Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Hapili re-direct and S.M.A.R.T. HDD


  • This topic is locked This topic is locked
46 replies to this topic

#1 grizz8884

grizz8884

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 03 April 2012 - 07:51 PM

Started yesterday, and only getting worse. I'm getting redirected on google searches (not Yahoo, yet) and Smart HDD along with other fake anti-viruses are doing fake scans. Firefox then shut down and blocked it from running, stating it is infected by said fake anti-virus program. Was able to get here via Safe Mode w/ Networking.

I'm familiar with HijackThis and Combofix somewhat, but I'm taking no chances. Any help would be much appreciated!

Attached is HJT log.


Thanks mucho!

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:04 AM

Posted 04 April 2012 - 05:10 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 grizz8884

grizz8884
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 04 April 2012 - 11:25 PM

DDS.TXT:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Rachel at 21:18:47 on 2012-04-04
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.3255 [GMT -7:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Windows\system32\ctfmon.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.att.net
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: HP SimplePass Identity Protection Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - C:\Program Files (x86)\DigitalPersona\Bin\dpotspluginie8.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "C:\Users\Rachel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [EPSON Stylus CX4800 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIADA.EXE /FU "C:\Windows\TEMP\E_S2E7C.tmp" /EF "HKCU"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [EPSON WorkForce 320 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGJA.EXE /FU "C:\Windows\TEMP\E_S1EF5.tmp" /EF "HKCU"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Update] rundll32.exe "C:\Users\Rachel\AppData\Roaming\Adobe\Adobe\vmvsz.dll",DllRegisterServer
uRun: [Internet Security] C:\ProgramData\isecurity.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
mRun: [wtteGLkxtw.exe] C:\ProgramData\wtteGLkxtw.exe
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
Trusted Zone: $talisma_url$
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D272C9CA-1169-4F64-9827-EF3F8FA6F49D} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D272C9CA-1169-4F64-9827-EF3F8FA6F49D}\070756C647F627F6D27657563747 : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.33.1
TCP: Interfaces\{D272C9CA-1169-4F64-9827-EF3F8FA6F49D}\2656C6B696E6E2031646E2537484A7 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D272C9CA-1169-4F64-9827-EF3F8FA6F49D}\46C696E6B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D272C9CA-1169-4F64-9827-EF3F8FA6F49D}\C4D4E45423 : DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{D272C9CA-1169-4F64-9827-EF3F8FA6F49D}\D4572746970294E6475627E65647D27657563747 : DhcpNameServer = 192.168.0.1 68.94.156.1
TCP: Interfaces\{D272C9CA-1169-4F64-9827-EF3F8FA6F49D}\D457E637F6E6D27657563747 : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{D272C9CA-1169-4F64-9827-EF3F8FA6F49D}\D647C6133393230313 : DhcpNameServer = 204.130.255.3 209.63.0.6
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
LSA: Notification Packages = DPPassFilter scecli
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: HP SimplePass Identity Protection Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\dpotspluginie8.dll
BHO-X64: HP SimplePass Identity Protection Extension - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun-x64: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun-x64: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
mRun-x64: [wtteGLkxtw.exe] C:\ProgramData\wtteGLkxtw.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
Hosts: 94.63.147.16 www.google.com
Hosts: 94.63.147.17 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\dc28vcr9.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search_vltv.aspx?srch=ku&q=
FF - component: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\components\dpffcli.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\nphdplg.dll
FF - plugin: C:\Users\Rachel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Rachel\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Rachel\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101104.001\BHDrvx64.sys [2010-11-3 953904]
S1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys --> C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [?]
S1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys --> C:\Windows\system32\DRIVERS\dvmio.sys [?]
S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101108.002\IDSviA64.sys [2010-10-19 476720]
S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [?]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [?]
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe [2009-3-3 89600]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2012-2-1 181760]
S2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2012-2-1 55296]
S2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
S2 DML Service;DML Service;C:\Users\Rachel\AppData\Roaming\Document Systems, Inc\DocMagic Online\bin\dmlsvc.exe [2010-12-18 296608]
S2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-3-5 338168]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-10-30 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-10-30 128512]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10 136176]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-1-27 102968]
S2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
S2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
S2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-2-1 517632]
S2 McciServiceHost;McciServiceHost;C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe [2012-2-1 315392]
S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe [2011-10-11 126400]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S2 sxuptp;SXUPTP Driver;C:\Windows\system32\DRIVERS\sxuptp.sys --> C:\Windows\system32\DRIVERS\sxuptp.sys [?]
S2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-1-6 1791280]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-9-11 132656]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-04-05 02:24:10 -------- d-----w- C:\ProgramData\Recovery
2012-04-04 00:31:49 -------- d-----w- C:\Users\Rachel\AppData\Local\ElevatedDiagnostics
2012-04-04 00:25:17 866816 ----a-w- C:\ProgramData\isecurity.exe
2012-04-04 00:12:45 221696 ----a-w- C:\ProgramData\VHkntEBmFPbgYo.exe
2012-04-03 02:04:33 299520 ----a-w- C:\ProgramData\wtteGLkxtw.exe
2012-04-03 02:02:56 -------- d-----we C:\Windows\system64
2012-04-03 01:12:05 20480 ----a-w- C:\Windows\svchost.exe
2012-04-03 01:08:50 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\67E3.tmp
2012-04-03 01:08:50 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\67C2.tmp
2012-03-14 16:34:30 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 16:34:30 3957616 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 16:34:29 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-13 23:36:18 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-03-13 23:36:16 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-13 23:36:15 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-03-13 23:36:15 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-03-13 23:36:15 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-03-13 23:36:15 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-03-13 23:36:15 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-03-13 23:36:15 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-03-13 23:36:15 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-03-13 23:36:15 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-03-13 23:36:15 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-13 23:34:49 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-13 23:34:49 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 23:34:49 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-13 23:34:46 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 23:34:46 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 23:34:46 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-13 23:34:46 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
.
==================== Find3M ====================
.
.
============= FINISH: 21:22:29.87 ===============

#4 grizz8884

grizz8884
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 04 April 2012 - 11:27 PM

Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/10/2010 4:29:02 PM
System Uptime: 4/4/2012 9:15:08 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 143F
Processor: AMD Phenom™ II N620 Dual-Core Processor | Socket S1G4 | 2793/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 445 GiB total, 367.278 GiB free.
D: is FIXED (NTFS) - 21 GiB total, 2.99 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.091 GiB free.
F: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Consumer IR Devices
Device ID: ROOT\SYSTEM\0001
Manufacturer: Microsoft
Name: Consumer IR Devices
PNP Device ID: ROOT\SYSTEM\0001
Service: circlass
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: SXUPTP Driver
Device ID: ROOT\SYSTEM\0002
Manufacturer: Belkin International, Inc.
Name: SXUPTP Driver
PNP Device ID: ROOT\SYSTEM\0002
Service: sxuptp
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Symantec Vista Network Dispatch Driver
Device ID: ROOT\LEGACY_SYMTDIV\0000
Manufacturer:
Name: Symantec Vista Network Dispatch Driver
PNP Device ID: ROOT\LEGACY_SYMTDIV\0000
Service: SYMTDIv
.
==== System Restore Points ===================
.
RP94: 1/13/2012 8:44:41 AM - Windows Update
RP95: 1/14/2012 6:10:21 PM - HPSF Restore Point
RP96: 1/15/2012 7:41:15 AM - Windows Update
RP97: 1/24/2012 1:40:36 PM - Scheduled Checkpoint
RP98: 2/1/2012 2:17:01 PM - Device Driver Package Install: Belkin International, Inc. System devices
RP99: 2/7/2012 6:11:35 AM - Windows Update
RP100: 2/15/2012 4:55:24 PM - Scheduled Checkpoint
RP101: 2/16/2012 5:47:07 AM - Windows Update
RP102: 3/7/2012 5:29:55 AM - Windows Update
RP103: 3/13/2012 11:00:09 AM - Windows Update
RP104: 3/14/2012 9:32:39 AM - Windows Update
RP105: 3/25/2012 10:44:56 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1 MUI
Adobe Shockwave Player
Amazon Kindle For PC
AMD USB Filter Driver
Apple Application Support
Apple Software Update
AT&T Troubleshoot & Resolve Tool
Atheros Driver Installation Program
Bejeweled 2 Deluxe
Belkin Setup and Router Monitor
Bing Bar
Blackhawk Striker 2
Blasterball 3
Build-a-lot 2
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CinemaNow Media Manager
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
DVD Menu Pack for HP MediaSmart Video
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
Escape Rosecliff Island
ESU for Microsoft Windows 7
Faerie Solitaire
FATE
Google Chrome
Google Talk Plugin
Google Update Helper
HP Advisor
HP Customer Experience Enhancements
HP DVB-T TV Tuner 8.0.64.43
HP Game Console
HP Games
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Internet TV
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MediaSmart Webcam
HP MediaSmart/TouchSmart Netflix
HP Photo Creations
HP Power Plan Utility
HP QuickWeb Installer
HP Setup
HP Software Framework
HP Support Assistant
HP Update
HP User Guides 0193
HPAsset component for HP Active Support Library
Hulu Desktop
IDT Audio
Java Auto Updater
Java™ 6 Update 24
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
KODAK Share Button App
LabelPrint
LightScribe System Software
Magic Inpainter Express
McAfee Security Scan Plus
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office Home and Business 2010 - English
Microsoft Office Home and Student 2010 - English
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft WSE 3.0 Runtime
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The New York Fortune
Norton Internet Security
Norton Online Backup
Penguins!
PhotoNow!
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver For Windows 7
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Recovery Manager
Roxio CinemaNow 2.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Skype Toolbars
Skype™ 5.1
SopCast 3.3.2
TextTwist 2
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Video Mover
Virtual Families
Virtual Villagers - The Secret City
Wheel of Fortune 2
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
4/4/2012 9:16:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/4/2012 9:16:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/4/2012 9:16:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/4/2012 9:16:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/4/2012 9:15:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccHP discache DVMIO eeCtrl IDSVia64 spldr SRTSPX SymIRON SYMTDIv Wanarpv6
4/4/2012 9:15:50 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
4/4/2012 9:15:49 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
4/4/2012 9:15:49 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
4/4/2012 9:15:49 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/4/2012 7:04:39 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002fb2f2a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040412-37939-01.
4/4/2012 7:02:22 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
4/4/2012 1:20:31 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002c65ef5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040412-43914-01.
4/4/2012 1:17:58 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002f66f2a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040412-45162-01.
4/3/2012 8:23:10 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
4/3/2012 8:23:10 AM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/2/2012 6:08:53 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
4/2/2012 5:44:03 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer ROUTER that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D272C9CA-1169-4F64-9827-EF3F8FA6F49D}. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================

#5 grizz8884

grizz8884
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 04 April 2012 - 11:34 PM

First off, thanks for the help, Gringo. This is much appreciated for what you are doing for me, and others unlucky such as I.

As far as the computer goes, it is still doing things such as performing fake internet security scans, as well as SMART HDD prompts/scans. I also noticed that none of the applications I previously had pinned to my Windows 7 are pinned. Also, there are no more shortcuts when I press the start buttion; only the search bar, all programs option, and Kindle for PC shortcut. However, I can get around to my C-drive by searching for my docs and going from there.

Also, it seems that things have gotten a bit worse, when I booted this computer up through normal means it lasted all of 15-30 seconds before blue screening and restarting/shutting down.

Also have had my laptop overclock more often and actually shut off because of overheating. Prob a hardware problem with HP?

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:04 AM

Posted 04 April 2012 - 11:43 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 grizz8884

grizz8884
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 05 April 2012 - 12:06 PM

ComboFix 12-04-05.06 - Rachel 04/05/2012 9:07.2.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.3284 [GMT -7:00]
Running from: c:\users\Rachel\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\isecurity.exe
c:\programdata\VHkntEBmFPbgYo
c:\programdata\VHkntEBmFPbgYo.exe
c:\programdata\wtteGLkxtw.exe
c:\users\Rachel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{521AEED3-63C5-4CE7-9199-EC60827D72DF}.xps
c:\users\Rachel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6DC81DEA-EDEF-4A5E-8E3A-1911F1E0DB8B}.xps
c:\users\Rachel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F0DBED69-1AE8-40FA-BD12-2221C3DFC332}.xps
c:\users\Rachel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F73BC61D-932D-4E50-8856-2FBB0CE354F0}.xps
c:\users\Rachel\AppData\Roaming\Adobe\Adobe\vmvsz.dll
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\svchost.exe
c:\windows\system32\consrv.dll
c:\windows\system32\drivers\etc\lmhosts
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2012-03-05 to 2012-04-05 )))))))))))))))))))))))))))))))
.
.
2012-04-05 16:16 . 2012-04-05 16:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-05 02:24 . 2012-04-05 02:24 -------- d-----w- c:\programdata\Recovery
2012-04-04 00:31 . 2012-04-04 00:31 -------- d-----w- c:\users\Rachel\AppData\Local\ElevatedDiagnostics
2012-04-03 02:01 . 2012-04-03 02:01 -------- d-----w- c:\windows\Sun
2012-04-03 01:08 . 2012-04-03 01:08 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\67E3.tmp
2012-04-03 01:08 . 2012-04-03 01:08 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\67C2.tmp
2012-03-14 16:34 . 2011-11-19 18:30 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 16:34 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 16:34 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 23:36 . 2012-02-03 04:16 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 23:36 . 2012-02-10 06:18 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 23:36 . 2012-02-10 06:17 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-13 23:36 . 2012-02-10 06:17 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-13 23:36 . 2012-02-10 06:17 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-13 23:36 . 2012-02-10 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-13 23:36 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 23:36 . 2012-02-10 05:41 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-03-13 23:36 . 2012-02-10 05:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-03-13 23:36 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-03-13 23:36 . 2012-02-10 05:41 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-13 23:34 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 23:34 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 23:34 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 23:34 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 23:34 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 23:34 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 23:34 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-27 15026056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-16 98304]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-01-25 274608]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10 136176]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101104.001\BHDrvx64.sys [2010-11-04 953904]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101108.002\IDSvia64.sys [2010-10-19 476720]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2011-04-20 181760]
S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-02-09 55296]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DML Service;DML Service;c:\users\Rachel\AppData\Roaming\Document Systems, Inc\DocMagic Online\bin\dmlsvc.exe [2010-12-18 296608]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-03-06 338168]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-05-04 517632]
S2 McciServiceHost;McciServiceHost;c:\program files (x86)\Common Files\Motive\McciServiceHost.exe [2011-09-09 315392]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [2011-08-04 126400]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-01-06 2184496]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-09-11 132656]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 18:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10 20:33]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10 20:33]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2249549834-3871935163-4058637027-1000Core.job
- c:\users\Rachel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-14 20:33]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2249549834-3871935163-4058637027-1000UA.job
- c:\users\Rachel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-14 20:33]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-01 487424]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-04-25 172032]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 3453440]
"combofix"="c:\combofix\CF16935.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\dc28vcr9.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search_vltv.aspx?srch=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKCU-Run-Internet Security - c:\programdata\isecurity.exe
Wow6432Node-HKLM-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
Wow6432Node-HKLM-Run-wtteGLkxtw.exe - c:\programdata\wtteGLkxtw.exe
Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{495A8A3C-8FD0-4C46-9979-95C26181A1AB} - c:\program files (x86)\InstallShield Installation Information\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2249549834-3871935163-4058637027-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*§ U%]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2249549834-3871935163-4058637027-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*§ U%\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\DigitalPersona\Bin\DPAgent.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Kodak\KODAK Share Button App\Listener.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
.
**************************************************************************
.
Completion time: 2012-04-05 09:33:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-05 16:33
.
Pre-Run: 395,519,668,224 bytes free
Post-Run: 395,071,864,832 bytes free
.
- - End Of File - - E822D27D22E5B3105AB37F974FB03FFB

#8 grizz8884

grizz8884
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 05 April 2012 - 12:11 PM

Came across a problem the first time, ran Combofix as directed and my CPU BSOD at stage 3. Started it again and it was able to complete this time around.

On the good side, I can now get on the internet without having to be in safe mode and I get no more SMART HDD and Internet Security prompts/scans. The Documents/MyComputer etc options are back up on my start button now.

But on the bad side, I'm still being redirected in Google, but not in Yahoo like before. This doesn't happen in Safe Mode, I noticed. None of my pinned programs are pinned like I've mentioned before, and the same popular programs are not listed in the start button except for Kindle for PC. Computer is also slower to boot, as usual, same with internet at some point.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:04 AM

Posted 05 April 2012 - 12:32 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 grizz8884

grizz8884
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 05 April 2012 - 03:43 PM

12:39:14.0836 3964 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
12:39:15.0607 3964 ============================================================
12:39:15.0607 3964 Current date / time: 2012/04/05 12:39:15.0607
12:39:15.0607 3964 SystemInfo:
12:39:15.0607 3964
12:39:15.0607 3964 OS Version: 6.1.7600 ServicePack: 0.0
12:39:15.0607 3964 Product type: Workstation
12:39:15.0607 3964 ComputerName: RACHEL-PC
12:39:15.0607 3964 UserName: Rachel
12:39:15.0607 3964 Windows directory: C:\Windows
12:39:15.0607 3964 System windows directory: C:\Windows
12:39:15.0607 3964 Running under WOW64
12:39:15.0607 3964 Processor architecture: Intel x64
12:39:15.0607 3964 Number of processors: 2
12:39:15.0607 3964 Page size: 0x1000
12:39:15.0607 3964 Boot type: Normal boot
12:39:15.0607 3964 ============================================================
12:39:17.0071 3964 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:39:17.0074 3964 \Device\Harddisk0\DR0:
12:39:17.0075 3964 MBR used
12:39:17.0075 3964 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
12:39:17.0075 3964 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x379D4000
12:39:17.0075 3964 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x37A38000, BlocksNum 0x291A000
12:39:17.0075 3964 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
12:39:17.0198 3964 Initialize success
12:39:17.0198 3964 ============================================================
12:39:28.0950 8056 ============================================================
12:39:28.0950 8056 Scan started
12:39:28.0950 8056 Mode: Manual;
12:39:28.0950 8056 ============================================================
12:39:33.0417 8056 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
12:39:33.0426 8056 1394ohci - ok
12:39:33.0569 8056 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
12:39:33.0571 8056 Accelerometer - ok
12:39:33.0721 8056 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
12:39:33.0726 8056 ACPI - ok
12:39:33.0875 8056 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
12:39:33.0877 8056 AcpiPmi - ok
12:39:34.0062 8056 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:39:34.0068 8056 adp94xx - ok
12:39:34.0233 8056 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:39:34.0238 8056 adpahci - ok
12:39:34.0394 8056 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:39:34.0398 8056 adpu320 - ok
12:39:34.0445 8056 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:39:34.0448 8056 AeLookupSvc - ok
12:39:34.0558 8056 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe
12:39:34.0560 8056 AESTFilters - ok
12:39:34.0815 8056 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
12:39:34.0832 8056 AFD - ok
12:39:35.0166 8056 AffinegyService (b29bc445561f1ac7b1daf67af954c36b) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
12:39:35.0170 8056 AffinegyService - ok
12:39:35.0287 8056 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
12:39:35.0290 8056 agp440 - ok
12:39:35.0382 8056 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:39:35.0384 8056 ALG - ok
12:39:35.0485 8056 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
12:39:35.0488 8056 aliide - ok
12:39:35.0590 8056 AMD External Events Utility (f233afd413a378e54a41f115c4d7b45a) C:\Windows\system32\atiesrxx.exe
12:39:35.0595 8056 AMD External Events Utility - ok
12:39:35.0644 8056 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
12:39:35.0646 8056 amdide - ok
12:39:35.0733 8056 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:39:35.0737 8056 AmdK8 - ok
12:39:36.0108 8056 amdkmdag (4efcad891762e4620dadbcc0d8b0cc08) C:\Windows\system32\DRIVERS\atipmdag.sys
12:39:36.0225 8056 amdkmdag - ok
12:39:36.0408 8056 amdkmdap (38b1e1acd54d7671a6a3e96e6bbf2bff) C:\Windows\system32\DRIVERS\atikmpag.sys
12:39:36.0415 8056 amdkmdap - ok
12:39:36.0556 8056 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:39:36.0558 8056 AmdPPM - ok
12:39:36.0733 8056 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
12:39:36.0739 8056 amdsata - ok
12:39:36.0900 8056 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:39:36.0904 8056 amdsbs - ok
12:39:37.0076 8056 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
12:39:37.0078 8056 amdxata - ok
12:39:37.0235 8056 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
12:39:37.0238 8056 AppID - ok
12:39:37.0597 8056 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:39:37.0601 8056 AppIDSvc - ok
12:39:37.0686 8056 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
12:39:37.0688 8056 Appinfo - ok
12:39:37.0794 8056 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:39:37.0798 8056 Apple Mobile Device - ok
12:39:38.0105 8056 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:39:38.0109 8056 arc - ok
12:39:38.0261 8056 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:39:38.0263 8056 arcsas - ok
12:39:38.0407 8056 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:39:38.0410 8056 AsyncMac - ok
12:39:38.0475 8056 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
12:39:38.0476 8056 atapi - ok
12:39:38.0676 8056 athr (38562a6a9cb10844759eaf2b01a7fcd3) C:\Windows\system32\DRIVERS\athrx.sys
12:39:38.0732 8056 athr - ok
12:39:38.0910 8056 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
12:39:38.0914 8056 AtiHdmiService - ok
12:39:39.0065 8056 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
12:39:39.0067 8056 AtiPcie - ok
12:39:39.0213 8056 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
12:39:39.0241 8056 AudioEndpointBuilder - ok
12:39:39.0276 8056 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
12:39:39.0282 8056 AudioSrv - ok
12:39:39.0390 8056 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
12:39:39.0394 8056 AxInstSV - ok
12:39:39.0550 8056 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:39:39.0573 8056 b06bdrv - ok
12:39:39.0741 8056 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:39:39.0749 8056 b57nd60a - ok
12:39:39.0890 8056 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
12:39:39.0896 8056 BBSvc - ok
12:39:40.0034 8056 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:39:40.0036 8056 BDESVC - ok
12:39:40.0191 8056 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:39:40.0194 8056 Beep - ok
12:39:40.0324 8056 Belkin Local Backup Service (9bb84c554d7429f0a2cdf4ea1836f233) C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
12:39:40.0331 8056 Belkin Local Backup Service - ok
12:39:40.0355 8056 Belkin Network USB Helper (e62a04d615a8cac83601e1f07c010d3c) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
12:39:40.0358 8056 Belkin Network USB Helper - ok
12:39:40.0654 8056 BHDrvx64 (9521d3908d3d2f5f6353f036845aad85) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101104.001\BHDrvx64.sys
12:39:40.0659 8056 BHDrvx64 - ok
12:39:41.0140 8056 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
12:39:41.0217 8056 BITS - ok
12:39:41.0363 8056 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:39:41.0365 8056 blbdrive - ok
12:39:41.0486 8056 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
12:39:41.0492 8056 Bonjour Service - ok
12:39:41.0683 8056 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
12:39:41.0686 8056 bowser - ok
12:39:41.0742 8056 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:39:41.0745 8056 BrFiltLo - ok
12:39:41.0802 8056 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:39:41.0804 8056 BrFiltUp - ok
12:39:41.0935 8056 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:39:41.0939 8056 BridgeMP - ok
12:39:41.0994 8056 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
12:39:41.0997 8056 Browser - ok
12:39:42.0058 8056 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:39:42.0063 8056 Brserid - ok
12:39:42.0127 8056 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:39:42.0129 8056 BrSerWdm - ok
12:39:42.0196 8056 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:39:42.0198 8056 BrUsbMdm - ok
12:39:42.0247 8056 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:39:42.0249 8056 BrUsbSer - ok
12:39:42.0310 8056 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:39:42.0314 8056 BTHMODEM - ok
12:39:42.0364 8056 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:39:42.0366 8056 bthserv - ok
12:39:42.0389 8056 catchme - ok
12:39:42.0510 8056 ccHP (37f1baec39b505b3b51893a35c8337ea) C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys
12:39:42.0528 8056 ccHP - ok
12:39:42.0651 8056 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:39:42.0654 8056 cdfs - ok
12:39:42.0787 8056 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
12:39:42.0794 8056 cdrom - ok
12:39:42.0919 8056 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
12:39:42.0921 8056 CertPropSvc - ok
12:39:43.0032 8056 CinemaNow Service (2c24db5f78f0aca759803001e6b4f320) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
12:39:43.0035 8056 CinemaNow Service - ok
12:39:43.0173 8056 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:39:43.0175 8056 circlass - ok
12:39:43.0283 8056 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:39:43.0288 8056 CLFS - ok
12:39:43.0369 8056 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:39:43.0371 8056 clr_optimization_v2.0.50727_32 - ok
12:39:43.0455 8056 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:39:43.0458 8056 clr_optimization_v2.0.50727_64 - ok
12:39:43.0628 8056 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:39:43.0631 8056 clr_optimization_v4.0.30319_32 - ok
12:39:43.0706 8056 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:39:43.0710 8056 clr_optimization_v4.0.30319_64 - ok
12:39:43.0811 8056 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:39:43.0813 8056 CmBatt - ok
12:39:43.0877 8056 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
12:39:43.0879 8056 cmdide - ok
12:39:43.0960 8056 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
12:39:43.0967 8056 CNG - ok
12:39:44.0213 8056 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:39:44.0216 8056 Compbatt - ok
12:39:44.0366 8056 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:39:44.0368 8056 CompositeBus - ok
12:39:44.0443 8056 COMSysApp - ok
12:39:44.0496 8056 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:39:44.0498 8056 crcdisk - ok
12:39:44.0582 8056 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
12:39:44.0586 8056 CryptSvc - ok
12:39:44.0780 8056 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
12:39:44.0784 8056 cvhsvc - ok
12:39:44.0918 8056 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
12:39:44.0941 8056 DcomLaunch - ok
12:39:45.0046 8056 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:39:45.0055 8056 defragsvc - ok
12:39:45.0195 8056 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
12:39:45.0198 8056 DfsC - ok
12:39:45.0485 8056 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
12:39:45.0513 8056 Dhcp - ok
12:39:45.0698 8056 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:39:45.0699 8056 discache - ok
12:39:45.0844 8056 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:39:45.0847 8056 Disk - ok
12:39:46.0127 8056 DML Service (a37609344dcd7c4887b57d93d715e1d8) C:\Users\Rachel\AppData\Roaming\Document Systems, Inc\DocMagic Online\bin\dmlsvc.exe
12:39:46.0135 8056 DML Service - ok
12:39:46.0761 8056 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
12:39:46.0764 8056 Dnscache - ok
12:39:46.0840 8056 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
12:39:46.0844 8056 dot3svc - ok
12:39:46.0957 8056 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
12:39:46.0960 8056 Dot4 - ok
12:39:47.0020 8056 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:39:47.0022 8056 Dot4Print - ok
12:39:47.0075 8056 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
12:39:47.0077 8056 dot4usb - ok
12:39:47.0172 8056 DpHost (8cbe9eb5088e36db88013d9d5858b87f) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
12:39:47.0178 8056 DpHost - ok
12:39:47.0271 8056 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
12:39:47.0274 8056 DPS - ok
12:39:47.0369 8056 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:39:47.0371 8056 drmkaud - ok
12:39:47.0473 8056 DVMIO (a298aea9fca253e7eff040a08c7c6376) C:\Windows\system32\DRIVERS\dvmio.sys
12:39:47.0476 8056 DVMIO - ok
12:39:47.0570 8056 DvmMDES (5eb46032eca199f4721eb1915b5383c8) C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
12:39:47.0572 8056 DvmMDES - ok
12:39:47.0758 8056 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
12:39:47.0781 8056 DXGKrnl - ok
12:39:47.0876 8056 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:39:47.0878 8056 EapHost - ok
12:39:47.0986 8056 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:39:48.0070 8056 ebdrv - ok
12:39:48.0266 8056 eeCtrl (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
12:39:48.0273 8056 eeCtrl - ok
12:39:48.0363 8056 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
12:39:48.0365 8056 EFS - ok
12:39:48.0487 8056 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
12:39:48.0510 8056 ehRecvr - ok
12:39:48.0547 8056 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:39:48.0556 8056 ehSched - ok
12:39:48.0643 8056 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:39:48.0651 8056 elxstor - ok
12:39:48.0722 8056 EPSON_EB_RPCV4_04 (7db097f4f6786307168c0dddec43a565) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
12:39:48.0726 8056 EPSON_EB_RPCV4_04 - ok
12:39:48.0850 8056 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
12:39:48.0857 8056 EPSON_PM_RPCV4_01 - ok
12:39:48.0974 8056 EPSON_PM_RPCV4_04 (258aa65a0862e19b7de6981fda3758ad) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
12:39:48.0977 8056 EPSON_PM_RPCV4_04 - ok
12:39:49.0085 8056 EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:39:49.0089 8056 EraserUtilRebootDrv - ok
12:39:49.0187 8056 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
12:39:49.0189 8056 ErrDev - ok
12:39:49.0293 8056 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:39:49.0299 8056 EventSystem - ok
12:39:49.0555 8056 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:39:49.0559 8056 exfat - ok
12:39:49.0904 8056 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:39:49.0910 8056 fastfat - ok
12:39:50.0042 8056 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
12:39:50.0071 8056 Fax - ok
12:39:51.0548 8056 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:39:51.0551 8056 fdc - ok
12:39:51.0696 8056 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:39:51.0698 8056 fdPHost - ok
12:39:51.0726 8056 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:39:51.0728 8056 FDResPub - ok
12:39:51.0778 8056 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:39:51.0781 8056 FileInfo - ok
12:39:51.0808 8056 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:39:51.0810 8056 Filetrace - ok
12:39:51.0868 8056 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:39:52.0047 8056 flpydisk - ok
12:39:52.0243 8056 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
12:39:52.0250 8056 FltMgr - ok
12:39:52.0447 8056 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
12:39:52.0481 8056 FontCache - ok
12:39:52.0551 8056 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:39:52.0552 8056 FontCache3.0.0.0 - ok
12:39:52.0726 8056 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:39:52.0729 8056 FsDepends - ok
12:39:52.0762 8056 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:39:52.0765 8056 Fs_Rec - ok
12:39:52.0846 8056 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:39:52.0849 8056 fvevol - ok
12:39:52.0901 8056 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:39:52.0903 8056 gagp30kx - ok
12:39:52.0998 8056 GameConsoleService (e53ee18a21c025deabcfe0f72fc481bb) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
12:39:53.0002 8056 GameConsoleService - ok
12:39:53.0139 8056 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:39:53.0141 8056 GEARAspiWDM - ok
12:39:53.0204 8056 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
12:39:53.0227 8056 gpsvc - ok
12:39:53.0329 8056 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:39:53.0332 8056 gupdate - ok
12:39:53.0354 8056 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:39:53.0355 8056 gupdatem - ok
12:39:53.0470 8056 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:39:53.0471 8056 hcw85cir - ok
12:39:53.0527 8056 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
12:39:53.0533 8056 HdAudAddService - ok
12:39:53.0652 8056 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:39:53.0654 8056 HDAudBus - ok
12:39:53.0716 8056 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:39:53.0718 8056 HidBatt - ok
12:39:53.0828 8056 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:39:53.0830 8056 HidBth - ok
12:39:53.0891 8056 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:39:53.0893 8056 HidIr - ok
12:39:53.0988 8056 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:39:53.0990 8056 hidserv - ok
12:39:54.0138 8056 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
12:39:54.0140 8056 HidUsb - ok
12:39:54.0237 8056 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
12:39:54.0239 8056 hkmsvc - ok
12:39:54.0276 8056 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
12:39:54.0280 8056 HomeGroupListener - ok
12:39:54.0311 8056 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
12:39:54.0315 8056 HomeGroupProvider - ok
12:39:54.0403 8056 HP Health Check Service (c84bcc03858daeac4db1e95efcce1934) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
12:39:54.0405 8056 HP Health Check Service - ok
12:39:54.0532 8056 HP Wireless Assistant Service (9abd12fce4a62905731c286bb1d66789) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
12:39:54.0535 8056 HP Wireless Assistant Service - ok
12:39:54.0643 8056 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
12:39:54.0644 8056 hpdskflt - ok
12:39:54.0749 8056 hpqwmiex (ef3ea06057132138b4e5895a61601dbe) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
12:39:54.0753 8056 hpqwmiex - ok
12:39:54.0997 8056 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
12:39:54.0999 8056 HpSAMD - ok
12:39:55.0082 8056 hpsrv (aa036cc5f5221d9b915f4d4dce74ba9a) C:\Windows\system32\Hpservice.exe
12:39:55.0084 8056 hpsrv - ok
12:39:55.0200 8056 HPWMISVC (b6492d01712a22ff3fea25a999dbd321) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
12:39:55.0201 8056 HPWMISVC - ok
12:39:55.0312 8056 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
12:39:55.0334 8056 HTTP - ok
12:39:55.0632 8056 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
12:39:55.0633 8056 hwpolicy - ok
12:39:55.0753 8056 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:39:55.0755 8056 i8042prt - ok
12:39:55.0933 8056 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
12:39:55.0939 8056 iaStorV - ok
12:39:56.0060 8056 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:39:56.0296 8056 idsvc - ok
12:39:56.0491 8056 IDSVia64 (5b6fde76d72c2a1f0f99cbe5277e82ec) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101108.002\IDSvia64.sys
12:39:56.0493 8056 IDSVia64 - ok
12:39:56.0720 8056 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:39:56.0872 8056 igfx - ok
12:39:56.0978 8056 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:39:56.0980 8056 iirsp - ok
12:39:57.0069 8056 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
12:39:57.0092 8056 IKEEXT - ok
12:39:57.0218 8056 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
12:39:57.0220 8056 intelide - ok
12:39:57.0970 8056 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:39:58.0008 8056 intelppm - ok
12:39:58.0123 8056 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:39:58.0127 8056 IPBusEnum - ok
12:39:58.0164 8056 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:39:58.0166 8056 IpFilterDriver - ok
12:39:58.0209 8056 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:39:58.0211 8056 IPMIDRV - ok
12:39:58.0409 8056 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:39:58.0412 8056 IPNAT - ok
12:39:58.0477 8056 iPod Service (f8e8676d1b6b2cc12df9aa6b1a43d929) C:\Program Files\iPod\bin\iPodService.exe
12:39:58.0500 8056 iPod Service - ok
12:39:58.0644 8056 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:39:58.0646 8056 IRENUM - ok
12:39:58.0736 8056 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
12:39:58.0742 8056 isapnp - ok
12:39:58.0807 8056 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
12:39:58.0812 8056 iScsiPrt - ok
12:39:58.0956 8056 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:39:58.0958 8056 kbdclass - ok
12:39:59.0036 8056 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
12:39:59.0038 8056 kbdhid - ok
12:39:59.0094 8056 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
12:39:59.0095 8056 KeyIso - ok
12:39:59.0139 8056 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
12:39:59.0141 8056 KSecDD - ok
12:39:59.0164 8056 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
12:39:59.0168 8056 KSecPkg - ok
12:39:59.0234 8056 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:39:59.0236 8056 ksthunk - ok
12:39:59.0305 8056 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:39:59.0311 8056 KtmRm - ok
12:39:59.0408 8056 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
12:39:59.0413 8056 LanmanServer - ok
12:39:59.0448 8056 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
12:39:59.0452 8056 LanmanWorkstation - ok
12:39:59.0555 8056 LightScribeService (3503f257b3203f824b1567238ebe17e2) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
12:39:59.0555 8056 LightScribeService - ok
12:39:59.0703 8056 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:39:59.0705 8056 lltdio - ok
12:39:59.0813 8056 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:39:59.0819 8056 lltdsvc - ok
12:39:59.0844 8056 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:39:59.0846 8056 lmhosts - ok
12:39:59.0937 8056 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:39:59.0940 8056 LSI_FC - ok
12:40:00.0052 8056 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:40:00.0054 8056 LSI_SAS - ok
12:40:00.0198 8056 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:40:00.0200 8056 LSI_SAS2 - ok
12:40:00.0565 8056 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:40:00.0567 8056 LSI_SCSI - ok
12:40:00.0684 8056 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:40:00.0686 8056 luafv - ok
12:40:00.0819 8056 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
12:40:00.0821 8056 McciCMService - ok
12:40:00.0910 8056 McciCMService64 (be3d584d7c021eb7d89166eecb83c341) C:\Program Files\Common Files\Motive\McciCMService.exe
12:40:00.0917 8056 McciCMService64 - ok
12:40:01.0117 8056 McciServiceHost (eee1ea23c4777adb268a36196a631200) C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe
12:40:01.0122 8056 McciServiceHost - ok
12:40:01.0216 8056 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
12:40:01.0217 8056 McComponentHostService - ok
12:40:01.0300 8056 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
12:40:01.0303 8056 Mcx2Svc - ok
12:40:01.0422 8056 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:40:01.0425 8056 megasas - ok
12:40:01.0543 8056 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:40:01.0548 8056 MegaSR - ok
12:40:01.0762 8056 Microsoft SharePoint Workspace Audit Service - ok
12:40:01.0881 8056 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:40:01.0885 8056 MMCSS - ok
12:40:01.0981 8056 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:40:01.0985 8056 Modem - ok
12:40:02.0126 8056 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:40:02.0126 8056 monitor - ok
12:40:02.0265 8056 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:40:02.0268 8056 mouclass - ok
12:40:02.0432 8056 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:40:02.0435 8056 mouhid - ok
12:40:02.0767 8056 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
12:40:02.0769 8056 mountmgr - ok
12:40:02.0912 8056 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
12:40:02.0917 8056 mpio - ok
12:40:03.0054 8056 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:40:03.0057 8056 mpsdrv - ok
12:40:03.0236 8056 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
12:40:03.0239 8056 MREMP50 - ok
12:40:03.0344 8056 MREMP50a64 (c2758df79c83a0d12a5599a040ca1818) C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS
12:40:03.0357 8056 MREMP50a64 - ok
12:40:04.0306 8056 MREMPR5 - ok
12:40:04.0336 8056 MRENDIS5 - ok
12:40:04.0487 8056 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
12:40:04.0489 8056 MRESP50 - ok
12:40:04.0598 8056 MRESP50a64 (38bd5b32e0722752be8465d2a6da43d9) C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS
12:40:04.0600 8056 MRESP50a64 - ok
12:40:04.0702 8056 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
12:40:04.0705 8056 MRxDAV - ok
12:40:04.0761 8056 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:40:04.0764 8056 mrxsmb - ok
12:40:04.0832 8056 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:40:04.0838 8056 mrxsmb10 - ok
12:40:05.0003 8056 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:40:05.0011 8056 mrxsmb20 - ok
12:40:05.0357 8056 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
12:40:05.0581 8056 msahci - ok
12:40:05.0864 8056 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
12:40:05.0868 8056 msdsm - ok
12:40:05.0926 8056 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:40:05.0930 8056 MSDTC - ok
12:40:05.0983 8056 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:40:05.0985 8056 Msfs - ok
12:40:06.0056 8056 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:40:06.0062 8056 mshidkmdf - ok
12:40:06.0109 8056 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
12:40:06.0111 8056 msisadrv - ok
12:40:06.0159 8056 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:40:06.0163 8056 MSiSCSI - ok
12:40:06.0174 8056 msiserver - ok
12:40:06.0218 8056 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:40:06.0219 8056 MSKSSRV - ok
12:40:06.0231 8056 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:40:06.0232 8056 MSPCLOCK - ok
12:40:06.0244 8056 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:40:06.0245 8056 MSPQM - ok
12:40:06.0287 8056 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
12:40:06.0293 8056 MsRPC - ok
12:40:06.0327 8056 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:40:06.0327 8056 mssmbios - ok
12:40:06.0404 8056 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:40:06.0406 8056 MSTEE - ok
12:40:06.0433 8056 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:40:06.0435 8056 MTConfig - ok
12:40:06.0470 8056 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:40:06.0472 8056 Mup - ok
12:40:06.0505 8056 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
12:40:06.0512 8056 napagent - ok
12:40:06.0632 8056 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:40:06.0637 8056 NativeWifiP - ok
12:40:06.0835 8056 NAVENG (956f589c6a7dde71dc6b03be633ebf23) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101110.002\ENG64.SYS
12:40:06.0836 8056 NAVENG - ok
12:40:07.0043 8056 NAVEX15 (ee7a0e2478e7cd1a199d1b82e3a69b3e) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101110.002\EX64.SYS
12:40:07.0053 8056 NAVEX15 - ok
12:40:07.0212 8056 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
12:40:07.0235 8056 NDIS - ok
12:40:07.0375 8056 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:40:07.0377 8056 NdisCap - ok
12:40:07.0459 8056 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:40:07.0461 8056 NdisTapi - ok
12:40:07.0563 8056 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
12:40:07.0574 8056 Ndisuio - ok
12:40:07.0621 8056 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:40:07.0624 8056 NdisWan - ok
12:40:07.0697 8056 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
12:40:07.0700 8056 NDProxy - ok
12:40:08.0006 8056 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:40:08.0008 8056 NetBIOS - ok
12:40:08.0077 8056 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
12:40:08.0081 8056 NetBT - ok
12:40:08.0142 8056 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
12:40:08.0143 8056 Netlogon - ok
12:40:08.0212 8056 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:40:08.0218 8056 Netman - ok
12:40:08.0252 8056 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:40:08.0275 8056 netprofm - ok
12:40:08.0341 8056 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:40:08.0344 8056 NetTcpPortSharing - ok
12:40:08.0783 8056 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
12:40:08.0898 8056 netw5v64 - ok
12:40:09.0027 8056 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:40:09.0029 8056 nfrd960 - ok
12:40:09.0251 8056 NIS (b4187346f54e362daffe647b25a58d50) C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
12:40:09.0252 8056 NIS - ok
12:40:09.0829 8056 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
12:40:09.0848 8056 NlaSvc - ok
12:40:09.0953 8056 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:40:09.0955 8056 Npfs - ok
12:40:10.0002 8056 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:40:10.0004 8056 nsi - ok
12:40:10.0065 8056 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:40:10.0065 8056 nsiproxy - ok
12:40:10.0173 8056 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
12:40:10.0207 8056 Ntfs - ok
12:40:10.0321 8056 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:40:10.0323 8056 Null - ok
12:40:10.0453 8056 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
12:40:10.0458 8056 nvraid - ok
12:40:10.0513 8056 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
12:40:10.0517 8056 nvstor - ok
12:40:10.0687 8056 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
12:40:10.0692 8056 nv_agp - ok
12:40:10.0750 8056 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
12:40:10.0753 8056 ohci1394 - ok
12:40:10.0883 8056 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:40:10.0889 8056 ose - ok
12:40:11.0109 8056 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:40:11.0237 8056 osppsvc - ok
12:40:11.0359 8056 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:40:11.0368 8056 p2pimsvc - ok
12:40:11.0803 8056 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:40:11.0862 8056 p2psvc - ok
12:40:12.0076 8056 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:40:12.0080 8056 Parport - ok
12:40:12.0137 8056 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
12:40:12.0141 8056 partmgr - ok
12:40:12.0187 8056 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:40:12.0192 8056 PcaSvc - ok
12:40:12.0225 8056 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
12:40:12.0228 8056 pci - ok
12:40:12.0259 8056 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
12:40:12.0262 8056 pciide - ok
12:40:12.0305 8056 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:40:12.0309 8056 pcmcia - ok
12:40:12.0347 8056 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:40:12.0349 8056 pcw - ok
12:40:12.0380 8056 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:40:12.0388 8056 PEAUTH - ok
12:40:12.0461 8056 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:40:12.0464 8056 PerfHost - ok
12:40:12.0562 8056 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
12:40:12.0593 8056 pla - ok
12:40:12.0642 8056 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
12:40:12.0649 8056 PlugPlay - ok
12:40:12.0667 8056 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:40:12.0670 8056 PNRPAutoReg - ok
12:40:12.0690 8056 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:40:12.0693 8056 PNRPsvc - ok
12:40:12.0738 8056 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
12:40:12.0745 8056 PolicyAgent - ok
12:40:12.0776 8056 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:40:12.0779 8056 Power - ok
12:40:12.0860 8056 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
12:40:12.0863 8056 PptpMiniport - ok
12:40:12.0924 8056 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:40:12.0926 8056 Processor - ok
12:40:12.0971 8056 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
12:40:12.0975 8056 ProfSvc - ok
12:40:13.0016 8056 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
12:40:13.0017 8056 ProtectedStorage - ok
12:40:13.0161 8056 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
12:40:13.0163 8056 Psched - ok
12:40:13.0277 8056 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:40:13.0312 8056 ql2300 - ok
12:40:13.0389 8056 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:40:13.0392 8056 ql40xx - ok
12:40:13.0467 8056 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:40:13.0473 8056 QWAVE - ok
12:40:13.0514 8056 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:40:13.0516 8056 QWAVEdrv - ok
12:40:13.0560 8056 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:40:13.0562 8056 RasAcd - ok
12:40:13.0634 8056 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:40:13.0636 8056 RasAgileVpn - ok
12:40:13.0670 8056 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:40:13.0673 8056 RasAuto - ok
12:40:13.0708 8056 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:40:13.0711 8056 Rasl2tp - ok
12:40:13.0743 8056 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
12:40:13.0758 8056 RasMan - ok
12:40:13.0893 8056 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:40:13.0895 8056 RasPppoe - ok
12:40:14.0038 8056 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:40:14.0041 8056 RasSstp - ok
12:40:14.0361 8056 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
12:40:14.0367 8056 rdbss - ok
12:40:14.0487 8056 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:40:14.0489 8056 rdpbus - ok
12:40:14.0598 8056 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:40:14.0598 8056 RDPCDD - ok
12:40:14.0742 8056 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:40:14.0743 8056 RDPENCDD - ok
12:40:14.0849 8056 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:40:14.0851 8056 RDPREFMP - ok
12:40:15.0097 8056 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
12:40:15.0100 8056 RDPWD - ok
12:40:15.0335 8056 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
12:40:15.0366 8056 rdyboost - ok
12:40:15.0731 8056 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:40:15.0734 8056 RemoteAccess - ok
12:40:15.0769 8056 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:40:15.0774 8056 RemoteRegistry - ok
12:40:15.0784 8056 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:40:15.0786 8056 RpcEptMapper - ok
12:40:15.0816 8056 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:40:15.0819 8056 RpcLocator - ok
12:40:15.0851 8056 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
12:40:15.0855 8056 RpcSs - ok
12:40:15.0994 8056 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:40:15.0996 8056 rspndr - ok
12:40:16.0164 8056 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\Windows\system32\Drivers\RtsUStor.sys
12:40:16.0171 8056 RSUSBSTOR - ok
12:40:16.0284 8056 RTL8167 (777fc2c418465404e3d8a290dc247d24) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:40:16.0291 8056 RTL8167 - ok
12:40:16.0439 8056 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
12:40:16.0440 8056 SamSs - ok
12:40:16.0605 8056 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
12:40:16.0608 8056 sbp2port - ok
12:40:16.0705 8056 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:40:16.0710 8056 SCardSvr - ok
12:40:16.0920 8056 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
12:40:16.0923 8056 scfilter - ok
12:40:17.0376 8056 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
12:40:17.0609 8056 Schedule - ok
12:40:17.0928 8056 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
12:40:17.0929 8056 SCPolicySvc - ok
12:40:18.0022 8056 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
12:40:18.0024 8056 sdbus - ok
12:40:18.0080 8056 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
12:40:18.0084 8056 SDRSVC - ok
12:40:18.0218 8056 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
12:40:18.0223 8056 SeaPort - ok
12:40:18.0381 8056 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:40:18.0384 8056 secdrv - ok
12:40:18.0426 8056 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
12:40:18.0428 8056 seclogon - ok
12:40:18.0449 8056 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
12:40:18.0452 8056 SENS - ok
12:40:18.0472 8056 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:40:18.0475 8056 SensrSvc - ok
12:40:18.0519 8056 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:40:18.0520 8056 Serenum - ok
12:40:18.0543 8056 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:40:18.0546 8056 Serial - ok
12:40:18.0585 8056 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:40:18.0587 8056 sermouse - ok
12:40:18.0635 8056 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
12:40:18.0639 8056 SessionEnv - ok
12:40:18.0701 8056 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
12:40:18.0704 8056 sffdisk - ok
12:40:18.0756 8056 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:40:18.0758 8056 sffp_mmc - ok
12:40:18.0829 8056 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
12:40:18.0831 8056 sffp_sd - ok
12:40:18.0933 8056 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:40:18.0935 8056 sfloppy - ok
12:40:19.0112 8056 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
12:40:19.0134 8056 Sftfs - ok
12:40:19.0419 8056 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
12:40:19.0441 8056 sftlist - ok
12:40:19.0564 8056 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
12:40:19.0571 8056 Sftplay - ok
12:40:19.0709 8056 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
12:40:19.0711 8056 Sftredir - ok
12:40:19.0790 8056 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
12:40:19.0795 8056 Sftvol - ok
12:40:19.0918 8056 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
12:40:19.0921 8056 sftvsa - ok
12:40:20.0054 8056 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:40:20.0060 8056 SharedAccess - ok
12:40:20.0174 8056 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
12:40:20.0181 8056 ShellHWDetection - ok
12:40:20.0300 8056 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:40:20.0302 8056 SiSRaid2 - ok
12:40:20.0383 8056 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:40:20.0385 8056 SiSRaid4 - ok
12:40:20.0486 8056 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:40:20.0488 8056 Smb - ok
12:40:20.0603 8056 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:40:20.0606 8056 SNMPTRAP - ok
12:40:20.0650 8056 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:40:20.0652 8056 spldr - ok
12:40:20.0698 8056 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
12:40:20.0707 8056 Spooler - ok
12:40:20.0794 8056 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
12:40:20.0875 8056 sppsvc - ok
12:40:20.0895 8056 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:40:20.0898 8056 sppuinotify - ok
12:40:21.0096 8056 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS
12:40:21.0103 8056 SRTSP - ok
12:40:21.0267 8056 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS
12:40:21.0271 8056 SRTSPX - ok
12:40:21.0659 8056 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
12:40:21.0668 8056 srv - ok
12:40:21.0939 8056 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
12:40:21.0946 8056 srv2 - ok
12:40:22.0091 8056 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
12:40:22.0097 8056 SrvHsfHDA - ok
12:40:22.0171 8056 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
12:40:22.0214 8056 SrvHsfV92 - ok
12:40:22.0342 8056 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
12:40:22.0365 8056 SrvHsfWinac - ok
12:40:22.0512 8056 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
12:40:22.0515 8056 srvnet - ok
12:40:22.0657 8056 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:40:22.0663 8056 SSDPSRV - ok
12:40:22.0677 8056 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:40:22.0681 8056 SstpSvc - ok
12:40:22.0858 8056 STacSV (7f30633a5aec81140dbc6daaaebd0cbe) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\STacSV64.exe
12:40:23.0071 8056 STacSV - ok
12:40:23.0448 8056 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:40:23.0450 8056 stexstor - ok
12:40:23.0599 8056 STHDA (f991751c2477257bbcedb364a0f449b4) C:\Windows\system32\DRIVERS\stwrt64.sys
12:40:23.0606 8056 STHDA - ok
12:40:23.0745 8056 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
12:40:23.0771 8056 stisvc - ok
12:40:23.0884 8056 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:40:23.0890 8056 swenum - ok
12:40:24.0005 8056 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:40:24.0017 8056 swprv - ok
12:40:24.0156 8056 sxuptp (52eb25bd8ab4e331028c48b178441b36) C:\Windows\system32\DRIVERS\sxuptp.sys
12:40:24.0166 8056 sxuptp - ok
12:40:24.0336 8056 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS
12:40:24.0343 8056 SymDS - ok
12:40:24.0538 8056 SymEFA (9f5783a4a03d0091cdbdaa858b566926) C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS
12:40:24.0547 8056 SymEFA - ok
12:40:24.0911 8056 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
12:40:24.0916 8056 SymEvent - ok
12:40:25.0109 8056 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS
12:40:25.0112 8056 SymIRON - ok
12:40:25.0287 8056 SYMTDIv (3adfb72f0797ae3832509fe030755e21) C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS
12:40:25.0307 8056 SYMTDIv - ok
12:40:25.0501 8056 SynTP (7369d6268e21481a8dcb8e94063c47b1) C:\Windows\system32\DRIVERS\SynTP.sys
12:40:25.0510 8056 SynTP - ok
12:40:25.0626 8056 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
12:40:25.0672 8056 SysMain - ok
12:40:25.0695 8056 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
12:40:25.0698 8056 TabletInputService - ok
12:40:25.0758 8056 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
12:40:25.0764 8056 TapiSrv - ok
12:40:26.0001 8056 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:40:26.0004 8056 TBS - ok
12:40:26.0188 8056 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
12:40:26.0234 8056 Tcpip - ok
12:40:26.0419 8056 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
12:40:26.0438 8056 TCPIP6 - ok
12:40:26.0573 8056 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
12:40:26.0582 8056 tcpipreg - ok
12:40:26.0692 8056 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:40:26.0694 8056 TDPIPE - ok
12:40:26.0758 8056 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
12:40:26.0761 8056 TDTCP - ok
12:40:27.0747 8056 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
12:40:27.0754 8056 tdx - ok
12:40:28.0857 8056 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
12:40:28.0891 8056 TermDD - ok
12:40:29.0023 8056 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
12:40:29.0046 8056 TermService - ok
12:40:29.0067 8056 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:40:29.0069 8056 Themes - ok
12:40:29.0098 8056 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:40:29.0099 8056 THREADORDER - ok
12:40:29.0114 8056 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:40:29.0118 8056 TrkWks - ok
12:40:29.0167 8056 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
12:40:29.0169 8056 TrustedInstaller - ok
12:40:29.0281 8056 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:40:29.0282 8056 tssecsrv - ok
12:40:29.0433 8056 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
12:40:29.0436 8056 tunnel - ok
12:40:29.0517 8056 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:40:29.0519 8056 uagp35 - ok
12:40:29.0571 8056 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\Windows\system32\DRIVERS\udfs.sys
12:40:29.0577 8056 udfs - ok
12:40:29.0626 8056 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:40:29.0629 8056 UI0Detect - ok
12:40:29.0662 8056 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
12:40:29.0664 8056 uliagpkx - ok
12:40:29.0735 8056 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
12:40:29.0738 8056 umbus - ok
12:40:29.0824 8056 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:40:29.0826 8056 UmPass - ok
12:40:29.0878 8056 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:40:29.0887 8056 upnphost - ok
12:40:29.0969 8056 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
12:40:29.0971 8056 USBAAPL64 - ok
12:40:30.0004 8056 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
12:40:30.0007 8056 usbccgp - ok
12:40:30.0035 8056 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
12:40:30.0037 8056 usbcir - ok
12:40:30.0077 8056 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
12:40:30.0079 8056 usbehci - ok
12:40:30.0137 8056 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
12:40:30.0139 8056 usbfilter - ok
12:40:30.0205 8056 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
12:40:30.0211 8056 usbhub - ok
12:40:30.0249 8056 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\DRIVERS\usbohci.sys
12:40:30.0252 8056 usbohci - ok
12:40:30.0364 8056 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:40:30.0366 8056 usbprint - ok
12:40:30.0482 8056 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:40:30.0484 8056 usbscan - ok
12:40:30.0532 8056 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:40:30.0535 8056 USBSTOR - ok
12:40:30.0585 8056 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
12:40:30.0587 8056 usbuhci - ok
12:40:30.0644 8056 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
12:40:30.0648 8056 usbvideo - ok
12:40:30.0687 8056 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:40:30.0690 8056 UxSms - ok
12:40:30.0736 8056 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
12:40:30.0737 8056 VaultSvc - ok
12:40:30.0841 8056 vcsFPService (8159f83408230045f731c6c7799a7d44) C:\Windows\system32\vcsFPService.exe
12:40:30.0887 8056 vcsFPService - ok
12:40:30.0981 8056 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
12:40:30.0984 8056 vdrvroot - ok
12:40:31.0021 8056 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
12:40:31.0030 8056 vds - ok
12:40:31.0079 8056 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:40:31.0080 8056 vga - ok
12:40:31.0102 8056 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:40:31.0104 8056 VgaSave - ok
12:40:31.0139 8056 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
12:40:31.0144 8056 vhdmp - ok
12:40:31.0174 8056 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
12:40:31.0177 8056 viaide - ok
12:40:31.0212 8056 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
12:40:31.0215 8056 volmgr - ok
12:40:31.0248 8056 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
12:40:31.0254 8056 volmgrx - ok
12:40:31.0295 8056 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
12:40:31.0301 8056 volsnap - ok
12:40:31.0333 8056 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:40:31.0363 8056 vsmraid - ok
12:40:31.0549 8056 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
12:40:31.0606 8056 VSS - ok
12:40:31.0737 8056 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:40:31.0741 8056 vwifibus - ok
12:40:31.0921 8056 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:40:31.0925 8056 vwififlt - ok
12:40:32.0052 8056 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
12:40:32.0054 8056 vwifimp - ok
12:40:32.0095 8056 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:40:32.0101 8056 W32Time - ok
12:40:32.0159 8056 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:40:32.0161 8056 WacomPen - ok
12:40:32.0251 8056 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:40:32.0253 8056 WANARP - ok
12:40:32.0280 8056 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:40:32.0281 8056 Wanarpv6 - ok
12:40:32.0443 8056 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:40:32.0477 8056 WatAdminSvc - ok
12:40:32.0561 8056 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
12:40:32.0596 8056 wbengine - ok
12:40:32.0667 8056 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:40:32.0672 8056 WbioSrvc - ok
12:40:32.0743 8056 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
12:40:32.0750 8056 wcncsvc - ok
12:40:32.0772 8056 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:40:32.0775 8056 WcsPlugInService - ok
12:40:32.0874 8056 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:40:32.0885 8056 Wd - ok
12:40:33.0034 8056 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:40:33.0044 8056 Wdf01000 - ok
12:40:33.0086 8056 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:40:33.0089 8056 WdiServiceHost - ok
12:40:33.0093 8056 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:40:33.0095 8056 WdiSystemHost - ok
12:40:33.0148 8056 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
12:40:33.0154 8056 WebClient - ok
12:40:33.0175 8056 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:40:33.0180 8056 Wecsvc - ok
12:40:33.0199 8056 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:40:33.0202 8056 wercplsupport - ok
12:40:33.0307 8056 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:40:33.0310 8056 WerSvc - ok
12:40:33.0605 8056 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:40:33.0607 8056 WfpLwf - ok
12:40:33.0716 8056 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:40:33.0718 8056 WIMMount - ok
12:40:33.0725 8056 WinHttpAutoProxySvc - ok
12:40:34.0161 8056 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:40:34.0165 8056 Winmgmt - ok
12:40:34.0309 8056 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
12:40:34.0355 8056 WinRM - ok
12:40:34.0549 8056 WinUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
12:40:34.0551 8056 WinUSB - ok
12:40:34.0616 8056 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:40:34.0642 8056 Wlansvc - ok
12:40:34.0732 8056 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:40:34.0799 8056 wlidsvc - ok
12:40:34.0912 8056 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:40:34.0912 8056 WmiAcpi - ok
12:40:35.0093 8056 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:40:35.0097 8056 wmiApSrv - ok
12:40:35.0175 8056 WMPNetworkSvc - ok
12:40:35.0273 8056 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:40:35.0276 8056 WPCSvc - ok
12:40:35.0327 8056 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
12:40:35.0334 8056 WPDBusEnum - ok
12:40:35.0470 8056 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:40:35.0471 8056 ws2ifsl - ok
12:40:35.0553 8056 WSearch - ok
12:40:35.0645 8056 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
12:40:35.0711 8056 wuauserv - ok
12:40:35.0835 8056 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
12:40:35.0843 8056 WudfPf - ok
12:40:35.0967 8056 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:40:35.0971 8056 WUDFRd - ok
12:40:36.0076 8056 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
12:40:36.0079 8056 wudfsvc - ok
12:40:36.0174 8056 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:40:36.0180 8056 WwanSvc - ok
12:40:36.0327 8056 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
12:40:36.0334 8056 yukonw7 - ok
12:40:36.0401 8056 MBR (0x1B8) (e3e91e98346c8b0475259c238728e9e3) \Device\Harddisk0\DR0
12:40:36.0432 8056 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
12:40:36.0432 8056 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
12:40:36.0469 8056 Boot (0x1200) (4c102233adf836c62c775a9486f1a894) \Device\Harddisk0\DR0\Partition0
12:40:36.0475 8056 \Device\Harddisk0\DR0\Partition0 - ok
12:40:36.0509 8056 Boot (0x1200) (f7cd57dbc2000f1b73e4bdd455f95b1f) \Device\Harddisk0\DR0\Partition1
12:40:36.0511 8056 \Device\Harddisk0\DR0\Partition1 - ok
12:40:36.0539 8056 Boot (0x1200) (72adaffe1c3d47f36056f08637bc9823) \Device\Harddisk0\DR0\Partition2
12:40:36.0549 8056 \Device\Harddisk0\DR0\Partition2 - ok
12:40:36.0595 8056 Boot (0x1200) (04f27687db4643b53d2e66baa452348a) \Device\Harddisk0\DR0\Partition3
12:40:36.0596 8056 \Device\Harddisk0\DR0\Partition3 - ok
12:40:36.0598 8056 ============================================================
12:40:36.0598 8056 Scan finished
12:40:36.0598 8056 ============================================================
12:40:36.0608 6412 Detected object count: 1
12:40:36.0608 6412 Actual detected object count: 1
12:41:03.0737 6412 \Device\Harddisk0\DR0\# - copied to quarantine
12:41:03.0738 6412 \Device\Harddisk0\DR0 - copied to quarantine
12:41:03.0834 6412 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
12:41:03.0837 6412 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
12:41:03.0987 6412 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
12:41:03.0997 6412 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
12:41:04.0042 6412 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
12:41:04.0061 6412 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
12:41:04.0063 6412 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
12:41:04.0064 6412 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
12:41:04.0067 6412 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
12:41:04.0070 6412 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
12:41:04.0075 6412 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
12:41:04.0077 6412 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
12:41:04.0111 6412 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
12:41:04.0113 6412 \Device\Harddisk0\DR0 - ok
12:41:08.0575 6412 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
12:41:29.0863 0320 Deinitialize success

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-05 13:10:55
-----------------------------
13:10:55.338 OS Version: Windows x64 6.1.7600
13:10:55.338 Number of processors: 2 586 0x603
13:10:55.338 ComputerName: RACHEL-PC UserName: Rachel
13:10:59.316 Initialize success
13:25:22.668 AVAST engine defs: 12040501
13:29:22.366 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:29:22.366 Disk 0 Vendor: ST9500325AS 0005HPM1 Size: 476940MB BusType: 11
13:29:22.406 Disk 0 MBR read successfully
13:29:22.416 Disk 0 MBR scan
13:29:22.426 Disk 0 unknown MBR code
13:29:22.456 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
13:29:22.476 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 455592 MB offset 409600
13:29:22.536 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 21044 MB offset 933462016
13:29:22.556 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
13:29:22.606 Disk 0 scanning C:\Windows\system32\drivers
13:29:37.536 Service scanning
13:30:01.968 Service rpskt C:\Windows\system32\VirtualFD.dll **INFECTED** Win64:ZAccess-E [Rtk]
13:30:13.689 Modules scanning
13:30:14.052 Disk 0 trace - called modules:
13:30:14.113 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
13:30:14.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800432b060]
13:30:14.137 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> [0xfffffa800432ab10]
13:30:14.149 5 hpdskflt.sys[fffff880017f3289] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80042b0060]
13:30:20.219 AVAST engine scan C:\Windows
13:30:24.690 AVAST engine scan C:\Windows\system32
13:30:36.539 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
13:31:51.629 File: C:\Windows\system32\VirtualFD.dll **INFECTED** Win64:ZAccess-E [Rtk]
13:32:10.340 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
13:32:12.953 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
13:34:38.831 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
13:34:46.794 AVAST engine scan C:\Windows\system32\drivers
13:35:10.849 AVAST engine scan C:\Users\Rachel
13:36:42.884 File: C:\Users\Rachel\AppData\Roaming\Adobe\Adobe\tceskqa.dll **INFECTED** Win32:Trojan-gen
13:41:22.356 Disk 0 MBR has been saved successfully to "C:\Users\Rachel\Desktop\MBR.dat"
13:41:22.364 The log file has been saved successfully to "C:\Users\Rachel\Desktop\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:04 AM

Posted 05 April 2012 - 04:08 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 grizz8884

grizz8884
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 05 April 2012 - 04:39 PM

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 05-04-2012 14:29:50
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2104104 2010-04-09] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-02-01] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [611896 2010-01-20] ()
HKLM\...\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [451072 2010-01-18] (Hewlett-Packard Company)
HKLM\...\Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPTonectl.exe [107832 2009-08-19] (Hewlett-Packard )
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [172032 2010-04-25] (Sun Microsystems, Inc.)
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-01-27] (Hewlett-Packard)
HKLM\...\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe" [3453440 2010-07-27] (Alcatel-Lucent)
HKLM\...\Run: [adtlet] rundll32.exe "C:\Windows\TEMP\adtlet.dll",CreateRenderToEnvMap [115712 2012-04-05] (Info-ZIP)
HKLM\...\Run: [aprds] rundll32.exe "C:\Windows\TEMP\aprds.dll",DAE [242688 2012-04-05] (Analog Devices, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-04-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288080 2009-07-17] (Microsoft Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED [3331944 2009-12-03] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-09-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [274608 2011-01-24] (RealNetworks, Inc.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-03-07] (Apple Inc.)
HKLM-x32\...\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [847872 2009-12-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup [2015136 2011-05-27] (Affinegy, Inc.)
HKLM-x32\...\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe [x]
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Rachel\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Rachel\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2010-01-22] (Hewlett-Packard Company)
HKU\Rachel\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [15026056 2011-01-26] (Skype Technologies S.A.)
HKU\Rachel\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Lsa: [Notification Packages] DPPassFilter
scecli
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253600 2012-04-05] (Adobe Systems Incorporated)
2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
2 AffinegyService; "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe" [562592 2011-05-27] (Affinegy, Inc.)
2 Belkin Local Backup Service; "C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe" /service [181760 2011-04-19] ()
2 Belkin Network USB Helper; "C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe" /service [55296 2010-02-09] ()
2 CinemaNow Service; C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [127984 2010-02-26] (CinemaNow, Inc.)
2 DML Service; "C:\Users\Rachel\AppData\Roaming\Document Systems, Inc\DocMagic Online\bin\dmlsvc.exe" [296608 2010-12-18] ()
2 DpHost; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [444680 2009-12-30] (DigitalPersona, Inc.)
2 DvmMDES; "C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe" [338168 2010-03-05] (DeviceVM, Inc.)
2 HP Wireless Assistant Service; "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe" [102968 2010-01-27] (Hewlett-Packard)
2 hpsrv; C:\Windows\System32\Hpservice.exe [30520 2009-07-08] (Hewlett-Packard)
2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] ()
2 McciCMService; "C:\Program Files (x86)\Common Files\Motive\McciCMService.exe" [319488 2010-05-04] (Alcatel-Lucent)
2 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2010-05-04] (Alcatel-Lucent)
2 McciServiceHost; "C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe" [315392 2011-09-09] (Alcatel-Lucent)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll" /prefetch:1 [135032 2010-04-29] (Symantec Corporation)
2 rpskt; C:\Windows\System32\VirtualFD.dll [6656 2009-07-13] (Oak Technology Inc.)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\STacSV64.exe [244736 2010-02-01] (IDT, Inc.)
2 vcsFPService; C:\Windows\system32\vcsFPService.exe [2184496 2010-01-06] (Validity Sensors, Inc.)
2 vcsFPService; C:\Windows\SysWow64\vcsFPService.exe [1791280 2010-01-05] (Validity Sensors, Inc.)
2 SPService; c:\windows\system32\config\systemprofile\appdata\roaming\adobe\sp.dll [x]

========================== Drivers (Whitelisted) =============

3 Accelerometer; C:\Windows\System32\Drivers\Accelerometer.sys [41272 2009-07-08] (Hewlett-Packard)
3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [6403584 2010-04-16] (ATI Technologies Inc.)
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101104.001\BHDrvx64.sys [953904 2010-11-03] (Symantec Corporation)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
1 ccHP; C:\Windows\System32\drivers\NISx64\1109000.00C\ccHPx64.sys [593544 2011-08-03] (Symantec Corporation)
1 DVMIO; C:\Windows\System32\Drivers\DVMIO.sys [20056 2009-11-11] (DeviceVM, Inc.)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2010-09-11] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [132656 2010-09-11] (Symantec Corporation)
0 hpdskflt; C:\Windows\System32\Drivers\hpdskflt.sys [30008 2009-07-08] (Hewlett-Packard)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101108.002\IDSvia64.sys [476720 2010-10-19] (Symantec Corporation)
3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [43008 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [40960 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101110.002\ENG64.SYS [117808 2010-09-28] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101110.002\EX64.SYS [1804336 2010-09-28] (Symantec Corporation)
3 SRTSP; C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\drivers\NISx64\1109000.00C\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation)
2 sxuptp; C:\Windows\System32\Drivers\sxuptp.sys [291352 2009-06-22] (silex technology, Inc.)
0 SymDS; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMDS64.SYS [433200 2009-08-29] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [221304 2011-08-21] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2010-09-10] (Symantec Corporation)
1 SymIRON; C:\Windows\System32\drivers\NISx64\1109000.00C\Ironx64.SYS [150064 2010-04-28] (Symantec Corporation)
1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [451704 2011-08-21] (Symantec Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: rpskt

============ One Month Created Files and Folders ==============

2012-04-05 12:41 - 2012-04-05 12:41 - 0002716 ____A C:\Users\Rachel\Desktop\aswMBR.txt
2012-04-05 12:41 - 2012-04-05 12:41 - 0000512 ____A C:\Users\Rachel\Desktop\MBR.dat
2012-04-05 12:10 - 2012-04-05 13:00 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-05 12:10 - 2012-04-05 12:10 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-05 12:10 - 2012-04-05 12:10 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-05 12:06 - 2012-04-05 12:06 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-05 12:06 - 2012-04-05 11:41 - 0141842 ____A C:\Users\Rachel\Desktop\TDSSKiller.2.7.26.0_05.04.2012_12.39.14_log.txt
2012-04-05 11:47 - 2012-04-05 11:47 - 0000000 ____D C:\Users\Rachel\AppData\Local\{23C232A3-7F42-11E1-826D-B8AC6F996F26}
2012-04-05 11:44 - 2012-04-05 11:44 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-05 11:41 - 2012-04-05 11:41 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-05 11:39 - 2012-04-05 11:41 - 0141842 ____A C:\TDSSKiller.2.7.26.0_05.04.2012_12.39.14_log.txt
2012-04-05 10:58 - 2012-04-05 11:09 - 4731392 ____A (AVAST Software) C:\Users\Rachel\Desktop\aswMBR.exe
2012-04-05 10:54 - 2012-04-05 10:56 - 2073136 ____A (Kaspersky Lab ZAO) C:\Users\Rachel\Desktop\tdsskiller.exe
2012-04-05 09:07 - 2012-04-05 09:07 - 0000000 ____D C:\Windows\system64
2012-04-05 08:42 - 2009-07-13 17:14 - 0020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-04-05 08:33 - 2012-04-05 08:33 - 0022149 ____A C:\ComboFix.txt
2012-04-05 08:23 - 2012-04-05 08:23 - 0000000 __SHD C:\$RECYCLE.BIN
2012-04-05 08:16 - 2012-04-05 08:16 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-04-05 08:16 - 2012-04-05 08:16 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-04-05 08:16 - 2012-04-05 08:16 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-04-05 08:16 - 2012-04-05 08:16 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-04-05 08:16 - 2012-04-05 08:16 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-04-05 08:16 - 2012-04-05 08:16 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-04-05 08:16 - 2012-04-05 08:16 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-04-05 08:16 - 2012-04-05 08:16 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-04-05 08:16 - 2012-04-05 08:16 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-04-05 08:16 - 2012-04-05 08:16 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-04-05 08:04 - 2012-04-05 08:04 - 0270216 ____A C:\Windows\Minidump\040512-35927-01.dmp
2012-04-05 07:59 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-04-05 07:59 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-04-05 07:59 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-04-05 07:59 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-04-05 07:59 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-04-05 07:59 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-04-05 07:59 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-04-05 07:59 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-04-05 07:58 - 2012-04-05 08:33 - 0000000 ____D C:\Qoobox
2012-04-05 07:58 - 2012-04-05 08:28 - 0000000 ____D C:\Windows\ERDNT
2012-04-05 07:51 - 2012-04-05 07:57 - 4449976 ____R (Swearware) C:\Users\Rachel\Desktop\ComboFix.exe
2012-04-04 20:23 - 2012-04-04 20:23 - 0025621 ____A C:\Users\Rachel\Desktop\DDS.txt
2012-04-04 20:23 - 2012-04-04 20:23 - 0012312 ____A C:\Users\Rachel\Desktop\Attach.txt
2012-04-04 20:18 - 2012-04-04 20:18 - 0607260 ____R (Swearware) C:\Users\Rachel\Desktop\dds.scr
2012-04-04 20:18 - 2012-04-04 20:18 - 0000000 ____A C:\Users\Rachel\defogger_reenable
2012-04-04 20:17 - 2012-04-04 20:17 - 0050477 ____A C:\Users\Rachel\Desktop\Defogger.exe
2012-04-04 18:24 - 2012-04-04 18:24 - 0000000 ____D C:\Users\All Users\Recovery
2012-04-04 18:24 - 2012-04-04 18:24 - 0000000 ____D C:\ProgramData\Recovery
2012-04-04 18:04 - 2012-04-04 18:04 - 0274512 ____A C:\Windows\Minidump\040412-37939-01.dmp
2012-04-04 12:20 - 2012-04-04 12:20 - 0274568 ____A C:\Windows\Minidump\040412-43914-01.dmp
2012-04-04 12:17 - 2012-04-04 12:17 - 0274568 ____A C:\Windows\Minidump\040412-45162-01.dmp
2012-04-03 16:31 - 2012-04-03 16:31 - 0000000 ____D C:\Users\Rachel\AppData\Local\ElevatedDiagnostics
2012-04-03 16:30 - 2012-04-03 16:30 - 0015921 ____A C:\Users\Rachel\Documents\hijackthis.log
2012-04-03 16:27 - 2012-04-05 08:41 - 0736508 ____A C:\Windows\ntbtlog.txt
2012-04-03 16:12 - 2012-04-03 16:12 - 0000168 ____A C:\Users\All Users\-VHkntEBmFPbgYor
2012-04-03 16:12 - 2012-04-03 16:12 - 0000168 ____A C:\ProgramData\-VHkntEBmFPbgYor
2012-04-03 16:12 - 2012-04-03 16:12 - 0000000 ____A C:\Users\All Users\-VHkntEBmFPbgYo
2012-04-03 16:12 - 2012-04-03 16:12 - 0000000 ____A C:\ProgramData\-VHkntEBmFPbgYo
2012-04-02 19:54 - 2012-04-03 16:28 - 0015921 ____A C:\Users\Rachel\Downloads\hijackthis.log
2012-04-02 19:54 - 2012-04-02 19:54 - 0388608 ____A (Trend Micro Inc.) C:\Users\Rachel\Downloads\HijackThis.exe
2012-04-02 19:30 - 2012-04-02 19:38 - 16157992 ____A (Mozilla) C:\Users\Rachel\Downloads\Firefox Setup 11.0.exe
2012-04-02 18:01 - 2012-04-02 18:01 - 0000000 ____D C:\Windows\Sun
2012-03-26 18:33 - 2012-04-05 08:04 - 368344967 ____A C:\Windows\MEMORY.DMP
2012-03-26 18:33 - 2012-04-05 08:04 - 0000000 ____D C:\Windows\Minidump
2012-03-26 18:33 - 2012-03-26 18:33 - 0485920 ____A C:\Windows\Minidump\032612-34991-01.dmp
2012-03-14 08:34 - 2011-11-19 10:30 - 5504880 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-14 08:34 - 2011-11-19 06:25 - 3957616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-14 08:34 - 2011-11-19 06:25 - 3902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-13 15:36 - 2012-02-09 22:18 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-13 15:36 - 2012-02-09 22:17 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-03-13 15:36 - 2012-02-09 22:17 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-03-13 15:36 - 2012-02-09 22:17 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-03-13 15:36 - 2012-02-09 22:17 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-03-13 15:36 - 2012-02-09 21:41 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-03-13 15:36 - 2012-02-09 21:41 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-13 15:36 - 2012-02-09 21:41 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-03-13 15:36 - 2012-02-09 21:41 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-03-13 15:36 - 2012-02-09 21:41 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-03-13 15:36 - 2012-02-02 20:16 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-13 15:34 - 2012-02-14 22:27 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-13 15:34 - 2012-02-14 21:44 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-13 15:34 - 2012-02-14 20:47 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-13 15:34 - 2012-02-14 20:46 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-13 15:34 - 2012-01-24 22:27 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-13 15:34 - 2012-01-24 22:27 - 0076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-13 15:34 - 2012-01-24 22:20 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-03-12 14:55 - 2012-03-12 14:55 - 0086438 ____A C:\Users\Rachel\Downloads\247110_666832445508_23709527_34844445_2882463_n.jpg
2012-03-07 05:36 - 2012-03-07 05:36 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-03-07 05:36 - 2012-03-07 05:36 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-03-07 05:36 - 2012-03-07 05:36 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-03-07 05:36 - 2012-03-07 05:36 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-03-07 05:36 - 2012-03-07 05:36 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-03-07 05:36 - 2012-03-07 05:36 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-03-07 05:36 - 2012-03-07 05:36 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-03-07 05:36 - 2012-03-07 05:36 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-03-07 05:36 - 2012-03-07 05:36 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-03-07 05:36 - 2012-03-07 05:36 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-03-07 05:36 - 2012-03-07 05:36 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-03-07 05:36 - 2012-03-07 05:36 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-03-07 05:36 - 2012-03-07 05:36 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-03-07 05:36 - 2012-03-07 05:36 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-03-07 05:36 - 2012-03-07 05:36 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-03-07 05:36 - 2012-03-07 05:36 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-03-07 05:36 - 2012-03-07 05:36 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-03-07 05:36 - 2012-03-07 05:36 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-03-07 05:36 - 2012-03-07 05:36 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-03-07 05:36 - 2012-03-07 05:36 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-03-07 05:36 - 2012-03-07 05:36 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-03-07 05:36 - 2012-03-07 05:36 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-03-07 05:36 - 2012-03-07 05:36 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-03-07 05:36 - 2012-03-07 05:36 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-03-07 05:36 - 2012-03-07 05:36 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-03-07 05:36 - 2012-03-07 05:36 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-03-07 05:36 - 2012-03-07 05:36 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-03-07 05:36 - 2012-03-07 05:36 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-03-07 05:30 - 2012-03-07 05:37 - 0003900 ____A C:\Windows\IE9_main.log


============ 3 Months Modified Files and Folders =============

2012-04-05 14:30 - 2012-04-05 14:29 - 0000000 ____D C:\FRST
2012-04-05 13:24 - 2010-06-20 00:51 - 1109154 ____A C:\Windows\WindowsUpdate.log
2012-04-05 13:19 - 2010-10-10 12:33 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-05 13:17 - 2009-07-13 21:13 - 0727334 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-05 13:10 - 2010-10-13 19:52 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2249549834-3871935163-4058637027-1000UA.job
2012-04-05 13:00 - 2012-04-05 12:10 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-05 12:41 - 2012-04-05 12:41 - 0002716 ____A C:\Users\Rachel\Desktop\aswMBR.txt
2012-04-05 12:41 - 2012-04-05 12:41 - 0000512 ____A C:\Users\Rachel\Desktop\MBR.dat
2012-04-05 12:19 - 2010-10-10 12:33 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-05 12:10 - 2012-04-05 12:10 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-05 12:10 - 2012-04-05 12:10 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-05 12:10 - 2011-03-02 18:34 - 0000000 ____D C:\Users\Rachel\AppData\Roaming\Skype
2012-04-05 12:06 - 2012-04-05 12:06 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-05 11:52 - 2009-07-13 20:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-05 11:52 - 2009-07-13 20:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-05 11:47 - 2012-04-05 11:47 - 0000000 ____D C:\Users\Rachel\AppData\Local\{23C232A3-7F42-11E1-826D-B8AC6F996F26}
2012-04-05 11:47 - 2011-01-13 23:54 - 0000000 ____D C:\Users\Rachel\AppData\Local\CrashDumps
2012-04-05 11:44 - 2012-04-05 11:44 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-05 11:43 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-05 11:42 - 2010-06-20 00:43 - 3015884800 __ASH C:\hiberfil.sys
2012-04-05 11:42 - 2009-07-13 20:51 - 0067465 ____A C:\Windows\setupact.log
2012-04-05 11:41 - 2012-04-05 12:06 - 0141842 ____A C:\Users\Rachel\Desktop\TDSSKiller.2.7.26.0_05.04.2012_12.39.14_log.txt
2012-04-05 11:41 - 2012-04-05 11:41 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-05 11:41 - 2012-04-05 11:39 - 0141842 ____A C:\TDSSKiller.2.7.26.0_05.04.2012_12.39.14_log.txt
2012-04-05 11:09 - 2012-04-05 10:58 - 4731392 ____A (AVAST Software) C:\Users\Rachel\Desktop\aswMBR.exe
2012-04-05 10:56 - 2012-04-05 10:54 - 2073136 ____A (Kaspersky Lab ZAO) C:\Users\Rachel\Desktop\tdsskiller.exe
2012-04-05 09:07 - 2012-04-05 09:07 - 0000000 ____D C:\Windows\system64
2012-04-05 08:57 - 2009-07-13 18:34 - 0000882 ___RH C:\Windows\System32\Drivers\etc\hosts
2012-04-05 08:45 - 2009-07-13 21:08 - 0032656 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-05 08:41 - 2012-04-03 16:27 - 0736508 ____A C:\Windows\ntbtlog.txt
2012-04-05 08:33 - 2012-04-05 08:33 - 0022149 ____A C:\ComboFix.txt
2012-04-05 08:33 - 2012-04-05 07:58 - 0000000 ____D C:\Qoobox
2012-04-05 08:33 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-04-05 08:28 - 2012-04-05 07:58 - 0000000 ____D C:\Windows\ERDNT
2012-04-05 08:24 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-04-05 08:23 - 2012-04-05 08:23 - 0000000 __SHD C:\$RECYCLE.BIN
2012-04-05 08:18 - 2010-06-20 00:55 - 0098424 ____A C:\Windows\PFRO.log
2012-04-05 08:16 - 2012-04-05 08:16 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-04-05 08:16 - 2012-04-05 08:16 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-04-05 08:16 - 2012-04-05 08:16 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-04-05 08:16 - 2012-04-05 08:16 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-04-05 08:16 - 2012-04-05 08:16 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-04-05 08:16 - 2012-04-05 08:16 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-04-05 08:16 - 2012-04-05 08:16 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-04-05 08:16 - 2012-04-05 08:16 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-04-05 08:16 - 2012-04-05 08:16 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-04-05 08:16 - 2012-04-05 08:16 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-04-05 08:16 - 2009-07-13 18:34 - 80740352 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-04-05 08:16 - 2009-07-13 18:34 - 15204352 ____A C:\Windows\System32\config\SYSTEM.bak
2012-04-05 08:16 - 2009-07-13 18:34 - 0524288 ____A C:\Windows\System32\config\DEFAULT.bak
2012-04-05 08:16 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-04-05 08:16 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SAM.bak
2012-04-05 08:04 - 2012-04-05 08:04 - 0270216 ____A C:\Windows\Minidump\040512-35927-01.dmp
2012-04-05 08:04 - 2012-03-26 18:33 - 368344967 ____A C:\Windows\MEMORY.DMP
2012-04-05 08:04 - 2012-03-26 18:33 - 0000000 ____D C:\Windows\Minidump
2012-04-05 07:57 - 2012-04-05 07:51 - 4449976 ____R (Swearware) C:\Users\Rachel\Desktop\ComboFix.exe
2012-04-04 20:23 - 2012-04-04 20:23 - 0025621 ____A C:\Users\Rachel\Desktop\DDS.txt
2012-04-04 20:23 - 2012-04-04 20:23 - 0012312 ____A C:\Users\Rachel\Desktop\Attach.txt
2012-04-04 20:18 - 2012-04-04 20:18 - 0607260 ____R (Swearware) C:\Users\Rachel\Desktop\dds.scr
2012-04-04 20:18 - 2012-04-04 20:18 - 0000000 ____A C:\Users\Rachel\defogger_reenable
2012-04-04 20:18 - 2010-09-10 16:15 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-04 20:18 - 2010-09-10 15:29 - 0000000 ____D C:\users\Rachel
2012-04-04 20:17 - 2012-04-04 20:17 - 0050477 ____A C:\Users\Rachel\Desktop\Defogger.exe
2012-04-04 18:24 - 2012-04-04 18:24 - 0000000 ____D C:\Users\All Users\Recovery
2012-04-04 18:24 - 2012-04-04 18:24 - 0000000 ____D C:\ProgramData\Recovery
2012-04-04 18:04 - 2012-04-04 18:04 - 0274512 ____A C:\Windows\Minidump\040412-37939-01.dmp
2012-04-04 12:20 - 2012-04-04 12:20 - 0274568 ____A C:\Windows\Minidump\040412-43914-01.dmp
2012-04-04 12:17 - 2012-04-04 12:17 - 0274568 ____A C:\Windows\Minidump\040412-45162-01.dmp
2012-04-03 16:31 - 2012-04-03 16:31 - 0000000 ____D C:\Users\Rachel\AppData\Local\ElevatedDiagnostics
2012-04-03 16:30 - 2012-04-03 16:30 - 0015921 ____A C:\Users\Rachel\Documents\hijackthis.log
2012-04-03 16:28 - 2012-04-02 19:54 - 0015921 ____A C:\Users\Rachel\Downloads\hijackthis.log
2012-04-03 16:12 - 2012-04-03 16:12 - 0000168 ____A C:\Users\All Users\-VHkntEBmFPbgYor
2012-04-03 16:12 - 2012-04-03 16:12 - 0000168 ____A C:\ProgramData\-VHkntEBmFPbgYor
2012-04-03 16:12 - 2012-04-03 16:12 - 0000000 ____A C:\Users\All Users\-VHkntEBmFPbgYo
2012-04-03 16:12 - 2012-04-03 16:12 - 0000000 ____A C:\ProgramData\-VHkntEBmFPbgYo
2012-04-02 19:54 - 2012-04-02 19:54 - 0388608 ____A (Trend Micro Inc.) C:\Users\Rachel\Downloads\HijackThis.exe
2012-04-02 19:54 - 2010-09-10 15:39 - 0000000 ____D C:\Users\Rachel\AppData\Local\VirtualStore
2012-04-02 19:47 - 2010-09-10 16:15 - 0001134 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-04-02 19:38 - 2012-04-02 19:30 - 16157992 ____A (Mozilla) C:\Users\Rachel\Downloads\Firefox Setup 11.0.exe
2012-04-02 18:01 - 2012-04-02 18:01 - 0000000 ____D C:\Windows\Sun
2012-04-02 17:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-04-02 05:09 - 2010-10-13 19:52 - 0000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2249549834-3871935163-4058637027-1000Core.job
2012-04-01 16:07 - 2010-09-10 15:43 - 0000000 ____D C:\Users\Rachel\AppData\Roaming\Adobe
2012-04-01 15:41 - 2010-09-10 16:15 - 0000000 ____D C:\Users\Rachel\AppData\Roaming\Mozilla
2012-03-30 19:09 - 2010-10-10 12:33 - 0002344 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-03-28 12:58 - 2010-09-10 15:31 - 0000000 ____D C:\Users\Rachel\AppData\Roaming\Hewlett-Packard
2012-03-26 18:33 - 2012-03-26 18:33 - 0485920 ____A C:\Windows\Minidump\032612-34991-01.dmp
2012-03-26 18:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-03-25 09:47 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-03-25 02:07 - 2009-09-06 16:40 - 0000000 ____D C:\SwSetup
2012-03-21 17:04 - 2010-09-18 00:46 - 0000000 ____D C:\Users\Rachel\AppData\Roaming\SoftGrid Client
2012-03-14 12:24 - 2009-07-13 20:45 - 0435184 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-14 08:33 - 2010-04-25 09:49 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-03-14 08:33 - 2010-04-25 09:49 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-03-12 14:55 - 2012-03-12 14:55 - 0086438 ____A C:\Users\Rachel\Downloads\247110_666832445508_23709527_34844445_2882463_n.jpg
2012-03-07 05:53 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-03-07 05:37 - 2012-03-07 05:30 - 0003900 ____A C:\Windows\IE9_main.log
2012-03-07 05:36 - 2012-03-07 05:36 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-03-07 05:36 - 2012-03-07 05:36 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-03-07 05:36 - 2012-03-07 05:36 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-03-07 05:36 - 2012-03-07 05:36 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-03-07 05:36 - 2012-03-07 05:36 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-03-07 05:36 - 2012-03-07 05:36 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-03-07 05:36 - 2012-03-07 05:36 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-03-07 05:36 - 2012-03-07 05:36 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-03-07 05:36 - 2012-03-07 05:36 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-03-07 05:36 - 2012-03-07 05:36 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-03-07 05:36 - 2012-03-07 05:36 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-03-07 05:36 - 2012-03-07 05:36 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-03-07 05:36 - 2012-03-07 05:36 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-03-07 05:36 - 2012-03-07 05:36 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-03-07 05:36 - 2012-03-07 05:36 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-03-07 05:36 - 2012-03-07 05:36 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-03-07 05:36 - 2012-03-07 05:36 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-03-07 05:36 - 2012-03-07 05:36 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-03-07 05:36 - 2012-03-07 05:36 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-03-07 05:36 - 2012-03-07 05:36 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-03-07 05:36 - 2012-03-07 05:36 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-03-07 05:36 - 2012-03-07 05:36 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-03-07 05:36 - 2012-03-07 05:36 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-03-07 05:36 - 2012-03-07 05:36 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-03-07 05:36 - 2012-03-07 05:36 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-03-07 05:36 - 2012-03-07 05:36 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-03-07 05:36 - 2012-03-07 05:36 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-03-07 05:36 - 2012-03-07 05:36 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-03-07 05:36 - 2012-03-07 05:36 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-03-02 10:31 - 2012-03-02 10:31 - 0105989 ____A C:\Users\Rachel\Desktop\summerbill.pdf
2012-03-02 10:28 - 2012-03-02 10:28 - 0106352 ____A C:\Users\Rachel\Desktop\springbill.pdf
2012-03-02 10:12 - 2012-03-02 10:12 - 0004284 ____A C:\Users\Rachel\Desktop\SummerBill11.htm
2012-03-02 10:06 - 2012-03-02 10:06 - 0048499 ____A C:\Users\Rachel\Desktop\UNLVbill11.htm
2012-03-02 10:05 - 2012-03-02 10:05 - 0004284 ____A C:\Users\Rachel\Desktop\Springbill11.htm
2012-02-18 16:58 - 2010-09-10 15:39 - 0000174 ___SH C:\Users\Rachel\Start Menu\Programs\Startup\desktop.ini
2012-02-18 16:58 - 2010-09-10 15:39 - 0000174 ___SH C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-18 16:28 - 2010-04-25 11:16 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-16 05:51 - 2010-09-18 00:45 - 0744030 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-02-16 05:50 - 2010-11-20 00:29 - 0000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-02-14 22:27 - 2012-03-13 15:34 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-14 21:44 - 2012-03-13 15:34 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-14 20:47 - 2012-03-13 15:34 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-14 20:46 - 2012-03-13 15:34 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-09 22:18 - 2012-03-13 15:36 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 22:17 - 2012-03-13 15:36 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-02-09 22:17 - 2012-03-13 15:36 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-02-09 22:17 - 2012-03-13 15:36 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-02-09 22:17 - 2012-03-13 15:36 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-02-09 21:41 - 2012-03-13 15:36 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-02-09 21:41 - 2012-03-13 15:36 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-09 21:41 - 2012-03-13 15:36 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-02-09 21:41 - 2012-03-13 15:36 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-02-09 21:41 - 2012-03-13 15:36 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-02-08 11:04 - 2012-02-01 13:24 - 0000000 ____D C:\Users\All Users\Motive
2012-02-08 11:04 - 2012-02-01 13:24 - 0000000 ____D C:\ProgramData\Motive
2012-02-02 20:16 - 2012-03-13 15:36 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-01 14:30 - 2012-02-01 14:30 - 0002285 ____A C:\Users\Public\Desktop\AT&T Troubleshoot & Resolve Tool.lnk
2012-02-01 14:30 - 2012-02-01 13:26 - 0000000 ____D C:\Users\Rachel\AppData\Roaming\Motive
2012-02-01 14:29 - 2012-02-01 14:29 - 0000000 ____D C:\Program Files\ATT-SST
2012-02-01 14:29 - 2012-02-01 14:29 - 0000000 ____D C:\Program Files (x86)\ATT-SST
2012-02-01 14:29 - 2012-02-01 13:25 - 0000000 ____D C:\Program Files\Common Files\Motive
2012-02-01 14:19 - 2010-09-10 15:29 - 0000000 ____D C:\Users\Rachel\AppData\LocalLow
2012-02-01 14:18 - 2012-02-01 14:18 - 0000000 ____D C:\Program Files (x86)\ATT
2012-02-01 14:17 - 2012-02-01 14:17 - 0000000 ____D C:\Users\All Users\Belkin
2012-02-01 14:17 - 2012-02-01 14:17 - 0000000 ____D C:\ProgramData\Belkin
2012-02-01 14:17 - 2012-02-01 14:17 - 0000000 ____D C:\Program Files\Belkin
2012-02-01 14:16 - 2012-02-01 14:16 - 0000000 ____D C:\Users\All Users\Affinegy
2012-02-01 14:16 - 2012-02-01 14:16 - 0000000 ____D C:\ProgramData\Affinegy
2012-02-01 14:16 - 2012-02-01 14:16 - 0000000 ____D C:\Program Files (x86)\Belkin
2012-02-01 13:26 - 2012-02-01 13:26 - 0000000 ____D C:\Program Files\ATT-HSI
2012-02-01 13:25 - 2012-02-01 13:25 - 0000000 ____D C:\Program Files (x86)\ATT-HSI
2012-01-24 22:27 - 2012-03-13 15:34 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 22:27 - 2012-03-13 15:34 - 0076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 22:20 - 2012-03-13 15:34 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-23 17:38 - 2011-03-06 14:09 - 0000000 ____D C:\Users\Rachel\Documents\Cameron

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 3834.9 MB
Available physical RAM: 3137.1 MB
Total Pagefile: 3833.05 MB
Available Pagefile: 3121.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:444.91 GB) (Free:369.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:20.55 GB) (Free:2.99 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
4 Drive g: (Belkin Setup CD) (CDROM) (Total:0.34 GB) (Free:0 GB) UDF
5 Drive h: () (Removable) (Total:3.77 GB) (Free:0.14 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 3875 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 444 GB 200 MB
Partition 3 Primary 20 GB 445 GB
Partition 4 Primary 103 MB 465 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 444 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 20 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3871 MB 4032 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT32 Removable 3871 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-22 20:23

======================= End Of Log ==========================

#13 grizz8884

grizz8884
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 05 April 2012 - 04:42 PM

Startbar still missing some programs, although the computer/documents/etc are still there.

Did some google searches, getting redirected to gimmieanwsers.com and vipsearch(I think). Also get the occasional redirect pop up into my firefox tab... Such as this one http://videos.hollyscoop.com/h/0/1/9/h/0

Quicker on the boot-up, although internet still runs a little sluggish it seems.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:04 AM

Posted 05 April 2012 - 04:56 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ==> ZeroAccess
2 rpskt; C:\Windows\System32\VirtualFD.dll [6656 2009-07-13] (Oak Technology Inc.)
C:\Windows\System32\VirtualFD.dll
NETSVC: rpskt

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 grizz8884

grizz8884
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 05 April 2012 - 05:55 PM

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-04-05 15:48:08 R:1
Running from H:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
rpskt service deleted successfully.
C:\Windows\System32\VirtualFD.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs rpskt Deleted successfully.

==== End of Fixlog ====




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users