 13:03 - 2011-06-23 17:19 - 0000174 __ASH C:\Users\Silvestre Garay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-24 18:29 - 2009-07-13 19:20 - 0000000 __RHD C:\Users\Public\Libraries
2012-02-23 05:18 - 2011-05-31 17:05 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-19 22:24 - 2012-02-19 22:24 - 0000594 ____A C:\Users\Silvestre Garay\Desktop\Jnes.lnk
2012-02-19 22:24 - 2012-02-19 22:24 - 0000594 ____A C:\Users\Ron is GAY\Desktop\Jnes.lnk
2012-02-19 22:24 - 2012-02-19 22:24 - 0000594 ____A C:\Users\Guest\Desktop\Jnes.lnk
2012-02-19 00:03 - 2009-07-13 18:34 - 0000478 ____A C:\Windows\win.ini
2012-02-16 22:38 - 2012-03-13 10:17 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-13 10:17 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-13 10:17 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-13 10:17 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-16 00:09 - 2011-05-31 16:51 - 0743930 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-02-15 13:03 - 2012-02-15 13:03 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\{63228834-0194-4CA4-83AE-2271B90760E6}
2012-02-09 22:36 - 2012-03-13 10:24 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-03-13 10:24 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-06 16:39 - 2012-02-06 16:39 - 0000000 ___HD C:\Users\All Users\Advanced Chemistry Development
2012-02-06 16:39 - 2012-02-06 16:39 - 0000000 ___HD C:\ProgramData\Advanced Chemistry Development
2012-02-03 20:38 - 2012-02-03 20:38 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\{F6304CEC-B26A-467A-8389-1EA6C1E317F2}
2012-02-03 20:38 - 2012-02-03 20:38 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\{C86C9DFF-F003-4DDA-80F2-70B1190CF51C}
2012-02-02 20:34 - 2012-03-13 10:24 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-01 20:00 - 2012-02-01 20:00 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\{B24DD9BD-6BF4-4B18-B38C-3FBAFD767818}
2012-02-01 05:55 - 2009-07-13 21:08 - 0032650 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-02-01 05:28 - 2012-02-01 05:27 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\{9F80D87E-64C6-4EB0-957F-3E79D32AA625}
2012-02-01 05:27 - 2012-02-01 05:27 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\{3F31D404-F799-42AB-8049-A870EE231753}
2012-01-31 00:46 - 2012-01-31 00:46 - 0036944 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgrkx64.sys
2012-01-24 22:38 - 2012-03-13 10:17 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 22:38 - 2012-03-13 10:17 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 22:33 - 2012-03-13 10:17 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-23 13:01 - 2012-04-01 02:40 - 0012800 ____A (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys
2012-01-21 04:23 - 2012-01-21 04:23 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\{F63BE162-EA13-48E6-A698-28441880B82B}
2012-01-21 04:23 - 2012-01-21 04:23 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\{579FAFD0-55E2-43D5-958B-F62141324472}
2012-01-20 11:50 - 2012-01-19 09:13 - 0000000 ____D C:\Users\Ron is GAY\AppData\Roaming\SoftGrid Client
2012-01-20 11:16 - 2012-01-20 11:16 - 0000000 ____D C:\Users\Ron is GAY\AppData\Local\Apple Computer
2012-01-20 11:16 - 2012-01-13 09:59 - 0000000 ____D C:\Users\Ron is GAY\AppData\Roaming\Apple Computer
2012-01-19 09:19 - 2012-01-19 09:19 - 0037139 ____A C:\Users\Ron is GAY\Downloads\oo.jpeg
2012-01-19 09:17 - 2012-01-19 09:17 - 0000000 ____D C:\Users\Ron is GAY\Desktop\DeskHedron
2012-01-19 09:16 - 2012-01-19 09:16 - 0022016 ____A C:\Users\Ron is GAY\Documents\Doc1.doc
2012-01-19 09:13 - 2012-01-19 09:13 - 0000000 ____D C:\Users\Ron is GAY\AppData\Local\SoftGrid Client
2012-01-19 09:01 - 2012-01-19 09:01 - 0422992 ____A C:\Users\Ron is GAY\Downloads\LoZ.jpg
2012-01-19 08:39 - 2012-01-13 09:59 - 0000000 ____D C:\Users\Ron is GAY\AppData\Roaming\Adobe
2012-01-19 08:39 - 2012-01-13 09:59 - 0000000 ____D C:\Users\Ron is GAY\AppData\LocalLow
2012-01-19 08:39 - 2012-01-13 09:59 - 0000000 ____D C:\Users\Ron is GAY\AppData\Local\Adobe
2012-01-19 08:32 - 2012-01-19 08:32 - 0024627 ____A C:\Users\Ron is GAY\Downloads\Middle-finger.jpg
2012-01-19 08:27 - 2012-01-19 08:27 - 0000000 ____D C:\Users\Ron is GAY\AppData\Roaming\Mozilla
2012-01-19 08:27 - 2012-01-19 08:27 - 0000000 ____D C:\Users\Ron is GAY\AppData\Local\Mozilla
2012-01-13 10:00 - 2012-01-13 10:00 - 0000000 ____D C:\Users\Ron is GAY\AppData\Roaming\ATI
2012-01-13 10:00 - 2012-01-13 10:00 - 0000000 ____D C:\Users\Ron is GAY\AppData\Local\ATI
2012-01-13 09:59 - 2012-01-13 09:59 - 0108840 ____A C:\Users\Ron is GAY\AppData\Local\GDIPFONTCACHEV1.DAT
2012-01-13 09:59 - 2012-01-13 09:59 - 0000174 __ASH C:\Users\Ron is GAY\Start Menu\Programs\Startup\desktop.ini
2012-01-13 09:59 - 2012-01-13 09:59 - 0000174 __ASH C:\Users\Ron is GAY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-01-13 09:59 - 2012-01-13 09:59 - 0000020 __ASH C:\Users\Ron is GAY\ntuser.ini
2012-01-13 09:59 - 2012-01-13 09:59 - 0000000 __SHD C:\Users\Ron is GAY\Templates
2012-01-13 09:59 - 2012-01-13 09:59 - 0000000 __SHD C:\Users\Ron is GAY\Start Menu
2012-01-13 09:59 - 2012-01-13 09:59 - 0000000 __SHD C:\Users\Ron is GAY\PrintHood
2012-01-13 09:59 - 2012-01-13 09:59 - 0000000 __SHD C:\Users\Ron is GAY\NetHood
2012-01-13 09:59 - 2012-01-13 09:59 - 0000000 __SHD C:\Users\Ron is GAY\My Documents
2012-01-13 09:59 - 2012-01-13 09:59 - 0000000 __SHD C:\Users\Ron is GAY\Documents\My Videos
2012-01-13 09:59 - 2012-01-13 09:59 - 0000000 __SHD C:\Users\Ron is GAY\Documents\My Pictures
2012-01-13 09:59 - 2012-01-13 09:59 - 0000000 __SHD C:\Users\Ron is GAY\Documents\My Music
2012-01-13 09:59 - 2012-01-13 09:59 - 0000000 __SHD C:\Users\Ron is GAY\AppData\Local\Temporary Internet Files
2012-01-13 09:59 - 2012-01-13 09:59 - 0000000 __SHD C:\Users\Ron is GAY\AppData\Local\History
2012-01-13 09:59 - 2012-01-13 09:59 - 0000000 ____D C:\Users\Ron is GAY\AppData\Roaming\Sony Corporation
2012-01-13 09:59 - 2012-01-13 09:59 - 0000000 ____D C:\Users\Ron is GAY\AppData\Local\VirtualStore
2012-01-13 09:59 - 2012-01-13 09:59 - 0000000 ____D C:\Users\Ron is GAY\AppData\Local\Power2Go
2012-01-13 09:56 - 2012-01-13 09:56 - 0000000 ____D C:\Users\Guest\AppData\Roaming\Mozilla
2012-01-13 09:56 - 2012-01-13 09:56 - 0000000 ____D C:\Users\Guest\AppData\Roaming\ATI
2012-01-13 09:56 - 2012-01-13 09:56 - 0000000 ____D C:\Users\Guest\AppData\Local\Mozilla
2012-01-13 09:56 - 2012-01-13 09:56 - 0000000 ____D C:\Users\Guest\AppData\Local\ATI
2012-01-13 09:55 - 2012-01-13 09:55 - 0108840 ____A C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2012-01-13 09:55 - 2012-01-13 09:55 - 0000174 ___SH C:\Users\Guest\Start Menu\Programs\Startup\desktop.ini
2012-01-13 09:55 - 2012-01-13 09:55 - 0000174 ___SH C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-01-13 09:55 - 2012-01-13 09:55 - 0000000 ____D C:\Users\Guest\AppData\Roaming\Apple Computer
2012-01-13 09:55 - 2012-01-13 09:55 - 0000000 ____D C:\Users\Guest\AppData\Roaming\Adobe
2012-01-13 09:55 - 2012-01-13 09:55 - 0000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
2012-01-13 09:55 - 2012-01-13 09:55 - 0000000 ____D C:\Users\Guest\AppData\Local\Power2Go
2012-01-13 09:55 - 2012-01-13 09:55 - 0000000 ____D C:\Users\Guest\AppData\Local\Adobe
2012-01-13 09:54 - 2012-01-13 09:54 - 0000020 __ASH C:\Users\Guest\ntuser.ini
2012-01-13 09:54 - 2012-01-13 09:54 - 0000000 __SHD C:\Users\Guest\Templates
2012-01-13 09:54 - 2012-01-13 09:54 - 0000000 __SHD C:\Users\Guest\Start Menu
2012-01-13 09:54 - 2012-01-13 09:54 - 0000000 __SHD C:\Users\Guest\PrintHood
2012-01-13 09:54 - 2012-01-13 09:54 - 0000000 __SHD C:\Users\Guest\NetHood
2012-01-13 09:54 - 2012-01-13 09:54 - 0000000 __SHD C:\Users\Guest\My Documents
2012-01-13 09:54 - 2012-01-13 09:54 - 0000000 __SHD C:\Users\Guest\Documents\My Videos
2012-01-13 09:54 - 2012-01-13 09:54 - 0000000 __SHD C:\Users\Guest\Documents\My Pictures
2012-01-13 09:54 - 2012-01-13 09:54 - 0000000 __SHD C:\Users\Guest\Documents\My Music
2012-01-13 09:54 - 2012-01-13 09:54 - 0000000 __SHD C:\Users\Guest\AppData\Local\Temporary Internet Files
2012-01-13 09:54 - 2012-01-13 09:54 - 0000000 __SHD C:\Users\Guest\AppData\Local\History
2012-01-13 09:54 - 2012-01-13 09:54 - 0000000 ____D C:\Users\Guest\AppData\LocalLow
2012-01-11 04:48 - 2012-01-11 04:48 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\{2801EE67-7BAA-4135-A436-D8BD497BDB73}
2012-01-10 09:58 - 2012-01-10 09:58 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\{A2F17B6B-BBBF-4CD2-9179-BDCBEA7B2A8F}
2012-01-10 09:58 - 2012-01-10 09:58 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\{0D638B31-C20C-42B0-BF6B-9256686405D7}
2012-01-10 09:58 - 2011-06-23 17:19 - 0108840 ____A C:\Users\Silvestre Garay\AppData\Local\GDIPFONTCACHEV1.DAT
2012-01-10 09:57 - 2011-08-29 14:42 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\Adobe
2012-01-08 18:16 - 2011-10-04 06:01 - 0000000 ___HD C:\Users\All Users\regid.1986-12.com.adobe
2012-01-08 18:16 - 2011-10-04 06:01 - 0000000 ___HD C:\ProgramData\regid.1986-12.com.adobe
2012-01-06 20:19 - 2012-01-06 20:19 - 0000000 ___DC C:\Program Files (x86)\Adobe Download Assistant
2012-01-05 18:12 - 2011-12-31 14:44 - 0000000 ____D C:\Users\Silvestre Garay\riotsGamesLogs
2012-01-05 16:38 - 2012-01-05 16:38 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\{7BA2E759-1C7D-45EE-8A40-8B37EF21A4C4}
2012-01-05 16:38 - 2012-01-05 16:38 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\{6DC59C92-6260-497C-ACB6-4E8DC8873643}
2012-01-05 13:50 - 2012-01-05 13:50 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\{E263D3A7-77A4-4D74-840B-1E534B7DD217}
2012-01-05 13:50 - 2012-01-05 13:50 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\{9C0B9F65-CFF5-454B-AC40-042E3601D44D}
2012-01-05 12:39 - 2012-01-05 12:38 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Roaming\vlc
2012-01-05 09:55 - 2012-01-05 09:55 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\{B36ECEAA-466A-43C0-9229-5B8AD3ED3899}
2012-01-04 18:53 - 2012-01-04 18:53 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\{85B910EC-BD33-41ED-B515-40B3F99A8A8A}
2012-01-04 18:53 - 2012-01-04 18:53 - 0000000 ____D C:\Users\Silvestre Garay\AppData\Local\{55AD7A2C-7DAE-4A46-883B-E40DB51C749A}
2012-01-04 02:44 - 2012-02-15 21:38 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-01-04 02:44 - 2012-02-15 21:38 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-01-04 00:59 - 2012-02-15 21:38 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-01-04 00:58 - 2012-02-15 21:38 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 3838.36 MB
Available physical RAM: 3148.11 MB
Total Pagefile: 3836.51 MB
Available Pagefile: 3131.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Gateway) (Fixed) (Total:452.97 GB) (Free:388.62 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:12.7 GB) (Free:1.54 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: (KENNETHJOHN) (Removable) (Total:7.45 GB) (Free:7.36 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 7636 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 12 GB 1024 KB
Partition 2 Primary 100 MB 12 GB
Partition 3 Primary 452 GB 12 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 12 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Gateway NTFS Partition 452 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7632 MB 4032 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G KENNETHJOHN FAT32 Removable 7632 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-19 22:08

======================= End Of Log ==========================

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:11 AM

Posted 02 April 2012 - 09:38 AM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ==> ZeroAccess
2 AdfuUd; C:\Windows\System32\jaguar.dll [6656 2009-07-13] (Oak Technology Inc.)
C:\Windows\System32\jaguar.dll
NETSVC: AdfuUd
2012-03-29 06:13 - 2012-03-29 06:09 - 0000200 ___AH C:\Users\All Users\-X6IB979BkLUXLLr
2012-03-29 06:13 - 2012-03-29 06:09 - 0000200 ___AH C:\ProgramData\-X6IB979BkLUXLLr
2012-03-29 06:13 - 2012-03-29 06:09 - 0000000 ___AH C:\Users\All Users\-X6IB979BkLUXLL
2012-03-29 06:13 - 2012-03-29 06:09 - 0000000 ___AH C:\ProgramData\-X6IB979BkLUXLL
2012-03-29 06:13 - 2012-03-29 05:45 - 0099328 ___AH C:\Users\All Users\2jFf5J64.exe
2012-03-29 06:13 - 2012-03-29 05:45 - 0099328 ___AH C:\ProgramData\2jFf5J64.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Zitbegone

Zitbegone
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 02 April 2012 - 09:50 AM

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-04-02 10:46:29 R:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
AdfuUd service deleted successfully.
C:\Windows\System32\jaguar.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs AdfuUd Deleted successfully.
C:\Users\All Users\-X6IB979BkLUXLLr moved successfully.
C:\ProgramData\-X6IB979BkLUXLLr not found.
C:\Users\All Users\-X6IB979BkLUXLL moved successfully.
C:\ProgramData\-X6IB979BkLUXLL not found.
C:\Users\All Users\2jFf5J64.exe moved successfully.
C:\ProgramData\2jFf5J64.exe not found.

==== End of Fixlog ====

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:11 AM

Posted 02 April 2012 - 09:53 AM

Hello


very good!! Now rerun combofix for me and send me the new report


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Zitbegone

Zitbegone
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 02 April 2012 - 10:28 AM

It still giving me the "Illegal operation" message, would rebooting it produce the same effect as before?


ComboFix 12-04-01.02 - Kenneth 04/02/2012 10:58:28.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.2731 [GMT -4:00]
Running from: c:\users\Kenneth\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))
.
.
2012-04-02 18:19 . 2012-04-02 18:21 -------- dc----w- C:\FRST
2012-04-02 15:07 . 2012-04-02 15:07 -------- d-----w- c:\users\Silvestre Garay\AppData\Local\temp
2012-04-02 15:07 . 2012-04-02 15:07 -------- d-----w- c:\users\Ron is GAY\AppData\Local\temp
2012-04-02 15:07 . 2012-04-02 15:07 -------- d-----w- c:\users\owner\AppData\Local\temp
2012-04-02 15:07 . 2012-04-02 15:07 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-04-01 10:40 . 2012-04-01 10:40 39184 ----a-w- c:\windows\SysWow64\Partizan.exe
2012-04-01 10:40 . 2012-04-01 10:40 35816 ----a-w- c:\windows\SysWow64\drivers\Partizan.sys
2012-04-01 10:40 . 2012-04-01 10:40 2 --shatr- c:\windows\winstart.bat
2012-04-01 10:40 . 2012-01-23 21:01 12800 ----a-w- c:\windows\SysWow64\drivers\UnHackMeDrv.sys
2012-04-01 10:40 . 2012-04-02 10:26 -------- dc----w- c:\program files (x86)\UnHackMe
2012-04-01 08:37 . 2012-04-01 14:28 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-04-01 08:33 . 2012-04-01 14:28 -------- d-----w- c:\windows\system32\drivers\AVG
2012-03-31 11:00 . 2012-03-31 11:01 -------- d-----w- c:\programdata\AVG Secure Search
2012-03-31 11:00 . 2012-04-01 00:55 -------- dc----w- c:\program files (x86)\AVG Secure Search
2012-03-31 11:00 . 2012-04-01 00:55 -------- dc----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-03-31 10:59 . 2012-03-31 10:59 -------- d--h--w- c:\programdata\Common Files
2012-03-31 10:56 . 2012-04-01 14:26 -------- d-----w- c:\programdata\AVG2012
2012-03-31 10:56 . 2012-03-31 10:56 -------- dc----w- C:\$AVG
2012-03-31 10:55 . 2012-04-01 00:49 -------- dc----w- c:\program files (x86)\AVG
2012-03-31 10:25 . 2012-04-01 14:26 -------- d-----w- c:\programdata\MFAData
2012-03-30 04:45 . 2012-03-30 05:01 -------- d-----w- c:\users\Silvestre Garay\AppData\Roaming\Advanced Chemistry Development
2012-03-30 04:44 . 2012-03-30 04:44 -------- d-----w- c:\users\Silvestre Garay\AppData\Local\WinZip
2012-03-29 16:00 . 2012-03-29 16:00 -------- d-----w- c:\windows\en
2012-03-29 15:42 . 2012-04-01 00:50 -------- dc----w- c:\program files\Windows Live
2012-03-29 15:41 . 2012-03-29 15:41 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-29 15:39 . 2012-03-29 15:39 537432 -c--a-w- c:\program files (x86)\Common Files\Windows Live\.cache\189c7db21cd0dc201\DXSETUP.exe
2012-03-29 15:39 . 2012-03-29 15:39 89944 -c--a-w- c:\program files (x86)\Common Files\Windows Live\.cache\189c7db21cd0dc201\DSETUP.dll
2012-03-29 15:39 . 2012-03-29 15:39 1801048 -c--a-w- c:\program files (x86)\Common Files\Windows Live\.cache\189c7db21cd0dc201\dsetup32.dll
2012-03-29 15:26 . 2012-04-02 13:49 -------- d-----w- c:\users\Kenneth
2012-03-29 15:01 . 2012-03-29 15:01 -------- d-----w- c:\users\Silvestre Garay\AppData\Roaming\Malwarebytes
2012-03-29 14:53 . 2012-03-29 14:53 -------- d-----w- c:\users\Silvestre Garay\AppData\Roaming\Tific
2012-03-29 14:53 . 2012-03-29 14:53 -------- d-----w- c:\users\Silvestre Garay\AppData\Local\Symantec
2012-03-29 14:37 . 2012-04-01 00:50 -------- d-----w- c:\programdata\Malwarebytes
2012-03-29 14:37 . 2012-04-01 14:28 -------- dc----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-29 14:37 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 14:18 . 2012-03-29 14:18 8738464 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-29 13:50 . 2012-03-29 14:18 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-29 13:50 . 2012-04-01 00:51 -------- d-----w- c:\windows\system32\Macromed
2012-03-29 13:48 . 2012-04-02 14:23 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-27 14:23 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0CC4C37-92A8-40B4-9DA3-3BA95EEA35BD}\mpengine.dll
2012-03-20 12:38 . 2012-03-20 12:38 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-20 12:38 . 2012-03-20 12:38 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 07:06 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 07:06 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 07:06 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 18:24 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 18:24 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 18:24 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 18:17 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 18:17 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 18:17 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 18:17 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 18:17 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 18:17 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 18:17 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-11 05:52 . 2012-04-01 00:50 -------- d--h--w- c:\programdata\WinZip
2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 22:37 . 2012-03-08 22:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-29 14:18 . 2011-06-01 01:46 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 13:18 . 2011-06-01 01:05 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-31 08:46 . 2012-01-31 08:46 36944 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2012-01-04 10:44 . 2012-02-16 05:38 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 05:38 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2010-06-28 258304]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2010-07-15 600688]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"CLMLServer"="c:\program files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Silvestre Garay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-02-26 841248]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2010-01-08 23584]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-06-28 255744]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 14:18]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-10-09 508472]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-10 206208]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2010-02-26 818720]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/?pc=MAGW
mStart Page = hxxp://www.bing.com/?pc=MAGW
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Kenneth\AppData\Roaming\Mozilla\Firefox\Profiles\12ezsh30.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-04-02 11:20:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-02 15:20
ComboFix2.txt 2012-04-02 05:54
ComboFix3.txt 2012-04-01 13:41
.
Pre-Run: 416,921,423,872 bytes free
Post-Run: 416,911,441,920 bytes free
.
- - End Of File - - 72DB30DFE4CA886E5FFA4FEB5C0E3C9B

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:11 AM

Posted 02 April 2012 - 10:35 AM

No it will not!!


when we ran FRST it should be fixed now - reboot and let me know.


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Zitbegone

Zitbegone
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 02 April 2012 - 10:44 AM

It rebooted properly. However, I still see consrv.dll in the C:\Windows\System32, is it still a threat?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:11 AM

Posted 02 April 2012 - 10:59 AM

Hello


Very Good!!

It is not a threat at this time and will be removed very soon


I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Zitbegone

Zitbegone
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 02 April 2012 - 08:56 PM

This is the TDSS Log:

12:03:57.0429 4356 TDSS rootkit removing tool 2.7.24.0 Apr 2 2012 10:31:48
12:03:57.0788 4356 ============================================================
12:03:57.0788 4356 Current date / time: 2012/04/02 12:03:57.0788
12:03:57.0788 4356 SystemInfo:
12:03:57.0788 4356
12:03:57.0788 4356 OS Version: 6.1.7601 ServicePack: 1.0
12:03:57.0788 4356 Product type: Workstation
12:03:57.0788 4356 ComputerName: OWNER-PC
12:03:57.0788 4356 UserName: Kenneth
12:03:57.0788 4356 Windows directory: C:\Windows
12:03:57.0788 4356 System windows directory: C:\Windows
12:03:57.0788 4356 Running under WOW64
12:03:57.0788 4356 Processor architecture: Intel x64
12:03:57.0788 4356 Number of processors: 2
12:03:57.0788 4356 Page size: 0x1000
12:03:57.0788 4356 Boot type: Normal boot
12:03:57.0788 4356 ============================================================
12:03:58.0755 4356 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:03:58.0755 4356 \Device\Harddisk0\DR0:
12:03:58.0755 4356 MBR used
12:03:58.0755 4356 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
12:03:58.0755 4356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x389EF030
12:03:58.0771 4356 Initialize success
12:03:58.0771 4356 ============================================================
12:04:14.0683 4652 ============================================================
12:04:14.0683 4652 Scan started
12:04:14.0683 4652 Mode: Manual;
12:04:14.0683 4652 ============================================================
12:04:15.0650 4652 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:04:15.0650 4652 1394ohci - ok
12:04:15.0697 4652 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:04:15.0697 4652 ACPI - ok
12:04:15.0759 4652 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:04:15.0759 4652 AcpiPmi - ok
12:04:15.0868 4652 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:04:15.0884 4652 AdobeFlashPlayerUpdateSvc - ok
12:04:16.0009 4652 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:04:16.0009 4652 adp94xx - ok
12:04:16.0118 4652 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:04:16.0134 4652 adpahci - ok
12:04:16.0165 4652 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:04:16.0165 4652 adpu320 - ok
12:04:16.0212 4652 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:04:16.0212 4652 AeLookupSvc - ok
12:04:16.0305 4652 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:04:16.0321 4652 AFD - ok
12:04:16.0368 4652 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:04:16.0368 4652 agp440 - ok
12:04:16.0664 4652 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll
12:04:16.0664 4652 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7
12:04:16.0680 4652 Akamai ( HiddenFile.Multi.Generic ) - warning
12:04:16.0680 4652 Akamai - detected HiddenFile.Multi.Generic (1)
12:04:16.0758 4652 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:04:16.0758 4652 ALG - ok
12:04:16.0851 4652 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:04:16.0851 4652 aliide - ok
12:04:16.0914 4652 AMD External Events Utility (f238be4fa4e55eb67f17281fadf69851) C:\Windows\system32\atiesrxx.exe
12:04:16.0914 4652 AMD External Events Utility - ok
12:04:17.0023 4652 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:04:17.0023 4652 amdide - ok
12:04:17.0070 4652 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:04:17.0085 4652 AmdK8 - ok
12:04:17.0116 4652 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:04:17.0116 4652 AmdPPM - ok
12:04:17.0210 4652 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:04:17.0226 4652 amdsata - ok
12:04:17.0272 4652 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:04:17.0272 4652 amdsbs - ok
12:04:17.0366 4652 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:04:17.0366 4652 amdxata - ok
12:04:17.0444 4652 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:04:17.0444 4652 AppID - ok
12:04:17.0475 4652 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:04:17.0475 4652 AppIDSvc - ok
12:04:17.0584 4652 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:04:17.0584 4652 Appinfo - ok
12:04:17.0756 4652 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:04:17.0772 4652 Apple Mobile Device - ok
12:04:17.0881 4652 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:04:17.0881 4652 arc - ok
12:04:17.0896 4652 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:04:17.0896 4652 arcsas - ok
12:04:17.0912 4652 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:04:17.0912 4652 AsyncMac - ok
12:04:18.0006 4652 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:04:18.0006 4652 atapi - ok
12:04:18.0130 4652 athr (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys
12:04:18.0146 4652 athr - ok
12:04:18.0271 4652 AtiHdmiService (3b9014fb7ce9e20fd726321c7db7d8b0) C:\Windows\system32\drivers\AtiHdmi.sys
12:04:18.0271 4652 AtiHdmiService - ok
12:04:18.0442 4652 atikmdag (2db9047aac9d981f59ce06d04d70c4d8) C:\Windows\system32\DRIVERS\atikmdag.sys
12:04:18.0567 4652 atikmdag - ok
12:04:18.0645 4652 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
12:04:18.0645 4652 AtiPcie - ok
12:04:18.0708 4652 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:04:18.0723 4652 AudioEndpointBuilder - ok
12:04:18.0723 4652 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:04:18.0739 4652 AudioSrv - ok
12:04:18.0786 4652 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:04:18.0786 4652 AxInstSV - ok
12:04:18.0848 4652 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:04:18.0864 4652 b06bdrv - ok
12:04:18.0926 4652 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:04:18.0942 4652 b57nd60a - ok
12:04:19.0004 4652 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
12:04:19.0051 4652 BCM43XX - ok
12:04:19.0144 4652 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:04:19.0144 4652 BDESVC - ok
12:04:19.0222 4652 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:04:19.0222 4652 Beep - ok
12:04:19.0363 4652 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:04:19.0378 4652 BFE - ok
12:04:19.0488 4652 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
12:04:19.0534 4652 BITS - ok
12:04:19.0659 4652 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:04:19.0659 4652 blbdrive - ok
12:04:19.0784 4652 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
12:04:19.0800 4652 Bonjour Service - ok
12:04:19.0893 4652 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:04:19.0893 4652 bowser - ok
12:04:19.0924 4652 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:04:19.0924 4652 BrFiltLo - ok
12:04:19.0940 4652 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:04:19.0940 4652 BrFiltUp - ok
12:04:19.0987 4652 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:04:20.0002 4652 BridgeMP - ok
12:04:20.0049 4652 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:04:20.0049 4652 Browser - ok
12:04:20.0096 4652 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:04:20.0112 4652 Brserid - ok
12:04:20.0127 4652 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:04:20.0127 4652 BrSerWdm - ok
12:04:20.0143 4652 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:04:20.0143 4652 BrUsbMdm - ok
12:04:20.0158 4652 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:04:20.0158 4652 BrUsbSer - ok
12:04:20.0174 4652 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:04:20.0174 4652 BTHMODEM - ok
12:04:20.0221 4652 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:04:20.0221 4652 bthserv - ok
12:04:20.0299 4652 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
12:04:20.0314 4652 CAXHWAZL - ok
12:04:20.0377 4652 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:04:20.0377 4652 cdfs - ok
12:04:20.0470 4652 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:04:20.0486 4652 cdrom - ok
12:04:20.0533 4652 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:04:20.0548 4652 CertPropSvc - ok
12:04:20.0626 4652 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:04:20.0626 4652 circlass - ok
12:04:20.0689 4652 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:04:20.0689 4652 CLFS - ok
12:04:20.0751 4652 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:04:20.0767 4652 clr_optimization_v2.0.50727_32 - ok
12:04:20.0798 4652 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:04:20.0814 4652 clr_optimization_v2.0.50727_64 - ok
12:04:20.0907 4652 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:04:20.0907 4652 clr_optimization_v4.0.30319_32 - ok
12:04:20.0954 4652 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:04:20.0954 4652 clr_optimization_v4.0.30319_64 - ok
12:04:21.0032 4652 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:04:21.0032 4652 CmBatt - ok
12:04:21.0079 4652 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:04:21.0079 4652 cmdide - ok
12:04:21.0126 4652 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:04:21.0141 4652 CNG - ok
12:04:21.0282 4652 CnxtHdAudService (20f3f8674d7dee5d90a352b775d5d5ba) C:\Windows\system32\drivers\CHDRT64.sys
12:04:21.0297 4652 CnxtHdAudService - ok
12:04:21.0391 4652 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:04:21.0391 4652 Compbatt - ok
12:04:21.0438 4652 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:04:21.0438 4652 CompositeBus - ok
12:04:21.0469 4652 COMSysApp - ok
12:04:21.0531 4652 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:04:21.0531 4652 crcdisk - ok
12:04:21.0578 4652 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
12:04:21.0594 4652 CryptSvc - ok
12:04:21.0703 4652 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
12:04:21.0718 4652 cvhsvc - ok
12:04:21.0812 4652 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:04:21.0828 4652 DcomLaunch - ok
12:04:21.0874 4652 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:04:21.0874 4652 defragsvc - ok
12:04:21.0937 4652 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:04:21.0952 4652 DfsC - ok
12:04:22.0015 4652 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:04:22.0015 4652 Dhcp - ok
12:04:22.0062 4652 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:04:22.0062 4652 discache - ok
12:04:22.0093 4652 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:04:22.0093 4652 Disk - ok
12:04:22.0202 4652 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\syswow64\Drivers\DKbFltr.sys
12:04:22.0202 4652 DKbFltr - ok
12:04:22.0296 4652 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:04:22.0296 4652 Dnscache - ok
12:04:22.0358 4652 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:04:22.0358 4652 dot3svc - ok
12:04:22.0405 4652 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:04:22.0420 4652 DPS - ok
12:04:22.0483 4652 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:04:22.0483 4652 drmkaud - ok
12:04:22.0545 4652 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:04:22.0561 4652 DXGKrnl - ok
12:04:22.0654 4652 EagleX64 - ok
12:04:22.0686 4652 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:04:22.0701 4652 EapHost - ok
12:04:22.0810 4652 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:04:22.0904 4652 ebdrv - ok
12:04:22.0998 4652 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:04:22.0998 4652 EFS - ok
12:04:23.0076 4652 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:04:23.0107 4652 ehRecvr - ok
12:04:23.0138 4652 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:04:23.0154 4652 ehSched - ok
12:04:23.0216 4652 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:04:23.0232 4652 elxstor - ok
12:04:23.0325 4652 ePowerSvc (d3fa244ef742b359093f8596011cb815) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
12:04:23.0356 4652 ePowerSvc - ok
12:04:23.0466 4652 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:04:23.0466 4652 ErrDev - ok
12:04:23.0590 4652 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:04:23.0606 4652 EventSystem - ok
12:04:23.0684 4652 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:04:23.0684 4652 exfat - ok
12:04:23.0715 4652 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:04:23.0715 4652 fastfat - ok
12:04:23.0809 4652 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:04:23.0824 4652 Fax - ok
12:04:23.0856 4652 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:04:23.0871 4652 fdc - ok
12:04:23.0918 4652 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:04:23.0918 4652 fdPHost - ok
12:04:23.0949 4652 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:04:23.0949 4652 FDResPub - ok
12:04:23.0980 4652 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:04:23.0996 4652 FileInfo - ok
12:04:24.0012 4652 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:04:24.0012 4652 Filetrace - ok
12:04:24.0043 4652 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:04:24.0043 4652 flpydisk - ok
12:04:24.0090 4652 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:04:24.0105 4652 FltMgr - ok
12:04:24.0168 4652 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:04:24.0214 4652 FontCache - ok
12:04:24.0292 4652 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:04:24.0292 4652 FontCache3.0.0.0 - ok
12:04:24.0355 4652 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:04:24.0370 4652 FsDepends - ok
12:04:24.0402 4652 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:04:24.0402 4652 Fs_Rec - ok
12:04:24.0464 4652 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:04:24.0480 4652 fvevol - ok
12:04:24.0495 4652 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:04:24.0495 4652 gagp30kx - ok
12:04:24.0589 4652 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
12:04:24.0604 4652 GameConsoleService - ok
12:04:24.0714 4652 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:04:24.0714 4652 GEARAspiWDM - ok
12:04:24.0792 4652 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:04:24.0823 4652 gpsvc - ok
12:04:24.0932 4652 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
12:04:24.0932 4652 GREGService - ok
12:04:25.0026 4652 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:04:25.0026 4652 hcw85cir - ok
12:04:25.0150 4652 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:04:25.0166 4652 HdAudAddService - ok
12:04:25.0291 4652 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:04:25.0291 4652 HDAudBus - ok
12:04:25.0369 4652 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:04:25.0384 4652 HidBatt - ok
12:04:25.0416 4652 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:04:25.0416 4652 HidBth - ok
12:04:25.0431 4652 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:04:25.0431 4652 HidIr - ok
12:04:25.0478 4652 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:04:25.0478 4652 hidserv - ok
12:04:25.0572 4652 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:04:25.0572 4652 HidUsb - ok
12:04:25.0603 4652 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:04:25.0618 4652 hkmsvc - ok
12:04:25.0665 4652 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:04:25.0665 4652 HomeGroupListener - ok
12:04:25.0728 4652 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:04:25.0728 4652 HomeGroupProvider - ok
12:04:25.0790 4652 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:04:25.0790 4652 HpSAMD - ok
12:04:25.0946 4652 HsfXAudioService (447256d1c026654c5cd3cc17e7b20631) C:\Windows\SysWOW64\XAudio64.dll
12:04:25.0946 4652 HsfXAudioService - ok
12:04:26.0071 4652 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
12:04:26.0118 4652 HSF_DPV - ok
12:04:26.0242 4652 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:04:26.0274 4652 HTTP - ok
12:04:26.0336 4652 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:04:26.0336 4652 hwpolicy - ok
12:04:26.0383 4652 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:04:26.0383 4652 i8042prt - ok
12:04:26.0445 4652 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:04:26.0461 4652 iaStorV - ok
12:04:26.0570 4652 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:04:26.0601 4652 idsvc - ok
12:04:26.0835 4652 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:04:27.0007 4652 igfx - ok
12:04:27.0116 4652 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:04:27.0116 4652 iirsp - ok
12:04:27.0225 4652 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:04:27.0256 4652 IKEEXT - ok
12:04:27.0334 4652 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:04:27.0350 4652 intelide - ok
12:04:27.0381 4652 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:04:27.0397 4652 intelppm - ok
12:04:27.0428 4652 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:04:27.0428 4652 IPBusEnum - ok
12:04:27.0475 4652 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:04:27.0475 4652 IpFilterDriver - ok
12:04:27.0568 4652 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:04:27.0584 4652 iphlpsvc - ok
12:04:27.0646 4652 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:04:27.0646 4652 IPMIDRV - ok
12:04:27.0693 4652 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:04:27.0693 4652 IPNAT - ok
12:04:27.0818 4652 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
12:04:27.0849 4652 iPod Service - ok
12:04:27.0958 4652 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:04:27.0958 4652 IRENUM - ok
12:04:28.0021 4652 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:04:28.0021 4652 isapnp - ok
12:04:28.0114 4652 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:04:28.0114 4652 iScsiPrt - ok
12:04:28.0161 4652 k57nd60a (12e27942dbb7c91880163634b0d8a776) C:\Windows\system32\DRIVERS\k57nd60a.sys
12:04:28.0177 4652 k57nd60a - ok
12:04:28.0317 4652 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
12:04:28.0317 4652 kbdclass - ok
12:04:28.0458 4652 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
12:04:28.0458 4652 kbdhid - ok
12:04:28.0536 4652 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:04:28.0536 4652 KeyIso - ok
12:04:28.0629 4652 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:04:28.0645 4652 KSecDD - ok
12:04:28.0692 4652 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:04:28.0692 4652 KSecPkg - ok
12:04:28.0816 4652 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:04:28.0816 4652 ksthunk - ok
12:04:28.0941 4652 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:04:28.0957 4652 KtmRm - ok
12:04:29.0035 4652 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
12:04:29.0035 4652 L1E - ok
12:04:29.0175 4652 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
12:04:29.0191 4652 LanmanServer - ok
12:04:29.0284 4652 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:04:29.0284 4652 LanmanWorkstation - ok
12:04:29.0440 4652 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:04:29.0440 4652 lltdio - ok
12:04:29.0565 4652 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:04:29.0581 4652 lltdsvc - ok
12:04:29.0643 4652 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:04:29.0643 4652 lmhosts - ok
12:04:29.0784 4652 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:04:29.0784 4652 LSI_FC - ok
12:04:29.0908 4652 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:04:29.0908 4652 LSI_SAS - ok
12:04:30.0002 4652 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:04:30.0002 4652 LSI_SAS2 - ok
12:04:30.0064 4652 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:04:30.0064 4652 LSI_SCSI - ok
12:04:30.0158 4652 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:04:30.0158 4652 luafv - ok
12:04:30.0314 4652 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
12:04:30.0314 4652 MBAMProtector - ok
12:04:30.0439 4652 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:04:30.0454 4652 MBAMService - ok
12:04:30.0548 4652 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:04:30.0564 4652 Mcx2Svc - ok
12:04:30.0626 4652 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
12:04:30.0626 4652 mdmxsdk - ok
12:04:30.0766 4652 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:04:30.0766 4652 megasas - ok
12:04:30.0891 4652 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:04:30.0907 4652 MegaSR - ok
12:04:31.0047 4652 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
12:04:31.0063 4652 Microsoft Office Groove Audit Service - ok
12:04:31.0156 4652 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:04:31.0172 4652 MMCSS - ok
12:04:31.0281 4652 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:04:31.0281 4652 Modem - ok
12:04:31.0375 4652 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:04:31.0375 4652 monitor - ok
12:04:31.0531 4652 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:04:31.0531 4652 mouclass - ok
12:04:31.0671 4652 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:04:31.0671 4652 mouhid - ok
12:04:31.0780 4652 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:04:31.0780 4652 mountmgr - ok
12:04:31.0874 4652 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:04:31.0890 4652 mpio - ok
12:04:31.0968 4652 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:04:31.0983 4652 mpsdrv - ok
12:04:32.0186 4652 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:04:32.0217 4652 MpsSvc - ok
12:04:32.0358 4652 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:04:32.0358 4652 MRxDAV - ok
12:04:32.0467 4652 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:04:32.0467 4652 mrxsmb - ok
12:04:32.0576 4652 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:04:32.0576 4652 mrxsmb10 - ok
12:04:32.0732 4652 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:04:32.0732 4652 mrxsmb20 - ok
12:04:32.0841 4652 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:04:32.0841 4652 msahci - ok
12:04:32.0950 4652 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:04:32.0950 4652 msdsm - ok
12:04:33.0044 4652 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:04:33.0044 4652 MSDTC - ok
12:04:33.0169 4652 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:04:33.0169 4652 Msfs - ok
12:04:33.0294 4652 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:04:33.0309 4652 mshidkmdf - ok
12:04:33.0418 4652 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:04:33.0434 4652 msisadrv - ok
12:04:33.0574 4652 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:04:33.0590 4652 MSiSCSI - ok
12:04:33.0621 4652 msiserver - ok
12:04:33.0730 4652 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:04:33.0730 4652 MSKSSRV - ok
12:04:33.0855 4652 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:04:33.0855 4652 MSPCLOCK - ok
12:04:33.0996 4652 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:04:33.0996 4652 MSPQM - ok
12:04:34.0136 4652 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:04:34.0152 4652 MsRPC - ok
12:04:34.0245 4652 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:04:34.0245 4652 mssmbios - ok
12:04:34.0401 4652 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:04:34.0401 4652 MSTEE - ok
12:04:34.0479 4652 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:04:34.0479 4652 MTConfig - ok
12:04:34.0604 4652 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:04:34.0604 4652 Mup - ok
12:04:34.0666 4652 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:04:34.0682 4652 napagent - ok
12:04:34.0838 4652 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:04:34.0838 4652 NativeWifiP - ok
12:04:35.0010 4652 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:04:35.0041 4652 NDIS - ok
12:04:35.0181 4652 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:04:35.0181 4652 NdisCap - ok
12:04:35.0275 4652 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:04:35.0275 4652 NdisTapi - ok
12:04:35.0384 4652 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:04:35.0384 4652 Ndisuio - ok
12:04:35.0431 4652 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:04:35.0446 4652 NdisWan - ok
12:04:35.0478 4652 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:04:35.0478 4652 NDProxy - ok
12:04:35.0602 4652 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:04:35.0602 4652 NetBIOS - ok
12:04:35.0743 4652 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:04:35.0743 4652 NetBT - ok
12:04:35.0883 4652 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:04:35.0883 4652 Netlogon - ok
12:04:36.0039 4652 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:04:36.0039 4652 Netman - ok
12:04:36.0164 4652 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:04:36.0180 4652 netprofm - ok
12:04:36.0304 4652 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:04:36.0304 4652 NetTcpPortSharing - ok
12:04:36.0460 4652 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:04:36.0460 4652 nfrd960 - ok
12:04:36.0601 4652 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:04:36.0616 4652 NlaSvc - ok
12:04:36.0788 4652 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
12:04:36.0866 4652 NOBU - ok
12:04:37.0006 4652 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:04:37.0006 4652 Npfs - ok
12:04:37.0116 4652 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:04:37.0116 4652 nsi - ok
12:04:37.0194 4652 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:04:37.0194 4652 nsiproxy - ok
12:04:37.0365 4652 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:04:37.0428 4652 Ntfs - ok
12:04:37.0506 4652 NTI IScheduleSvc (9a308fcdcca98a15b6f62d36a272160e) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
12:04:37.0521 4652 NTI IScheduleSvc - ok
12:04:37.0615 4652 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
12:04:37.0615 4652 NTIDrvr - ok
12:04:37.0740 4652 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:04:37.0740 4652 Null - ok
12:04:37.0864 4652 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:04:37.0864 4652 nvraid - ok
12:04:38.0005 4652 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:04:38.0020 4652 nvstor - ok
12:04:38.0145 4652 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:04:38.0145 4652 nv_agp - ok
12:04:38.0286 4652 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:04:38.0317 4652 odserv - ok
12:04:38.0442 4652 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:04:38.0442 4652 ohci1394 - ok
12:04:38.0520 4652 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:04:38.0535 4652 ose - ok
12:04:38.0769 4652 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:04:38.0847 4652 osppsvc - ok
12:04:38.0988 4652 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:04:38.0988 4652 p2pimsvc - ok
12:04:39.0097 4652 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:04:39.0112 4652 p2psvc - ok
12:04:39.0237 4652 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:04:39.0237 4652 Parport - ok
12:04:39.0362 4652 Partizan - ok
12:04:39.0456 4652 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:04:39.0456 4652 partmgr - ok
12:04:39.0580 4652 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:04:39.0580 4652 PcaSvc - ok
12:04:39.0721 4652 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:04:39.0736 4652 pci - ok
12:04:39.0814 4652 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:04:39.0814 4652 pciide - ok
12:04:39.0955 4652 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:04:39.0970 4652 pcmcia - ok
12:04:40.0048 4652 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:04:40.0048 4652 pcw - ok
12:04:40.0173 4652 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:04:40.0189 4652 PEAUTH - ok
12:04:40.0329 4652 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:04:40.0329 4652 PerfHost - ok
12:04:40.0516 4652 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:04:40.0563 4652 pla - ok
12:04:40.0719 4652 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:04:40.0719 4652 PlugPlay - ok
12:04:40.0813 4652 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:04:40.0813 4652 PNRPAutoReg - ok
12:04:40.0969 4652 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:04:40.0969 4652 PNRPsvc - ok
12:04:41.0140 4652 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:04:41.0156 4652 PolicyAgent - ok
12:04:41.0296 4652 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:04:41.0312 4652 Power - ok
12:04:41.0468 4652 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:04:41.0468 4652 PptpMiniport - ok
12:04:41.0562 4652 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:04:41.0562 4652 Processor - ok
12:04:41.0671 4652 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
12:04:41.0686 4652 ProfSvc - ok
12:04:41.0811 4652 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:04:41.0811 4652 ProtectedStorage - ok
12:04:41.0967 4652 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:04:41.0967 4652 Psched - ok
12:04:42.0123 4652 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:04:42.0186 4652 ql2300 - ok
12:04:42.0342 4652 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:04:42.0342 4652 ql40xx - ok
12:04:42.0498 4652 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:04:42.0498 4652 QWAVE - ok
12:04:42.0654 4652 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:04:42.0654 4652 QWAVEdrv - ok
12:04:42.0778 4652 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:04:42.0794 4652 RasAcd - ok
12:04:42.0888 4652 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:04:42.0903 4652 RasAgileVpn - ok
12:04:43.0012 4652 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:04:43.0028 4652 RasAuto - ok
12:04:43.0168 4652 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:04:43.0168 4652 Rasl2tp - ok
12:04:43.0309 4652 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:04:43.0309 4652 RasMan - ok
12:04:43.0480 4652 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:04:43.0480 4652 RasPppoe - ok
12:04:43.0636 4652 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:04:43.0636 4652 RasSstp - ok
12:04:43.0792 4652 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:04:43.0808 4652 rdbss - ok
12:04:43.0964 4652 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:04:43.0964 4652 rdpbus - ok
12:04:44.0104 4652 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:04:44.0120 4652 RDPCDD - ok
12:04:44.0276 4652 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:04:44.0276 4652 RDPENCDD - ok
12:04:44.0385 4652 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:04:44.0385 4652 RDPREFMP - ok
12:04:44.0510 4652 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
12:04:44.0526 4652 RDPWD - ok
12:04:44.0666 4652 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:04:44.0666 4652 rdyboost - ok
12:04:44.0791 4652 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:04:44.0806 4652 RemoteAccess - ok
12:04:44.0916 4652 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:04:44.0916 4652 RemoteRegistry - ok
12:04:45.0072 4652 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:04:45.0072 4652 RpcEptMapper - ok
12:04:45.0228 4652 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:04:45.0228 4652 RpcLocator - ok
12:04:45.0368 4652 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:04:45.0368 4652 RpcSs - ok
12:04:45.0524 4652 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:04:45.0524 4652 rspndr - ok
12:04:45.0680 4652 RSUSBSTOR (db30aa4daa0d492fa5d7717d8181ffa1) C:\Windows\system32\Drivers\RtsUStor.sys
12:04:45.0696 4652 RSUSBSTOR - ok
12:04:45.0820 4652 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:04:45.0836 4652 SamSs - ok
12:04:45.0976 4652 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:04:45.0992 4652 sbp2port - ok
12:04:46.0086 4652 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:04:46.0086 4652 SCardSvr - ok
12:04:46.0242 4652 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:04:46.0242 4652 scfilter - ok
12:04:46.0413 4652 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:04:46.0460 4652 Schedule - ok
12:04:46.0647 4652 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:04:46.0647 4652 SCPolicySvc - ok
12:04:46.0803 4652 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:04:46.0803 4652 SDRSVC - ok
12:04:46.0975 4652 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:04:46.0975 4652 secdrv - ok
12:04:47.0100 4652 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:04:47.0115 4652 seclogon - ok
12:04:47.0178 4652 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
12:04:47.0193 4652 SENS - ok
12:04:47.0318 4652 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:04:47.0318 4652 SensrSvc - ok
12:04:47.0474 4652 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:04:47.0474 4652 Serenum - ok
12:04:47.0646 4652 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:04:47.0646 4652 Serial - ok
12:04:47.0786 4652 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:04:47.0786 4652 sermouse - ok
12:04:47.0942 4652 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:04:47.0942 4652 SessionEnv - ok
12:04:48.0098 4652 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:04:48.0098 4652 sffdisk - ok
12:04:48.0176 4652 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:04:48.0176 4652 sffp_mmc - ok
12:04:48.0285 4652 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:04:48.0285 4652 sffp_sd - ok
12:04:48.0394 4652 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:04:48.0394 4652 sfloppy - ok
12:04:48.0582 4652 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
12:04:48.0597 4652 Sftfs - ok
12:04:48.0706 4652 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
12:04:48.0722 4652 sftlist - ok
12:04:48.0878 4652 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
12:04:48.0894 4652 Sftplay - ok
12:04:49.0050 4652 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
12:04:49.0050 4652 Sftredir - ok
12:04:49.0159 4652 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
12:04:49.0159 4652 Sftvol - ok
12:04:49.0252 4652 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
12:04:49.0268 4652 sftvsa - ok
12:04:49.0424 4652 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:04:49.0440 4652 SharedAccess - ok
12:04:49.0627 4652 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:04:49.0627 4652 ShellHWDetection - ok
12:04:49.0814 4652 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:04:49.0814 4652 SiSRaid2 - ok
12:04:49.0954 4652 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:04:49.0954 4652 SiSRaid4 - ok
12:04:50.0126 4652 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:04:50.0126 4652 Smb - ok
12:04:50.0282 4652 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:04:50.0298 4652 SNMPTRAP - ok
12:04:50.0422 4652 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:04:50.0422 4652 spldr - ok
12:04:50.0532 4652 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:04:50.0563 4652 Spooler - ok
12:04:50.0781 4652 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:04:50.0890 4652 sppsvc - ok
12:04:51.0031 4652 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:04:51.0046 4652 sppuinotify - ok
12:04:51.0218 4652 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:04:51.0218 4652 srv - ok
12:04:51.0421 4652 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:04:51.0421 4652 srv2 - ok
12:04:51.0655 4652 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
12:04:51.0655 4652 SrvHsfHDA - ok
12:04:51.0826 4652 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
12:04:51.0873 4652 SrvHsfV92 - ok
12:04:52.0029 4652 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
12:04:52.0045 4652 SrvHsfWinac - ok
12:04:52.0185 4652 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:04:52.0185 4652 srvnet - ok
12:04:52.0310 4652 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:04:52.0326 4652 SSDPSRV - ok
12:04:52.0404 4652 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:04:52.0404 4652 SstpSvc - ok
12:04:52.0482 4652 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:04:52.0482 4652 stexstor - ok
12:04:52.0669 4652 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:04:52.0700 4652 stisvc - ok
12:04:52.0856 4652 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:04:52.0856 4652 swenum - ok
12:04:52.0981 4652 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:04:52.0996 4652 SwitchBoard - ok
12:04:53.0152 4652 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:04:53.0168 4652 swprv - ok
12:04:53.0340 4652 SynTP (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys
12:04:53.0340 4652 SynTP - ok
12:04:53.0527 4652 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:04:53.0605 4652 SysMain - ok
12:04:53.0776 4652 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:04:53.0792 4652 TabletInputService - ok
12:04:53.0948 4652 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:04:53.0964 4652 TapiSrv - ok
12:04:54.0104 4652 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:04:54.0104 4652 TBS - ok
12:04:54.0322 4652 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
12:04:54.0385 4652 Tcpip - ok
12:04:54.0603 4652 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
12:04:54.0634 4652 TCPIP6 - ok
12:04:54.0790 4652 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:04:54.0790 4652 tcpipreg - ok
12:04:54.0946 4652 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:04:54.0946 4652 TDPIPE - ok
12:04:55.0118 4652 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:04:55.0118 4652 TDTCP - ok
12:04:55.0305 4652 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:04:55.0305 4652 tdx - ok
12:04:55.0461 4652 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:04:55.0461 4652 TermDD - ok
12:04:55.0570 4652 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:04:55.0602 4652 TermService - ok
12:04:55.0742 4652 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:04:55.0742 4652 Themes - ok
12:04:55.0867 4652 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:04:55.0867 4652 THREADORDER - ok
12:04:56.0007 4652 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:04:56.0023 4652 TrkWks - ok
12:04:56.0132 4652 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:04:56.0132 4652 TrustedInstaller - ok
12:04:56.0226 4652 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:04:56.0226 4652 tssecsrv - ok
12:04:56.0335 4652 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:04:56.0335 4652 TsUsbFlt - ok
12:04:56.0506 4652 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:04:56.0522 4652 tunnel - ok
12:04:56.0631 4652 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:04:56.0631 4652 uagp35 - ok
12:04:56.0772 4652 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
12:04:56.0772 4652 UBHelper - ok
12:04:56.0896 4652 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:04:56.0912 4652 udfs - ok
12:04:57.0037 4652 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:04:57.0037 4652 UI0Detect - ok
12:04:57.0177 4652 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:04:57.0177 4652 uliagpkx - ok
12:04:57.0333 4652 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:04:57.0333 4652 umbus - ok
12:04:57.0442 4652 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:04:57.0442 4652 UmPass - ok
12:04:57.0552 4652 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
12:04:57.0567 4652 Updater Service - ok
12:04:57.0708 4652 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:04:57.0723 4652 upnphost - ok
12:04:57.0879 4652 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
12:04:57.0879 4652 USBAAPL64 - ok
12:04:57.0988 4652 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:04:57.0988 4652 usbccgp - ok
12:04:58.0144 4652 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:04:58.0144 4652 usbcir - ok
12:04:58.0269 4652 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:04:58.0269 4652 usbehci - ok
12:04:58.0410 4652 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
12:04:58.0410 4652 usbfilter - ok
12:04:58.0581 4652 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:04:58.0581 4652 usbhub - ok
12:04:58.0690 4652 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
12:04:58.0690 4652 usbohci - ok
12:04:58.0800 4652 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:04:58.0800 4652 usbprint - ok
12:04:58.0971 4652 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:04:58.0971 4652 usbscan - ok
12:04:59.0080 4652 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:04:59.0080 4652 USBSTOR - ok
12:04:59.0190 4652 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:04:59.0190 4652 usbuhci - ok
12:04:59.0330 4652 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
12:04:59.0330 4652 usbvideo - ok
12:04:59.0424 4652 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:04:59.0439 4652 UxSms - ok
12:04:59.0564 4652 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:04:59.0564 4652 VaultSvc - ok
12:04:59.0736 4652 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:04:59.0736 4652 vdrvroot - ok
12:04:59.0876 4652 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:04:59.0892 4652 vds - ok
12:05:00.0079 4652 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:05:00.0079 4652 vga - ok
12:05:00.0219 4652 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:05:00.0219 4652 VgaSave - ok
12:05:00.0375 4652 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:05:00.0375 4652 vhdmp - ok
12:05:00.0500 4652 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:05:00.0500 4652 viaide - ok
12:05:00.0594 4652 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:05:00.0594 4652 volmgr - ok
12:05:00.0718 4652 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:05:00.0718 4652 volmgrx - ok
12:05:00.0828 4652 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:05:00.0828 4652 volsnap - ok
12:05:00.0937 4652 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:05:00.0937 4652 vsmraid - ok
12:05:01.0093 4652 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:05:01.0155 4652 VSS - ok
12:05:01.0264 4652 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:05:01.0264 4652 vwifibus - ok
12:05:01.0405 4652 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:05:01.0405 4652 vwififlt - ok
12:05:01.0530 4652 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:05:01.0545 4652 W32Time - ok
12:05:01.0701 4652 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:05:01.0701 4652 WacomPen - ok
12:05:01.0857 4652 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:05:01.0857 4652 WANARP - ok
12:05:01.0873 4652 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:05:01.0888 4652 Wanarpv6 - ok
12:05:02.0076 4652 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:05:02.0122 4652 WatAdminSvc - ok
12:05:02.0294 4652 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:05:02.0356 4652 wbengine - ok
12:05:02.0497 4652 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:05:02.0497 4652 WbioSrvc - ok
12:05:02.0856 4652 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:05:02.0871 4652 wcncsvc - ok
12:05:02.0887 4652 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:05:02.0902 4652 WcsPlugInService - ok
12:05:03.0074 4652 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:05:03.0074 4652 Wd - ok
12:05:03.0246 4652 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:05:03.0261 4652 Wdf01000 - ok
12:05:03.0402 4652 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:05:03.0417 4652 WdiServiceHost - ok
12:05:03.0417 4652 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:05:03.0417 4652 WdiSystemHost - ok
12:05:03.0573 4652 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:05:03.0589 4652 WebClient - ok
12:05:03.0698 4652 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:05:03.0714 4652 Wecsvc - ok
12:05:03.0838 4652 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:05:03.0854 4652 wercplsupport - ok
12:05:04.0010 4652 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:05:04.0026 4652 WerSvc - ok
12:05:04.0182 4652 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:05:04.0197 4652 WfpLwf - ok
12:05:04.0338 4652 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:05:04.0338 4652 WIMMount - ok
12:05:04.0509 4652 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
12:05:04.0540 4652 winachsf - ok
12:05:04.0618 4652 WinDefend - ok
12:05:04.0634 4652 WinHttpAutoProxySvc - ok
12:05:04.0774 4652 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:05:04.0790 4652 Winmgmt - ok
12:05:04.0977 4652 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:05:05.0040 4652 WinRM - ok
12:05:05.0227 4652 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:05:05.0227 4652 WinUsb - ok
12:05:05.0398 4652 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:05:05.0430 4652 Wlansvc - ok
12:05:05.0648 4652 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:05:05.0679 4652 wlidsvc - ok
12:05:05.0866 4652 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:05:05.0866 4652 WmiAcpi - ok
12:05:06.0022 4652 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:05:06.0038 4652 wmiApSrv - ok
12:05:06.0085 4652 WMPNetworkSvc - ok
12:05:06.0210 4652 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:05:06.0225 4652 WPCSvc - ok
12:05:06.0350 4652 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:05:06.0366 4652 WPDBusEnum - ok
12:05:06.0490 4652 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:05:06.0490 4652 ws2ifsl - ok
12:05:06.0646 4652 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
12:05:06.0646 4652 wscsvc - ok
12:05:06.0740 4652 WSearch - ok
12:05:06.0865 4652 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
12:05:06.0943 4652 wuauserv - ok
12:05:07.0114 4652 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:05:07.0114 4652 WudfPf - ok
12:05:07.0286 4652 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:05:07.0302 4652 WUDFRd - ok
12:05:07.0442 4652 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:05:07.0458 4652 wudfsvc - ok
12:05:07.0629 4652 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:05:07.0629 4652 WwanSvc - ok
12:05:07.0785 4652 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
12:05:07.0785 4652 XAudio - ok
12:05:07.0832 4652 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:05:07.0988 4652 \Device\Harddisk0\DR0 - ok
12:05:07.0988 4652 Boot (0x1200) (fa0f1847acf13ee4a3f5aa98a99e4b70) \Device\Harddisk0\DR0\Partition0
12:05:07.0988 4652 \Device\Harddisk0\DR0\Partition0 - ok
12:05:08.0004 4652 Boot (0x1200) (32dc0dc4feb1942fdb2361d978977b76) \Device\Harddisk0\DR0\Partition1
12:05:08.0004 4652 \Device\Harddisk0\DR0\Partition1 - ok
12:05:08.0019 4652 ============================================================
12:05:08.0019 4652 Scan finished
12:05:08.0019 4652 ============================================================
12:05:08.0035 4576 Detected object count: 1
12:05:08.0035 4576 Actual detected object count: 1
12:06:58.0759 4576 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
12:06:58.0759 4576 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

And this is the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-02 12:10:29
-----------------------------
12:10:29.817 OS Version: Windows x64 6.1.7601 Service Pack 1
12:10:29.817 Number of processors: 2 586 0x602
12:10:29.817 ComputerName: OWNER-PC UserName: Kenneth
12:10:31.237 Initialize success
12:22:08.118 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:22:08.134 Disk 0 Vendor: WDC_WD5000BEVT-22A0RT0 01.01A01 Size: 476940MB BusType: 11
12:22:08.149 Disk 0 MBR read successfully
12:22:08.149 Disk 0 MBR scan
12:22:08.149 Disk 0 Windows VISTA default MBR code
12:22:08.165 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13000 MB offset 2048
12:22:08.196 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 26626048
12:22:08.196 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 463838 MB offset 26830848
12:22:08.243 Disk 0 scanning C:\Windows\system32\drivers
12:22:15.918 Service scanning
12:23:08.008 Modules scanning
12:23:08.023 Disk 0 trace - called modules:
12:23:08.070 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
12:23:08.070 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a73060]
12:23:08.086 3 CLASSPNP.SYS[fffff8800195043f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80045cd060]
12:23:08.101 Scan finished successfully
12:23:25.214 Disk 0 MBR has been saved successfully to "C:\Users\Kenneth\Desktop\MBR.dat"
12:23:25.230 The log file has been saved successfully to "C:\Users\Kenneth\Desktop\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users