Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help, please?


  • Please log in to reply
23 replies to this topic

#1 mimmo915

mimmo915

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 18 April 2012 - 08:54 PM

Hello:

First of all, thank you for your help in advance. I have been reading this forum a while now trying to get some sort of idea on what I have. Since, I'm posting here I haven't been able to figure it out. I have run MBAM and TDSSKiller. I believe I was infected with the SMART HDD virus unsure if it is still there. One of the main things I've noticed is that I am unable to get past the start up screen when booting up normally and unable to restore my computer to a previous date. I am only able to do use the computer currently by using Safe mode with networking. Below is the dds log.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421
Run by rkarlen at 21:39:06 on 2012-04-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.2042 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\FirstClass\fcc32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [<NO NAME>]
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [GrpConv] grpconv -o
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
uPolicies-system: WallpaperStyle = 2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {23A2712A-7A4F-4D0C-822C-D7BA9974447B} - hxxps://registration.rr.com/RegHelper.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vpn-me.idexx.com/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1 209.18.47.61
TCP: Interfaces\{92C70D01-082A-4169-A40B-CD638B250231} : DhcpNameServer = 192.168.1.1 209.18.47.61
TCP: Interfaces\{92C70D01-082A-4169-A40B-CD638B250231}\25B41425C454E4D20534F5E4564777F627B6 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{92C70D01-082A-4169-A40B-CD638B250231}\3416D60702B41627C656E6 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{92C70D01-082A-4169-A40B-CD638B250231}\3416D60702B41627C656E602 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{92C70D01-082A-4169-A40B-CD638B250231}\455616D60214775637F6D656 : DhcpNameServer = 192.168.1.1 209.18.47.61
TCP: Interfaces\{92C70D01-082A-4169-A40B-CD638B250231}\54D6143786341696C6 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{C8E15F36-B437-49E3-8F09-91FD6B334AB8} : DhcpNameServer = 192.168.1.1 209.18.47.61
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO-X64: HelloWorldBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [(Default)]
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce-x64: [GrpConv] grpconv -o
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
Hosts: 94.63.147.16 www.google.com
Hosts: 94.63.147.17 www.bing.com
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-9-21 89600]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-4-15 1153368]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-21 228408]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;C:\Windows\System32\drivers\PcaSp60.sys [2012-1-31 38912]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-04-19 00:58:31 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2012-04-15 16:45:08 399264 ----a-w- C:\Users\rkarlen\AppData\Roaming\Microsoft\Windows\Network Shortcuts\unhide.exe
2012-04-15 14:54:01 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-10 05:40:22 -------- d-----w- C:\ProgramData\Recovery
2012-04-10 02:16:42 -------- d-----w- C:\ProgramData\Common Files
2012-04-10 02:15:46 -------- d-----w- C:\ProgramData\MFAData
2012-04-08 20:35:50 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-03-28 01:43:01 -------- d-----w- C:\Program Files (x86)\WildGames
2012-03-25 02:33:30 -------- d-----w- C:\Users\rkarlen\AppData\Roaming\iWin
.
==================== Find3M ====================
.
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 21:40:56.47 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:01:10 AM

Posted 22 April 2012 - 08:21 AM

Hello mimmo915 ,

My name is ratman and and I will be helping you with your computer problems.

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:

  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.

====================================================================================

I would like you to run Farbar's Recovery Scan Tool.

For this you will need a USB flash drive.

Download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
In your next reply, please copy/paste the contents of the following:
  • FRST.txt

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#3 mimmo915

mimmo915
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 22 April 2012 - 10:46 PM

Hi ratman,

Here is the log that you had requested:

Scan result of Farbar Recovery Scan Tool Version: 22-04-2012
Ran by SYSTEM at 22-04-2012 23:34:25
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2009-08-21] (Sun Microsystems, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default\...\Policies\system: [WallpaperStyle] 2
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default User\...\Policies\system: [WallpaperStyle] 2
HKU\rkarlen\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\rkarlen\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [9728 2009-07-13] (Microsoft Corporation)
HKU\rkarlen\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\rkarlen\...\Policies\system: [WallpaperStyle] 2
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 209.18.47.61
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
2 BBUpdate; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [249648 2011-06-15] (Microsoft Corporation)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [206072 2010-10-12] (WildTangent, Inc.)
3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" [69632 2005-11-14] (Macrovision Corporation)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-01-21] ()
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 sscdbus; C:\Windows\System32\cyberpowerups.dll [6656 2009-07-13] (Oak Technology Inc.)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)

========================== Drivers (Whitelisted) =============

3 PcaSp60; C:\Windows\System32\Drivers\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
3 PcaSp60; C:\Windows\SysWow64\Drivers\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: LUsbFilt
NETSVC: epfwtdi
NETSVC: OEM02Dev
NETSVC: s116mgmt
NETSVC: nv
NETSVC: hpdj
NETSVC: MSMQ
NETSVC: SIODRV
NETSVC: qkbfiltr
NETSVC: sscdbus
NETSVC: rtl8023
NETSVC: mnmsrvc
NETSVC: tossmbnt
NETSVC: jsdaemon
NETSVC: ibmfilter
NETSVC: adobeversioncue
NETSVC: hsvcmod
NETSVC: omniusb
NETSVC: ichaud

============ One Month Created Files and Folders ==============

2012-04-22 23:34 - 2009-07-13 21:08 - 0000000 ____D C:\FRST
2012-04-18 17:41 - 2012-04-15 19:19 - 0010968 ____A C:\Users\rkarlen\Desktop\Attach.txt
2012-04-18 17:41 - 2010-09-07 14:20 - 0016564 ____A C:\Users\rkarlen\Desktop\DDS.txt
2012-04-18 17:39 - 2012-04-18 16:26 - 0607260 ____R (Swearware) C:\Users\rkarlen\Downloads\dds (2).scr
2012-04-18 17:38 - 2012-04-18 17:41 - 0000476 ____A C:\Users\rkarlen\Desktop\defogger_disable.log
2012-04-18 17:38 - 2009-12-24 06:07 - 0000000 ____A C:\Users\rkarlen\defogger_reenable
2012-04-18 17:36 - 2012-04-18 17:36 - 0050477 ____A C:\Users\rkarlen\Downloads\Defogger.exe
2012-04-18 17:36 - 2012-04-18 16:26 - 0050477 ____A C:\Users\rkarlen\Downloads\Defogger (1).exe
2012-04-18 16:56 - 2009-12-24 06:09 - 0062482 ____A C:\TDSSKiller.2.4.11.0_18.04.2012_20.56.46_log.txt
2012-04-18 16:26 - 2012-04-18 17:39 - 0607260 ____A (Swearware) C:\Users\rkarlen\Downloads\dds.scr
2012-04-18 16:26 - 2010-02-10 09:56 - 0607260 ____R (Swearware) C:\Users\rkarlen\Downloads\dds (1).scr
2012-04-15 19:19 - 2012-02-23 18:16 - 0000512 ____A C:\Users\rkarlen\Desktop\MBR.dat
2012-04-15 19:19 - 2011-05-16 19:30 - 0003433 ____A C:\Users\rkarlen\Desktop\aswMBR.txt
2012-04-15 19:09 - - 4731392 ____A (AVAST Software) C:\Users\rkarlen\Downloads\aswMBR.exe
2012-04-15 19:08 - 2012-04-15 07:31 - 0125604 ____A C:\TDSSKiller.2.7.28.0_15.04.2012_23.08.02_log.txt
2012-04-15 19:07 - 2012-04-15 07:28 - 2071600 ____A (Kaspersky Lab ZAO) C:\Users\rkarlen\Downloads\tdsskiller (3).exe
2012-04-15 18:56 - 2012-03-27 17:49 - 0002270 ____A C:\Users\Public\Desktop\eBay.lnk
2012-04-15 18:56 - 2012-03-08 19:01 - 0001073 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2012-04-15 18:56 - 2011-12-12 16:58 - 0002014 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-04-15 18:56 - 2011-08-18 12:25 - 0001562 ____A C:\Users\Public\Desktop\Try Microsoft Office for 60 days.lnk
2012-04-15 18:56 - 2010-07-28 15:48 - 0000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-04-15 18:56 - 2010-01-09 06:56 - 0001743 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-15 18:56 - 2009-08-21 07:11 - 0001097 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk
2012-04-15 18:56 - 2007-04-18 06:23 - 0002522 ____A C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2012-04-15 18:56 - - 0000991 ____A C:\Users\Public\Desktop\Adobe Download Assistant.lnk
2012-04-15 18:46 - 2012-04-15 06:51 - 0399264 ____A (Bleeping Computer, LLC) C:\Users\rkarlen\Downloads\unhide (1).exe
2012-04-15 18:46 - 2012-01-06 17:53 - 0004126 ____A C:\Users\rkarlen\Desktop\unhide.txt
2012-04-15 08:44 - 2012-04-15 18:46 - 0399264 ____A (Bleeping Computer, LLC) C:\Users\rkarlen\Downloads\unhide.exe
2012-04-15 07:28 - 2012-04-15 06:54 - 0131086 ____A C:\TDSSKiller.2.7.28.0_15.04.2012_11.28.52_log.txt
2012-04-15 07:28 - 2012-04-15 06:51 - 2071600 ____A (Kaspersky Lab ZAO) C:\Users\rkarlen\Downloads\tdsskiller (2).exe
2012-04-15 07:26 - 2012-02-16 17:45 - 1008141 ____A C:\Users\rkarlen\Downloads\iExplore (1).exe
2012-04-15 07:23 - 2012-04-15 07:26 - 1008141 ____A C:\Users\rkarlen\Downloads\iExplore.exe
2012-04-15 07:05 - - 0000174 __ASH C:\Users\All Users\Start Menu\Programs\Startup\desktop.ini
2012-04-15 06:59 - 2012-04-22 19:28 - 0000000 ____D C:\Qoobox
2012-04-15 06:59 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\ERDNT
2012-04-15 06:54 - 2012-04-15 19:09 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-15 06:51 - 2012-04-15 19:08 - 2071600 ____A (Kaspersky Lab ZAO) C:\Users\rkarlen\Downloads\tdsskiller.exe
2012-04-15 06:51 - 2011-08-18 12:02 - 0130998 ____A C:\TDSSKiller.2.7.28.0_15.04.2012_10.51.40_log.txt
2012-04-15 06:51 - 2010-01-29 16:54 - 2071600 ____A (Kaspersky Lab ZAO) C:\Users\rkarlen\Downloads\tdsskiller (1).exe
2012-04-15 06:40 - 2011-12-29 08:30 - 0001222 ____A C:\Users\rkarlen\Desktop\Spybot - Search & Destroy.lnk
2012-04-15 06:37 - 2012-04-02 16:33 - 0000792 ____A C:\Windows\Tasks\McAfee Cleanup.job
2012-04-15 06:37 - 2011-06-07 05:59 - 0000000 ___SD C:\32788R22FWJFW
2012-04-15 06:37 - 2009-12-24 06:09 - 0000361 ____A C:\rkill.log
2012-04-09 21:40 - 2010-07-05 18:51 - 0000000 ____D C:\Users\All Users\Recovery
2012-04-09 21:40 - 2010-07-05 18:51 - 0000000 ____D C:\ProgramData\Recovery
2012-04-09 18:15 - 2011-08-18 12:25 - 0000000 ____D C:\Users\All Users\MFAData
2012-04-09 18:15 - 2011-08-18 12:25 - 0000000 ____D C:\ProgramData\MFAData
2012-04-09 17:58 - 2009-07-13 17:39 - 1047974 ____A C:\Windows\ntbtlog.txt
2012-04-08 13:24 - 2012-04-08 13:24 - 0000160 ____A C:\Users\All Users\-iSdlJ1V9kWWrtxr
2012-04-08 13:24 - 2012-04-08 13:24 - 0000160 ____A C:\ProgramData\-iSdlJ1V9kWWrtxr
2012-04-08 13:24 - - 0000000 ____A C:\Users\All Users\-iSdlJ1V9kWWrtx
2012-04-08 13:24 - - 0000000 ____A C:\ProgramData\-iSdlJ1V9kWWrtx
2012-04-08 13:23 - 2012-04-22 19:28 - 0000256 ____A C:\Users\All Users\iSdlJ1V9kWWrtx
2012-04-08 13:23 - 2012-04-22 19:28 - 0000256 ____A C:\ProgramData\iSdlJ1V9kWWrtx
2012-04-08 12:35 - 2009-07-13 17:40 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-08 11:42 - 2009-07-21 17:33 - 0000000 ____D C:\Windows\Sun
2012-03-27 17:43 - 2009-07-13 20:57 - 0000000 ____D C:\Program Files (x86)\WildGames
2012-03-24 18:33 - 2011-01-16 11:57 - 0000000 ____D C:\Users\rkarlen\AppData\Roaming\iWin

============ 3 Months Modified Files and Folders =============

2012-04-22 23:34 - 2012-04-22 23:34 - 0000000 ____D C:\FRST
2012-04-22 19:29 - 2012-04-08 12:35 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-22 19:28 - 2011-08-19 04:15 - 0059144 ____A C:\Windows\setupact.log
2012-04-22 19:28 - 2009-12-24 06:16 - 0000187 ____A C:\Users\All Users\HPWALog.txt
2012-04-22 19:28 - 2009-12-24 06:16 - 0000187 ____A C:\ProgramData\HPWALog.txt
2012-04-22 19:28 - 2009-09-21 00:16 - 2211602432 __ASH C:\hiberfil.sys
2012-04-22 19:28 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-22 19:20 - 2011-08-19 04:17 - 1781640 ____A C:\Windows\WindowsUpdate.log
2012-04-22 19:20 - 2009-07-13 20:45 - 0023248 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-22 19:20 - 2009-07-13 20:45 - 0023248 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-19 15:53 - 2012-04-09 17:58 - 1047974 ____A C:\Windows\ntbtlog.txt
2012-04-18 17:41 - 2012-04-18 17:41 - 0016564 ____A C:\Users\rkarlen\Desktop\DDS.txt
2012-04-18 17:41 - 2012-04-18 17:41 - 0010968 ____A C:\Users\rkarlen\Desktop\Attach.txt
2012-04-18 17:39 - 2012-04-18 17:39 - 0607260 ____R (Swearware) C:\Users\rkarlen\Downloads\dds (2).scr
2012-04-18 17:38 - 2012-04-18 17:38 - 0000476 ____A C:\Users\rkarlen\Desktop\defogger_disable.log
2012-04-18 17:38 - 2012-04-18 17:38 - 0000000 ____A C:\Users\rkarlen\defogger_reenable
2012-04-18 17:38 - 2009-12-24 06:07 - 0000000 ____D C:\users\rkarlen
2012-04-18 17:36 - 2012-04-18 17:36 - 0050477 ____A C:\Users\rkarlen\Downloads\Defogger.exe
2012-04-18 17:36 - 2012-04-18 17:36 - 0050477 ____A C:\Users\rkarlen\Downloads\Defogger (1).exe
2012-04-18 16:58 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-04-18 16:57 - 2012-04-18 16:56 - 0062482 ____A C:\TDSSKiller.2.4.11.0_18.04.2012_20.56.46_log.txt
2012-04-18 16:51 - 2011-08-19 04:15 - 0069252 ____A C:\Windows\PFRO.log
2012-04-18 16:39 - 2011-12-11 19:30 - 0000000 ____D C:\Users\rkarlen\AppData\Local\ElevatedDiagnostics
2012-04-18 16:26 - 2012-04-18 16:26 - 0607260 ____R (Swearware) C:\Users\rkarlen\Downloads\dds (1).scr
2012-04-18 16:26 - 2012-04-18 16:26 - 0607260 ____A (Swearware) C:\Users\rkarlen\Downloads\dds.scr
2012-04-15 19:19 - 2012-04-15 19:19 - 0003433 ____A C:\Users\rkarlen\Desktop\aswMBR.txt
2012-04-15 19:19 - 2012-04-15 19:19 - 0000512 ____A C:\Users\rkarlen\Desktop\MBR.dat
2012-04-15 19:09 - 2012-04-15 19:09 - 4731392 ____A (AVAST Software) C:\Users\rkarlen\Downloads\aswMBR.exe
2012-04-15 19:09 - 2012-04-15 19:08 - 0125604 ____A C:\TDSSKiller.2.7.28.0_15.04.2012_23.08.02_log.txt
2012-04-15 19:08 - 2012-04-15 19:07 - 2071600 ____A (Kaspersky Lab ZAO) C:\Users\rkarlen\Downloads\tdsskiller (3).exe
2012-04-15 18:56 - 2012-04-15 18:46 - 0004126 ____A C:\Users\rkarlen\Desktop\unhide.txt
2012-04-15 18:46 - 2012-04-15 18:46 - 0399264 ____A (Bleeping Computer, LLC) C:\Users\rkarlen\Downloads\unhide (1).exe
2012-04-15 08:44 - 2012-04-15 08:44 - 0399264 ____A (Bleeping Computer, LLC) C:\Users\rkarlen\Downloads\unhide.exe
2012-04-15 07:31 - 2012-04-15 07:28 - 0131086 ____A C:\TDSSKiller.2.7.28.0_15.04.2012_11.28.52_log.txt
2012-04-15 07:31 - 2012-04-15 06:54 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-15 07:28 - 2012-04-15 07:28 - 2071600 ____A (Kaspersky Lab ZAO) C:\Users\rkarlen\Downloads\tdsskiller (2).exe
2012-04-15 07:26 - 2012-04-15 07:26 - 1008141 ____A C:\Users\rkarlen\Downloads\iExplore (1).exe
2012-04-15 07:26 - 2012-04-15 06:37 - 0000361 ____A C:\rkill.log
2012-04-15 07:23 - 2012-04-15 07:23 - 1008141 ____A C:\Users\rkarlen\Downloads\iExplore.exe
2012-04-15 07:16 - 2012-04-15 06:37 - 0000000 ___SD C:\32788R22FWJFW
2012-04-15 07:16 - 2011-08-18 09:58 - 0000000 ____D C:\Users\rkarlen\Desktop\1_PC Cleanup-TuneUp Tools
2012-04-15 06:59 - 2012-04-15 06:59 - 0000000 ____D C:\Windows\ERDNT
2012-04-15 06:59 - 2012-04-15 06:59 - 0000000 ____D C:\Qoobox
2012-04-15 06:54 - 2012-04-15 06:51 - 0130998 ____A C:\TDSSKiller.2.7.28.0_15.04.2012_10.51.40_log.txt
2012-04-15 06:51 - 2012-04-15 06:51 - 2071600 ____A (Kaspersky Lab ZAO) C:\Users\rkarlen\Downloads\tdsskiller.exe
2012-04-15 06:51 - 2012-04-15 06:51 - 2071600 ____A (Kaspersky Lab ZAO) C:\Users\rkarlen\Downloads\tdsskiller (1).exe
2012-04-15 06:50 - 2011-08-19 09:05 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-04-15 06:50 - 2011-08-19 09:05 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-04-15 06:40 - 2012-04-15 06:40 - 0001222 ____A C:\Users\rkarlen\Desktop\Spybot - Search & Destroy.lnk
2012-04-15 06:40 - 2011-08-19 09:05 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-04-15 06:38 - 2012-04-15 06:37 - 0000792 ____A C:\Windows\Tasks\McAfee Cleanup.job
2012-04-15 06:27 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\FxsTmp
2012-04-11 14:31 - 2011-08-18 12:25 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-09 21:40 - 2012-04-09 21:40 - 0000000 ____D C:\Users\All Users\Recovery
2012-04-09 21:40 - 2012-04-09 21:40 - 0000000 ____D C:\ProgramData\Recovery
2012-04-09 18:16 - 2012-04-09 18:15 - 0000000 ____D C:\Users\All Users\MFAData
2012-04-09 18:16 - 2012-04-09 18:15 - 0000000 ____D C:\ProgramData\MFAData
2012-04-08 13:24 - 2012-04-08 13:24 - 0000160 ____A C:\Users\All Users\-iSdlJ1V9kWWrtxr
2012-04-08 13:24 - 2012-04-08 13:24 - 0000160 ____A C:\ProgramData\-iSdlJ1V9kWWrtxr
2012-04-08 13:24 - 2012-04-08 13:24 - 0000000 ____A C:\Users\All Users\-iSdlJ1V9kWWrtx
2012-04-08 13:24 - 2012-04-08 13:24 - 0000000 ____A C:\ProgramData\-iSdlJ1V9kWWrtx
2012-04-08 13:23 - 2012-04-08 13:23 - 0000256 ____A C:\Users\All Users\iSdlJ1V9kWWrtx
2012-04-08 13:23 - 2012-04-08 13:23 - 0000256 ____A C:\ProgramData\iSdlJ1V9kWWrtx
2012-04-08 11:42 - 2012-04-08 11:42 - 0000000 ____D C:\Windows\Sun
2012-04-08 11:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-04-08 10:05 - 2009-07-13 18:34 - 0000882 ___RA C:\Windows\System32\Drivers\etc\hosts.bak
2012-04-08 10:05 - 2009-07-13 18:34 - 0000882 ____R C:\Windows\System32\Drivers\etc\hosts
2012-04-05 20:16 - 2011-02-06 14:35 - 0000000 ____D C:\Users\rkarlen\AppData\Roaming\SoftGrid Client
2012-04-04 11:56 - 2011-08-18 12:25 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-02 16:33 - 2012-02-06 14:38 - 0000340 ____A C:\Windows\Tasks\HPCeeScheduleForrkarlen.job
2012-04-02 15:29 - 2009-12-26 10:40 - 0000000 ____D C:\Users\rkarlen\AppData\Roaming\HP Support Assistant
2012-04-02 15:29 - 2009-12-24 06:21 - 0000000 ____D C:\Users\rkarlen\AppData\Roaming\HpUpdate
2012-03-29 05:38 - 2009-07-13 21:13 - 0727334 ____A C:\Windows\System32\PerfStringBackup.INI
2012-03-27 17:49 - 2012-04-15 18:56 - 0002522 ____A C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2012-03-27 17:43 - 2012-03-27 17:43 - 0000000 ____D C:\Program Files (x86)\WildGames
2012-03-27 17:43 - 2009-08-21 05:57 - 0000000 ____D C:\Users\All Users\WildTangent
2012-03-27 17:43 - 2009-08-21 05:57 - 0000000 ____D C:\ProgramData\WildTangent
2012-03-24 18:33 - 2012-03-24 18:33 - 0000000 ____D C:\Users\rkarlen\AppData\Roaming\iWin
2012-03-18 08:31 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-03-15 18:35 - 2009-07-13 20:45 - 4914552 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-14 19:45 - 2009-12-26 10:59 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-08 20:15 - 2012-03-08 19:01 - 0000000 ____D C:\Users\rkarlen\AppData\Roaming\Apple Computer
2012-03-08 19:52 - 2012-03-08 19:52 - 0000000 ____D C:\Users\rkarlen\Desktop\Walking Dead
2012-03-08 19:46 - 2010-06-20 18:09 - 0000000 ____D C:\Users\rkarlen\Desktop\5k pics
2012-03-08 19:32 - 2009-07-13 19:18 - 0000000 __SHD C:\$Recycle.Bin
2012-03-08 19:01 - 2012-04-15 18:56 - 0001743 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-03-08 19:01 - 2012-03-08 19:01 - 0000000 ____D C:\Users\rkarlen\AppData\Local\Apple Computer
2012-03-08 19:00 - 2012-03-08 19:00 - 0000000 ____D C:\Users\All Users\Apple Computer
2012-03-08 19:00 - 2012-03-08 19:00 - 0000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-03-08 19:00 - 2012-03-08 19:00 - 0000000 ____D C:\ProgramData\Apple Computer
2012-03-08 19:00 - 2012-03-08 19:00 - 0000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-03-08 19:00 - 2012-03-08 19:00 - 0000000 ____D C:\Program Files\iTunes
2012-03-08 19:00 - 2012-03-08 19:00 - 0000000 ____D C:\Program Files\iPod
2012-03-08 19:00 - 2012-03-08 19:00 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-03-08 18:59 - 2012-03-08 18:59 - 0000000 ____D C:\Users\rkarlen\AppData\Local\Apple
2012-03-08 18:59 - 2012-03-08 18:59 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-03-08 18:58 - 2012-03-08 18:58 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-03-08 18:58 - 2012-03-08 18:58 - 0000000 ____D C:\Program Files\Bonjour
2012-03-08 18:58 - 2012-03-08 18:58 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-03-08 18:58 - 2012-03-08 18:57 - 0000000 ____D C:\Users\All Users\Apple
2012-03-08 18:58 - 2012-03-08 18:57 - 0000000 ____D C:\ProgramData\Apple
2012-03-06 06:59 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-02-29 16:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-02-29 16:51 - 2009-07-13 21:08 - 0032616 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-02-23 18:16 - 2012-02-23 18:16 - 0027648 ____A C:\Users\rkarlen\Desktop\Kelly's Essay1.doc
2012-02-23 18:16 - 2010-01-08 09:08 - 0003080 ____A C:\Users\rkarlen\AppData\Roaming\wklnhst.dat
2012-02-23 17:37 - 2012-02-23 16:34 - 0024064 ____A C:\Users\rkarlen\Desktop\Kelly's Essay.wps
2012-02-23 16:33 - 2012-02-23 16:33 - 0015941 ____A C:\Users\rkarlen\Downloads\NYC Essay Promt 1k (1).docx
2012-02-23 16:16 - 2012-02-23 16:16 - 0015941 ____A C:\Users\rkarlen\Downloads\NYC Essay Promt 1k.docx
2012-02-22 18:40 - 2011-12-12 17:02 - 0000000 ____D C:\Users\rkarlen\Desktop\Adobe Photoshop CS5.1
2012-02-17 22:43 - 2012-01-31 16:16 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-02-17 22:43 - 2012-01-31 16:16 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-02-16 22:38 - 2012-03-14 05:50 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-14 05:50 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-14 05:50 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-14 05:50 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-16 16:49 - 2012-02-16 16:49 - 0000000 ____A C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-02-15 20:38 - 2011-02-06 14:33 - 0744030 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-02-15 20:38 - 2011-02-06 14:33 - 0000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-02-15 20:37 - 2009-08-21 05:20 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-09 22:36 - 2012-03-14 19:28 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-03-14 19:28 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-06 14:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-02-06 14:50 - 2012-02-06 14:46 - 0003739 ____A C:\Windows\IE9_main.log
2012-02-06 14:49 - 2012-02-06 14:49 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-02-06 14:49 - 2012-02-06 14:49 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-02-06 14:49 - 2012-02-06 14:49 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-02-06 14:49 - 2012-02-06 14:49 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-02-06 14:49 - 2012-02-06 14:49 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-02-06 14:49 - 2012-02-06 14:49 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-02-06 14:49 - 2012-02-06 14:49 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-02-06 14:49 - 2012-02-06 14:49 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-02-06 14:49 - 2012-02-06 14:49 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-02-06 14:49 - 2012-02-06 14:49 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-02-06 14:49 - 2012-02-06 14:49 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-02-06 14:49 - 2012-02-06 14:49 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-02-06 14:49 - 2012-02-06 14:49 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-02-06 14:49 - 2012-02-06 14:49 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-02-06 14:49 - 2012-02-06 14:49 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-02-06 14:49 - 2012-02-06 14:49 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-02-06 14:49 - 2012-02-06 14:49 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-02-06 14:49 - 2012-02-06 14:49 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-02-06 14:49 - 2012-02-06 14:49 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-02-06 14:49 - 2012-02-06 14:49 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-02-06 14:49 - 2012-02-06 14:49 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-02-06 14:49 - 2012-02-06 14:49 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-02-06 14:49 - 2012-02-06 14:49 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-02-06 14:49 - 2012-02-06 14:49 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-02-06 14:49 - 2012-02-06 14:49 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-02-06 10:55 - 2009-12-24 06:13 - 0084240 ____A C:\Users\rkarlen\AppData\Local\GDIPFONTCACHEV1.DAT
2012-02-02 20:34 - 2012-03-14 19:28 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-01 20:58 - 2012-02-01 20:58 - 0000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-02-01 20:58 - 2012-02-01 20:58 - 0000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2012-02-01 20:57 - 2012-01-31 16:26 - 0020480 ____A C:\Users\rkarlen\Desktop\Hotel Information.wps
2012-01-31 16:19 - 2009-08-21 06:09 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-01-31 16:18 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-01-31 16:17 - 2012-01-31 16:17 - 0000000 ____D C:\Windows\SHELLNEW
2012-01-31 16:17 - 2012-01-31 16:17 - 0000000 ____D C:\Users\rkarlen\AppData\Local\Microsoft Help
2012-01-31 16:17 - 2011-02-06 14:33 - 0000000 ____D C:\Program Files\Microsoft Office
2012-01-31 15:35 - 2012-01-31 15:35 - 0001090 ____A C:\Users\rkarlen\Desktop\Device Discovery.lnk
2012-01-31 15:13 - 2012-01-31 15:13 - 0000000 ____D C:\Program Files (x86)\ASUS
2012-01-31 15:13 - 2009-08-21 05:17 - 0000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2012-01-27 07:08 - 2012-01-27 07:08 - 0150461 ____A C:\Users\rkarlen\Desktop\Josh2011TaxReturn.PDF
2012-01-27 06:57 - 2012-01-27 06:57 - 0131317 ____A C:\Users\rkarlen\Desktop\2011TaxReturn.PDF
2012-01-24 22:38 - 2012-03-14 05:50 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 22:38 - 2012-03-14 05:50 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 22:33 - 2012-03-14 05:50 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-24 20:23 - 2012-01-24 20:23 - 0106022 ____A C:\Users\rkarlen\Desktop\Josh Sallie Mae Tax.pdf
2012-01-24 20:19 - 2012-01-24 20:19 - 0051139 ____A C:\Users\rkarlen\Desktop\f1098e.pdf

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 22%
Total physical RAM: 2812.2 MB
Available physical RAM: 2180.55 MB
Total Pagefile: 2810.35 MB
Available Pagefile: 2162.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:219.48 GB) (Free:153.95 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:13.11 GB) (Free:2.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: (KINGSTON) (Removable) (Total:0.93 GB) (Free:0.93 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 953 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 219 GB 200 MB
Partition 3 Primary 13 GB 219 GB
Partition 4 Primary 103 MB 232 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 219 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 13 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 953 MB 64 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H KINGSTON FAT Removable 953 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-01 13:39

======================= End Of Log ==========================

#4 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:01:10 AM

Posted 23 April 2012 - 11:04 AM

Hello mimmo915 ,

I'd like you to run a fix:
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

HKLM-x32\...\Run: [] [x]
SubSystems: [Windows] ==> ZeroAccess
2 sscdbus; C:\Windows\System32\cyberpowerups.dll [6656 2009-07-13] (Oak Technology Inc.)
C:\Windows\System32\cyberpowerups.dll 
NETSVC: sscdbus

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

=============================================================================

Please download ComboFix from here:

Link


* IMPORTANT !!! Save ComboFix.exe to your Desktop.

  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Right click on ComboFix icon Posted Image and run as admin then follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

====================================================================================

I'd like you to run a scan with aswMBR
Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

====================================================================================

In your next reply, please copy/paste the contents of the following:
  • C:\Combofix.txt
  • aswMBR Log
  • Fixlog.txt

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#5 mimmo915

mimmo915
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 23 April 2012 - 08:01 PM

Hi ratman:

I ran all that you asked, however, I was able to download Combofix but when i ran it it didn't produce a log. I was only able to run it in Safe Mode though. Could that be a reason? I am still having difficulty starting windows normally. I can try it one more time, but here are the other logs that you requested.

fixlog:

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 22-04-2012
Ran by SYSTEM at 2012-04-23 16:13:51 R:1
Running from H:\

==============================================

HKLM-x32\\\.\.\.\\Run\\HKLM-x32\...\Run: [] [x] Value not found.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
sscdbus service deleted successfully.
C:\Windows\System32\cyberpowerups.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs sscdbus Deleted successfully.

==== End of Fixlog ====

aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-23 20:26:18
-----------------------------
20:26:18.018 OS Version: Windows x64 6.1.7601 Service Pack 1
20:26:18.018 Number of processors: 1 586 0x602
20:26:18.018 ComputerName: RKARLEN-PC UserName: rkarlen
20:26:20.108 Initialize success
20:26:30.560 AVAST engine defs: 12042301
20:26:36.863 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:26:36.863 Disk 0 Vendor: TOSHIBA_MK2555GSX FG002C Size: 238475MB BusType: 11
20:26:36.878 Disk 0 MBR read successfully
20:26:36.894 Disk 0 MBR scan
20:26:36.910 Disk 0 unknown MBR code
20:26:36.941 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
20:26:36.956 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 224745 MB offset 409600
20:26:36.988 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13426 MB offset 460687360
20:26:37.019 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
20:26:37.050 Disk 0 scanning C:\Windows\system32\drivers
20:26:50.154 Service scanning
20:27:43.927 Modules scanning
20:27:43.927 Disk 0 trace - called modules:
20:27:44.614 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:27:44.614 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80030aa790]
20:27:44.629 3 CLASSPNP.SYS[fffff8800112843f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003046060]
20:27:45.253 AVAST engine scan C:\Windows
20:27:48.030 AVAST engine scan C:\Windows\system32
20:27:50.183 File: C:\Windows\system32\amusbprt.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:27:53.131 File: C:\Windows\system32\ATSWPDRV.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:27:54.535 File: C:\Windows\system32\AVerBDA.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:28:02.008 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
20:28:03.193 File: C:\Windows\system32\CX88ENC.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:28:07.031 File: C:\Windows\system32\ddxgb.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:28:32.599 File: C:\Windows\system32\lfsfilt.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:28:46.577 File: C:\Windows\system32\mwsarcpkt.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:28:58.558 File: C:\Windows\system32\nscservice.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:28:59.400 File: C:\Windows\system32\ntrtscan.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:29:04.283 File: C:\Windows\system32\pnmsrv.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:29:12.692 File: C:\Windows\system32\RT25USBAP.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:29:13.144 File: C:\Windows\system32\s3savagenb.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:29:14.080 File: C:\Windows\system32\ScFBPNT2.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:29:23.424 File: C:\Windows\system32\stunnel.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:29:34.298 File: C:\Windows\system32\W700bus.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:29:34.438 File: C:\Windows\system32\wacommousefilter.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:29:35.390 File: C:\Windows\system32\wdelmgr20.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:29:53.891 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
20:29:56.559 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
20:31:25.198 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
20:31:25.339 File: C:\Windows\assembly\temp\U\80000064.@ **INFECTED** Win32:Malware-gen
20:31:29.363 AVAST engine scan C:\Windows\system32\drivers
20:31:50.813 AVAST engine scan C:\Users\rkarlen
20:47:48.234 AVAST engine scan C:\ProgramData
20:49:38.464 Scan finished successfully
20:50:50.427 Disk 0 MBR has been saved successfully to "C:\Users\rkarlen\Desktop\MBR.dat"
20:50:50.427 The log file has been saved successfully to "C:\Users\rkarlen\Desktop\aswMBR.txt"


Thank you and I'll be awaiting your response.

#6 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:01:10 AM

Posted 24 April 2012 - 07:26 AM

Hello mimmo915 ,

I'd like you to run another fix:
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ==> ZeroAccess

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

================================================================

Please run another scan with aswMBR and copy/paste it's log in your next reply.

How is your machine running now?
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#7 mimmo915

mimmo915
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 24 April 2012 - 09:17 PM

Hi ratman:

The machine is running....not great. I have been able to sparingly boot up windows normally, however it is sparingly. It takes a few minutes for it to boot up and its sluggish when it is finally up. I was able to run aswMBR while booted up normally. Here are the logs that you requested:

fixlog:

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 22-04-2012
Ran by SYSTEM at 2012-04-24 21:27:34 R:2
Running from H:\

==============================================

HKLM-x32\\\.\.\.\\Run\\HKLM-x32\...\Run: [] [x] Value not found.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
sscdbus service not found.
C:\Windows\System32\cyberpowerups.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs sscdbus not found.

==== End of Fixlog ====

aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-24 21:33:41
-----------------------------
21:33:41.131 OS Version: Windows x64 6.1.7601 Service Pack 1
21:33:41.131 Number of processors: 1 586 0x602
21:33:41.131 ComputerName: RKARLEN-PC UserName: rkarlen
21:36:50.206 Initialize success
21:37:20.860 AVAST engine defs: 12042301
21:37:23.387 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:37:23.403 Disk 0 Vendor: TOSHIBA_MK2555GSX FG002C Size: 238475MB BusType: 11
21:37:23.403 Disk 0 MBR read successfully
21:37:23.419 Disk 0 MBR scan
21:37:23.419 Disk 0 unknown MBR code
21:37:23.434 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
21:37:23.450 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 224745 MB offset 409600
21:37:23.512 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13426 MB offset 460687360
21:37:23.575 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
21:37:23.621 Disk 0 scanning C:\Windows\system32\drivers
21:37:46.413 Service scanning
21:39:11.364 Modules scanning
21:39:11.364 Disk 0 trace - called modules:
21:39:11.910 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:39:11.910 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80030dd060]
21:39:11.926 3 CLASSPNP.SYS[fffff8800109443f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003081680]
21:39:14.968 AVAST engine scan C:\Windows
21:39:19.882 AVAST engine scan C:\Windows\system32
21:39:24.968 File: C:\Windows\system32\amusbprt.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:39:30.006 File: C:\Windows\system32\ATSWPDRV.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:39:32.315 File: C:\Windows\system32\AVerBDA.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:39:43.797 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
21:39:45.919 File: C:\Windows\system32\CX88ENC.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:39:51.831 File: C:\Windows\system32\ddxgb.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:40:32.079 File: C:\Windows\system32\lfsfilt.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:40:56.009 File: C:\Windows\system32\mwsarcpkt.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:41:18.037 File: C:\Windows\system32\nscservice.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:41:19.815 File: C:\Windows\system32\ntrtscan.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:41:27.147 File: C:\Windows\system32\pnmsrv.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:41:40.329 File: C:\Windows\system32\RT25USBAP.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:41:40.953 File: C:\Windows\system32\s3savagenb.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:41:42.264 File: C:\Windows\system32\ScFBPNT2.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:41:57.427 File: C:\Windows\system32\stunnel.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:42:14.400 File: C:\Windows\system32\W700bus.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:42:14.556 File: C:\Windows\system32\wacommousefilter.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:42:16.365 File: C:\Windows\system32\wdelmgr20.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:42:49.640 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
21:42:53.696 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
21:45:39.322 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
21:45:39.431 File: C:\Windows\assembly\temp\U\80000064.@ **INFECTED** Win32:Malware-gen
21:45:40.804 AVAST engine scan C:\Windows\system32\drivers
21:46:07.012 AVAST engine scan C:\Users\rkarlen
22:02:09.986 AVAST engine scan C:\ProgramData
22:04:42.991 Scan finished successfully
22:06:18.556 Disk 0 MBR has been saved successfully to "C:\Users\rkarlen\Desktop\MBR.dat"
22:06:18.556 The log file has been saved successfully to "C:\Users\rkarlen\Desktop\aswMBR..txt"



Thank you again. I'll be awaiting.

#8 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:01:10 AM

Posted 25 April 2012 - 05:55 AM

Hi,

It looks like you run the fix using fixlist.txt from a previous fix.

Please delete fixlist.txt and create a new one as in Post #6 and run the fix.

How is your machine running after the fix
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#9 mimmo915

mimmo915
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 25 April 2012 - 06:51 PM

Hi ratman:

Sorry about that. The machine is still running slowly at start up, ie freezes during start up or takes a few minutes to start up. Here is the correct log that you requested.

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 22-04-2012
Ran by SYSTEM at 2012-04-25 19:42:56 R:3
Running from H:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.

==== End of Fixlog ====

#10 mimmo915

mimmo915
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 25 April 2012 - 09:17 PM

Hi ratman:

Just wanted to give you short update about the computer itself. The machine is running a little better after that latest fix. Not completely better but it started up a little faster after a few hiccups ie froze twice during boot up. When navigating through the computer it is a little sluggish in response. I'll be awaiting further instructions on what else to do .

Thanks

#11 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:01:10 AM

Posted 26 April 2012 - 08:40 AM

Hello mimmo915 ,

Can you try running ComboFix in normal mode again.

Can you do another scan with aswMBR please.

In your next reply, please copy/paste the contents of the following:
  • C:\Combofix.txt
  • aswMBR.Log

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#12 mimmo915

mimmo915
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 26 April 2012 - 08:42 PM

Hi ratman:

I was able to boot up normally this time, no problems still a little slow but better. I did try to run combofix in normal mode however, it just ran got to the autoscan part and got to completed stage 48 and stayed there for a while it was running for almost 3 hrs. I was able to run aswMBR again and log is posted below. Any idea what may be causing combofix to not produce a log and take so long? Thanks

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-23 20:26:18
-----------------------------
20:26:18.018 OS Version: Windows x64 6.1.7601 Service Pack 1
20:26:18.018 Number of processors: 1 586 0x602
20:26:18.018 ComputerName: RKARLEN-PC UserName: rkarlen
20:26:20.108 Initialize success
20:26:30.560 AVAST engine defs: 12042301
20:26:36.863 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:26:36.863 Disk 0 Vendor: TOSHIBA_MK2555GSX FG002C Size: 238475MB BusType: 11
20:26:36.878 Disk 0 MBR read successfully
20:26:36.894 Disk 0 MBR scan
20:26:36.910 Disk 0 unknown MBR code
20:26:36.941 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
20:26:36.956 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 224745 MB offset 409600
20:26:36.988 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13426 MB offset 460687360
20:26:37.019 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
20:26:37.050 Disk 0 scanning C:\Windows\system32\drivers
20:26:50.154 Service scanning
20:27:43.927 Modules scanning
20:27:43.927 Disk 0 trace - called modules:
20:27:44.614 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:27:44.614 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80030aa790]
20:27:44.629 3 CLASSPNP.SYS[fffff8800112843f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003046060]
20:27:45.253 AVAST engine scan C:\Windows
20:27:48.030 AVAST engine scan C:\Windows\system32
20:27:50.183 File: C:\Windows\system32\amusbprt.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:27:53.131 File: C:\Windows\system32\ATSWPDRV.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:27:54.535 File: C:\Windows\system32\AVerBDA.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:28:02.008 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
20:28:03.193 File: C:\Windows\system32\CX88ENC.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:28:07.031 File: C:\Windows\system32\ddxgb.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:28:32.599 File: C:\Windows\system32\lfsfilt.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:28:46.577 File: C:\Windows\system32\mwsarcpkt.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:28:58.558 File: C:\Windows\system32\nscservice.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:28:59.400 File: C:\Windows\system32\ntrtscan.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:29:04.283 File: C:\Windows\system32\pnmsrv.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:29:12.692 File: C:\Windows\system32\RT25USBAP.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:29:13.144 File: C:\Windows\system32\s3savagenb.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:29:14.080 File: C:\Windows\system32\ScFBPNT2.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:29:23.424 File: C:\Windows\system32\stunnel.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:29:34.298 File: C:\Windows\system32\W700bus.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:29:34.438 File: C:\Windows\system32\wacommousefilter.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:29:35.390 File: C:\Windows\system32\wdelmgr20.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:29:53.891 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
20:29:56.559 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
20:31:25.198 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
20:31:25.339 File: C:\Windows\assembly\temp\U\80000064.@ **INFECTED** Win32:Malware-gen
20:31:29.363 AVAST engine scan C:\Windows\system32\drivers
20:31:50.813 AVAST engine scan C:\Users\rkarlen
20:47:48.234 AVAST engine scan C:\ProgramData
20:49:38.464 Scan finished successfully
20:50:50.427 Disk 0 MBR has been saved successfully to "C:\Users\rkarlen\Desktop\MBR.dat"
20:50:50.427 The log file has been saved successfully to "C:\Users\rkarlen\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-26 21:07:00
-----------------------------
21:07:00.588 OS Version: Windows x64 6.1.7601 Service Pack 1
21:07:00.588 Number of processors: 1 586 0x602
21:07:00.588 ComputerName: RKARLEN-PC UserName: rkarlen
21:07:22.428 Initialze error C000010E - driver not loaded
21:08:54.745 AVAST engine defs: 12042601
21:09:30.063 Service scanning
21:10:49.732 Modules scanning
21:10:49.732 Disk 0 trace - called modules:
21:10:49.748
21:10:50.918 AVAST engine scan C:\Windows
21:10:56.456 AVAST engine scan C:\Windows\system32
21:11:00.777 File: C:\Windows\system32\amusbprt.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:11:06.705 File: C:\Windows\system32\ATSWPDRV.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:11:09.685 File: C:\Windows\system32\AVerBDA.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:11:24.723 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
21:11:26.907 File: C:\Windows\system32\CX88ENC.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:11:33.132 File: C:\Windows\system32\ddxgb.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:12:21.071 File: C:\Windows\system32\lfsfilt.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:12:50.118 File: C:\Windows\system32\mwsarcpkt.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:13:21.895 File: C:\Windows\system32\nscservice.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:13:23.377 File: C:\Windows\system32\ntrtscan.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:13:32.644 File: C:\Windows\system32\pnmsrv.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:13:46.247 File: C:\Windows\system32\RT25USBAP.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:13:46.746 File: C:\Windows\system32\s3savagenb.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:13:48.181 File: C:\Windows\system32\ScFBPNT2.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:14:03.610 File: C:\Windows\system32\stunnel.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:14:23.531 File: C:\Windows\system32\W700bus.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:14:23.671 File: C:\Windows\system32\wacommousefilter.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:14:25.481 File: C:\Windows\system32\wdelmgr20.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:15:05.557 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
21:15:10.362 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
21:17:28.407 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
21:17:28.500 File: C:\Windows\assembly\temp\U\80000064.@ **INFECTED** Win32:Malware-gen
21:17:30.076 AVAST engine scan C:\Windows\system32\drivers
21:17:50.465 AVAST engine scan C:\Users\rkarlen
21:32:33.318 AVAST engine scan C:\ProgramData
21:34:40.957 Scan finished successfully
21:40:28.777 The log file has been saved successfully to "C:\Users\rkarlen\Desktop\aswMBR.txt"

#13 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:01:10 AM

Posted 27 April 2012 - 08:31 AM

Hello mimmo915 ,

Infection/rootkit may be preventing ComboFix from running.

I want you to run TDSSKiller:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe from Kaspersky's website and not TDSSKiller.zip.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

===================================================================================

Please run another scan with aswMBR.
====================================================================================


In your next reply, please copy/paste the contents of the following:
  • TDSSKiller Log
  • aswMBR.Log

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#14 mimmo915

mimmo915
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 27 April 2012 - 06:24 PM

Hi ratman:

I was finally able to run a combofix and get a log although it did take probably over 10 hrs. Here is the log, I'll run the other things now.


ComboFix 12-04-23.02 - rkarlen 04/26/2012 22:09:24.5.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.1342 [GMT -4:00]
Running from: c:\users\rkarlen\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\iSdlJ1V9kWWrtx
c:\users\rkarlen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD\SMART HDD.lnk
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\dds_trash_log.cmd
c:\windows\SysWow64\odbcad32.exe
c:\windows\system32\fxsst.dll . . . . Failed to delete
c:\windows\system32\slwga.dll . . . . Failed to delete
c:\windows\system32\srrstr.dll . . . . Failed to delete
c:\windows\system32\systemcpl.dll . . . . Failed to delete
c:\windows\system32\termsrv.dll . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-03-27 to 2012-04-27 )))))))))))))))))))))))))))))))
.
.
2012-04-27 12:57 . 2012-04-27 12:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-24 22:16 . 2012-02-28 01:18 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-04-24 22:14 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-24 22:14 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-24 22:14 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-23 19:57 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-23 19:57 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-23 19:57 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-23 19:57 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-23 19:57 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-23 19:57 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-23 19:57 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-23 07:34 . 2012-04-26 03:42 -------- d-----w- C:\FRST
2012-04-19 00:58 . 2012-04-19 00:58 -------- d-s---w- c:\windows\SysWow64\Microsoft
2012-04-15 14:54 . 2012-04-15 15:31 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-10 05:40 . 2012-04-10 05:40 -------- d-----w- c:\programdata\Recovery
2012-04-10 02:16 . 2012-04-10 02:16 -------- d-----w- c:\programdata\Common Files
2012-04-10 02:15 . 2012-04-10 02:16 -------- d-----w- c:\programdata\MFAData
2012-04-08 19:42 . 2012-04-08 19:42 -------- d-----w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-15 16:45 . 2012-04-15 16:45 399264 ----a-w- c:\users\rkarlen\AppData\Roaming\Microsoft\Windows\Network Shortcuts\unhide.exe
2012-04-04 19:56 . 2011-08-18 20:25 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-17 06:38 . 2012-03-14 13:50 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 13:50 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 13:50 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 13:50 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-15 03:28 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-15 03:28 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-06 22:49 . 2012-02-06 22:49 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-06 22:49 . 2012-02-06 22:49 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-06 22:49 . 2012-02-06 22:49 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-06 22:49 . 2012-02-06 22:49 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-06 22:49 . 2012-02-06 22:49 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-06 22:49 . 2012-02-06 22:49 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-06 22:49 . 2012-02-06 22:49 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-06 22:49 . 2012-02-06 22:49 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-06 22:49 . 2012-02-06 22:49 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-06 22:49 . 2012-02-06 22:49 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-06 22:49 . 2012-02-06 22:49 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-06 22:49 . 2012-02-06 22:49 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-06 22:49 . 2012-02-06 22:49 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-06 22:49 . 2012-02-06 22:49 448512 ----a-w- c:\windows\system32\html.iec
2012-02-06 22:49 . 2012-02-06 22:49 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-06 22:49 . 2012-02-06 22:49 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-06 22:49 . 2012-02-06 22:49 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-06 22:49 . 2012-02-06 22:49 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-06 22:49 . 2012-02-06 22:49 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-06 22:49 . 2012-02-06 22:49 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-06 22:49 . 2012-02-06 22:49 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-06 22:49 . 2012-02-06 22:49 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-06 22:49 . 2012-02-06 22:49 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-06 22:49 . 2012-02-06 22:49 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-06 22:49 . 2012-02-06 22:49 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-06 22:49 . 2012-02-06 22:49 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-06 22:49 . 2012-02-06 22:49 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-06 22:49 . 2012-02-06 22:49 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-06 22:49 . 2012-02-06 22:49 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-06 22:49 . 2012-02-06 22:49 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-06 22:49 . 2012-02-06 22:49 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-06 22:49 . 2012-02-06 22:49 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-06 22:49 . 2012-02-06 22:49 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-06 22:49 . 2012-02-06 22:49 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-03 04:34 . 2012-03-15 03:28 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kpewatq]
2012-04-20 00:03 10752 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\kpewatq.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys [2010-09-07 38912]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-03 c:\windows\Tasks\HPCeeScheduleForrkarlen.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 09:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-21 171520]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
LUsbFilt
epfwtdi
OEM02Dev
s116mgmt
nv
hpdj
MSMQ
SIODRV
qkbfiltr
dlabmfsm
rtl8023
mnmsrvc
tossmbnt
jsdaemon
ibmfilter
adobeversioncue
hsvcmod
omniusb
ichaud
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1 209.18.47.61
DPF: {23A2712A-7A4F-4D0C-822C-D7BA9974447B} - hxxps://registration.rr.com/RegHelper.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
SafeBoot-45391791.sys
SafeBoot-46143243.sys
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Completion time: 2012-04-27 19:10:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-27 23:10
.
Pre-Run: 166,473,326,592 bytes free
Post-Run: 165,714,325,504 bytes free
.
- - End Of File - - 8A86C332C20A136D7436C67C7F9FCD0E

#15 mimmo915

mimmo915
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 27 April 2012 - 07:09 PM

Hi ratman:

Here are those logs you requested:

19:26:27.0620 4368 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
19:26:27.0869 4368 ============================================================
19:26:27.0869 4368 Current date / time: 2012/04/27 19:26:27.0869
19:26:27.0869 4368 SystemInfo:
19:26:27.0869 4368
19:26:27.0869 4368 OS Version: 6.1.7601 ServicePack: 1.0
19:26:27.0869 4368 Product type: Workstation
19:26:27.0869 4368 ComputerName: RKARLEN-PC
19:26:27.0869 4368 UserName: rkarlen
19:26:27.0869 4368 Windows directory: C:\Windows
19:26:27.0869 4368 System windows directory: C:\Windows
19:26:27.0869 4368 Running under WOW64
19:26:27.0869 4368 Processor architecture: Intel x64
19:26:27.0869 4368 Number of processors: 1
19:26:27.0869 4368 Page size: 0x1000
19:26:27.0869 4368 Boot type: Normal boot
19:26:27.0869 4368 ============================================================
19:26:33.0361 4368 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:26:33.0392 4368 ============================================================
19:26:33.0392 4368 \Device\Harddisk0\DR0:
19:26:33.0392 4368 MBR partitions:
19:26:33.0392 4368 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
19:26:33.0392 4368 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B6F4800
19:26:33.0392 4368 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B758800, BlocksNum 0x1A39000
19:26:33.0392 4368 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970
19:26:33.0392 4368 ============================================================
19:26:33.0501 4368 C: <-> \Device\Harddisk0\DR0\Partition1
19:26:33.0922 4368 D: <-> \Device\Harddisk0\DR0\Partition2
19:26:33.0922 4368 ============================================================
19:26:33.0922 4368 Initialize success
19:26:33.0922 4368 ============================================================
19:26:49.0403 0648 ============================================================
19:26:49.0403 0648 Scan started
19:26:49.0403 0648 Mode: Manual;
19:26:49.0403 0648 ============================================================
19:26:50.0730 0648 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:26:50.0745 0648 1394ohci - ok
19:26:50.0823 0648 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:26:50.0839 0648 ACPI - ok
19:26:50.0901 0648 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:26:50.0901 0648 AcpiPmi - ok
19:26:50.0995 0648 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:26:51.0010 0648 adp94xx - ok
19:26:51.0088 0648 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:26:51.0088 0648 adpahci - ok
19:26:51.0135 0648 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:26:51.0135 0648 adpu320 - ok
19:26:51.0198 0648 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:26:51.0213 0648 AeLookupSvc - ok
19:26:51.0307 0648 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
19:26:51.0322 0648 AESTFilters - ok
19:26:51.0400 0648 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:26:51.0416 0648 AFD - ok
19:26:51.0510 0648 AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
19:26:51.0510 0648 AgereModemAudio - ok
19:26:51.0681 0648 AgereSoftModem (af4748ef93416159459769a24a0053af) C:\Windows\system32\DRIVERS\agrsm64.sys
19:26:51.0697 0648 AgereSoftModem - ok
19:26:51.0775 0648 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:26:51.0775 0648 agp440 - ok
19:26:51.0837 0648 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:26:51.0837 0648 ALG - ok
19:26:51.0915 0648 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:26:51.0915 0648 aliide - ok
19:26:51.0993 0648 AMD External Events Utility (d0d8877969011d1b0ed9c3c55a9a9108) C:\Windows\system32\atiesrxx.exe
19:26:52.0009 0648 AMD External Events Utility - ok
19:26:52.0056 0648 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:26:52.0056 0648 amdide - ok
19:26:52.0102 0648 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:26:52.0118 0648 AmdK8 - ok
19:26:52.0149 0648 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:26:52.0149 0648 AmdPPM - ok
19:26:52.0227 0648 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:26:52.0227 0648 amdsata - ok
19:26:52.0274 0648 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:26:52.0290 0648 amdsbs - ok
19:26:52.0321 0648 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:26:52.0321 0648 amdxata - ok
19:26:52.0399 0648 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:26:52.0399 0648 AppID - ok
19:26:52.0446 0648 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:26:52.0446 0648 AppIDSvc - ok
19:26:52.0524 0648 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:26:52.0524 0648 Appinfo - ok
19:26:52.0633 0648 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:26:52.0633 0648 Apple Mobile Device - ok
19:26:52.0742 0648 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:26:52.0742 0648 arc - ok
19:26:52.0789 0648 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:26:52.0789 0648 arcsas - ok
19:26:52.0851 0648 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:26:52.0851 0648 AsyncMac - ok
19:26:52.0914 0648 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:26:52.0914 0648 atapi - ok
19:26:53.0070 0648 athr (38562a6a9cb10844759eaf2b01a7fcd3) C:\Windows\system32\DRIVERS\athrx.sys
19:26:53.0101 0648 athr - ok
19:26:53.0272 0648 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys
19:26:53.0272 0648 AtiHdmiService - ok
19:26:53.0787 0648 atikmdag (c5758bf1dfd762a5b17041ff061b7750) C:\Windows\system32\DRIVERS\atikmdag.sys
19:26:53.0959 0648 atikmdag - ok
19:26:54.0099 0648 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
19:26:54.0099 0648 AtiPcie - ok
19:26:54.0193 0648 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:26:54.0208 0648 AudioEndpointBuilder - ok
19:26:54.0240 0648 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:26:54.0255 0648 AudioSrv - ok
19:26:54.0318 0648 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:26:54.0333 0648 AxInstSV - ok
19:26:54.0411 0648 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:26:54.0411 0648 b06bdrv - ok
19:26:54.0489 0648 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:26:54.0505 0648 b57nd60a - ok
19:26:54.0645 0648 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
19:26:54.0661 0648 BBSvc - ok
19:26:54.0754 0648 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
19:26:54.0754 0648 BBUpdate - ok
19:26:54.0817 0648 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:26:54.0817 0648 BDESVC - ok
19:26:54.0864 0648 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:26:54.0864 0648 Beep - ok
19:26:55.0020 0648 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:26:55.0035 0648 BFE - ok
19:26:55.0129 0648 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
19:26:55.0144 0648 BITS - ok
19:26:55.0222 0648 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:26:55.0222 0648 blbdrive - ok
19:26:55.0347 0648 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:26:55.0363 0648 Bonjour Service - ok
19:26:55.0425 0648 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:26:55.0425 0648 bowser - ok
19:26:55.0472 0648 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:26:55.0472 0648 BrFiltLo - ok
19:26:55.0503 0648 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:26:55.0503 0648 BrFiltUp - ok
19:26:55.0597 0648 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:26:55.0612 0648 BridgeMP - ok
19:26:55.0675 0648 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:26:55.0675 0648 Browser - ok
19:26:55.0753 0648 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:26:55.0753 0648 Brserid - ok
19:26:55.0800 0648 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:26:55.0800 0648 BrSerWdm - ok
19:26:55.0846 0648 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:26:55.0846 0648 BrUsbMdm - ok
19:26:55.0909 0648 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:26:55.0909 0648 BrUsbSer - ok
19:26:55.0956 0648 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:26:55.0971 0648 BTHMODEM - ok
19:26:56.0034 0648 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:26:56.0034 0648 bthserv - ok
19:26:56.0080 0648 catchme - ok
19:26:56.0158 0648 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:26:56.0158 0648 cdfs - ok
19:26:56.0236 0648 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
19:26:56.0236 0648 cdrom - ok
19:26:56.0314 0648 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:26:56.0314 0648 CertPropSvc - ok
19:26:56.0377 0648 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:26:56.0377 0648 circlass - ok
19:26:56.0439 0648 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:26:56.0455 0648 CLFS - ok
19:26:56.0548 0648 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:26:56.0548 0648 clr_optimization_v2.0.50727_32 - ok
19:26:56.0611 0648 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:26:56.0626 0648 clr_optimization_v2.0.50727_64 - ok
19:26:56.0751 0648 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:26:56.0814 0648 clr_optimization_v4.0.30319_32 - ok
19:26:56.0923 0648 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:26:56.0923 0648 clr_optimization_v4.0.30319_64 - ok
19:26:56.0985 0648 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:26:56.0985 0648 CmBatt - ok
19:26:57.0032 0648 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:26:57.0032 0648 cmdide - ok
19:26:57.0110 0648 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:26:57.0110 0648 CNG - ok
19:26:57.0235 0648 Com4QLBEx (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
19:26:57.0250 0648 Com4QLBEx - ok
19:26:57.0297 0648 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:26:57.0297 0648 Compbatt - ok
19:26:57.0360 0648 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:26:57.0375 0648 CompositeBus - ok
19:26:57.0406 0648 COMSysApp - ok
19:26:57.0438 0648 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:26:57.0438 0648 crcdisk - ok
19:26:57.0547 0648 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
19:26:57.0547 0648 CryptSvc - ok
19:26:57.0781 0648 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:26:57.0796 0648 cvhsvc - ok
19:26:57.0890 0648 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:26:57.0906 0648 DcomLaunch - ok
19:26:57.0952 0648 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:26:57.0968 0648 defragsvc - ok
19:26:58.0062 0648 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:26:58.0062 0648 DfsC - ok
19:26:58.0155 0648 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:26:58.0155 0648 Dhcp - ok
19:26:58.0202 0648 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:26:58.0202 0648 discache - ok
19:26:58.0264 0648 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:26:58.0264 0648 Disk - ok
19:26:58.0342 0648 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:26:58.0342 0648 Dnscache - ok
19:26:58.0420 0648 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:26:58.0420 0648 dot3svc - ok
19:26:58.0467 0648 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:26:58.0483 0648 DPS - ok
19:26:58.0514 0648 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:26:58.0514 0648 drmkaud - ok
19:26:58.0639 0648 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:26:58.0654 0648 DXGKrnl - ok
19:26:58.0717 0648 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:26:58.0717 0648 EapHost - ok
19:26:58.0951 0648 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:26:59.0060 0648 ebdrv - ok
19:26:59.0200 0648 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:26:59.0200 0648 EFS - ok
19:26:59.0341 0648 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:26:59.0356 0648 ehRecvr - ok
19:26:59.0403 0648 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:26:59.0403 0648 ehSched - ok
19:26:59.0512 0648 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:26:59.0528 0648 elxstor - ok
19:26:59.0575 0648 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:26:59.0575 0648 ErrDev - ok
19:26:59.0684 0648 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:26:59.0684 0648 EventSystem - ok
19:26:59.0778 0648 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:26:59.0778 0648 exfat - ok
19:26:59.0824 0648 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:26:59.0824 0648 fastfat - ok
19:26:59.0934 0648 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:26:59.0949 0648 Fax - ok
19:26:59.0996 0648 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:26:59.0996 0648 fdc - ok
19:27:00.0027 0648 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:27:00.0027 0648 fdPHost - ok
19:27:00.0074 0648 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:27:00.0074 0648 FDResPub - ok
19:27:00.0121 0648 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:27:00.0121 0648 FileInfo - ok
19:27:00.0168 0648 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:27:00.0168 0648 Filetrace - ok
19:27:00.0214 0648 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:27:00.0214 0648 flpydisk - ok
19:27:00.0292 0648 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:27:00.0292 0648 FltMgr - ok
19:27:00.0402 0648 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:27:00.0448 0648 FontCache - ok
19:27:00.0526 0648 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:27:00.0526 0648 FontCache3.0.0.0 - ok
19:27:00.0604 0648 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:27:00.0604 0648 FsDepends - ok
19:27:00.0682 0648 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:27:00.0682 0648 Fs_Rec - ok
19:27:00.0760 0648 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:27:00.0760 0648 fvevol - ok
19:27:00.0823 0648 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:27:00.0838 0648 gagp30kx - ok
19:27:00.0948 0648 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
19:27:00.0963 0648 GamesAppService - ok
19:27:01.0026 0648 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:27:01.0026 0648 GEARAspiWDM - ok
19:27:01.0135 0648 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:27:01.0150 0648 gpsvc - ok
19:27:01.0197 0648 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:27:01.0197 0648 hcw85cir - ok
19:27:01.0275 0648 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:27:01.0275 0648 HdAudAddService - ok
19:27:01.0338 0648 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:27:01.0338 0648 HDAudBus - ok
19:27:01.0384 0648 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:27:01.0384 0648 HidBatt - ok
19:27:01.0431 0648 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:27:01.0447 0648 HidBth - ok
19:27:01.0478 0648 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:27:01.0494 0648 HidIr - ok
19:27:01.0525 0648 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
19:27:01.0540 0648 hidserv - ok
19:27:01.0618 0648 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:27:01.0618 0648 HidUsb - ok
19:27:01.0681 0648 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:27:01.0681 0648 hkmsvc - ok
19:27:01.0759 0648 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:27:01.0774 0648 HomeGroupListener - ok
19:27:01.0852 0648 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:27:01.0852 0648 HomeGroupProvider - ok
19:27:01.0977 0648 HP Health Check Service (c84bcc03858daeac4db1e95efcce1934) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
19:27:01.0977 0648 HP Health Check Service - ok
19:27:02.0024 0648 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
19:27:02.0024 0648 HpqKbFiltr - ok
19:27:02.0118 0648 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
19:27:02.0118 0648 hpqwmiex - ok
19:27:02.0196 0648 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:27:02.0196 0648 HpSAMD - ok
19:27:02.0274 0648 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:27:02.0289 0648 HTTP - ok
19:27:02.0336 0648 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:27:02.0336 0648 hwpolicy - ok
19:27:02.0414 0648 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:27:02.0414 0648 i8042prt - ok
19:27:02.0508 0648 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:27:02.0508 0648 iaStorV - ok
19:27:02.0617 0648 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
19:27:02.0617 0648 IDriverT - ok
19:27:02.0757 0648 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:27:02.0773 0648 idsvc - ok
19:27:03.0241 0648 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:27:03.0459 0648 igfx - ok
19:27:03.0615 0648 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:27:03.0631 0648 iirsp - ok
19:27:03.0740 0648 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:27:03.0771 0648 IKEEXT - ok
19:27:03.0818 0648 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:27:03.0818 0648 intelide - ok
19:27:03.0880 0648 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:27:03.0880 0648 intelppm - ok
19:27:03.0927 0648 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:27:03.0927 0648 IPBusEnum - ok
19:27:03.0990 0648 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:27:03.0990 0648 IpFilterDriver - ok
19:27:04.0068 0648 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:27:04.0083 0648 iphlpsvc - ok
19:27:04.0146 0648 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:27:04.0146 0648 IPMIDRV - ok
19:27:04.0208 0648 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:27:04.0224 0648 IPNAT - ok
19:27:04.0364 0648 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
19:27:04.0380 0648 iPod Service - ok
19:27:04.0426 0648 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:27:04.0426 0648 IRENUM - ok
19:27:04.0473 0648 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:27:04.0473 0648 isapnp - ok
19:27:04.0567 0648 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:27:04.0567 0648 iScsiPrt - ok
19:27:04.0645 0648 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
19:27:04.0645 0648 kbdclass - ok
19:27:04.0707 0648 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
19:27:04.0707 0648 kbdhid - ok
19:27:04.0754 0648 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:27:04.0754 0648 KeyIso - ok
19:27:04.0816 0648 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:27:04.0816 0648 KSecDD - ok
19:27:04.0848 0648 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:27:04.0848 0648 KSecPkg - ok
19:27:04.0910 0648 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:27:04.0910 0648 ksthunk - ok
19:27:04.0972 0648 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:27:04.0988 0648 KtmRm - ok
19:27:05.0066 0648 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
19:27:05.0082 0648 LanmanServer - ok
19:27:05.0144 0648 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:27:05.0144 0648 LanmanWorkstation - ok
19:27:05.0238 0648 LightScribeService (83d8be94e1cbcbe2ea8372db1a95a159) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
19:27:05.0238 0648 LightScribeService - ok
19:27:05.0300 0648 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:27:05.0300 0648 lltdio - ok
19:27:05.0378 0648 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:27:05.0394 0648 lltdsvc - ok
19:27:05.0425 0648 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:27:05.0425 0648 lmhosts - ok
19:27:05.0503 0648 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:27:05.0503 0648 LSI_FC - ok
19:27:05.0581 0648 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:27:05.0581 0648 LSI_SAS - ok
19:27:05.0628 0648 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:27:05.0643 0648 LSI_SAS2 - ok
19:27:05.0690 0648 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:27:05.0690 0648 LSI_SCSI - ok
19:27:05.0737 0648 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:27:05.0752 0648 luafv - ok
19:27:05.0846 0648 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:27:05.0862 0648 Mcx2Svc - ok
19:27:05.0893 0648 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:27:05.0908 0648 megasas - ok
19:27:05.0955 0648 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:27:05.0955 0648 MegaSR - ok
19:27:06.0002 0648 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:27:06.0002 0648 MMCSS - ok
19:27:06.0049 0648 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:27:06.0049 0648 Modem - ok
19:27:06.0096 0648 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:27:06.0096 0648 monitor - ok
19:27:06.0158 0648 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:27:06.0158 0648 mouclass - ok
19:27:06.0205 0648 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:27:06.0205 0648 mouhid - ok
19:27:06.0267 0648 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:27:06.0283 0648 mountmgr - ok
19:27:06.0330 0648 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:27:06.0345 0648 mpio - ok
19:27:06.0376 0648 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:27:06.0392 0648 mpsdrv - ok
19:27:06.0532 0648 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:27:06.0564 0648 MpsSvc - ok
19:27:06.0610 0648 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:27:06.0626 0648 MRxDAV - ok
19:27:06.0688 0648 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:27:06.0704 0648 mrxsmb - ok
19:27:06.0735 0648 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:27:06.0751 0648 mrxsmb10 - ok
19:27:06.0782 0648 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:27:06.0782 0648 mrxsmb20 - ok
19:27:06.0829 0648 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:27:06.0829 0648 msahci - ok
19:27:06.0891 0648 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:27:06.0891 0648 msdsm - ok
19:27:06.0938 0648 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:27:06.0938 0648 MSDTC - ok
19:27:06.0985 0648 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:27:07.0000 0648 Msfs - ok
19:27:07.0032 0648 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:27:07.0032 0648 mshidkmdf - ok
19:27:07.0078 0648 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:27:07.0078 0648 msisadrv - ok
19:27:07.0125 0648 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:27:07.0125 0648 MSiSCSI - ok
19:27:07.0141 0648 msiserver - ok
19:27:07.0172 0648 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:27:07.0172 0648 MSKSSRV - ok
19:27:07.0203 0648 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:27:07.0203 0648 MSPCLOCK - ok
19:27:07.0219 0648 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:27:07.0234 0648 MSPQM - ok
19:27:07.0281 0648 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:27:07.0297 0648 MsRPC - ok
19:27:07.0344 0648 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:27:07.0344 0648 mssmbios - ok
19:27:07.0390 0648 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:27:07.0390 0648 MSTEE - ok
19:27:07.0422 0648 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:27:07.0422 0648 MTConfig - ok
19:27:07.0453 0648 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:27:07.0453 0648 Mup - ok
19:27:07.0546 0648 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:27:07.0562 0648 napagent - ok
19:27:07.0640 0648 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:27:07.0640 0648 NativeWifiP - ok
19:27:07.0796 0648 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:27:07.0812 0648 NDIS - ok
19:27:07.0874 0648 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:27:07.0874 0648 NdisCap - ok
19:27:07.0921 0648 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:27:07.0921 0648 NdisTapi - ok
19:27:07.0983 0648 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:27:07.0983 0648 Ndisuio - ok
19:27:08.0046 0648 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:27:08.0046 0648 NdisWan - ok
19:27:08.0108 0648 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:27:08.0108 0648 NDProxy - ok
19:27:08.0170 0648 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:27:08.0170 0648 NetBIOS - ok
19:27:08.0233 0648 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:27:08.0233 0648 NetBT - ok
19:27:08.0295 0648 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:27:08.0295 0648 Netlogon - ok
19:27:08.0358 0648 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:27:08.0373 0648 Netman - ok
19:27:08.0436 0648 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:27:08.0451 0648 netprofm - ok
19:27:08.0560 0648 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:27:08.0560 0648 NetTcpPortSharing - ok
19:27:08.0997 0648 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
19:27:09.0184 0648 netw5v64 - ok
19:27:09.0340 0648 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:27:09.0340 0648 nfrd960 - ok
19:27:09.0434 0648 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:27:09.0434 0648 NlaSvc - ok
19:27:09.0481 0648 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:27:09.0481 0648 Npfs - ok
19:27:09.0528 0648 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:27:09.0543 0648 nsi - ok
19:27:09.0606 0648 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:27:09.0606 0648 nsiproxy - ok
19:27:09.0793 0648 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:27:09.0824 0648 Ntfs - ok
19:27:09.0949 0648 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:27:09.0949 0648 Null - ok
19:27:10.0011 0648 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:27:10.0011 0648 nvraid - ok
19:27:10.0074 0648 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:27:10.0074 0648 nvstor - ok
19:27:10.0120 0648 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:27:10.0120 0648 nv_agp - ok
19:27:10.0245 0648 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:27:10.0261 0648 odserv - ok
19:27:10.0308 0648 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:27:10.0308 0648 ohci1394 - ok
19:27:10.0401 0648 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:27:10.0417 0648 ose - ok
19:27:10.0869 0648 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:27:11.0072 0648 osppsvc - ok
19:27:11.0212 0648 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:27:11.0228 0648 p2pimsvc - ok
19:27:11.0306 0648 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:27:11.0306 0648 p2psvc - ok
19:27:11.0384 0648 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:27:11.0384 0648 Parport - ok
19:27:11.0446 0648 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
19:27:11.0446 0648 partmgr - ok
19:27:11.0509 0648 PcaSp60 (5eacb8a19cad7057806fbbf9550165e1) C:\Windows\system32\DRIVERS\PcaSp60.sys
19:27:11.0524 0648 PcaSp60 - ok
19:27:11.0587 0648 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:27:11.0602 0648 PcaSvc - ok
19:27:11.0680 0648 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:27:11.0680 0648 pci - ok
19:27:11.0712 0648 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:27:11.0712 0648 pciide - ok
19:27:11.0790 0648 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:27:11.0805 0648 pcmcia - ok
19:27:11.0868 0648 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:27:11.0868 0648 pcw - ok
19:27:12.0008 0648 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:27:12.0024 0648 PEAUTH - ok
19:27:12.0133 0648 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:27:12.0133 0648 PerfHost - ok
19:27:12.0351 0648 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:27:12.0398 0648 pla - ok
19:27:12.0476 0648 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:27:12.0507 0648 PlugPlay - ok
19:27:12.0538 0648 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:27:12.0538 0648 PNRPAutoReg - ok
19:27:12.0601 0648 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:27:12.0601 0648 PNRPsvc - ok
19:27:12.0663 0648 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:27:12.0679 0648 PolicyAgent - ok
19:27:12.0726 0648 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:27:12.0726 0648 Power - ok
19:27:12.0819 0648 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:27:12.0819 0648 PptpMiniport - ok
19:27:12.0866 0648 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:27:12.0866 0648 Processor - ok
19:27:12.0913 0648 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
19:27:12.0913 0648 ProfSvc - ok
19:27:12.0960 0648 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:27:12.0960 0648 ProtectedStorage - ok
19:27:13.0038 0648 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:27:13.0038 0648 Psched - ok
19:27:13.0256 0648 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:27:13.0318 0648 ql2300 - ok
19:27:13.0552 0648 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:27:13.0552 0648 ql40xx - ok
19:27:13.0630 0648 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:27:13.0646 0648 QWAVE - ok
19:27:13.0693 0648 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:27:13.0693 0648 QWAVEdrv - ok
19:27:13.0724 0648 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:27:13.0724 0648 RasAcd - ok
19:27:13.0802 0648 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:27:13.0802 0648 RasAgileVpn - ok
19:27:13.0864 0648 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:27:13.0880 0648 RasAuto - ok
19:27:13.0942 0648 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:27:13.0958 0648 Rasl2tp - ok
19:27:14.0005 0648 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:27:14.0005 0648 RasMan - ok
19:27:14.0052 0648 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:27:14.0067 0648 RasPppoe - ok
19:27:14.0083 0648 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:27:14.0083 0648 RasSstp - ok
19:27:14.0161 0648 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:27:14.0161 0648 rdbss - ok
19:27:14.0208 0648 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:27:14.0208 0648 rdpbus - ok
19:27:14.0239 0648 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:27:14.0239 0648 RDPCDD - ok
19:27:14.0286 0648 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:27:14.0286 0648 RDPENCDD - ok
19:27:14.0317 0648 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:27:14.0317 0648 RDPREFMP - ok
19:27:14.0379 0648 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
19:27:14.0379 0648 RDPWD - ok
19:27:14.0473 0648 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:27:14.0473 0648 rdyboost - ok
19:27:14.0535 0648 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:27:14.0535 0648 RemoteAccess - ok
19:27:14.0566 0648 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:27:14.0566 0648 RemoteRegistry - ok
19:27:14.0816 0648 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
19:27:14.0816 0648 RichVideo - ok
19:27:14.0847 0648 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:27:14.0863 0648 RpcEptMapper - ok
19:27:14.0925 0648 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:27:14.0941 0648 RpcLocator - ok
19:27:15.0019 0648 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:27:15.0019 0648 RpcSs - ok
19:27:15.0112 0648 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:27:15.0128 0648 rspndr - ok
19:27:15.0237 0648 RSUSBSTOR (a5df2f732a6c95554e548fcb6932bd31) C:\Windows\system32\Drivers\RtsUStor.sys
19:27:15.0253 0648 RSUSBSTOR - ok
19:27:15.0331 0648 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:27:15.0331 0648 RTL8167 - ok
19:27:15.0362 0648 RtsUIR - ok
19:27:15.0409 0648 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:27:15.0409 0648 SamSs - ok
19:27:15.0456 0648 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:27:15.0456 0648 sbp2port - ok
19:27:15.0612 0648 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
19:27:15.0643 0648 SBSDWSCService - ok
19:27:15.0674 0648 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:27:15.0690 0648 SCardSvr - ok
19:27:15.0830 0648 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:27:15.0830 0648 scfilter - ok
19:27:15.0939 0648 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:27:16.0002 0648 Schedule - ok
19:27:16.0064 0648 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:27:16.0064 0648 SCPolicySvc - ok
19:27:16.0142 0648 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
19:27:16.0158 0648 sdbus - ok
19:27:16.0220 0648 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:27:16.0220 0648 SDRSVC - ok
19:27:16.0267 0648 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:27:16.0267 0648 secdrv - ok
19:27:16.0329 0648 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:27:16.0345 0648 seclogon - ok
19:27:16.0392 0648 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
19:27:16.0407 0648 SENS - ok
19:27:16.0454 0648 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:27:16.0454 0648 SensrSvc - ok
19:27:16.0501 0648 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:27:16.0501 0648 Serenum - ok
19:27:16.0548 0648 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:27:16.0548 0648 Serial - ok
19:27:16.0610 0648 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:27:16.0610 0648 sermouse - ok
19:27:16.0735 0648 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:27:16.0735 0648 SessionEnv - ok
19:27:16.0797 0648 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:27:16.0797 0648 sffdisk - ok
19:27:16.0828 0648 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:27:16.0844 0648 sffp_mmc - ok
19:27:16.0875 0648 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:27:16.0891 0648 sffp_sd - ok
19:27:16.0938 0648 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:27:16.0938 0648 sfloppy - ok
19:27:17.0031 0648 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
19:27:17.0047 0648 Sftfs - ok
19:27:17.0250 0648 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:27:17.0265 0648 sftlist - ok
19:27:17.0343 0648 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:27:17.0343 0648 Sftplay - ok
19:27:17.0437 0648 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:27:17.0437 0648 Sftredir - ok
19:27:17.0468 0648 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
19:27:17.0468 0648 Sftvol - ok
19:27:17.0608 0648 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:27:17.0608 0648 sftvsa - ok
19:27:17.0718 0648 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:27:17.0733 0648 SharedAccess - ok
19:27:17.0842 0648 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:27:17.0858 0648 ShellHWDetection - ok
19:27:17.0905 0648 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:27:17.0920 0648 SiSRaid2 - ok
19:27:17.0952 0648 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:27:17.0952 0648 SiSRaid4 - ok
19:27:18.0014 0648 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:27:18.0030 0648 Smb - ok
19:27:18.0092 0648 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:27:18.0123 0648 SNMPTRAP - ok
19:27:18.0170 0648 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:27:18.0170 0648 spldr - ok
19:27:18.0295 0648 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:27:18.0310 0648 Spooler - ok
19:27:18.0778 0648 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:27:18.0841 0648 sppsvc - ok
19:27:19.0106 0648 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:27:19.0106 0648 sppuinotify - ok
19:27:19.0293 0648 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:27:19.0309 0648 srv - ok
19:27:19.0371 0648 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:27:19.0387 0648 srv2 - ok
19:27:19.0465 0648 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
19:27:19.0465 0648 SrvHsfHDA - ok
19:27:19.0636 0648 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
19:27:19.0699 0648 SrvHsfV92 - ok
19:27:20.0042 0648 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
19:27:20.0089 0648 SrvHsfWinac - ok
19:27:20.0198 0648 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:27:20.0245 0648 srvnet - ok
19:27:20.0370 0648 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:27:20.0385 0648 SSDPSRV - ok
19:27:20.0432 0648 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:27:20.0448 0648 SstpSvc - ok
19:27:20.0635 0648 STacSV (810199dcc3bdc38304d7d649992ea7bc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
19:27:20.0650 0648 STacSV - ok
19:27:20.0682 0648 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:27:20.0682 0648 stexstor - ok
19:27:21.0181 0648 STHDA (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys
19:27:21.0212 0648 STHDA - ok
19:27:21.0306 0648 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:27:21.0321 0648 stisvc - ok
19:27:21.0368 0648 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:27:21.0368 0648 swenum - ok
19:27:21.0602 0648 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:27:21.0618 0648 SwitchBoard - ok
19:27:21.0742 0648 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:27:21.0789 0648 swprv - ok
19:27:21.0852 0648 SynTP (929c9fa0b18ad2ebc8340591c4bf00ff) C:\Windows\system32\DRIVERS\SynTP.sys
19:27:21.0852 0648 SynTP - ok
19:27:22.0210 0648 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:27:22.0273 0648 SysMain - ok
19:27:22.0507 0648 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:27:22.0507 0648 TabletInputService - ok
19:27:22.0569 0648 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:27:22.0569 0648 TapiSrv - ok
19:27:22.0647 0648 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:27:22.0663 0648 TBS - ok
19:27:22.0897 0648 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
19:27:22.0975 0648 Tcpip - ok
19:27:23.0568 0648 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
19:27:23.0599 0648 TCPIP6 - ok
19:27:23.0880 0648 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:27:23.0895 0648 tcpipreg - ok
19:27:23.0942 0648 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:27:23.0942 0648 TDPIPE - ok
19:27:24.0004 0648 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:27:24.0004 0648 TDTCP - ok
19:27:24.0114 0648 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:27:24.0160 0648 tdx - ok
19:27:24.0223 0648 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:27:24.0223 0648 TermDD - ok
19:27:24.0550 0648 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:27:24.0597 0648 TermService - ok
19:27:24.0628 0648 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:27:24.0644 0648 Themes - ok
19:27:24.0675 0648 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:27:24.0675 0648 THREADORDER - ok
19:27:24.0722 0648 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:27:24.0738 0648 TrkWks - ok
19:27:24.0847 0648 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:27:24.0862 0648 TrustedInstaller - ok
19:27:24.0925 0648 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:27:24.0940 0648 tssecsrv - ok
19:27:25.0034 0648 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:27:25.0034 0648 TsUsbFlt - ok
19:27:25.0143 0648 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:27:25.0143 0648 tunnel - ok
19:27:25.0206 0648 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:27:25.0206 0648 uagp35 - ok
19:27:25.0564 0648 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:27:25.0564 0648 udfs - ok
19:27:25.0642 0648 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:27:25.0642 0648 UI0Detect - ok
19:27:25.0720 0648 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:27:25.0720 0648 uliagpkx - ok
19:27:25.0814 0648 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
19:27:25.0814 0648 umbus - ok
19:27:25.0861 0648 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:27:25.0861 0648 UmPass - ok
19:27:25.0939 0648 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:27:25.0986 0648 upnphost - ok
19:27:26.0032 0648 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
19:27:26.0032 0648 usbccgp - ok
19:27:26.0064 0648 USBCCID - ok
19:27:26.0126 0648 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:27:26.0126 0648 usbcir - ok
19:27:26.0173 0648 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:27:26.0188 0648 usbehci - ok
19:27:26.0235 0648 usbfilter (44d9c773febff10593b50ddfc2d6bc27) C:\Windows\system32\DRIVERS\usbfilter.sys
19:27:26.0251 0648 usbfilter - ok
19:27:26.0298 0648 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:27:26.0313 0648 usbhub - ok
19:27:26.0360 0648 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
19:27:26.0376 0648 usbohci - ok
19:27:26.0469 0648 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:27:26.0469 0648 usbprint - ok
19:27:26.0532 0648 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:27:26.0532 0648 usbscan - ok
19:27:26.0578 0648 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:27:26.0578 0648 USBSTOR - ok
19:27:26.0625 0648 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:27:26.0641 0648 usbuhci - ok
19:27:26.0672 0648 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:27:26.0688 0648 UxSms - ok
19:27:26.0750 0648 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:27:26.0750 0648 VaultSvc - ok
19:27:26.0812 0648 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:27:26.0812 0648 vdrvroot - ok
19:27:27.0031 0648 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:27:27.0062 0648 vds - ok
19:27:27.0109 0648 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:27:27.0109 0648 vga - ok
19:27:27.0140 0648 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:27:27.0140 0648 VgaSave - ok
19:27:27.0234 0648 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:27:27.0249 0648 vhdmp - ok
19:27:27.0312 0648 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:27:27.0312 0648 viaide - ok
19:27:27.0374 0648 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:27:27.0374 0648 volmgr - ok
19:27:27.0468 0648 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:27:27.0468 0648 volmgrx - ok
19:27:27.0546 0648 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:27:27.0561 0648 volsnap - ok
19:27:27.0624 0648 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:27:27.0624 0648 vsmraid - ok
19:27:27.0811 0648 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:27:27.0842 0648 VSS - ok
19:27:28.0107 0648 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:27:28.0107 0648 vwifibus - ok
19:27:28.0170 0648 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:27:28.0170 0648 vwififlt - ok
19:27:28.0216 0648 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
19:27:28.0216 0648 vwifimp - ok
19:27:28.0279 0648 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:27:28.0294 0648 W32Time - ok
19:27:28.0357 0648 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:27:28.0357 0648 WacomPen - ok
19:27:28.0450 0648 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:27:28.0450 0648 WANARP - ok
19:27:28.0466 0648 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:27:28.0482 0648 Wanarpv6 - ok
19:27:28.0731 0648 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:27:28.0794 0648 WatAdminSvc - ok
19:27:29.0230 0648 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:27:29.0293 0648 wbengine - ok
19:27:29.0605 0648 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:27:29.0620 0648 WbioSrvc - ok
19:27:29.0698 0648 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:27:29.0714 0648 wcncsvc - ok
19:27:29.0792 0648 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:27:29.0808 0648 WcsPlugInService - ok
19:27:29.0870 0648 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:27:29.0870 0648 Wd - ok
19:27:30.0026 0648 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:27:30.0057 0648 Wdf01000 - ok
19:27:30.0120 0648 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:27:30.0120 0648 WdiServiceHost - ok
19:27:30.0135 0648 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:27:30.0151 0648 WdiSystemHost - ok
19:27:30.0385 0648 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:27:30.0400 0648 WebClient - ok
19:27:30.0463 0648 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:27:30.0478 0648 Wecsvc - ok
19:27:30.0525 0648 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:27:30.0541 0648 wercplsupport - ok
19:27:30.0588 0648 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:27:30.0588 0648 WerSvc - ok
19:27:30.0697 0648 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:27:30.0697 0648 WfpLwf - ok
19:27:30.0744 0648 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:27:30.0759 0648 WIMMount - ok
19:27:30.0837 0648 WinDefend - ok
19:27:30.0868 0648 WinHttpAutoProxySvc - ok
19:27:31.0056 0648 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:27:31.0056 0648 Winmgmt - ok
19:27:31.0586 0648 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:27:31.0664 0648 WinRM - ok
19:27:32.0070 0648 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:27:32.0070 0648 WinUsb - ok
19:27:32.0226 0648 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:27:32.0288 0648 Wlansvc - ok
19:27:32.0725 0648 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:27:32.0818 0648 wlidsvc - ok
19:27:33.0037 0648 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:27:33.0037 0648 WmiAcpi - ok
19:27:33.0645 0648 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:27:33.0708 0648 wmiApSrv - ok
19:27:33.0879 0648 WMPNetworkSvc - ok
19:27:34.0098 0648 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:27:34.0098 0648 WPCSvc - ok
19:27:34.0176 0648 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:27:34.0191 0648 WPDBusEnum - ok
19:27:34.0441 0648 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:27:34.0441 0648 ws2ifsl - ok
19:27:34.0987 0648 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
19:27:35.0018 0648 wscsvc - ok
19:27:35.0034 0648 WSearch - ok
19:27:35.0580 0648 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
19:27:35.0673 0648 wuauserv - ok
19:27:35.0876 0648 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:27:35.0923 0648 WudfPf - ok
19:27:36.0016 0648 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:27:36.0032 0648 WUDFRd - ok
19:27:36.0110 0648 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:27:36.0110 0648 wudfsvc - ok
19:27:36.0188 0648 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:27:36.0204 0648 WwanSvc - ok
19:27:36.0297 0648 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
19:27:36.0297 0648 yukonw7 - ok
19:27:36.0391 0648 MBR (0x1B8) (ccf4c305504c3ee040e94bda0d4d9dbc) \Device\Harddisk0\DR0
19:27:36.0422 0648 \Device\Harddisk0\DR0 - ok
19:27:36.0484 0648 Boot (0x1200) (efe5340303bfb90afe11a92f6b3e1db6) \Device\Harddisk0\DR0\Partition0
19:27:36.0484 0648 \Device\Harddisk0\DR0\Partition0 - ok
19:27:36.0516 0648 Boot (0x1200) (c97532cf961d36c1932d952638079a96) \Device\Harddisk0\DR0\Partition1
19:27:36.0531 0648 \Device\Harddisk0\DR0\Partition1 - ok
19:27:36.0578 0648 Boot (0x1200) (186729a77e19fd896263397cbae4a5df) \Device\Harddisk0\DR0\Partition2
19:27:36.0578 0648 \Device\Harddisk0\DR0\Partition2 - ok
19:27:36.0625 0648 Boot (0x1200) (5557d21559530e4b26a16e6b6223b651) \Device\Harddisk0\DR0\Partition3
19:27:36.0625 0648 \Device\Harddisk0\DR0\Partition3 - ok
19:27:36.0640 0648 ============================================================
19:27:36.0640 0648 Scan finished
19:27:36.0640 0648 ============================================================
19:27:36.0672 4084 Detected object count: 0
19:27:36.0672 4084 Actual detected object count: 0
19:27:46.0531 0620 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-23 20:26:18
-----------------------------
20:26:18.018 OS Version: Windows x64 6.1.7601 Service Pack 1
20:26:18.018 Number of processors: 1 586 0x602
20:26:18.018 ComputerName: RKARLEN-PC UserName: rkarlen
20:26:20.108 Initialize success
20:26:30.560 AVAST engine defs: 12042301
20:26:36.863 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:26:36.863 Disk 0 Vendor: TOSHIBA_MK2555GSX FG002C Size: 238475MB BusType: 11
20:26:36.878 Disk 0 MBR read successfully
20:26:36.894 Disk 0 MBR scan
20:26:36.910 Disk 0 unknown MBR code
20:26:36.941 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
20:26:36.956 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 224745 MB offset 409600
20:26:36.988 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13426 MB offset 460687360
20:26:37.019 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
20:26:37.050 Disk 0 scanning C:\Windows\system32\drivers
20:26:50.154 Service scanning
20:27:43.927 Modules scanning
20:27:43.927 Disk 0 trace - called modules:
20:27:44.614 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:27:44.614 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80030aa790]
20:27:44.629 3 CLASSPNP.SYS[fffff8800112843f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003046060]
20:27:45.253 AVAST engine scan C:\Windows
20:27:48.030 AVAST engine scan C:\Windows\system32
20:27:50.183 File: C:\Windows\system32\amusbprt.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:27:53.131 File: C:\Windows\system32\ATSWPDRV.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:27:54.535 File: C:\Windows\system32\AVerBDA.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:28:02.008 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
20:28:03.193 File: C:\Windows\system32\CX88ENC.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:28:07.031 File: C:\Windows\system32\ddxgb.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:28:32.599 File: C:\Windows\system32\lfsfilt.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:28:46.577 File: C:\Windows\system32\mwsarcpkt.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:28:58.558 File: C:\Windows\system32\nscservice.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:28:59.400 File: C:\Windows\system32\ntrtscan.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:29:04.283 File: C:\Windows\system32\pnmsrv.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:29:12.692 File: C:\Windows\system32\RT25USBAP.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:29:13.144 File: C:\Windows\system32\s3savagenb.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:29:14.080 File: C:\Windows\system32\ScFBPNT2.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:29:23.424 File: C:\Windows\system32\stunnel.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:29:34.298 File: C:\Windows\system32\W700bus.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:29:34.438 File: C:\Windows\system32\wacommousefilter.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:29:35.390 File: C:\Windows\system32\wdelmgr20.dll **INFECTED** Win64:ZAccess-E [Rtk]
20:29:53.891 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
20:29:56.559 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
20:31:25.198 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
20:31:25.339 File: C:\Windows\assembly\temp\U\80000064.@ **INFECTED** Win32:Malware-gen
20:31:29.363 AVAST engine scan C:\Windows\system32\drivers
20:31:50.813 AVAST engine scan C:\Users\rkarlen
20:47:48.234 AVAST engine scan C:\ProgramData
20:49:38.464 Scan finished successfully
20:50:50.427 Disk 0 MBR has been saved successfully to "C:\Users\rkarlen\Desktop\MBR.dat"
20:50:50.427 The log file has been saved successfully to "C:\Users\rkarlen\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-26 21:07:00
-----------------------------
21:07:00.588 OS Version: Windows x64 6.1.7601 Service Pack 1
21:07:00.588 Number of processors: 1 586 0x602
21:07:00.588 ComputerName: RKARLEN-PC UserName: rkarlen
21:07:22.428 Initialze error C000010E - driver not loaded
21:08:54.745 AVAST engine defs: 12042601
21:09:30.063 Service scanning
21:10:49.732 Modules scanning
21:10:49.732 Disk 0 trace - called modules:
21:10:49.748
21:10:50.918 AVAST engine scan C:\Windows
21:10:56.456 AVAST engine scan C:\Windows\system32
21:11:00.777 File: C:\Windows\system32\amusbprt.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:11:06.705 File: C:\Windows\system32\ATSWPDRV.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:11:09.685 File: C:\Windows\system32\AVerBDA.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:11:24.723 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
21:11:26.907 File: C:\Windows\system32\CX88ENC.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:11:33.132 File: C:\Windows\system32\ddxgb.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:12:21.071 File: C:\Windows\system32\lfsfilt.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:12:50.118 File: C:\Windows\system32\mwsarcpkt.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:13:21.895 File: C:\Windows\system32\nscservice.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:13:23.377 File: C:\Windows\system32\ntrtscan.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:13:32.644 File: C:\Windows\system32\pnmsrv.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:13:46.247 File: C:\Windows\system32\RT25USBAP.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:13:46.746 File: C:\Windows\system32\s3savagenb.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:13:48.181 File: C:\Windows\system32\ScFBPNT2.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:14:03.610 File: C:\Windows\system32\stunnel.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:14:23.531 File: C:\Windows\system32\W700bus.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:14:23.671 File: C:\Windows\system32\wacommousefilter.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:14:25.481 File: C:\Windows\system32\wdelmgr20.dll **INFECTED** Win64:ZAccess-E [Rtk]
21:15:05.557 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
21:15:10.362 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
21:17:28.407 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
21:17:28.500 File: C:\Windows\assembly\temp\U\80000064.@ **INFECTED** Win32:Malware-gen
21:17:30.076 AVAST engine scan C:\Windows\system32\drivers
21:17:50.465 AVAST engine scan C:\Users\rkarlen
21:32:33.318 AVAST engine scan C:\ProgramData
21:34:40.957 Scan finished successfully
21:40:28.777 The log file has been saved successfully to "C:\Users\rkarlen\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-27 19:42:09
-----------------------------
19:42:09.496 OS Version: Windows x64 6.1.7601 Service Pack 1
19:42:09.496 Number of processors: 1 586 0x602
19:42:09.496 ComputerName: RKARLEN-PC UserName: rkarlen
19:42:10.136 Initialize success
19:43:00.743 AVAST engine defs: 12042701
19:44:04.298 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:44:04.298 Disk 0 Vendor: TOSHIBA_MK2555GSX FG002C Size: 238475MB BusType: 11
19:44:04.345 Disk 0 MBR read successfully
19:44:04.360 Disk 0 MBR scan
19:44:04.360 Disk 0 unknown MBR code
19:44:04.376 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
19:44:04.391 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 224745 MB offset 409600
19:44:04.438 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13426 MB offset 460687360
19:44:04.469 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
19:44:04.516 Disk 0 scanning C:\Windows\system32\drivers
19:44:22.909 Service scanning
19:45:29.614 Modules scanning
19:45:29.630 Disk 0 trace - called modules:
19:45:30.192 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
19:45:30.192 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80030e3060]
19:45:30.207 3 CLASSPNP.SYS[fffff8800107f43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003087680]
19:45:31.128 AVAST engine scan C:\Windows
19:45:34.809 AVAST engine scan C:\Windows\system32
19:45:37.617 File: C:\Windows\system32\amusbprt.dll **INFECTED** Win64:ZAccess-E [Rtk]
19:45:41.314 File: C:\Windows\system32\ATSWPDRV.dll **INFECTED** Win64:ZAccess-E [Rtk]
19:45:43.405 File: C:\Windows\system32\AVerBDA.dll **INFECTED** Win64:ZAccess-E [Rtk]
19:45:53.186 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
19:45:54.918 File: C:\Windows\system32\CX88ENC.dll **INFECTED** Win64:ZAccess-E [Rtk]
19:45:59.176 File: C:\Windows\system32\ddxgb.dll **INFECTED** Win64:ZAccess-E [Rtk]
19:46:34.510 File: C:\Windows\system32\lfsfilt.dll **INFECTED** Win64:ZAccess-E [Rtk]
19:46:53.262 File: C:\Windows\system32\mwsarcpkt.dll **INFECTED** Win64:ZAccess-E [Rtk]
19:47:10.141 File: C:\Windows\system32\nscservice.dll **INFECTED** Win64:ZAccess-E [Rtk]
19:47:11.311 File: C:\Windows\system32\ntrtscan.dll **INFECTED** Win64:ZAccess-E [Rtk]
19:47:18.159 File: C:\Windows\system32\pnmsrv.dll **INFECTED** Win64:ZAccess-E [Rtk]
19:47:29.875 File: C:\Windows\system32\RT25USBAP.dll **INFECTED** Win64:ZAccess-E [Rtk]
19:47:30.561 File: C:\Windows\system32\s3savagenb.dll **INFECTED** Win64:ZAccess-E [Rtk]
19:47:32.168 File: C:\Windows\system32\ScFBPNT2.dll **INFECTED** Win64:ZAccess-E [Rtk]
19:47:44.804 File: C:\Windows\system32\stunnel.dll **INFECTED** Win64:ZAccess-E [Rtk]
19:48:00.045 File: C:\Windows\system32\W700bus.dll **INFECTED** Win64:ZAccess-E [Rtk]
19:48:00.201 File: C:\Windows\system32\wacommousefilter.dll **INFECTED** Win64:ZAccess-E [Rtk]
19:48:01.824 File: C:\Windows\system32\wdelmgr20.dll **INFECTED** Win64:ZAccess-E [Rtk]
19:50:14.881 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
19:50:15.006 File: C:\Windows\assembly\temp\U\80000064.@ **INFECTED** Win32:Malware-gen
19:50:15.677 AVAST engine scan C:\Windows\system32\drivers
19:50:38.313 AVAST engine scan C:\Users\rkarlen
20:00:57.993 AVAST engine scan C:\ProgramData
20:03:02.216 Scan finished successfully
20:04:06.894 Disk 0 MBR has been saved successfully to "C:\Users\rkarlen\Desktop\MBR.dat"
20:04:06.910 The log file has been saved successfully to "C:\Users\rkarlen\Desktop\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users