Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another STOP: C0000135 The program can't start because %hs is missing. Try resintalling the program


  • This topic is locked This topic is locked
10 replies to this topic

#1 Balah

Balah

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 23 April 2012 - 07:29 PM

I have a machine with a reboot issue after some malware was removed. I'm not sure what the infection was. The PC won't boot into normal or safe mode, and has the blue screen error in the title. Any help would be greatly appreciated! Here is my FRST scan log:

Scan result of Farbar Recovery Scan Tool Version: 22-04-2012
Ran by SYSTEM at 23-04-2012 18:35:26
Running from E:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2011-01-11] (LogMeIn, Inc.)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436736 2011-06-15] (Microsoft Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [85160 2009-06-17] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Standby] "c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START [105632 2009-12-17] (Corel)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [IntelAgent] C:\Windows\Temp\temp68.exe [x]
HKLM-x32\...\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe [x]
HKLM-x32\...\Run: [CGWGCnHLqP.exe] C:\ProgramData\CGWGCnHLqP.exe [x]
HKLM-x32\...\Run: [AmdAgent] C:\Windows\Temp\temp14.exe [x]
HKLM-x32\...\Run: [aTQDlCiEjSchAAD.exe] C:\ProgramData\aTQDlCiEjSchAAD.exe [x]
HKLM-x32\...\Run: [jFRhCecXBQMsfL.exe] C:\ProgramData\jFRhCecXBQMsfL.exe [x]
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\update\realsched.exe" -osboot [296056 2011-12-06] (RealNetworks, Inc.)
HKU\DJ Bassel\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [740216 2012-02-23] (BitTorrent, Inc.)
HKU\DJ Bassel\...\Run: [Google Update] "C:\Users\DJ Bassel\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-08-26] (Google Inc.)
HKU\DJ Bassel\...\Run: [Universal Control] C:\Users\DJ Bassel\Desktop\UniversalControl.exe [x]
HKU\DJ Bassel\...\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" [495616 2007-09-02] ()
HKU\DJ Bassel\...\Run: [Audiogalaxy] "C:\Users\DJ Bassel\AppData\Local\Audiogalaxy\Audiogalaxy.exe" /startup [2955496 2011-12-13] (AG Entertainment Inc)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0AMwA4ADQAMQAxADEANwAwADAALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAxAA"&"prod=90"&"ver=9.0.894 [x]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

3 Adobe LM Service; "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [72704 2010-08-15] (Adobe Systems)
3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253600 2012-03-29] (Adobe Systems Incorporated)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 CodeMeter.exe; "C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe" [2304912 2011-07-06] (WIBU-SYSTEMS AG)
3 FLEXnet Licensing Service 64; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe" [1436424 2010-08-31] (Acresso Software Inc.)
3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-03] (Macrovision Corporation)
3 LBTServ; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [359192 2011-09-27] (Logitech, Inc.)
2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375176 2012-02-07] (LogMeIn, Inc.)
2 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147336 2012-02-07] (LogMeIn, Inc.)
2 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2011-01-11] (LogMeIn, Inc.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [12784 2011-04-27] (Microsoft Corporation)
4 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-06-08] (Nero AG)
2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5018624 2010-03-25] (Native Instruments GmbH)
3 NisSrv; "C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [288272 2011-04-27] (Microsoft Corporation)
4 NMIndexingService; "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe" [537896 2008-06-24] (Nero AG)
2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-09-30] ()
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
2 PSI_SVC_2; "c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe" [x]

========================== Drivers (Whitelisted) =============

2 adfs; C:\Windows\System32\Drivers\adfs.sys [88632 2008-06-27] (Adobe Systems, Inc.)
3 ak1avs_x64; C:\Windows\System32\Drivers\ak1avs_x64.sys [45136 2009-10-08] (Native Instruments GmbH)
3 ak1usb_x64; C:\Windows\System32\Drivers\ak1usb_x64.sys [300624 2009-10-08] (Native Instruments GmbH)
3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [10720256 2011-12-05] (Advanced Micro Devices, Inc.)
3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-28] (Atheros Communications, Inc.)
3 AtiDCM; \??\C:\Users\DJ Bassel\AppData\Local\Temp\atdcm64a.sys [26752 2011-10-06] (Advanced Micro Devices, Inc.)
3 atikmdag; C:\Windows\System32\Drivers\atikmdag.sys [10720256 2011-12-05] (Advanced Micro Devices, Inc.)
3 kx1avs_x64; C:\Windows\System32\Drivers\kx1avs_x64.sys [45136 2009-12-07] (Native Instruments GmbH)
3 kx1usb_x64; C:\Windows\System32\Drivers\kx1usb_x64.sys [300624 2009-12-07] (Native Instruments GmbH)
3 LHidFilt; C:\Windows\System32\Drivers\LHidFilt.sys [66840 2011-09-01] (Logitech, Inc.)
2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-01-11] (LogMeIn, Inc.)
3 lmimirr; C:\Windows\System32\Drivers\lmimirr.sys [11552 2011-01-11] (LogMeIn, Inc.)
2 LMIRfsDriver; C:\Windows\System32\Drivers\LMIRfsDriver.sys [72216 2011-01-11] (LogMeIn, Inc.)
3 LMouFilt; C:\Windows\System32\Drivers\LMouFilt.sys [60696 2011-09-01] (Logitech, Inc.)
3 PaeFireStudio; C:\Windows\System32\Drivers\PaeFireStudio.sys [209712 2009-06-26] (PreSonus Audio Electronics)
3 PaeFireStudioAudio; C:\Windows\System32\Drivers\PaeFireStudioAudio.sys [38960 2009-06-26] (PreSonus Audio Electronics)
3 PaeFireStudioMidi; C:\Windows\System32\Drivers\PaeFireStudioMidi.sys [43952 2009-06-26] (PreSonus Audio Electronics)
1 qrmewunx; C:\Windows\System32\Drivers\qrmewunx.sys [50000 2012-04-20] (Microsoft Corporation)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-08-23] (Duplex Secure Ltd.)
1 tryjhksi; C:\Windows\System32\Drivers\tryjhksi.sys [50000 2012-04-20] (Microsoft Corporation)
1 kauxzplv; \??\C:\Windows\system32\drivers\kauxzplv.sys [x]
4 LMIRfsClientNP; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-20 17:18 - 2009-07-13 17:45 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\qrmewunx.sys
2012-04-20 17:06 - 2012-03-27 15:21 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-04-20 17:06 - 2012-03-18 13:34 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-04-20 16:56 - 2010-11-20 05:33 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tryjhksi.sys
2012-04-20 16:26 - 2012-04-10 20:32 - 0274704 ____A C:\Windows\Minidump\042012-144578-01.dmp
2012-04-10 22:09 - 2012-04-09 09:27 - 0282416 ____A C:\Windows\Minidump\041112-30609-01.dmp
2012-04-10 20:52 - 2012-04-10 22:09 - 0274704 ____A C:\Windows\Minidump\041112-437437-01.dmp
2012-04-10 20:32 - 2012-04-10 20:52 - 0274704 ____A C:\Windows\Minidump\041112-508546-01.dmp
2012-04-09 16:30 - 2011-05-18 13:41 - 0001158 ____A C:\Users\DJ Bassel\Downloads\SpinRite_6_0_Release_1-_Demonoid.me_-.torrent
2012-04-09 09:27 - 2012-04-07 22:35 - 0274704 ____A C:\Windows\Minidump\040912-68625-01.dmp
2012-04-08 19:53 - 2012-04-08 07:42 - 0274704 ____A C:\Windows\Minidump\040812-46500-01.dmp
2012-04-08 08:27 - 2009-06-10 12:30 - 0000000 ____D C:\Windows\pss
2012-04-08 08:16 - 2012-04-06 20:58 - 0274704 ____A C:\Windows\Minidump\040812-39218-01.dmp
2012-04-08 07:52 - 2011-10-13 22:13 - 169420752 ____A (Advanced Micro Devices, Inc.) C:\Users\DJ Bassel\Downloads\12-3_vista_win7_64_dd_ccc.exe
2012-04-08 07:42 - 2012-04-08 08:16 - 0274704 ____A C:\Windows\Minidump\040812-39828-01.dmp
2012-04-08 07:37 - 2012-04-08 19:53 - 0274704 ____A C:\Windows\Minidump\040812-56781-01.dmp
2012-04-08 02:19 - 2011-08-07 11:59 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{94514789-FF06-47F1-ABB2-E85F60253CAE}
2012-04-08 00:28 - 2012-04-23 14:13 - 0000279 ____A C:\hj_1.gif
2012-04-08 00:28 - 2012-04-08 00:28 - 0000265 ____A C:\srch_ans_1.gif
2012-04-08 00:28 - 2012-04-08 00:28 - 0000131 ____A C:\srch_loc_1.gif
2012-04-08 00:28 - 2012-04-08 00:28 - 0000123 ____A C:\srch_sh_1.gif
2012-04-08 00:28 - 2012-04-08 00:28 - 0000121 ____A C:\srch_nws_1.gif
2012-04-08 00:28 - 2012-04-08 00:28 - 0000113 ____A C:\srch_aud_1.gif
2012-04-08 00:28 - 2012-04-08 00:28 - 0000112 ____A C:\srch_vid_1.gif
2012-04-08 00:28 - 2012-04-08 00:28 - 0000112 ____A C:\srch_img_1.gif
2012-04-08 00:28 - 2012-04-07 22:31 - 0000304 ____A C:\dir.bmp
2012-04-08 00:28 - 2012-02-17 12:55 - 0000235 ____A C:\srch_1.gif
2012-04-08 00:28 - 2011-02-09 00:06 - 0000000 ____A C:\ab_1.gif
2012-04-07 23:43 - 2009-07-13 21:08 - 0000000 ____D C:\e
2012-04-07 23:42 - 2012-04-23 17:49 - 0001573 ____A C:\us
2012-04-07 22:35 - 2012-04-08 07:37 - 0274704 ____A C:\Windows\Minidump\040812-70656-01.dmp
2012-04-07 22:31 - 2010-09-15 23:03 - 0000000 ____D C:\Data
2012-04-07 22:03 - 2012-04-20 17:55 - 0000344 ____A C:\Windows\Tasks\At10.job
2012-04-07 22:03 - 2012-04-20 17:25 - 0000344 ____A C:\Windows\Tasks\At46.job
2012-04-07 22:03 - 2012-04-11 06:25 - 0000344 ____A C:\Windows\Tasks\At24.job
2012-04-07 22:03 - 2012-04-11 05:25 - 0000344 ____A C:\Windows\Tasks\At22.job
2012-04-07 22:03 - 2012-04-11 04:25 - 0000344 ____A C:\Windows\Tasks\At2.job
2012-04-07 22:03 - 2012-04-11 03:25 - 0000344 ____A C:\Windows\Tasks\At18.job
2012-04-07 22:03 - 2012-04-11 02:25 - 0000344 ____A C:\Windows\Tasks\At16.job
2012-04-07 22:03 - 2012-04-11 01:25 - 0000344 ____A C:\Windows\Tasks\At14.job
2012-04-07 22:03 - 2012-04-11 00:25 - 0000344 ____A C:\Windows\Tasks\At12.job
2012-04-07 22:03 - 2012-04-10 22:25 - 0000344 ____A C:\Windows\Tasks\At8.job
2012-04-07 22:03 - 2012-04-09 16:25 - 0000344 ____A C:\Windows\Tasks\At44.job
2012-04-07 22:03 - 2012-04-09 15:25 - 0000344 ____A C:\Windows\Tasks\At42.job
2012-04-07 22:03 - 2012-04-09 14:25 - 0000344 ____A C:\Windows\Tasks\At4.job
2012-04-07 22:03 - 2012-04-09 13:25 - 0000344 ____A C:\Windows\Tasks\At38.job
2012-04-07 22:03 - 2012-04-09 12:25 - 0000344 ____A C:\Windows\Tasks\At36.job
2012-04-07 22:03 - 2012-04-09 11:25 - 0000344 ____A C:\Windows\Tasks\At34.job
2012-04-07 22:03 - 2012-04-09 10:25 - 0000344 ____A C:\Windows\Tasks\At32.job
2012-04-07 22:03 - 2012-04-09 08:25 - 0000344 ____A C:\Windows\Tasks\At28.job
2012-04-07 22:03 - 2012-04-09 07:26 - 0000344 ____A C:\Windows\Tasks\At26.job
2012-04-07 22:03 - 2012-04-08 21:25 - 0000344 ____A C:\Windows\Tasks\At40.job
2012-04-07 22:03 - 2012-04-08 20:25 - 0000344 ____A C:\Windows\Tasks\At20.job
2012-04-07 22:03 - 2012-04-08 18:25 - 0000344 ____A C:\Windows\Tasks\At48.job
2012-04-07 22:03 - 2012-04-08 09:25 - 0000344 ____A C:\Windows\Tasks\At30.job
2012-04-07 22:03 - 2012-04-07 22:35 - 0000344 ____A C:\Windows\Tasks\At6.job
2012-04-07 22:03 - 2010-11-14 09:44 - 0000112 ____A C:\Users\All Users\77R431.dat
2012-04-07 22:03 - 2010-11-14 09:44 - 0000112 ____A C:\ProgramData\77R431.dat
2012-04-07 11:21 - 2012-04-06 19:37 - 0274704 ____A C:\Windows\Minidump\040712-223937-01.dmp
2012-04-07 08:39 - 2012-04-23 17:52 - 0000000 ____D C:\Windows\system64
2012-04-07 08:38 - 2010-11-12 12:25 - 0000000 ____D C:\Users\All Users\F4D55F3B000435DB58E02439B4EB2331
2012-04-07 08:38 - 2010-11-12 12:25 - 0000000 ____D C:\ProgramData\F4D55F3B000435DB58E02439B4EB2331
2012-04-06 23:55 - 2012-04-05 08:23 - 0013494 ____A C:\Windows\SysWOW64\hs_err_pid3644.log
2012-04-06 20:57 - 2012-04-07 11:21 - 0274704 ____A C:\Windows\Minidump\040712-2609921-01.dmp
2012-04-06 19:37 - 2012-04-05 08:05 - 0274704 ____A C:\Windows\Minidump\040612-243093-01.dmp
2012-04-05 08:23 - 2012-04-04 17:08 - 0013830 ____A C:\Windows\SysWOW64\hs_err_pid3152.log
2012-04-05 08:05 - 2012-04-04 16:49 - 0274704 ____A C:\Windows\Minidump\040512-401593-01.dmp
2012-04-04 17:50 - 2012-04-03 14:17 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Apr04-21-50-17.wbb
2012-04-04 17:19 - 2012-04-04 06:08 - 0274704 ____A C:\Windows\Minidump\040412-190687-01.dmp
2012-04-04 17:08 - 2009-07-13 19:20 - 0013497 ____A C:\Windows\SysWOW64\hs_err_pid2860.log
2012-04-04 16:58 - 2012-04-04 17:19 - 0274704 ____A C:\Windows\Minidump\040412-219531-01.dmp
2012-04-04 16:48 - 2012-04-04 06:20 - 0274704 ____A C:\Windows\Minidump\040412-39265-01.dmp
2012-04-04 06:35 - 2009-07-13 17:39 - 0388400 ____A C:\Windows\ntbtlog.txt
2012-04-04 06:20 - 2012-04-04 16:59 - 0274704 ____A C:\Windows\Minidump\040412-267765-01.dmp
2012-04-04 06:07 - - 0274704 ____A C:\Windows\Minidump\040412-103296-01.dmp
2012-04-04 06:05 - 2012-01-20 19:56 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{595A9570-1177-4561-99FE-D9D4771DA9E3}
2012-04-04 03:42 - 2011-12-06 19:19 - 0000000 ____D C:\Program Files (x86)\RealNetworks
2012-04-03 22:14 - - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-04-03 22:10 - 2011-01-08 02:07 - 0020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-04-03 14:17 - 2012-04-02 14:15 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Apr03-18-17-39.wbb
2012-04-02 14:15 - 2012-04-01 14:15 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Apr02-18-15-55.wbb
2012-04-01 14:15 - 2010-11-20 04:18 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Apr01-18-15-25.wbb
2012-03-31 14:13 - 2012-03-30 13:56 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Mar31-18-13-38.wbb
2012-03-30 19:26 - 2012-02-15 17:39 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{42FE3E5B-96EE-4B51-A8D1-16E4F79F1B3D}
2012-03-30 13:56 - 2012-03-29 13:53 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Mar30-17-56-03.wbb
2012-03-29 13:53 - 2012-03-28 13:45 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Mar29-17-53-33.wbb
2012-03-29 09:55 - 2012-03-29 09:56 - 8767136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-03-29 09:07 - 2011-10-19 10:01 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{56BD8C71-01FA-4233-AB7F-6836BD8DC107}
2012-03-29 08:58 - 2009-07-13 17:14 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-03-29 08:58 - - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-03-29 08:30 - 2011-04-14 03:49 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{DC048660-BCE2-4BFC-8C8E-6969922F5485}
2012-03-28 13:45 - 2012-03-27 13:16 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Mar28-17-45-01.wbb
2012-03-28 09:40 - 2010-08-17 10:54 - 0044705 ____A C:\Users\DJ Bassel\Downloads\Exams_201204CandidateAgreement.pdf
2012-03-28 09:15 - 2010-11-20 04:08 - 0008224 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2012-03-27 15:19 - 2012-03-27 15:18 - 0000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2012-03-27 15:18 - 2012-03-27 15:18 - 0000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2012-03-27 15:16 - 2012-01-18 19:09 - 0000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2012-03-27 14:55 - 2010-10-16 15:29 - 0016501 ____A C:\Users\DJ Bassel\Desktop\HW CH06-A-Distribution automation.docx
2012-03-27 13:39 - 2011-07-18 20:23 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{0E4E1982-E33D-4F7B-ACB1-E9563561F602}
2012-03-27 13:38 - 2011-08-02 12:08 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{B6150397-BB1B-47B4-B522-FB6933AAC63A}
2012-03-27 13:16 - 2012-03-21 20:06 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Mar27-17-16-42.wbb


============ 3 Months Modified Files and Folders =============

2012-04-23 18:35 - 2012-04-23 18:34 - 0000000 ____D C:\FRST
2012-04-23 18:07 - 2010-08-12 11:06 - 0000000 ____D C:\Program Files (x86)\BMB
2012-04-23 17:52 - 2012-04-07 08:38 - 0000000 ____D C:\Users\All Users\F4D55F3B000435DB58E02439B4EB2331
2012-04-23 17:52 - 2012-04-07 08:38 - 0000000 ____D C:\ProgramData\F4D55F3B000435DB58E02439B4EB2331
2012-04-23 17:52 - 2012-03-18 13:18 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-04-23 17:52 - 2012-03-18 13:18 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-04-23 17:52 - 2011-09-18 15:34 - 0000000 ____D C:\users\LogMeInRemoteUser
2012-04-23 17:52 - 2010-08-12 10:23 - 0000000 ____D C:\users\DJ Bassel
2012-04-23 17:52 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-04-23 14:13 - 2012-04-04 06:35 - 0388400 ____A C:\Windows\ntbtlog.txt
2012-04-23 14:13 - 2010-08-12 13:12 - 3219791872 __ASH C:\hiberfil.sys
2012-04-23 13:55 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-20 18:07 - 2010-08-12 20:08 - 0000000 ____D C:\Users\DJ Bassel\AppData\Roaming\uTorrent
2012-04-20 17:55 - 2012-03-29 08:58 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-20 17:38 - 2010-08-26 18:45 - 0000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4141819445-1412386313-5753979-1000UA.job
2012-04-20 17:25 - 2012-04-07 22:03 - 0000344 ____A C:\Windows\Tasks\At44.job
2012-04-20 17:18 - 2012-04-20 17:18 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\qrmewunx.sys
2012-04-20 17:14 - 2009-07-13 20:45 - 0016800 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-20 17:14 - 2009-07-13 20:45 - 0016800 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-20 17:13 - 2010-08-12 13:15 - 1335152 ____A C:\Windows\WindowsUpdate.log
2012-04-20 17:07 - 2012-04-20 17:06 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-04-20 17:07 - 2011-03-14 14:57 - 0001945 ____A C:\Windows\epplauncher.mif
2012-04-20 17:07 - 2011-03-14 14:54 - 0761198 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-20 17:06 - 2012-04-20 17:06 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-04-20 17:05 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\System32\GroupPolicy
2012-04-20 17:03 - 2012-02-24 15:11 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\Audiogalaxy
2012-04-20 16:56 - 2012-04-20 16:56 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tryjhksi.sys
2012-04-20 16:56 - 2010-08-13 23:05 - 0000000 ___RD C:\Users\DJ Bassel\Documents\My Dropbox
2012-04-20 16:56 - 2010-08-13 23:04 - 0000000 ____D C:\Users\DJ Bassel\AppData\Roaming\Dropbox
2012-04-20 16:53 - 2012-03-18 23:30 - 0004556 ____A C:\Windows\setupact.log
2012-04-20 16:53 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-20 16:47 - 2010-08-12 11:05 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-20 16:26 - 2012-04-20 16:26 - 0274704 ____A C:\Windows\Minidump\042012-144578-01.dmp
2012-04-20 16:26 - 2011-01-29 12:43 - 0000000 ____D C:\Windows\Minidump
2012-04-20 16:20 - 2010-08-13 23:05 - 0001068 ____A C:\Users\DJ Bassel\Start Menu\Programs\Startup\Dropbox.lnk
2012-04-20 16:20 - 2010-08-13 23:05 - 0001068 ____A C:\Users\DJ Bassel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2012-04-20 16:19 - 2010-08-13 23:05 - 0001044 ____A C:\Users\DJ Bassel\Desktop\Dropbox.lnk
2012-04-20 16:11 - 2011-09-18 15:00 - 0000000 ____D C:\Users\All Users\LogMeIn
2012-04-20 16:11 - 2011-09-18 15:00 - 0000000 ____D C:\ProgramData\LogMeIn
2012-04-11 06:25 - 2012-04-07 22:03 - 0000344 ____A C:\Windows\Tasks\At22.job
2012-04-11 05:25 - 2012-04-07 22:03 - 0000344 ____A C:\Windows\Tasks\At20.job
2012-04-11 04:25 - 2012-04-07 22:03 - 0000344 ____A C:\Windows\Tasks\At18.job
2012-04-11 03:25 - 2012-04-07 22:03 - 0000344 ____A C:\Windows\Tasks\At16.job
2012-04-11 02:25 - 2012-04-07 22:03 - 0000344 ____A C:\Windows\Tasks\At14.job
2012-04-11 01:25 - 2012-04-07 22:03 - 0000344 ____A C:\Windows\Tasks\At12.job
2012-04-11 00:25 - 2012-04-07 22:03 - 0000344 ____A C:\Windows\Tasks\At10.job
2012-04-10 23:25 - 2012-04-07 22:03 - 0000344 ____A C:\Windows\Tasks\At8.job
2012-04-10 22:25 - 2012-04-07 22:03 - 0000344 ____A C:\Windows\Tasks\At6.job
2012-04-10 22:09 - 2012-04-10 22:09 - 0282416 ____A C:\Windows\Minidump\041112-30609-01.dmp
2012-04-10 20:52 - 2012-04-10 20:52 - 0274704 ____A C:\Windows\Minidump\041112-437437-01.dmp
2012-04-10 20:32 - 2012-04-10 20:32 - 0274704 ____A C:\Windows\Minidump\041112-508546-01.dmp
2012-04-10 20:31 - 2010-08-21 09:30 - 0193770 ____A C:\Windows\PFRO.log
2012-04-09 16:31 - 2012-04-09 16:30 - 0001158 ____A C:\Users\DJ Bassel\Downloads\SpinRite_6_0_Release_1-_Demonoid.me_-.torrent
2012-04-09 16:25 - 2012-04-07 22:03 - 0000344 ____A C:\Windows\Tasks\At42.job
2012-04-09 16:06 - 2009-07-13 18:34 - 0000882 ____A C:\Windows\System32\Drivers\etc\hosts
2012-04-09 15:25 - 2012-04-07 22:03 - 0000344 ____A C:\Windows\Tasks\At40.job
2012-04-09 14:25 - 2012-04-07 22:03 - 0000344 ____A C:\Windows\Tasks\At38.job
2012-04-09 13:25 - 2012-04-07 22:03 - 0000344 ____A C:\Windows\Tasks\At36.job
2012-04-09 12:25 - 2012-04-07 22:03 - 0000344 ____A C:\Windows\Tasks\At34.job
2012-04-09 11:25 - 2012-04-07 22:03 - 0000344 ____A C:\Windows\Tasks\At32.job
2012-04-09 10:38 - 2010-08-26 18:45 - 0000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4141819445-1412386313-5753979-1000Core.job
2012-04-09 10:25 - 2012-04-07 22:03 - 0000344 ____A C:\Windows\Tasks\At30.job
2012-04-09 09:27 - 2012-04-09 09:27 - 0274704 ____A C:\Windows\Minidump\040912-68625-01.dmp
2012-04-09 08:25 - 2012-04-07 22:03 - 0000344 ____A C:\Windows\Tasks\At26.job
2012-04-09 07:26 - 2012-04-07 22:03 - 0000344 ____A C:\Windows\Tasks\At24.job
2012-04-08 21:25 - 2012-04-07 22:03 - 0000344 ____A C:\Windows\Tasks\At4.job
2012-04-08 20:25 - 2012-04-07 22:03 - 0000344 ____A C:\Windows\Tasks\At2.job
2012-04-08 19:53 - 2012-04-08 19:53 - 0274704 ____A C:\Windows\Minidump\040812-46500-01.dmp
2012-04-08 18:25 - 2012-04-07 22:03 - 0000344 ____A C:\Windows\Tasks\At46.job
2012-04-08 09:25 - 2012-04-07 22:03 - 0000344 ____A C:\Windows\Tasks\At28.job
2012-04-08 08:36 - 2010-08-12 11:05 - 0000000 ____D C:\Users\DJ Bassel\AppData\Roaming\Mozilla
2012-04-08 08:27 - 2012-04-08 08:27 - 0000000 ____D C:\Windows\pss
2012-04-08 08:16 - 2012-04-08 08:16 - 0274704 ____A C:\Windows\Minidump\040812-39218-01.dmp
2012-04-08 07:53 - 2010-08-12 10:50 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\ElevatedDiagnostics
2012-04-08 07:52 - 2012-04-08 07:52 - 169420752 ____A (Advanced Micro Devices, Inc.) C:\Users\DJ Bassel\Downloads\12-3_vista_win7_64_dd_ccc.exe
2012-04-08 07:42 - 2012-04-08 07:42 - 0274704 ____A C:\Windows\Minidump\040812-39828-01.dmp
2012-04-08 07:40 - 2010-10-13 14:43 - 0000000 ____D C:\Users\DJ Bassel\Tracing
2012-04-08 07:37 - 2012-04-08 07:37 - 0274704 ____A C:\Windows\Minidump\040812-56781-01.dmp
2012-04-08 02:19 - 2012-04-08 02:19 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{94514789-FF06-47F1-ABB2-E85F60253CAE}
2012-04-08 00:28 - 2012-04-08 00:28 - 0000304 ____A C:\dir.bmp
2012-04-08 00:28 - 2012-04-08 00:28 - 0000279 ____A C:\hj_1.gif
2012-04-08 00:28 - 2012-04-08 00:28 - 0000265 ____A C:\srch_ans_1.gif
2012-04-08 00:28 - 2012-04-08 00:28 - 0000235 ____A C:\srch_1.gif
2012-04-08 00:28 - 2012-04-08 00:28 - 0000131 ____A C:\srch_loc_1.gif
2012-04-08 00:28 - 2012-04-08 00:28 - 0000123 ____A C:\srch_sh_1.gif
2012-04-08 00:28 - 2012-04-08 00:28 - 0000121 ____A C:\srch_nws_1.gif
2012-04-08 00:28 - 2012-04-08 00:28 - 0000113 ____A C:\srch_aud_1.gif
2012-04-08 00:28 - 2012-04-08 00:28 - 0000112 ____A C:\srch_vid_1.gif
2012-04-08 00:28 - 2012-04-08 00:28 - 0000112 ____A C:\srch_img_1.gif
2012-04-08 00:28 - 2012-04-08 00:28 - 0000000 ____A C:\ab_1.gif
2012-04-07 23:43 - 2012-04-07 23:43 - 0000000 ____D C:\e
2012-04-07 23:42 - 2012-04-07 23:42 - 0001573 ____A C:\us
2012-04-07 23:28 - 2010-09-10 15:11 - 0000000 ____D C:\Users\All Users\Yahoo! Companion
2012-04-07 23:28 - 2010-09-10 15:11 - 0000000 ____D C:\ProgramData\Yahoo! Companion
2012-04-07 22:35 - 2012-04-07 22:35 - 0274704 ____A C:\Windows\Minidump\040812-70656-01.dmp
2012-04-07 22:35 - 2012-04-07 22:03 - 0000344 ____A C:\Windows\Tasks\At48.job
2012-04-07 22:31 - 2012-04-07 22:31 - 0000000 ____D C:\Data
2012-04-07 22:31 - 2012-04-07 22:03 - 0000112 ____A C:\Users\All Users\77R431.dat
2012-04-07 22:31 - 2012-04-07 22:03 - 0000112 ____A C:\ProgramData\77R431.dat
2012-04-07 11:21 - 2012-04-07 11:21 - 0274704 ____A C:\Windows\Minidump\040712-223937-01.dmp
2012-04-07 11:21 - 2009-07-13 21:08 - 0032610 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-07 08:39 - 2012-04-07 08:39 - 0000000 ____D C:\Windows\system64
2012-04-06 23:55 - 2012-04-06 23:55 - 0013494 ____A C:\Windows\SysWOW64\hs_err_pid3644.log
2012-04-06 20:58 - 2012-04-06 20:57 - 0274704 ____A C:\Windows\Minidump\040712-2609921-01.dmp
2012-04-06 19:37 - 2012-04-06 19:37 - 0274704 ____A C:\Windows\Minidump\040612-243093-01.dmp
2012-04-05 08:23 - 2012-04-05 08:23 - 0013830 ____A C:\Windows\SysWOW64\hs_err_pid3152.log
2012-04-05 08:05 - 2012-04-05 08:05 - 0274704 ____A C:\Windows\Minidump\040512-401593-01.dmp
2012-04-04 17:50 - 2012-04-04 17:50 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Apr04-21-50-17.wbb
2012-04-04 17:19 - 2012-04-04 17:19 - 0274704 ____A C:\Windows\Minidump\040412-190687-01.dmp
2012-04-04 17:08 - 2012-04-04 17:08 - 0013497 ____A C:\Windows\SysWOW64\hs_err_pid2860.log
2012-04-04 16:59 - 2012-04-04 16:58 - 0274704 ____A C:\Windows\Minidump\040412-219531-01.dmp
2012-04-04 16:49 - 2012-04-04 16:48 - 0274704 ____A C:\Windows\Minidump\040412-39265-01.dmp
2012-04-04 06:20 - 2012-04-04 06:20 - 0274704 ____A C:\Windows\Minidump\040412-267765-01.dmp
2012-04-04 06:08 - 2012-04-04 06:07 - 0274704 ____A C:\Windows\Minidump\040412-103296-01.dmp
2012-04-04 06:05 - 2012-04-04 06:05 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{595A9570-1177-4561-99FE-D9D4771DA9E3}
2012-04-04 06:04 - 2011-08-05 17:45 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\ApplicationHistory
2012-04-04 03:42 - 2012-04-04 03:42 - 0000000 ____D C:\Program Files (x86)\RealNetworks
2012-04-03 22:14 - 2012-04-03 22:14 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-04-03 14:17 - 2012-04-03 14:17 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Apr03-18-17-39.wbb
2012-04-02 14:15 - 2012-04-02 14:15 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Apr02-18-15-55.wbb
2012-04-01 14:15 - 2012-04-01 14:15 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Apr01-18-15-25.wbb
2012-03-31 19:26 - 2012-03-30 19:26 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{42FE3E5B-96EE-4B51-A8D1-16E4F79F1B3D}
2012-03-31 14:13 - 2012-03-31 14:13 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Mar31-18-13-38.wbb
2012-03-30 19:27 - 2011-08-09 12:11 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\Digsby
2012-03-30 13:56 - 2012-03-30 13:56 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Mar30-17-56-03.wbb
2012-03-29 22:03 - 2011-11-13 21:14 - 0000069 ____A C:\Windows\NeroDigital.ini
2012-03-29 21:52 - 2009-07-13 21:13 - 0747540 ____A C:\Windows\System32\PerfStringBackup.INI
2012-03-29 13:53 - 2012-03-29 13:53 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Mar29-17-53-33.wbb
2012-03-29 09:56 - 2012-03-29 08:58 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-03-29 09:56 - 2011-05-13 08:59 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-03-29 09:55 - 2012-03-29 09:55 - 8767136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-03-29 09:07 - 2012-03-29 09:07 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{56BD8C71-01FA-4233-AB7F-6836BD8DC107}
2012-03-29 08:30 - 2012-03-29 08:30 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{DC048660-BCE2-4BFC-8C8E-6969922F5485}
2012-03-28 13:45 - 2012-03-28 13:45 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Mar28-17-45-01.wbb
2012-03-28 09:40 - 2012-03-28 09:40 - 0044705 ____A C:\Users\DJ Bassel\Downloads\Exams_201204CandidateAgreement.pdf
2012-03-28 09:15 - 2012-03-28 09:15 - 0008224 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2012-03-28 09:14 - 2010-08-15 07:27 - 0149968 ___AH C:\Users\DJ Bassel\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-27 21:04 - 2009-07-13 20:45 - 3074520 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-27 15:21 - 2011-04-15 02:46 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-03-27 15:19 - 2012-03-27 15:19 - 0000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2012-03-27 15:18 - 2012-03-27 15:18 - 0000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2012-03-27 15:18 - 2010-10-13 14:32 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-03-27 15:16 - 2012-03-27 15:16 - 0000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2012-03-27 15:16 - 2009-07-13 23:46 - 0000000 ____D C:\Windows\ShellNew
2012-03-27 15:06 - 2012-03-27 14:55 - 0016501 ____A C:\Users\DJ Bassel\Desktop\HW CH06-A-Distribution automation.docx
2012-03-27 13:47 - 2011-08-09 12:08 - 0000000 ____D C:\Program Files (x86)\Digsby
2012-03-27 13:39 - 2012-03-27 13:39 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{0E4E1982-E33D-4F7B-ACB1-E9563561F602}
2012-03-27 13:39 - 2010-10-13 14:14 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\Windows Live
2012-03-27 13:38 - 2012-03-27 13:38 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{B6150397-BB1B-47B4-B522-FB6933AAC63A}
2012-03-27 13:16 - 2012-03-27 13:16 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Mar27-17-16-42.wbb
2012-03-21 20:06 - 2012-03-21 20:06 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Mar22-00-06-07.wbb
2012-03-20 20:03 - 2012-03-20 20:03 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Mar21-00-03-42.wbb
2012-03-19 20:00 - 2012-03-19 20:00 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Mar20-00-00-58.wbb
2012-03-19 17:13 - 2012-03-19 17:13 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{E1E91B8B-CABF-4980-9917-41AD46F7EB12}
2012-03-18 23:52 - 2012-03-18 23:52 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{F365E687-0C49-4981-A7F1-7E3C7B10C22F}
2012-03-18 23:52 - 2012-03-18 23:52 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{05789395-4A2E-4FB7-91FF-91F9F4000C0E}
2012-03-18 23:30 - 2012-03-18 23:30 - 0000000 ____A C:\Windows\setuperr.log
2012-03-18 23:09 - 2012-03-18 23:09 - 0000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-03-18 23:09 - 2012-03-18 23:09 - 0000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2012-03-18 19:41 - 2012-03-18 19:41 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Mar18-23-41-08.wbb
2012-03-18 19:37 - 2012-03-18 19:35 - 89352016 ____A C:\Users\DJ Bassel\Downloads\iPhone4,1_5.1_9B179_Restore.zip.sfiq4ut.partial
2012-03-18 17:06 - 2012-03-18 17:06 - 0028581 ____A C:\Users\DJ Bassel\Documents\rachael gray.docx
2012-03-18 14:06 - 2012-03-18 14:06 - 0000461 ____A C:\Users\DJ Bassel\Downloads\Download Document (1).ris
2012-03-18 14:00 - 2012-03-18 14:00 - 0000461 ____A C:\Users\DJ Bassel\Downloads\Download Document.ris
2012-03-18 13:35 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-03-18 13:34 - 2012-03-18 13:34 - 0000000 ____D C:\Program Files\Microsoft Office
2012-03-18 13:18 - 2012-03-18 13:18 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\Microsoft Help
2012-03-18 13:16 - 2012-03-18 13:16 - 0000000 __RHD C:\MSOCache
2012-03-17 19:37 - 2012-03-17 19:37 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Mar17-23-37-41.wbb
2012-03-17 15:42 - 2012-03-17 15:42 - 1291067 ____A C:\s4i4.3
2012-03-17 15:42 - 2012-03-17 15:42 - 0697904 ____A C:\s4i4.4
2012-03-17 15:40 - 2012-02-24 15:08 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\libimobiledevice
2012-03-16 19:35 - 2012-03-16 19:35 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Mar16-23-35-45.wbb
2012-03-15 19:32 - 2012-03-15 19:32 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Mar15-23-32-27.wbb
2012-03-15 10:46 - 2012-03-15 10:46 - 5896359 ____A C:\Users\DJ Bassel\Downloads\Siente el Boom instrumental(BY EL EXPERT).mp3
2012-03-15 09:48 - 2012-03-15 09:48 - 3955610 ____A C:\Users\DJ Bassel\Downloads\Tito El Bambino - El Amor (Acapella Danny Mix).mp3
2012-03-15 09:48 - 2012-03-15 09:48 - 3229097 ____A C:\Users\DJ Bassel\Downloads\Tito ''El Bambino'' Ft. Randy - Siente El Boom [Acapella].mp3
2012-03-15 09:28 - 2012-03-15 09:28 - 1991644 ____A C:\Users\DJ Bassel\Internet friends ringtone.mp3
2012-03-14 19:29 - 2012-03-14 19:29 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Mar14-23-29-34.wbb
2012-03-14 10:05 - 2012-03-14 10:05 - 6065668 ____A C:\Users\DJ Bassel\Desktop\desktop.png
2012-03-14 06:25 - 2012-03-14 06:25 - 0000000 ____D C:\Users\All Users\ATI
2012-03-14 06:25 - 2012-03-14 06:25 - 0000000 ____D C:\ProgramData\ATI
2012-03-14 06:19 - 2012-03-14 06:19 - 0002054 ____A C:\Users\All Users\Start Menu\Programs\Startup\AML Device Install.lnk
2012-03-14 06:19 - 2012-03-14 06:19 - 0000000 ____D C:\Users\All Users\AMD
2012-03-14 06:19 - 2012-03-14 06:19 - 0000000 ____D C:\ProgramData\AMD
2012-03-14 06:19 - 2012-03-14 06:19 - 0000000 ____D C:\Program Files (x86)\AMD AVT
2012-03-14 06:19 - 2012-03-14 06:19 - 0000000 ____D C:\Program Files (x86)\AMD APP
2012-03-14 06:19 - 2010-08-18 10:43 - 0000000 ____D C:\Program Files\ATI Technologies
2012-03-14 05:56 - 2012-03-14 05:56 - 3334435 ____A C:\Users\DJ Bassel\Downloads\15_HYFR_(Hell_Ya_bleep_Right).wma
2012-03-13 23:33 - 2012-03-13 23:33 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{9EA46243-2592-4F1F-BBA9-36A9E4CDAC98}
2012-03-13 23:33 - 2012-03-13 23:33 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{2FC54E7E-C16E-4008-8A45-72653DCFA314}
2012-03-13 23:02 - 2010-08-19 16:50 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-13 20:56 - 2010-09-28 12:27 - 0000000 ____D C:\Users\DJ Bassel\DJ Bassel Reason Patches
2012-03-13 19:12 - 2012-03-13 19:12 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Mar13-23-12-59.wbb
2012-03-12 19:10 - 2012-03-12 19:10 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Mar12-23-10-29.wbb
2012-03-12 13:54 - 2012-03-12 13:54 - 0014579 ____A C:\Users\DJ Bassel\Downloads\L.A._Tits_(DVD.xvid)_-_anal__Shyla_Stylez__Puma_Swede.4611219.TPB.torrent
2012-03-12 13:52 - 2012-03-12 13:52 - 0011785 ____A C:\Users\DJ Bassel\Downloads\[kat.ph]julia.bond.xxx.ass.stretchers.pov.mastitorrents.torrent
2012-03-12 13:51 - 2012-03-12 13:52 - 0014510 ____A C:\Users\DJ Bassel\Downloads\[kat.ph]big.tit.ass.stretchers.2.torrent
2012-03-11 19:07 - 2012-03-11 19:07 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Mar11-23-07-50.wbb
2012-03-10 19:05 - 2012-03-10 19:05 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Mar10-23-05-12.wbb
2012-03-10 18:55 - 2012-03-10 18:55 - 1290407 ____A C:\s954.3
2012-03-10 18:55 - 2012-03-10 18:55 - 0697314 ____A C:\s954.4
2012-03-09 19:03 - 2012-03-09 19:03 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Mar09-22-03-51.wbb
2012-03-09 00:10 - 2012-01-03 13:45 - 0000000 ____D C:\Users\DJ Bassel\Documents\BioWare
2012-03-09 00:08 - 2012-03-09 00:08 - 0000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-03-09 00:07 - 2010-08-17 09:33 - 0244620 ____A C:\Windows\DirectX.log
2012-03-08 19:03 - 2012-03-08 19:03 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Mar08-22-03-25.wbb
2012-03-07 18:55 - 2012-03-07 18:55 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Mar07-21-55-38.wbb
2012-03-07 09:50 - 2012-03-07 09:50 - 0022711 ____A C:\Users\DJ Bassel\Downloads\harabara.zip
2012-03-06 19:58 - 2012-03-06 19:58 - 0493512 ____A (Facebook Inc.) C:\Users\DJ Bassel\Downloads\FacebookMessengerSetup.exe
2012-03-06 18:50 - 2012-03-06 18:50 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Mar06-21-50-29.wbb
2012-03-05 20:13 - 2012-03-05 20:13 - 0016452 ____A C:\Users\DJ Bassel\Downloads\-_Demonoid.me_-Prime_Loops_Drum_n_Bass_Drum_Loops_(_WAV)_7325990.8028.torrent
2012-03-05 20:06 - 2010-10-23 07:16 - 0000091 ____A C:\Users\DJ Bassel\Desktop\todo.txt
2012-03-05 19:56 - 2012-03-05 19:56 - 9928526 ____A C:\Users\DJ Bassel\Downloads\08 - Seven Devils.mp3
2012-03-05 18:47 - 2012-03-05 18:47 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Mar05-21-47-00.wbb
2012-03-05 00:58 - 2010-12-20 11:30 - 0005120 ___AH C:\Users\DJ Bassel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-03-04 22:35 - 2012-03-04 22:35 - 0014096 ____A C:\Users\DJ Bassel\Downloads\Sick_Puppies_-_Tri-Polar_2009_(320_kbps)_-_lllSCOOPlll.4993652.TPB.torrent
2012-03-04 22:33 - 2012-03-04 22:33 - 0109664 ____A C:\Users\DJ Bassel\Downloads\[[Demonoid.me]]-Top_40_Jaarlijst(2011)MP3_Nlt_release_7325990.8028.torrent
2012-03-04 22:33 - 2012-03-04 22:33 - 0017042 ____A C:\Users\DJ Bassel\Downloads\Billboard_Top_25_Rock_Songs_18_06_2011_x-Demonoid.me-x_7325990.8028.torrent
2012-03-04 19:54 - 2012-03-04 19:54 - 0015551 ____A C:\Users\DJ Bassel\Downloads\[Demonoid.me]-Microsoft_Office_Professional_Plus_2010_full_activated_iso_file_7325990.8028.torrent
2012-03-04 18:44 - 2012-03-04 18:44 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Mar04-21-44-25.wbb
2012-03-03 18:41 - 2012-03-03 18:41 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Mar03-21-41-57.wbb
2012-03-03 17:47 - 2012-03-03 17:47 - 1290646 ____A C:\sfdg.2
2012-03-03 17:47 - 2012-03-03 17:47 - 0697814 ____A C:\sfdg.3
2012-03-03 17:11 - 2012-03-03 17:11 - 0569130 ____A C:\Users\DJ Bassel\Downloads\yanone_kaffeesatz.zip
2012-03-03 14:06 - 2012-01-06 08:14 - 0000000 ____D C:\Windows\XSxS
2012-03-03 07:29 - 2012-03-03 07:29 - 10204542 ____A C:\Users\DJ Bassel\Desktop\Scrilla Ft. Young Jeezy - I ball I stunt (Bassel Remix).mp3
2012-03-02 18:39 - 2012-03-02 18:39 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Mar02-21-39-08.wbb
2012-03-01 18:36 - 2012-03-01 18:36 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Mar01-21-36-34.wbb
2012-03-01 15:05 - 2012-02-29 06:29 - 0000000 ____D C:\Users\DJ Bassel\Logo Bassel
2012-03-01 14:56 - 2012-03-01 14:56 - 13379817 ____A C:\Users\DJ Bassel\Downloads\Bassel-PSD-Logo.zip
2012-03-01 13:50 - 2012-03-01 13:47 - 55167574 ____A C:\Users\DJ Bassel\Downloads\Sonifi 1.2-omegatron.rar
2012-03-01 13:40 - 2012-03-01 13:39 - 68563358 ____A C:\Users\DJ Bassel\Downloads\Sonifi.ipa
2012-03-01 07:59 - 2012-03-01 07:59 - 0000000 ____D C:\Program Files (x86)\Xenocode
2012-03-01 07:52 - 2012-03-01 07:52 - 0014967 ____A C:\Users\DJ Bassel\Downloads\Wondertouch_Particle_Illusion_3_04_1_Pro_Emmiter_Libraries_(Portable)-(Demonoid.me)_7325990.8028.torrent
2012-03-01 04:15 - 2012-03-01 04:10 - 9876444 ____A C:\Users\DJ Bassel\Desktop\Bassel - AutoBots.mp3
2012-03-01 03:49 - 2012-03-01 03:49 - 0018798 ____A C:\Users\DJ Bassel\Downloads\(Demonoid.me)-Adobe_CS5_Portable_Apps_7325990.8028.torrent
2012-03-01 03:08 - 2012-03-01 03:08 - 0802046 ____A C:\Users\DJ Bassel\Downloads\SS_bloodspots.zip
2012-03-01 00:59 - 2012-03-01 00:59 - 12548991 ____A C:\Users\DJ Bassel\Downloads\futuremotion-realistic-metal-styles-1.zip
2012-02-29 20:03 - 2012-02-29 20:03 - 0001750 ____A C:\Users\DJ Bassel\Downloads\++Demonoid.me++-Font_Lab_Studio_5_7325990.8028.torrent
2012-02-29 20:00 - 2012-02-29 20:00 - 0006004 ____A C:\Users\DJ Bassel\Downloads\FontLab_Fontographer_v5_1_0_4204-((Demonoid.me))_7325990.8028.torrent
2012-02-29 18:41 - 2012-02-29 18:41 - 0012154 ____A C:\Users\DJ Bassel\Downloads\FontLab_Studio_5_1_1_Neviens-++Demonoid.me++_7325990.8028.torrent
2012-02-29 18:33 - 2012-02-29 18:33 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Feb29-21-33-31.wbb
2012-02-29 10:09 - 2012-02-29 10:09 - 0017331 ____A C:\Users\DJ Bassel\Downloads\[kat.ph]elegantangel.kagney.linn.karter.torrent
2012-02-29 09:05 - 2012-02-29 09:05 - 0032348 ____A C:\Users\DJ Bassel\Desktop\bassel logo.png
2012-02-29 08:28 - 2012-02-29 08:28 - 0634531 ____A C:\Users\DJ Bassel\Downloads\Tron Legacy by Webby.rar
2012-02-29 06:20 - 2012-02-29 06:20 - 0615736 ____A C:\Users\DJ Bassel\Downloads\coalition.zip
2012-02-28 18:30 - 2012-02-28 18:30 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Feb28-21-30-34.wbb
2012-02-28 09:40 - 2012-02-28 09:40 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{8E805738-E6D3-420D-9013-ACD91008C830}
2012-02-28 09:39 - 2012-02-28 09:39 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{98465D55-01FF-44F5-951B-27EA8095EA69}
2012-02-27 18:03 - 2012-02-27 18:03 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Feb27-21-03-38.wbb
2012-02-26 18:01 - 2012-02-26 18:01 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Feb26-21-01-10.wbb
2012-02-25 17:57 - 2012-02-25 17:57 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Feb25-20-57-40.wbb
2012-02-25 17:02 - 2012-02-25 17:01 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{DA395B89-26B6-4D0A-9510-67D83EBDE4CC}
2012-02-25 17:01 - 2012-02-25 17:01 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{FE4C47D6-B26A-4D2D-87C1-50948CA7138E}
2012-02-25 16:56 - 2010-08-12 20:08 - 0000000 ____D C:\Program Files (x86)\uTorrent
2012-02-24 18:01 - 2012-02-24 18:01 - 1289903 ____A C:\s9n8.2
2012-02-24 18:01 - 2012-02-24 18:01 - 0697278 ____A C:\s9n8.3
2012-02-24 17:28 - 2012-02-24 17:28 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Feb24-20-28-20.wbb
2012-02-24 15:10 - 2012-02-24 15:10 - 1290527 ____A C:\s610.2
2012-02-24 15:10 - 2012-02-24 15:10 - 0697051 ____A C:\s610.3
2012-02-24 14:57 - 2012-02-24 14:57 - 0000000 ____D C:\Users\DJ Bassel\Downloads\absinthe-win-0.4
2012-02-23 17:24 - 2012-02-23 17:24 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Feb23-20-24-23.wbb
2012-02-23 10:48 - 2012-02-23 10:48 - 10375892 ____A C:\Users\DJ Bassel\Desktop\Mary x 3 Mix.mp3
2012-02-23 08:32 - 2012-02-23 08:32 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{CF2D904D-3B83-4775-A637-020A989A1859}
2012-02-23 08:32 - 2012-02-23 08:32 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{B7D11EF5-183B-40D1-B3FA-951C825AD874}
2012-02-23 06:18 - 2011-03-14 15:16 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-22 17:22 - 2012-02-22 17:22 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Feb22-20-22-32.wbb
2012-02-22 08:30 - 2012-02-22 08:30 - 0001852 ___AH C:\Users\Public\Desktop\QuickTime Player.lnk
2012-02-22 08:30 - 2012-02-22 08:30 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-02-22 08:12 - 2010-08-23 11:46 - 0000000 ____D C:\Users\DJ Bassel\AppData\Roaming\Apple Computer
2012-02-22 08:11 - 2012-02-22 08:11 - 0001790 ___AH C:\Users\Public\Desktop\iTunes.lnk
2012-02-22 08:11 - 2012-02-22 08:10 - 0000000 ____D C:\Program Files\iTunes
2012-02-22 08:11 - 2011-10-06 12:03 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-02-22 08:10 - 2012-02-22 08:10 - 0000000 ____D C:\Program Files\iPod
2012-02-22 08:07 - 2012-02-22 08:07 - 0000000 ____D C:\Program Files\Bonjour
2012-02-22 08:07 - 2012-02-22 08:07 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-02-22 07:57 - 2012-02-22 07:56 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{8E24F55C-3B3D-440D-A716-E0483DA3847C}
2012-02-22 07:56 - 2012-02-22 07:56 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{E4DD92AC-8C74-4587-AD68-BB290A551B8D}
2012-02-22 07:55 - 2012-01-28 14:45 - 0054156 ___AH C:\Windows\QTFont.qfn
2012-02-22 07:08 - 2012-02-22 07:08 - 9123792 ____A C:\Users\DJ Bassel\Downloads\absinthe-win-0.4.zip
2012-02-21 17:00 - 2012-02-21 17:00 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Feb21-20-00-55.wbb
2012-02-21 01:50 - 2011-04-18 13:43 - 0000000 ____D C:\Users\DJ Bassel\Downloads\Hanna (Original Motion Picture Soundtrac
2012-02-20 18:49 - 2012-02-20 18:49 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{A514AA2E-A7C7-4743-9567-7DA4A9F8BBC9}
2012-02-20 18:49 - 2012-02-20 18:48 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{AC78E3A1-CF25-4AAB-87A1-82CFB0428E5D}
2012-02-20 16:56 - 2012-02-20 16:56 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Feb20-19-56-49.wbb
2012-02-19 16:42 - 2012-02-19 16:42 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Feb19-19-42-47.wbb
2012-02-18 16:40 - 2012-02-18 16:40 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Feb18-19-40-04.wbb
2012-02-17 16:36 - 2012-02-17 16:36 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Feb17-19-36-47.wbb
2012-02-17 15:05 - 2012-02-17 17:00 - 0033411 ____A C:\Users\DJ Bassel\Downloads\428610_366912596670321_196601040368145_1390961_1460252450_n.jpg
2012-02-17 14:12 - 2012-02-17 14:12 - 0000000 ____D C:\Users\All Users\EA Logs
2012-02-17 14:12 - 2012-02-17 14:12 - 0000000 ____D C:\ProgramData\EA Logs
2012-02-17 12:55 - 2011-10-01 01:04 - 0023796 ____A C:\shared.log
2012-02-17 12:32 - 2011-09-30 11:00 - 0000000 ____D C:\Program Files (x86)\Origin Games
2012-02-17 12:31 - 2011-09-30 11:03 - 0000000 ____D C:\Users\DJ Bassel\AppData\Roaming\Origin
2012-02-16 22:38 - 2012-03-13 16:46 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-13 16:46 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-13 16:46 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-13 16:46 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-16 20:35 - 2012-02-16 20:35 - 0019835 ____A C:\Users\DJ Bassel\Downloads\Cocaine_Cowboys.3575507.TPB.torrent
2012-02-16 19:41 - 2012-02-16 19:41 - 0000000 ____D C:\Users\DJ Bassel\Documents\EA Games
2012-02-16 16:33 - 2012-02-16 16:33 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Feb16-19-33-19.wbb
2012-02-16 06:09 - 2012-02-16 06:09 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{BD9A3978-B579-490A-ABC8-5E70187CB829}
2012-02-16 06:07 - 2010-08-12 10:23 - 0000174 ___SH C:\Users\DJ Bassel\Start Menu\Programs\Startup\desktop.ini
2012-02-16 06:07 - 2010-08-12 10:23 - 0000174 ___SH C:\Users\DJ Bassel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-16 00:30 - 2010-08-28 10:11 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-15 17:39 - 2012-02-15 17:39 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{C2A15A12-F30E-44C4-9753-76250754F534}
2012-02-15 17:39 - 2012-02-15 17:39 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{428D422B-EE84-4ABE-AD48-FC2C35840AB5}
2012-02-15 16:14 - 2012-02-15 16:14 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Feb15-19-14-43.wbb
2012-02-14 20:23 - 2012-02-14 20:23 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\EA Games
2012-02-14 18:05 - 2012-02-14 18:05 - 16507904 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-02-14 18:05 - 2012-02-14 18:05 - 0069632 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-02-14 18:05 - 2012-02-14 18:05 - 0061952 ____A C:\Windows\System32\OVDecode64.dll
2012-02-14 18:05 - 2012-02-14 18:05 - 0059904 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-02-14 18:05 - 2012-02-14 18:05 - 0054784 ____A C:\Windows\SysWOW64\OVDecode.dll
2012-02-14 18:04 - 2012-02-14 18:04 - 13238272 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-02-14 18:03 - 2012-02-14 18:03 - 0054272 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-02-14 18:03 - 2012-02-14 18:03 - 0048128 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-02-14 16:07 - 2012-02-14 16:07 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Feb14-19-07-37.wbb
2012-02-13 16:05 - 2012-02-13 16:05 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Feb13-19-05-03.wbb
2012-02-13 08:34 - 2011-11-21 12:23 - 0000000 ____D C:\Users\DJ Bassel\SCP3
2012-02-12 21:07 - 2012-02-12 21:07 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{AFE73981-0C8C-4130-9515-5BFDD6A7B885}
2012-02-12 15:44 - 2012-02-12 15:44 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Feb12-18-44-25.wbb
2012-02-11 15:41 - 2012-02-11 15:41 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Feb11-18-41-17.wbb
2012-02-11 04:34 - 2012-02-11 04:34 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{2E3E143D-0DF1-4B85-9B35-4CEC050F826F}
2012-02-11 04:34 - 2012-02-11 04:34 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{1AE4B6AA-E20F-476E-963A-4611D7167B45}
2012-02-10 16:33 - 2012-02-10 16:33 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{40F672D6-0219-414F-A8A9-9D1FDA40962A}
2012-02-10 16:33 - 2012-02-10 16:33 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{0667E3C7-21B5-4FC8-B527-57423884A2FA}
2012-02-10 15:37 - 2012-02-10 15:37 - 0001035 ____A C:\Windows\SysWOW64\CM-Backup2-1982663-12Feb10-18-37-56.wbb
2012-02-10 15:02 - 2012-02-10 15:00 - 124203335 ____A C:\Users\DJ Bassel\Downloads\ASAP_Rocky_-_Live_Love_ASAP.zip
2012-02-09 22:36 - 2012-03-13 16:47 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-03-13 16:47 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-08 06:52 - 2012-02-08 06:51 - 0227097 ____A C:\Users\DJ Bassel\Desktop\Inverted pendulum2.jpeg
2012-02-08 06:40 - 2012-02-08 06:40 - 0233658 ____A C:\Users\DJ Bassel\Desktop\Inverted pendulum.jpeg
2012-02-08 04:53 - 2012-02-08 04:53 - 1312229 ____A C:\Users\DJ Bassel\Downloads\Wheel_Tire.zip
2012-02-08 04:53 - 2012-02-08 04:53 - 0000000 ____D C:\Users\DJ Bassel\Downloads\Wheel_Tire
2012-02-08 04:51 - 2012-02-08 04:51 - 1248024 ____A C:\Users\DJ Bassel\Downloads\Wheel_Rim.zip
2012-02-08 04:51 - 2012-02-08 04:51 - 0000000 ____D C:\Users\DJ Bassel\Downloads\Wheel_Rim
2012-02-08 04:29 - 2012-02-08 04:29 - 0050075 ____A C:\Users\DJ Bassel\Downloads\181aa36d3fe1f44a01e97eccbd319cff.zip
2012-02-08 04:29 - 2012-02-08 04:29 - 0000000 ____D C:\Users\DJ Bassel\Downloads\181aa36d3fe1f44a01e97eccbd319cff
2012-02-07 18:36 - 2011-09-18 14:59 - 0000000 ____D C:\Program Files (x86)\LogMeIn
2012-02-07 15:48 - 2011-09-18 15:00 - 0087456 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
2012-02-07 15:48 - 2011-09-18 15:00 - 0080768 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2012-02-07 15:48 - 2011-09-18 15:00 - 0034688 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
2012-02-07 11:14 - 2010-11-18 16:37 - 0000000 ____D C:\Users\DJ Bassel\th-thursday
2012-02-03 03:01 - 2012-02-03 03:00 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{18075AC1-00F0-449E-8D4D-A52D0D88D25F}
2012-02-03 03:00 - 2012-02-03 03:00 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{B8903DD7-FE8A-4A02-9DDD-7CBDE786F191}
2012-02-02 22:58 - 2012-02-02 22:58 - 0018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2012-02-02 22:58 - 2012-02-02 22:58 - 0000235 ____A C:\Windows\LkmdfCoInst.log
2012-02-02 22:58 - 2012-02-02 22:58 - 0000000 ____D C:\Users\DJ Bassel\AppData\Roaming\Leadertech
2012-02-02 22:58 - 2012-02-02 22:58 - 0000000 ____D C:\Users\All Users\Logitech
2012-02-02 22:58 - 2012-02-02 22:58 - 0000000 ____D C:\ProgramData\Logitech
2012-02-02 22:58 - 2012-02-02 22:57 - 0007525 ____A C:\Windows\LDPINST.LOG
2012-02-02 22:58 - 2012-02-02 22:57 - 0000000 ____D C:\Users\Public\Documents\LogiShrd
2012-02-02 22:58 - 2012-02-02 22:56 - 0000000 ____D C:\Users\All Users\Logishrd
2012-02-02 22:58 - 2012-02-02 22:56 - 0000000 ____D C:\ProgramData\Logishrd
2012-02-02 22:58 - 2012-02-02 22:56 - 0000000 ____D C:\Program Files\Common Files\Logishrd
2012-02-02 22:58 - 2012-02-02 22:52 - 0000000 ____D C:\Users\DJ Bassel\AppData\Roaming\Logitech
2012-02-02 22:57 - 2012-02-02 22:56 - 0000000 ____D C:\Program Files\Logitech
2012-02-02 22:54 - 2012-02-02 22:52 - 0000000 ____D C:\Users\DJ Bassel\AppData\Roaming\Logishrd
2012-02-02 22:53 - 2012-02-02 22:53 - 4210480 ____A (Logitech Inc.) C:\Users\DJ Bassel\Downloads\scroll_app_smart_3.00.31.exe
2012-02-02 20:34 - 2012-03-13 16:47 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-02 13:03 - 2012-02-02 13:03 - 0000000 ____D C:\Users\DJ Bassel\Tyler's patches
2012-02-02 08:44 - 2012-02-02 08:44 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{3C59A715-7170-4F9B-A215-98762A084C64}
2012-02-02 08:44 - 2012-02-02 08:44 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{1B6B3F9E-E0F5-4577-833D-B2BC1C9AF53D}
2012-02-01 17:31 - 2012-02-01 17:31 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{ED55102F-0986-4FE4-B5AD-61C04947A1E2}
2012-02-01 17:31 - 2012-02-01 17:30 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{F3EB1B1E-298F-4504-8D95-2208227A36A0}
2012-01-31 02:02 - 2012-01-31 02:02 - 0021504 ____A C:\Windows\System32\kdbsdk64.dll
2012-01-31 02:00 - 2012-01-31 02:00 - 0016896 ____A C:\Windows\SysWOW64\kdbsdk32.dll
2012-01-30 17:18 - 2012-01-30 17:18 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{CB06CBF6-9E29-40A7-A7EB-9564BE32ADBB}
2012-01-30 17:18 - 2012-01-30 17:18 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{B814E3FF-88AA-43B4-B3A0-820E82EDEBF3}
2012-01-30 11:50 - 2012-01-30 11:50 - 1348096 ____A C:\Users\DJ Bassel\Downloads\Chp1_and_2 Electronic Instrumentation.ppt
2012-01-30 11:50 - 2012-01-30 11:50 - 0729354 ____A C:\Users\DJ Bassel\Downloads\Chp1_and_2 Electronic Instrumentation.pptm
2012-01-30 11:11 - 2012-01-30 11:11 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{1B79BDE1-99A2-4858-A69F-670D7FF693F9}
2012-01-29 11:34 - 2012-01-29 11:34 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{EAE326BA-8D90-4555-91D1-982CCB23210F}
2012-01-28 21:28 - 2010-10-26 15:26 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\SKIDROW
2012-01-28 21:14 - 2012-01-28 21:14 - 0604785 ____A C:\Users\DJ Bassel\Desktop\scrilla.png
2012-01-28 20:39 - 2012-01-28 20:20 - 0000000 ____D C:\Users\DJ Bassel\Downloads\Dropbox old files
2012-01-28 20:11 - 2012-01-28 19:03 - 274919175 ____A C:\Users\DJ Bassel\Desktop\Scrilla Ft. Young Jeezy - I Ball I Stunt (Bassel Remix).wmv
2012-01-28 20:11 - 2012-01-28 15:09 - 0101416 ____A C:\Users\DJ Bassel\Documents\scrilla.veg
2012-01-28 19:00 - 2012-01-28 18:59 - 1253487 ____A C:\Users\DJ Bassel\Desktop\asdf.wmv
2012-01-28 18:53 - 2012-01-28 15:09 - 0097328 ____A C:\Users\DJ Bassel\Documents\scrilla.veg.bak
2012-01-28 18:43 - 2012-01-28 18:12 - 164231065 ____A C:\Users\DJ Bassel\Desktop\I ball, I stunt (Final).wmv
2012-01-28 16:38 - 2012-01-28 16:19 - 0007576 ____A C:\Users\DJ Bassel\Documents\bass2.wmv.sfk
2012-01-28 16:19 - 2012-01-28 16:12 - 0007576 ____A C:\Users\DJ Bassel\Documents\bass.wmv.sfk
2012-01-28 14:46 - 2012-01-28 14:45 - 0365056 ____A C:\Users\DJ Bassel\Desktop\scrilla-Dirtyweb.mov.sfk
2012-01-28 14:45 - 2012-01-28 14:45 - 0001409 ____A C:\Windows\QTFont.for
2012-01-28 14:41 - 2012-01-28 14:41 - 23344432 ____A (Apple Inc.) C:\Users\DJ Bassel\Downloads\QuickTimeInstaller.exe
2012-01-28 14:28 - 2012-01-28 14:28 - 0000000 ____D C:\Users\DJ Bassel\AppData\Roaming\ImTOO
2012-01-28 14:27 - 2012-01-28 14:27 - 0002051 ___AH C:\Users\Public\Desktop\ImTOO MOV Converter.lnk
2012-01-28 14:26 - 2012-01-28 14:26 - 34889081 ____A C:\Users\DJ Bassel\Downloads\mov-converter6.exe
2012-01-28 14:26 - 2012-01-28 14:26 - 0000000 ____D C:\Users\All Users\ImTOO
2012-01-28 14:26 - 2012-01-28 14:26 - 0000000 ____D C:\ProgramData\ImTOO
2012-01-28 14:26 - 2012-01-28 14:26 - 0000000 ____D C:\Program Files (x86)\ImTOO
2012-01-28 14:16 - 2012-01-28 14:16 - 0001405 ____A C:\Users\DJ Bassel\Desktop\WinX Free MOV to WMV Converter.lnk
2012-01-28 14:15 - 2012-01-28 14:15 - 0014736 ____A C:\Users\DJ Bassel\Documents\test.veg
2012-01-28 14:15 - 2012-01-28 14:15 - 0000174 ____A C:\Users\DJ Bassel\Documents\User.kad
2012-01-28 14:15 - 2012-01-28 14:15 - 0000000 ____D C:\Program Files (x86)\Digiarty
2012-01-28 14:13 - 2012-01-28 14:13 - 8249312 ____A (Digiarty Software,Inc. ) C:\Users\DJ Bassel\Downloads\winx-mov-to-wmv.exe
2012-01-28 14:11 - 2012-01-28 14:11 - 0001120 ____A C:\Users\DJ Bassel\Desktop\Free FLV Converter.lnk
2012-01-28 14:11 - 2012-01-28 14:11 - 0000000 ____D C:\Users\DJ Bassel\AppData\Roaming\FreeFLVConverter
2012-01-28 14:11 - 2012-01-28 14:11 - 0000000 ____D C:\Program Files (x86)\Free FLV Converter
2012-01-28 14:10 - 2012-01-28 14:10 - 0406872 ____A (${COMPANY_NAME}) C:\Users\DJ Bassel\Downloads\Setup_FreeFlvConverter.exe
2012-01-28 14:10 - 2012-01-28 14:09 - 0463080 ____A (CNET Download.com) C:\Users\DJ Bassel\Downloads\cnet2_Setup_FreeFlvConverter_exe.exe
2012-01-28 14:01 - 2010-09-04 17:56 - 0000016 ____A C:\Windows\SysWOW64\w3data.vss
2012-01-28 14:01 - 2010-09-04 17:56 - 0000016 ____A C:\Windows\SysWOW64\msvcsv60.dll
2012-01-28 14:01 - 2010-09-04 17:56 - 0000016 ____A C:\Windows\msocreg32.dat
2012-01-28 14:00 - 2010-08-13 22:46 - 0000000 ____D C:\Program Files (x86)\VstPlugins
2012-01-28 13:56 - 2012-01-28 11:01 - 0002568 ____A C:\Users\DJ Bassel\Documents\Register Vegas Pro.htm
2012-01-28 13:49 - 2012-01-28 13:49 - 0001939 ____A C:\Users\DJ Bassel\Desktop\Vegas Pro 8.0.lnk
2012-01-28 13:47 - 2012-01-28 10:55 - 0000000 ____D C:\Program Files (x86)\Sony
2012-01-28 13:45 - 2012-01-28 13:45 - 0000000 ____D C:\Program Files (x86)\Sony Setup
2012-01-28 13:45 - 2012-01-28 13:19 - 0024296 ____A C:\Users\DJ Bassel\Documents\Scrilla Feat. Young Jeezy - I Ball, I stunt.veg
2012-01-28 13:34 - 2012-01-28 13:34 - 0000068 ____A C:\Users\DJ Bassel\Documents\Scrilla Feat. Young Jeezy - I Ball, I stunt.avi.sfl
2012-01-28 13:34 - 2012-01-28 12:12 - 0000000 ____D C:\Users\DJ Bassel\AppData\Roaming\Sony
2012-01-28 13:19 - 2012-01-28 13:19 - 0019392 ____A C:\Users\DJ Bassel\Documents\Scrilla Feat. Young Jeezy - I Ball, I stunt.veg.bak
2012-01-28 13:07 - 2012-01-28 13:04 - 0365056 ____A C:\Users\DJ Bassel\Downloads\scrilla-Dirtyweb.mov.sfk
2012-01-28 13:07 - 2012-01-28 13:04 - 0351640 ____A C:\Users\DJ Bassel\Desktop\I ball I stunt (Final).mp3.sfk
2012-01-28 13:03 - 2012-01-28 13:03 - 0000000 ____D C:\Users\DJ Bassel\AppData\Roaming\Publish Providers
2012-01-28 13:03 - 2012-01-28 13:03 - 0000000 ____D C:\Users\All Users\Sony
2012-01-28 13:03 - 2012-01-28 13:03 - 0000000 ____D C:\ProgramData\Sony
2012-01-28 13:02 - 2012-01-28 13:01 - 118392240 ____A (Sony Creative Software Inc.) C:\Users\DJ Bassel\Downloads\vegaspro80c-trial_enu.exe
2012-01-28 13:01 - 2012-01-28 13:01 - 0141918 ____A C:\Users\DJ Bassel\Downloads\Sony Vegas Pro 8.0c Build 260_Keygen_H33T_-MasterUploader.rar
2012-01-28 12:48 - 2012-01-28 12:48 - 0000000 ____D C:\Users\DJ Bassel\AppData\Roaming\Sony Creative Software Inc
2012-01-28 12:38 - 2012-01-28 12:38 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{AFE90300-F9E1-409F-8573-945DB2DC020B}
2012-01-28 12:38 - 2012-01-28 12:38 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{1F2368BC-4AA1-4944-8522-CC377CECC06D}
2012-01-28 12:22 - 2012-01-28 12:22 - 0000000 ____D C:\Users\DJ Bassel\Desktop\predator presets
2012-01-28 12:16 - 2012-01-28 12:13 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\Sony
2012-01-28 12:13 - 2012-01-28 12:13 - 0001087 ___AH C:\Users\Public\Desktop\Vegas Pro 11.0.lnk
2012-01-28 12:01 - 2012-01-28 12:01 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{73973670-704C-4C37-84D4-CBA9C949921D}
2012-01-28 12:01 - 2012-01-28 12:01 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{3D9C6C46-1340-4BCF-855F-9E9A80AD4876}
2012-01-28 11:43 - 2012-01-28 14:38 - 193274840 ____A C:\Users\DJ Bassel\Desktop\scrilla-Dirtyweb.mov
2012-01-28 11:43 - 2012-01-21 08:11 - 193274840 ____A C:\Users\DJ Bassel\Downloads\scrilla-Dirtyweb.mov
2012-01-28 11:42 - 2010-08-12 11:58 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\Adobe
2012-01-28 11:40 - 2012-01-28 11:40 - 0000000 ____D C:\Adobe After Effects CS5.5
2012-01-28 11:40 - 2010-08-12 11:58 - 0000000 ____D C:\Users\DJ Bassel\AppData\Roaming\Adobe
2012-01-28 09:55 - 2010-11-12 13:46 - 0005642 __ASH C:\Users\All Users\KGyGaAvL.sys
2012-01-28 09:55 - 2010-11-12 13:46 - 0005642 __ASH C:\ProgramData\KGyGaAvL.sys
2012-01-27 14:46 - 2012-01-27 14:46 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{A7A54A53-9EA1-4E96-B336-7BB106F6DB7D}
2012-01-27 14:46 - 2012-01-27 14:46 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{1CB99478-51FC-499C-9898-5F398DD36E81}
2012-01-27 00:17 - 2012-01-27 00:17 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{DF882042-8087-4EA5-817A-786FBB5491A3}
2012-01-27 00:17 - 2012-01-27 00:16 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{9F08E561-3F6F-4048-89A0-A09579D5A2AE}
2012-01-26 12:15 - 2012-01-26 12:15 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{B240F323-4AD8-4D3F-84D7-CE6E658432D7}
2012-01-26 12:15 - 2012-01-26 12:15 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{AD212455-8821-47B1-A63F-8E6167D97877}
2012-01-26 11:41 - 2012-01-26 11:41 - 0031886 ____A C:\Users\DJ Bassel\Downloads\_-Demonoid.me-_Madonna_Studio_Discography_(320)_7325990.8028.torrent
2012-01-26 09:45 - 2012-01-26 09:44 - 0018294 ____A C:\Users\DJ Bassel\Downloads\Madonna_Studio_Discography_(320)-[[Demonoid.me]]_7325990.8028.torrent
2012-01-26 09:33 - 2012-01-26 09:33 - 0011925 ____A C:\Users\DJ Bassel\Downloads\BD55A17801F0B0BEF7EFDA03D12426F433C26534.torrent
2012-01-26 09:26 - 2012-01-26 09:27 - 0007650 ____A C:\Users\DJ Bassel\Downloads\FE80B39216821885B9A4E1338430F9A273E08CFD.torrent
2012-01-25 22:51 - 2012-01-25 22:50 - 105103058 ____A C:\Users\DJ Bassel\Desktop\1.zip
2012-01-25 20:38 - 2011-09-30 11:00 - 0001549 ____A C:\Windows\KB893803v2.log
2012-01-25 20:38 - 2011-09-30 11:00 - 0000000 ____D C:\Program Files (x86)\Origin
2012-01-25 20:36 - 2011-12-01 23:53 - 0000000 ____D C:\AMD
2012-01-25 20:07 - 2012-01-25 20:07 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{B6C40E6F-7532-4BF2-9368-5BBAE222FBAE}
2012-01-25 20:07 - 2012-01-25 20:07 - 0000000 ___HD C:\Users\DJ Bassel\AppData\Local\{24C6DC70-7BAF-4513-8DF5-8EC19290C277}

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 4094.18 MB
Available physical RAM: 3489.21 MB
Total Pagefile: 4092.33 MB
Available Pagefile: 3483.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

2 Drive c: (Storage) (Fixed) (Total:465.75 GB) (Free:8.7 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
4 Drive e: (SPINRITE V6) (Removable) (Total:0.48 GB) (Free:0.29 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB
Disk 1 Online 492 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 1024 KB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Storage NTFS Partition 465 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 491 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E SPINRITE V6 FAT32 Removable 491 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-08 22:43

======================= End Of Log ==========================

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:14 AM

Posted 23 April 2012 - 08:32 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ==> ZeroAccess
1 qrmewunx; C:\Windows\System32\Drivers\qrmewunx.sys [50000 2012-04-20] (Microsoft Corporation)
1 tryjhksi; C:\Windows\System32\Drivers\tryjhksi.sys [50000 2012-04-20] (Microsoft Corporation)
1 kauxzplv; \??\C:\Windows\system32\drivers\kauxzplv.sys [x]
C:\Windows\System32\Drivers\qrmewunx.sys
C:\Windows\System32\Drivers\tryjhksi.sys
CMD: Del /q C:\Windows\Tasks\At*.job


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Balah

Balah
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 23 April 2012 - 10:00 PM

Windows is booting now. Here is the log you requested:

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 22-04-2012
Ran by SYSTEM at 2012-04-23 20:57:02 R:1
Running from E:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
qrmewunx service deleted successfully.
tryjhksi service deleted successfully.
kauxzplv service deleted successfully.
C:\Windows\System32\Drivers\qrmewunx.sys moved successfully.
C:\Windows\System32\Drivers\tryjhksi.sys moved successfully.

========= Del /q C:\Windows\Tasks\At*.job =========


========= End of CMD: =========


==== End of Fixlog ====

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:14 AM

Posted 23 April 2012 - 10:19 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Balah

Balah
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 23 April 2012 - 11:08 PM

I didn't have any problems running Combofix, here is the log:

ComboFix 12-04-23.03 - DJ Bassel 04/23/2012 23:26:46.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.2669 [GMT -4:00]
Running from: E:\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\SearchToolbar.dll
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
c:\programdata\DYA_PPGNOHWWWWJRTBLBR
c:\programdata\DYA_PPGNOHWWWWJRTBLBR\1.0.0\Data\app.dat
c:\programdata\DYA_PPGNOHWWWWJRTBLBR\1.0.0\Data\updates.dat
c:\programdata\F4D55F3B000435DB58E02439B4EB2331
c:\programdata\F4D55F3B000435DB58E02439B4EB2331\F4D55F3B000435DB58E02439B4EB2331
c:\programdata\F4D55F3B000435DB58E02439B4EB2331\F4D55F3B000435DB58E02439B4EB2331.exe
c:\users\DJ Bassel\AppData\Roaming\DYA_PPGNOHWWWWJRTBLBR
c:\users\DJ Bassel\AppData\Roaming\DYA_PPGNOHWWWWJRTBLBR\1.0.0\Data\dya.dat
c:\users\DJ Bassel\AppData\Roaming\Mozilla\Firefox\Profiles\qaczfagz.default\searchplugins\bing-zugo.xml
c:\users\DJ Bassel\AppData\Roaming\Mozilla\Firefox\Profiles\qaczfagz.default\weave\toFetch
c:\users\DJ Bassel\AppData\Roaming\Mozilla\Firefox\Profiles\qaczfagz.default\weave\toFetch\clients.json
c:\users\DJ Bassel\AppData\Roaming\Mozilla\Firefox\Profiles\qaczfagz.default\weave\toFetch\tabs.json
c:\users\DJ Bassel\how to replace explorer.exe .txt
c:\users\DJ Bassel\Rusko - Hold on .mp3
c:\users\DJ Bassel\TubeToolboxSetup.EXE
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\svchost.exe
c:\windows\SysWow64\msvcsv60.dll
c:\windows\SysWow64\urttemp
c:\windows\SysWow64\urttemp\regtlib.exe
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2012-03-24 to 2012-04-24 )))))))))))))))))))))))))))))))
.
.
2012-04-24 03:09 . 2012-04-24 03:41 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1AFAD3D4-0373-4BE4-A2EE-F0A5B85C75C0}\offreg.dll
2012-04-24 02:51 . 2012-04-13 05:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-24 02:51 . 2012-04-13 05:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1AFAD3D4-0373-4BE4-A2EE-F0A5B85C75C0}\mpengine.dll
2012-04-24 02:34 . 2012-04-24 02:38 -------- d-----w- C:\FRST
2012-04-21 01:13 . 2012-04-21 01:12 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1029A0B4-5927-46E8-A512-54B4FEECB516}\gapaengine.dll
2012-04-21 01:06 . 2012-04-21 01:06 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-04-21 01:06 . 2012-04-21 01:07 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-21 00:38 . 2012-04-21 00:38 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-21 00:38 . 2012-04-21 00:38 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-04-08 07:43 . 2012-04-08 07:43 -------- d-----w- C:\e
2012-04-08 06:31 . 2012-04-08 06:31 -------- d-----w- C:\Data
2012-04-07 16:39 . 2012-04-07 16:39 -------- d-----we c:\windows\system64
2012-04-04 11:42 . 2012-04-04 11:42 -------- d-----w- c:\program files (x86)\RealNetworks
2012-04-04 06:14 . 2012-04-04 06:14 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-03-29 17:55 . 2012-04-24 02:54 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-29 16:58 . 2012-04-24 02:54 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-27 23:19 . 2012-03-27 23:19 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-03-27 23:18 . 2012-03-27 23:18 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2012-03-27 23:16 . 2012-03-27 23:16 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-24 02:54 . 2011-05-13 16:59 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 14:18 . 2011-03-14 23:16 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 00:46 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 00:46 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 00:46 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 00:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 02:05 . 2012-02-15 02:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-02-15 02:05 . 2012-02-15 02:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-02-15 02:05 . 2012-02-15 02:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-02-15 02:05 . 2012-02-15 02:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-02-15 02:05 . 2012-02-15 02:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll
2012-02-15 02:04 . 2012-02-15 02:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-02-15 02:03 . 2012-02-15 02:03 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-15 02:03 . 2012-02-15 02:03 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-02-10 06:36 . 2012-03-14 00:47 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 00:47 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 23:48 . 2011-09-18 23:00 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-07 23:48 . 2011-09-18 23:00 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-02-07 23:48 . 2011-09-18 23:00 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-02-03 06:58 . 2012-02-03 06:58 53248 ----a-r- c:\users\DJ Bassel\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-02-03 06:58 . 2012-02-03 06:58 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-02-03 04:34 . 2012-03-14 00:47 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 10:02 . 2012-01-31 10:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-31 10:00 . 2012-01-31 10:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-01-28 22:45 . 2012-01-28 22:45 1409 ----a-w- c:\windows\QTFont.for
2012-01-28 17:55 . 2010-11-12 21:46 5642 --sha-w- c:\programdata\KGyGaAvL.sys
2012-01-25 06:38 . 2012-03-14 00:46 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 00:46 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 00:46 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2b2505fa-fd68-0144-9128-cd617bdca8c2}"= "c:\program files (x86)\SocialRibbons LP2\Helper.dll" [2011-07-23 357376]
.
[HKEY_CLASSES_ROOT\clsid\{2b2505fa-fd68-0144-9128-cd617bdca8c2}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{7417B7F0-ECA1-9B24-2D81-E808C1268687}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{AE92E5DE-20F7-9934-D515-7BE13880A842}]
2011-07-23 18:49 1534976 ----a-w- c:\program files (x86)\SocialRibbons LP2\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 02:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\DJ Bassel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\DJ Bassel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\DJ Bassel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\DJ Bassel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-23 740216]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Audiogalaxy"="c:\users\DJ Bassel\AppData\Local\Audiogalaxy\Audiogalaxy.exe" [2011-12-13 2955496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Standby"="c:\program files (x86)\Common Files\Corel\Standby\Standby.exe" [2009-12-17 105632]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"TkBellExe"="c:\program files (x86)\Real\realplayer\update\realsched.exe" [2011-12-07 296056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA&inst=NwA3AC0AMwA4ADQAMQAxADEANwAwADAALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAxAA&prod=90&ver=9.0.894" [?]
.
c:\users\DJ Bassel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\DJ Bassel\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-4-12 26950560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-2-6 100352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 253088]
R3 ak1avs_x64;ak1avs_x64;c:\windows\system32\Drivers\ak1avs_x64.sys [x]
R3 ak1usb_x64;ak1usb_x64;c:\windows\system32\Drivers\ak1usb_x64.sys [x]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [x]
R3 AtiDCM;AtiDCM;c:\users\DJ Bassel\AppData\Local\Temp\atdcm64a.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-09-01 1436424]
R3 kx1avs_x64;kx1avs_x64;c:\windows\system32\Drivers\kx1avs_x64.sys [x]
R3 kx1usb_x64;kx1usb_x64;c:\windows\system32\Drivers\kx1usb_x64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PaeFireStudio;PreSonus FireStudio;c:\windows\system32\Drivers\PaeFireStudio.sys [x]
R3 PaeFireStudioAudio;PreSonus FireStudio Audio;c:\windows\system32\drivers\PaeFireStudioAudio.sys [x]
R3 PaeFireStudioMidi;PreSonus FireStudio MIDI;c:\windows\system32\drivers\PaeFireStudioMidi.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2011-07-06 2304912]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-02-07 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-01-11 15928]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-03-25 5018624]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 03:54]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4141819445-1412386313-5753979-1000Core.job
- c:\users\DJ Bassel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 02:45]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4141819445-1412386313-5753979-1000UA.job
- c:\users\DJ Bassel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 02:45]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\DJ Bassel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\DJ Bassel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\DJ Bassel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\DJ Bassel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-01-11 57928]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Locate Spot on Map by GPS - c:\program files (x86)\Opanda\IExif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files (x86)\Opanda\IExif 2.3\IExifCom.htm
TCP: DhcpNameServer = 192.168.63.1
FF - ProfilePath - c:\users\DJ Bassel\AppData\Roaming\Mozilla\Firefox\Profiles\qaczfagz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3052046&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3052046&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(extentions.y2layers.installId, 4ae946cf-e37a-4360-8b6f-3c74f2d09fc9
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{da566842-d620-41bf-8a10-149cfa14035d} - (no file)
Wow6432Node-HKCU-Run-Universal Control - c:\users\DJ Bassel\Desktop\UniversalControl.exe
Wow6432Node-HKLM-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
Wow6432Node-HKLM-Run-CGWGCnHLqP.exe - c:\programdata\CGWGCnHLqP.exe
Wow6432Node-HKLM-Run-aTQDlCiEjSchAAD.exe - c:\programdata\aTQDlCiEjSchAAD.exe
Wow6432Node-HKLM-Run-jFRhCecXBQMsfL.exe - c:\programdata\jFRhCecXBQMsfL.exe
Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
Wow6432Node-HKU-Default-RunOnce-F4D55F3B000435DB58E02439B4EB2331 - c:\programdata\F4D55F3B000435DB58E02439B4EB2331\F4D55F3B000435DB58E02439B4EB2331.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Dead Space 2_is1 - z:\games\Dead Space 2\unins000.exe
AddRemove-Native Instruments - Audio Kontrol 1 Driver - c:\program files (x86)\Native Instruments\Audio Kontrol 1 Driver\uninst.exe Software\Native Instruments\Audio Kontrol 1 Driver\Setup
AddRemove-Saints Row The Third_is1 - z:\games\THQ\Saints Row The Third\unins000.exe
AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-{EC015649-3B3C-4611-9C66-453F8011E944} - c:\programdata\{BF329843-149E-4A5A-82A1-0250286442D0}\Kontakt 4 Setup PC.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{9D425283-D487-4337-BAB6-AB8354A81457}"=hex:51,66,7a,6c,4c,1d,38,12,ed,51,51,
99,b5,9a,59,06,c5,a0,e8,c3,51,f6,50,43
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{1631550F-191D-4826-B069-D9439253D926}"=hex:51,66,7a,6c,4c,1d,38,12,61,56,22,
12,2f,57,48,0d,cf,7f,9a,03,97,0d,9d,32
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AE92E5DE-20F7-9934-D515-7BE13880A842}"=hex:51,66,7a,6c,4c,1d,38,12,b0,e6,81,
aa,c5,6e,5a,dc,aa,03,38,a1,3d,de,ec,56
"{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}"=hex:51,66,7a,6c,4c,1d,38,12,92,9a,85,
b0,57,58,7a,01,de,dd,87,e2,a1,ff,7a,f8
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:4f,1d,91,ec,4d,15,cd,01
.
[HKEY_USERS\S-1-5-21-4141819445-1412386313-5753979-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4141819445-1412386313-5753979-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-4141819445-1412386313-5753979-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:7d,5b,34,27,36,2d,0a,77,e2,a5,dc,76,5b,0d,d1,5b,6a,09,85,cb,a7,4b,ed,
e9,e5,ab,c5,2f,36,89,af,7a,a0,37,2f,56,43,44,83,8d,8b,69,47,0d,da,eb,e5,f8,\
"??"=hex:76,94,67,95,89,e7,0b,17,fc,e1,6b,50,84,ee,8f,3a
.
[HKEY_USERS\S-1-5-21-4141819445-1412386313-5753979-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:9c,0c,90,75,bf,df,11,41,99,b7,0f,aa,5d,bd,2e,aa,84,d2,03,b1,cf,
6b,9c,2d,23,a4,9a,77,b6,21,52,17,7b,b0,76,58,54,5b,39,d6,47,ce,58,de,b7,e3,\
"rkeysecu"=hex:e4,72,48,b4,58,a4,47,3b,72,87,4d,58,d0,8c,1d,91
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
.
**************************************************************************
.
Completion time: 2012-04-24 00:00:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-24 04:00
.
Pre-Run: 12,711,739,392 bytes free
Post-Run: 12,353,695,744 bytes free
.
- - End Of File - - 917C724981BBCA26F67E9191C60BC335


The computer seems to be running well at the moment.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:14 AM

Posted 23 April 2012 - 11:10 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Balah

Balah
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 24 April 2012 - 12:06 PM

TDSSKiller log:

13:02:45.0173 3152 TDSS rootkit removing tool 2.7.32.0 Apr 23 2012 19:12:34
13:02:45.0689 3152 ============================================================
13:02:45.0689 3152 Current date / time: 2012/04/25 13:02:45.0689
13:02:45.0689 3152 SystemInfo:
13:02:45.0689 3152
13:02:45.0689 3152 OS Version: 6.1.7601 ServicePack: 1.0
13:02:45.0689 3152 Product type: Workstation
13:02:45.0689 3152 ComputerName: DJBASSEL-STUDIO
13:02:45.0689 3152 UserName: DJ Bassel
13:02:45.0689 3152 Windows directory: C:\Windows
13:02:45.0689 3152 System windows directory: C:\Windows
13:02:45.0689 3152 Running under WOW64
13:02:45.0689 3152 Processor architecture: Intel x64
13:02:45.0689 3152 Number of processors: 2
13:02:45.0689 3152 Page size: 0x1000
13:02:45.0689 3152 Boot type: Normal boot
13:02:45.0689 3152 ============================================================
13:02:46.0346 3152 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:02:51.0018 3152 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:02:51.0081 3152 Drive \Device\Harddisk2\DR2 - Size: 0x1EC00000 (0.48 Gb), SectorSize: 0x200, Cylinders: 0x3E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:02:51.0081 3152 ============================================================
13:02:51.0081 3152 \Device\Harddisk1\DR1:
13:02:51.0081 3152 MBR partitions:
13:02:51.0081 3152 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
13:02:51.0081 3152 \Device\Harddisk0\DR0:
13:02:51.0081 3152 MBR partitions:
13:02:51.0081 3152 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
13:02:51.0081 3152 \Device\Harddisk2\DR2:
13:02:51.0081 3152 MBR partitions:
13:02:51.0081 3152 \Device\Harddisk2\DR2\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xF5FE0
13:02:51.0081 3152 ============================================================
13:02:51.0127 3152 C: <-> \Device\Harddisk1\DR1\Partition0
13:02:51.0127 3152 Z: <-> \Device\Harddisk0\DR0\Partition0
13:02:51.0127 3152 ============================================================
13:02:51.0127 3152 Initialize success
13:02:51.0127 3152 ============================================================
13:02:52.0252 4984 ============================================================
13:02:52.0252 4984 Scan started
13:02:52.0252 4984 Mode: Manual;
13:02:52.0252 4984 ============================================================
13:02:54.0393 4984 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:02:54.0409 4984 1394ohci - ok
13:02:54.0471 4984 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:02:54.0487 4984 ACPI - ok
13:02:54.0518 4984 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:02:54.0518 4984 AcpiPmi - ok
13:02:54.0612 4984 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
13:02:54.0612 4984 adfs - ok
13:02:54.0737 4984 Adobe LM Service (4ae327c9c375d985ff2a2aab92765218) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
13:02:54.0893 4984 Adobe LM Service - ok
13:02:55.0034 4984 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:02:55.0034 4984 AdobeARMservice - ok
13:02:55.0362 4984 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:02:55.0362 4984 AdobeFlashPlayerUpdateSvc - ok
13:02:55.0502 4984 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:02:55.0518 4984 adp94xx - ok
13:02:55.0565 4984 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:02:55.0581 4984 adpahci - ok
13:02:55.0627 4984 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:02:55.0643 4984 adpu320 - ok
13:02:55.0659 4984 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:02:55.0659 4984 AeLookupSvc - ok
13:02:55.0737 4984 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:02:55.0752 4984 AFD - ok
13:02:55.0799 4984 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:02:55.0799 4984 agp440 - ok
13:02:55.0846 4984 ak1avs_x64 (565e30a02beaa5276944faf31f268586) C:\Windows\system32\Drivers\ak1avs_x64.sys
13:02:55.0862 4984 ak1avs_x64 - ok
13:02:55.0909 4984 ak1usb_x64 (f2733612e6c0d04713eb0c1f43f4a453) C:\Windows\system32\Drivers\ak1usb_x64.sys
13:02:55.0924 4984 ak1usb_x64 - ok
13:02:55.0956 4984 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:02:55.0956 4984 ALG - ok
13:02:55.0987 4984 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:02:56.0002 4984 aliide - ok
13:02:56.0065 4984 AMD External Events Utility (b5e2434fc851698c1f119cf1c3935a50) C:\Windows\system32\atiesrxx.exe
13:02:56.0081 4984 AMD External Events Utility - ok
13:02:56.0096 4984 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:02:56.0096 4984 amdide - ok
13:02:56.0127 4984 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:02:56.0127 4984 AmdK8 - ok
13:02:57.0221 4984 amdkmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
13:02:57.0424 4984 amdkmdag - ok
13:02:57.0752 4984 amdkmdap (b9e1c7b7f1865f99b16ff2e1bb94edb6) C:\Windows\system32\DRIVERS\atikmpag.sys
13:02:57.0768 4984 amdkmdap - ok
13:02:57.0799 4984 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:02:57.0799 4984 AmdPPM - ok
13:02:57.0893 4984 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:02:57.0909 4984 amdsata - ok
13:02:57.0987 4984 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:02:58.0002 4984 amdsbs - ok
13:02:58.0034 4984 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:02:58.0034 4984 amdxata - ok
13:02:58.0190 4984 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:02:58.0206 4984 AppID - ok
13:02:58.0237 4984 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:02:58.0237 4984 AppIDSvc - ok
13:02:58.0409 4984 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:02:58.0424 4984 Appinfo - ok
13:02:58.0659 4984 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:02:58.0659 4984 Apple Mobile Device - ok
13:02:58.0752 4984 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
13:02:58.0752 4984 AppMgmt - ok
13:02:58.0909 4984 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:02:58.0924 4984 arc - ok
13:02:58.0956 4984 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:02:58.0956 4984 arcsas - ok
13:02:59.0159 4984 aspnet_state - ok
13:02:59.0221 4984 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:02:59.0221 4984 AsyncMac - ok
13:02:59.0252 4984 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:02:59.0252 4984 atapi - ok
13:02:59.0643 4984 athrusb (788914c42ad8318f1dd7a565eaffb049) C:\Windows\system32\DRIVERS\athrxusb.sys
13:02:59.0674 4984 athrusb - ok
13:03:00.0284 4984 AtiDCM - ok
13:03:00.0581 4984 AtiHDAudioService (2b3b05c0a7768bf033217eb8f33f9c35) C:\Windows\system32\drivers\AtihdW76.sys
13:03:00.0581 4984 AtiHDAudioService - ok
13:03:01.0237 4984 atikmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
13:03:01.0299 4984 atikmdag - ok
13:03:01.0424 4984 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:03:01.0440 4984 AudioEndpointBuilder - ok
13:03:01.0440 4984 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:03:01.0456 4984 AudioSrv - ok
13:03:01.0502 4984 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:03:01.0518 4984 AxInstSV - ok
13:03:01.0581 4984 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:03:01.0596 4984 b06bdrv - ok
13:03:01.0659 4984 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:03:01.0674 4984 b57nd60a - ok
13:03:01.0721 4984 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:03:01.0737 4984 BDESVC - ok
13:03:01.0768 4984 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:03:01.0768 4984 Beep - ok
13:03:01.0862 4984 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:03:01.0877 4984 BFE - ok
13:03:01.0956 4984 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
13:03:02.0018 4984 BITS - ok
13:03:02.0081 4984 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:03:02.0081 4984 blbdrive - ok
13:03:02.0252 4984 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
13:03:02.0268 4984 Bonjour Service - ok
13:03:02.0315 4984 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:03:02.0315 4984 bowser - ok
13:03:02.0331 4984 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:03:02.0331 4984 BrFiltLo - ok
13:03:02.0346 4984 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:03:02.0346 4984 BrFiltUp - ok
13:03:02.0377 4984 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:03:02.0393 4984 BridgeMP - ok
13:03:02.0424 4984 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:03:02.0440 4984 Browser - ok
13:03:02.0456 4984 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:03:02.0471 4984 Brserid - ok
13:03:02.0487 4984 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:03:02.0487 4984 BrSerWdm - ok
13:03:02.0487 4984 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:03:02.0487 4984 BrUsbMdm - ok
13:03:02.0502 4984 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:03:02.0502 4984 BrUsbSer - ok
13:03:02.0518 4984 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:03:02.0518 4984 BTHMODEM - ok
13:03:02.0549 4984 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:03:02.0549 4984 bthserv - ok
13:03:02.0581 4984 catchme - ok
13:03:02.0612 4984 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:03:02.0612 4984 cdfs - ok
13:03:02.0674 4984 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
13:03:02.0674 4984 cdrom - ok
13:03:02.0721 4984 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:03:02.0721 4984 CertPropSvc - ok
13:03:02.0737 4984 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:03:02.0752 4984 circlass - ok
13:03:02.0784 4984 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:03:02.0799 4984 CLFS - ok
13:03:02.0862 4984 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:03:02.0862 4984 clr_optimization_v2.0.50727_32 - ok
13:03:02.0924 4984 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:03:02.0940 4984 clr_optimization_v2.0.50727_64 - ok
13:03:03.0018 4984 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:03:03.0081 4984 clr_optimization_v4.0.30319_32 - ok
13:03:03.0174 4984 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:03:03.0190 4984 clr_optimization_v4.0.30319_64 - ok
13:03:03.0221 4984 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:03:03.0221 4984 CmBatt - ok
13:03:03.0268 4984 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:03:03.0268 4984 cmdide - ok
13:03:03.0331 4984 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:03:03.0346 4984 CNG - ok
13:03:03.0581 4984 CodeMeter.exe (1c15404ea8fc42dab8a7b3765ed53e58) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
13:03:04.0065 4984 CodeMeter.exe - ok
13:03:04.0143 4984 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:03:04.0143 4984 Compbatt - ok
13:03:04.0190 4984 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:03:04.0190 4984 CompositeBus - ok
13:03:04.0206 4984 COMSysApp - ok
13:03:04.0221 4984 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:03:04.0221 4984 crcdisk - ok
13:03:04.0268 4984 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
13:03:04.0284 4984 CryptSvc - ok
13:03:04.0346 4984 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
13:03:04.0362 4984 CSC - ok
13:03:04.0424 4984 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
13:03:04.0456 4984 CscService - ok
13:03:04.0518 4984 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:03:04.0534 4984 DcomLaunch - ok
13:03:04.0596 4984 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:03:04.0612 4984 defragsvc - ok
13:03:04.0690 4984 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:03:04.0690 4984 DfsC - ok
13:03:04.0706 4984 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:03:04.0721 4984 Dhcp - ok
13:03:04.0737 4984 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:03:04.0737 4984 discache - ok
13:03:04.0799 4984 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:03:04.0799 4984 Disk - ok
13:03:04.0846 4984 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:03:04.0862 4984 Dnscache - ok
13:03:04.0924 4984 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:03:04.0924 4984 dot3svc - ok
13:03:04.0971 4984 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:03:04.0987 4984 DPS - ok
13:03:05.0034 4984 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:03:05.0034 4984 drmkaud - ok
13:03:05.0096 4984 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:03:05.0127 4984 DXGKrnl - ok
13:03:05.0174 4984 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:03:05.0190 4984 EapHost - ok
13:03:05.0315 4984 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:03:05.0377 4984 ebdrv - ok
13:03:05.0471 4984 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:03:05.0471 4984 EFS - ok
13:03:05.0518 4984 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:03:05.0596 4984 ehRecvr - ok
13:03:05.0612 4984 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:03:05.0643 4984 ehSched - ok
13:03:05.0737 4984 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
13:03:05.0737 4984 ElbyCDIO - ok
13:03:05.0815 4984 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:03:05.0831 4984 elxstor - ok
13:03:05.0877 4984 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:03:05.0877 4984 ErrDev - ok
13:03:05.0909 4984 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:03:05.0924 4984 EventSystem - ok
13:03:05.0940 4984 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:03:05.0956 4984 exfat - ok
13:03:05.0971 4984 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:03:05.0971 4984 fastfat - ok
13:03:06.0049 4984 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:03:06.0065 4984 Fax - ok
13:03:06.0081 4984 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:03:06.0081 4984 fdc - ok
13:03:06.0081 4984 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:03:06.0081 4984 fdPHost - ok
13:03:06.0096 4984 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:03:06.0096 4984 FDResPub - ok
13:03:06.0112 4984 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:03:06.0112 4984 FileInfo - ok
13:03:06.0127 4984 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:03:06.0127 4984 Filetrace - ok
13:03:06.0221 4984 FLEXnet Licensing Service 64 (a4297244d4f817278a6ae45b1899ca9c) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
13:03:06.0268 4984 FLEXnet Licensing Service 64 - ok
13:03:06.0362 4984 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:03:06.0362 4984 flpydisk - ok
13:03:06.0409 4984 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:03:06.0424 4984 FltMgr - ok
13:03:06.0502 4984 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:03:06.0518 4984 FontCache - ok
13:03:06.0596 4984 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:03:06.0596 4984 FontCache3.0.0.0 - ok
13:03:06.0643 4984 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:03:06.0643 4984 FsDepends - ok
13:03:06.0674 4984 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
13:03:06.0690 4984 fssfltr - ok
13:03:06.0924 4984 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
13:03:06.0987 4984 fsssvc - ok
13:03:07.0096 4984 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:03:07.0096 4984 Fs_Rec - ok
13:03:07.0143 4984 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:03:07.0159 4984 fvevol - ok
13:03:07.0206 4984 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:03:07.0206 4984 gagp30kx - ok
13:03:07.0284 4984 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:03:07.0284 4984 GEARAspiWDM - ok
13:03:07.0346 4984 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:03:07.0377 4984 gpsvc - ok
13:03:07.0393 4984 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:03:07.0409 4984 hcw85cir - ok
13:03:07.0471 4984 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:03:07.0471 4984 HdAudAddService - ok
13:03:07.0534 4984 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:03:07.0534 4984 HDAudBus - ok
13:03:07.0549 4984 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:03:07.0549 4984 HidBatt - ok
13:03:07.0565 4984 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:03:07.0565 4984 HidBth - ok
13:03:07.0581 4984 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:03:07.0581 4984 HidIr - ok
13:03:07.0596 4984 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:03:07.0596 4984 hidserv - ok
13:03:07.0643 4984 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:03:07.0643 4984 HidUsb - ok
13:03:07.0690 4984 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:03:07.0690 4984 hkmsvc - ok
13:03:07.0737 4984 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:03:07.0752 4984 HomeGroupListener - ok
13:03:07.0799 4984 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:03:07.0815 4984 HomeGroupProvider - ok
13:03:07.0862 4984 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:03:07.0862 4984 HpSAMD - ok
13:03:07.0940 4984 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:03:07.0956 4984 HTTP - ok
13:03:07.0971 4984 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:03:07.0971 4984 hwpolicy - ok
13:03:08.0018 4984 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:03:08.0018 4984 i8042prt - ok
13:03:08.0049 4984 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:03:08.0065 4984 iaStorV - ok
13:03:08.0174 4984 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:03:08.0206 4984 IDriverT - ok
13:03:08.0331 4984 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:03:08.0346 4984 idsvc - ok
13:03:08.0440 4984 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:03:08.0440 4984 iirsp - ok
13:03:08.0518 4984 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:03:08.0534 4984 IKEEXT - ok
13:03:08.0581 4984 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:03:08.0581 4984 intelide - ok
13:03:08.0627 4984 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:03:08.0627 4984 intelppm - ok
13:03:08.0659 4984 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:03:08.0659 4984 IPBusEnum - ok
13:03:08.0706 4984 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:03:08.0706 4984 IpFilterDriver - ok
13:03:08.0768 4984 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:03:08.0784 4984 iphlpsvc - ok
13:03:08.0799 4984 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:03:08.0799 4984 IPMIDRV - ok
13:03:08.0846 4984 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:03:08.0862 4984 IPNAT - ok
13:03:08.0987 4984 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
13:03:09.0002 4984 iPod Service - ok
13:03:09.0049 4984 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:03:09.0049 4984 IRENUM - ok
13:03:09.0049 4984 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:03:09.0065 4984 isapnp - ok
13:03:09.0081 4984 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:03:09.0096 4984 iScsiPrt - ok
13:03:09.0127 4984 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:03:09.0127 4984 kbdclass - ok
13:03:09.0174 4984 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:03:09.0174 4984 kbdhid - ok
13:03:09.0221 4984 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:03:09.0221 4984 KeyIso - ok
13:03:09.0237 4984 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:03:09.0252 4984 KSecDD - ok
13:03:09.0284 4984 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:03:09.0299 4984 KSecPkg - ok
13:03:09.0315 4984 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:03:09.0315 4984 ksthunk - ok
13:03:09.0377 4984 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:03:09.0377 4984 KtmRm - ok
13:03:09.0440 4984 kx1avs_x64 (06ae2f4f4d166af4a0893aa651f1ef69) C:\Windows\system32\Drivers\kx1avs_x64.sys
13:03:09.0440 4984 kx1avs_x64 - ok
13:03:09.0502 4984 kx1usb_x64 (3982dd9c1443d408d2b46f608540832a) C:\Windows\system32\Drivers\kx1usb_x64.sys
13:03:09.0518 4984 kx1usb_x64 - ok
13:03:09.0565 4984 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
13:03:09.0581 4984 LanmanServer - ok
13:03:09.0627 4984 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:03:09.0627 4984 LanmanWorkstation - ok
13:03:09.0799 4984 LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
13:03:09.0815 4984 LBTServ - ok
13:03:09.0862 4984 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
13:03:09.0862 4984 LHidFilt - ok
13:03:09.0924 4984 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:03:09.0924 4984 lltdio - ok
13:03:09.0987 4984 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:03:09.0987 4984 lltdsvc - ok
13:03:10.0002 4984 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:03:10.0002 4984 lmhosts - ok
13:03:10.0174 4984 LMIGuardianSvc (ad988709675d9e35a60b2616bef108e9) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
13:03:10.0190 4984 LMIGuardianSvc - ok
13:03:10.0268 4984 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
13:03:10.0268 4984 LMIInfo - ok
13:03:10.0331 4984 LMIMaint (bd043199fc0bf5f2810f54c8b374590b) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
13:03:10.0331 4984 LMIMaint - ok
13:03:10.0377 4984 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
13:03:10.0377 4984 lmimirr - ok
13:03:10.0377 4984 LMIRfsClientNP - ok
13:03:10.0393 4984 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
13:03:10.0393 4984 LMIRfsDriver - ok
13:03:10.0440 4984 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
13:03:10.0440 4984 LMouFilt - ok
13:03:10.0502 4984 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
13:03:10.0518 4984 LogMeIn - ok
13:03:10.0565 4984 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:03:10.0581 4984 LSI_FC - ok
13:03:10.0596 4984 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:03:10.0596 4984 LSI_SAS - ok
13:03:10.0612 4984 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:03:10.0612 4984 LSI_SAS2 - ok
13:03:10.0627 4984 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:03:10.0627 4984 LSI_SCSI - ok
13:03:10.0659 4984 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:03:10.0674 4984 luafv - ok
13:03:10.0706 4984 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:03:10.0721 4984 Mcx2Svc - ok
13:03:10.0737 4984 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:03:10.0737 4984 megasas - ok
13:03:10.0752 4984 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:03:10.0768 4984 MegaSR - ok
13:03:10.0924 4984 Microsoft SharePoint Workspace Audit Service - ok
13:03:10.0956 4984 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:03:10.0956 4984 MMCSS - ok
13:03:10.0971 4984 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:03:10.0971 4984 Modem - ok
13:03:11.0018 4984 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:03:11.0018 4984 monitor - ok
13:03:11.0065 4984 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:03:11.0065 4984 mouclass - ok
13:03:11.0112 4984 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:03:11.0112 4984 mouhid - ok
13:03:11.0159 4984 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:03:11.0159 4984 mountmgr - ok
13:03:11.0221 4984 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
13:03:11.0221 4984 MpFilter - ok
13:03:11.0252 4984 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:03:11.0252 4984 mpio - ok
13:03:11.0284 4984 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
13:03:11.0284 4984 MpNWMon - ok
13:03:11.0299 4984 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:03:11.0299 4984 mpsdrv - ok
13:03:11.0393 4984 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:03:11.0424 4984 MpsSvc - ok
13:03:11.0456 4984 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:03:11.0456 4984 MRxDAV - ok
13:03:11.0518 4984 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:03:11.0518 4984 mrxsmb - ok
13:03:11.0581 4984 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:03:11.0596 4984 mrxsmb10 - ok
13:03:11.0627 4984 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:03:11.0627 4984 mrxsmb20 - ok
13:03:11.0674 4984 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:03:11.0674 4984 msahci - ok
13:03:11.0690 4984 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:03:11.0706 4984 msdsm - ok
13:03:11.0737 4984 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:03:11.0737 4984 MSDTC - ok
13:03:11.0768 4984 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:03:11.0768 4984 Msfs - ok
13:03:11.0784 4984 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:03:11.0784 4984 mshidkmdf - ok
13:03:11.0784 4984 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:03:11.0784 4984 msisadrv - ok
13:03:11.0815 4984 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:03:11.0815 4984 MSiSCSI - ok
13:03:11.0831 4984 msiserver - ok
13:03:11.0862 4984 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:03:11.0862 4984 MSKSSRV - ok
13:03:12.0018 4984 MsMpSvc (157e9e498206a3366baa7e4697bdd947) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
13:03:12.0018 4984 MsMpSvc - ok
13:03:12.0034 4984 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:03:12.0034 4984 MSPCLOCK - ok
13:03:12.0034 4984 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:03:12.0034 4984 MSPQM - ok
13:03:12.0096 4984 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:03:12.0112 4984 MsRPC - ok
13:03:12.0159 4984 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:03:12.0159 4984 mssmbios - ok
13:03:12.0174 4984 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:03:12.0174 4984 MSTEE - ok
13:03:12.0174 4984 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:03:12.0174 4984 MTConfig - ok
13:03:12.0221 4984 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:03:12.0237 4984 Mup - ok
13:03:12.0284 4984 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:03:12.0299 4984 napagent - ok
13:03:12.0362 4984 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:03:12.0377 4984 NativeWifiP - ok
13:03:12.0424 4984 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:03:12.0440 4984 NDIS - ok
13:03:12.0471 4984 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:03:12.0471 4984 NdisCap - ok
13:03:12.0518 4984 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:03:12.0518 4984 NdisTapi - ok
13:03:12.0565 4984 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:03:12.0565 4984 Ndisuio - ok
13:03:12.0612 4984 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:03:12.0612 4984 NdisWan - ok
13:03:12.0659 4984 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:03:12.0659 4984 NDProxy - ok
13:03:12.0877 4984 Nero BackItUp Scheduler 3 (2aae889742376edc5c3203dfb74f28fd) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
13:03:12.0893 4984 Nero BackItUp Scheduler 3 - ok
13:03:12.0940 4984 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:03:12.0940 4984 NetBIOS - ok
13:03:13.0002 4984 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:03:13.0002 4984 NetBT - ok
13:03:13.0049 4984 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:03:13.0049 4984 Netlogon - ok
13:03:13.0112 4984 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:03:13.0127 4984 Netman - ok
13:03:13.0159 4984 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:03:13.0174 4984 netprofm - ok
13:03:13.0252 4984 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:03:13.0268 4984 NetTcpPortSharing - ok
13:03:13.0315 4984 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:03:13.0315 4984 nfrd960 - ok
13:03:13.0674 4984 NIHardwareService (5e7a420dd03071f0555e6ff2e4932d6c) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
13:03:14.0159 4984 NIHardwareService - ok
13:03:14.0315 4984 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:03:14.0315 4984 NisDrv - ok
13:03:14.0471 4984 NisSrv (566ddd5d82520da01d75f81428ac4c38) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
13:03:14.0487 4984 NisSrv - ok
13:03:14.0534 4984 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:03:14.0549 4984 NlaSvc - ok
13:03:14.0674 4984 NMIndexingService (cb992ae1506985d9167e85883b4c3240) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
13:03:14.0690 4984 NMIndexingService - ok
13:03:14.0737 4984 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:03:14.0737 4984 Npfs - ok
13:03:14.0752 4984 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:03:14.0752 4984 nsi - ok
13:03:14.0752 4984 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:03:14.0752 4984 nsiproxy - ok
13:03:14.0862 4984 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:03:14.0893 4984 Ntfs - ok
13:03:14.0956 4984 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:03:14.0956 4984 Null - ok
13:03:15.0002 4984 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:03:15.0002 4984 nvraid - ok
13:03:15.0018 4984 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:03:15.0034 4984 nvstor - ok
13:03:15.0081 4984 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:03:15.0081 4984 nv_agp - ok
13:03:15.0096 4984 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:03:15.0096 4984 ohci1394 - ok
13:03:15.0206 4984 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:03:15.0206 4984 ose - ok
13:03:15.0518 4984 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:03:15.0627 4984 osppsvc - ok
13:03:15.0721 4984 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:03:15.0721 4984 p2pimsvc - ok
13:03:15.0752 4984 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:03:15.0768 4984 p2psvc - ok
13:03:15.0878 4984 PaeFireStudio (2a1842c450a4a9d2b447f98dfa6fe2d6) C:\Windows\system32\Drivers\PaeFireStudio.sys
13:03:15.0894 4984 PaeFireStudio - ok
13:03:15.0925 4984 PaeFireStudioAudio (73f1d0db441c77345c6ada5c3a2eb040) C:\Windows\system32\drivers\PaeFireStudioAudio.sys
13:03:15.0941 4984 PaeFireStudioAudio - ok
13:03:15.0957 4984 PaeFireStudioMidi (b5c2f98078601c91e200357337979651) C:\Windows\system32\drivers\PaeFireStudioMidi.sys
13:03:15.0957 4984 PaeFireStudioMidi - ok
13:03:15.0988 4984 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:03:15.0988 4984 Parport - ok
13:03:16.0035 4984 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:03:16.0035 4984 partmgr - ok
13:03:16.0066 4984 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:03:16.0082 4984 PcaSvc - ok
13:03:16.0128 4984 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:03:16.0144 4984 pci - ok
13:03:16.0160 4984 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:03:16.0160 4984 pciide - ok
13:03:16.0175 4984 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:03:16.0191 4984 pcmcia - ok
13:03:16.0207 4984 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:03:16.0207 4984 pcw - ok
13:03:16.0269 4984 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:03:16.0300 4984 PEAUTH - ok
13:03:17.0082 4984 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
13:03:17.0128 4984 PeerDistSvc - ok
13:03:17.0472 4984 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:03:17.0472 4984 PerfHost - ok
13:03:17.0628 4984 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:03:17.0675 4984 pla - ok
13:03:17.0753 4984 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\SysWOW64\IoctlSvc.exe
13:03:17.0753 4984 PLFlash DeviceIoControl Service - ok
13:03:17.0863 4984 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:03:17.0863 4984 PlugPlay - ok
13:03:17.0910 4984 PnkBstrA - ok
13:03:17.0941 4984 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:03:17.0941 4984 PNRPAutoReg - ok
13:03:17.0957 4984 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:03:17.0972 4984 PNRPsvc - ok
13:03:18.0019 4984 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:03:18.0035 4984 PolicyAgent - ok
13:03:18.0066 4984 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:03:18.0082 4984 Power - ok
13:03:18.0175 4984 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:03:18.0191 4984 PptpMiniport - ok
13:03:18.0207 4984 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:03:18.0207 4984 Processor - ok
13:03:18.0253 4984 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
13:03:18.0269 4984 ProfSvc - ok
13:03:18.0316 4984 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:03:18.0316 4984 ProtectedStorage - ok
13:03:18.0363 4984 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:03:18.0378 4984 Psched - ok
13:03:18.0488 4984 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
13:03:18.0535 4984 PSI_SVC_2 - ok
13:03:18.0597 4984 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:03:18.0628 4984 ql2300 - ok
13:03:18.0738 4984 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:03:18.0738 4984 ql40xx - ok
13:03:18.0769 4984 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:03:18.0785 4984 QWAVE - ok
13:03:18.0800 4984 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:03:18.0800 4984 QWAVEdrv - ok
13:03:18.0800 4984 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:03:18.0816 4984 RasAcd - ok
13:03:18.0847 4984 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:03:18.0847 4984 RasAgileVpn - ok
13:03:18.0863 4984 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:03:18.0878 4984 RasAuto - ok
13:03:18.0925 4984 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:03:18.0925 4984 Rasl2tp - ok
13:03:18.0957 4984 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:03:18.0957 4984 RasMan - ok
13:03:18.0972 4984 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:03:18.0988 4984 RasPppoe - ok
13:03:19.0035 4984 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:03:19.0035 4984 RasSstp - ok
13:03:19.0082 4984 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:03:19.0097 4984 rdbss - ok
13:03:19.0113 4984 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:03:19.0113 4984 rdpbus - ok
13:03:19.0113 4984 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:03:19.0128 4984 RDPCDD - ok
13:03:19.0175 4984 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
13:03:19.0175 4984 RDPDR - ok
13:03:19.0191 4984 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:03:19.0191 4984 RDPENCDD - ok
13:03:19.0191 4984 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:03:19.0191 4984 RDPREFMP - ok
13:03:19.0238 4984 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
13:03:19.0253 4984 RDPWD - ok
13:03:19.0300 4984 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:03:19.0316 4984 rdyboost - ok
13:03:19.0378 4984 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:03:19.0378 4984 RemoteAccess - ok
13:03:19.0410 4984 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:03:19.0410 4984 RemoteRegistry - ok
13:03:19.0472 4984 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
13:03:19.0472 4984 RimUsb - ok
13:03:19.0488 4984 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:03:19.0488 4984 RpcEptMapper - ok
13:03:19.0503 4984 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:03:19.0503 4984 RpcLocator - ok
13:03:19.0566 4984 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:03:19.0566 4984 RpcSs - ok
13:03:19.0628 4984 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:03:19.0628 4984 rspndr - ok
13:03:19.0675 4984 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
13:03:19.0675 4984 s3cap - ok
13:03:19.0722 4984 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:03:19.0722 4984 SamSs - ok
13:03:19.0753 4984 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:03:19.0769 4984 sbp2port - ok
13:03:19.0800 4984 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:03:19.0816 4984 SCardSvr - ok
13:03:19.0847 4984 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:03:19.0847 4984 scfilter - ok
13:03:19.0941 4984 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:03:19.0972 4984 Schedule - ok
13:03:20.0003 4984 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:03:20.0003 4984 SCPolicySvc - ok
13:03:20.0050 4984 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:03:20.0066 4984 SDRSVC - ok
13:03:20.0113 4984 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:03:20.0113 4984 secdrv - ok
13:03:20.0144 4984 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:03:20.0144 4984 seclogon - ok
13:03:20.0175 4984 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
13:03:20.0175 4984 SENS - ok
13:03:20.0191 4984 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:03:20.0191 4984 SensrSvc - ok
13:03:20.0191 4984 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:03:20.0191 4984 Serenum - ok
13:03:20.0207 4984 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:03:20.0207 4984 Serial - ok
13:03:20.0253 4984 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:03:20.0253 4984 sermouse - ok
13:03:20.0300 4984 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:03:20.0316 4984 SessionEnv - ok
13:03:20.0347 4984 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:03:20.0347 4984 sffdisk - ok
13:03:20.0347 4984 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:03:20.0363 4984 sffp_mmc - ok
13:03:20.0363 4984 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:03:20.0363 4984 sffp_sd - ok
13:03:20.0363 4984 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:03:20.0363 4984 sfloppy - ok
13:03:20.0441 4984 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:03:20.0457 4984 SharedAccess - ok
13:03:20.0519 4984 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:03:20.0535 4984 ShellHWDetection - ok
13:03:20.0582 4984 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:03:20.0582 4984 SiSRaid2 - ok
13:03:20.0597 4984 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:03:20.0597 4984 SiSRaid4 - ok
13:03:20.0628 4984 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:03:20.0628 4984 Smb - ok
13:03:20.0660 4984 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:03:20.0675 4984 SNMPTRAP - ok
13:03:20.0707 4984 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:03:20.0707 4984 spldr - ok
13:03:20.0769 4984 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:03:20.0800 4984 Spooler - ok
13:03:20.0972 4984 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:03:21.0050 4984 sppsvc - ok
13:03:21.0113 4984 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:03:21.0113 4984 sppuinotify - ok
13:03:21.0238 4984 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
13:03:21.0238 4984 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
13:03:21.0238 4984 sptd ( LockedFile.Multi.Generic ) - warning
13:03:21.0238 4984 sptd - detected LockedFile.Multi.Generic (1)
13:03:21.0285 4984 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:03:21.0300 4984 srv - ok
13:03:21.0363 4984 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:03:21.0363 4984 srv2 - ok
13:03:21.0378 4984 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:03:21.0394 4984 srvnet - ok
13:03:21.0441 4984 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:03:21.0457 4984 SSDPSRV - ok
13:03:21.0472 4984 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:03:21.0472 4984 SstpSvc - ok
13:03:21.0503 4984 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:03:21.0503 4984 stexstor - ok
13:03:21.0566 4984 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:03:21.0597 4984 stisvc - ok
13:03:21.0660 4984 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
13:03:21.0660 4984 storflt - ok
13:03:21.0675 4984 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
13:03:21.0675 4984 StorSvc - ok
13:03:21.0691 4984 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
13:03:21.0691 4984 storvsc - ok
13:03:21.0753 4984 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:03:21.0753 4984 swenum - ok
13:03:22.0238 4984 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:03:22.0253 4984 swprv - ok
13:03:22.0894 4984 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:03:22.0972 4984 SysMain - ok
13:03:23.0050 4984 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:03:23.0066 4984 TabletInputService - ok
13:03:23.0128 4984 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:03:23.0128 4984 TapiSrv - ok
13:03:23.0160 4984 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:03:23.0160 4984 TBS - ok
13:03:23.0300 4984 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
13:03:23.0347 4984 Tcpip - ok
13:03:23.0503 4984 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
13:03:23.0519 4984 TCPIP6 - ok
13:03:23.0597 4984 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:03:23.0597 4984 tcpipreg - ok
13:03:23.0613 4984 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:03:23.0613 4984 TDPIPE - ok
13:03:23.0644 4984 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:03:23.0660 4984 TDTCP - ok
13:03:23.0707 4984 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:03:23.0707 4984 tdx - ok
13:03:23.0753 4984 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:03:23.0753 4984 TermDD - ok
13:03:23.0816 4984 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:03:23.0832 4984 TermService - ok
13:03:23.0863 4984 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:03:23.0863 4984 Themes - ok
13:03:23.0894 4984 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:03:23.0894 4984 THREADORDER - ok
13:03:23.0894 4984 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:03:23.0910 4984 TrkWks - ok
13:03:23.0972 4984 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:03:24.0019 4984 TrustedInstaller - ok
13:03:24.0066 4984 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:03:24.0066 4984 tssecsrv - ok
13:03:24.0113 4984 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:03:24.0113 4984 TsUsbFlt - ok
13:03:24.0175 4984 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:03:24.0175 4984 tunnel - ok
13:03:24.0207 4984 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:03:24.0207 4984 uagp35 - ok
13:03:24.0253 4984 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:03:24.0269 4984 udfs - ok
13:03:24.0300 4984 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:03:24.0300 4984 UI0Detect - ok
13:03:24.0332 4984 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:03:24.0347 4984 uliagpkx - ok
13:03:24.0394 4984 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
13:03:24.0394 4984 umbus - ok
13:03:24.0394 4984 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:03:24.0394 4984 UmPass - ok
13:03:24.0457 4984 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
13:03:24.0472 4984 UmRdpService - ok
13:03:24.0488 4984 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:03:24.0519 4984 upnphost - ok
13:03:24.0550 4984 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
13:03:24.0566 4984 USBAAPL64 - ok
13:03:24.0613 4984 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
13:03:24.0628 4984 usbaudio - ok
13:03:24.0660 4984 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:03:24.0675 4984 usbccgp - ok
13:03:24.0722 4984 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:03:24.0738 4984 usbcir - ok
13:03:24.0738 4984 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
13:03:24.0753 4984 usbehci - ok
13:03:24.0800 4984 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:03:24.0800 4984 usbhub - ok
13:03:24.0816 4984 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
13:03:24.0816 4984 usbohci - ok
13:03:24.0863 4984 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:03:24.0863 4984 usbprint - ok
13:03:24.0910 4984 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:03:24.0910 4984 usbscan - ok
13:03:24.0925 4984 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:03:24.0925 4984 USBSTOR - ok
13:03:24.0941 4984 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
13:03:24.0941 4984 usbuhci - ok
13:03:24.0957 4984 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:03:24.0957 4984 UxSms - ok
13:03:25.0003 4984 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:03:25.0003 4984 VaultSvc - ok
13:03:25.0035 4984 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
13:03:25.0035 4984 VClone - ok
13:03:25.0082 4984 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:03:25.0082 4984 vdrvroot - ok
13:03:25.0144 4984 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:03:25.0160 4984 vds - ok
13:03:25.0222 4984 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:03:25.0222 4984 vga - ok
13:03:25.0222 4984 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:03:25.0222 4984 VgaSave - ok
13:03:25.0269 4984 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:03:25.0285 4984 vhdmp - ok
13:03:25.0332 4984 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:03:25.0332 4984 viaide - ok
13:03:25.0347 4984 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
13:03:25.0363 4984 vmbus - ok
13:03:25.0378 4984 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
13:03:25.0378 4984 VMBusHID - ok
13:03:25.0394 4984 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:03:25.0394 4984 volmgr - ok
13:03:25.0441 4984 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:03:25.0457 4984 volmgrx - ok
13:03:25.0472 4984 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:03:25.0488 4984 volsnap - ok
13:03:25.0535 4984 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:03:25.0535 4984 vsmraid - ok
13:03:25.0644 4984 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:03:25.0691 4984 VSS - ok
13:03:25.0769 4984 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:03:25.0769 4984 vwifibus - ok
13:03:25.0800 4984 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:03:25.0816 4984 W32Time - ok
13:03:25.0832 4984 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:03:25.0832 4984 WacomPen - ok
13:03:25.0878 4984 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:03:25.0894 4984 WANARP - ok
13:03:25.0910 4984 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:03:25.0910 4984 Wanarpv6 - ok
13:03:25.0988 4984 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:03:26.0019 4984 WatAdminSvc - ok
13:03:26.0113 4984 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:03:26.0160 4984 wbengine - ok
13:03:26.0238 4984 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:03:26.0253 4984 WbioSrvc - ok
13:03:26.0300 4984 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:03:26.0316 4984 wcncsvc - ok
13:03:26.0316 4984 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:03:26.0316 4984 WcsPlugInService - ok
13:03:26.0363 4984 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:03:26.0363 4984 Wd - ok
13:03:26.0394 4984 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:03:26.0410 4984 Wdf01000 - ok
13:03:26.0425 4984 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:03:26.0425 4984 WdiServiceHost - ok
13:03:26.0441 4984 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:03:26.0441 4984 WdiSystemHost - ok
13:03:26.0488 4984 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:03:26.0503 4984 WebClient - ok
13:03:26.0519 4984 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:03:26.0535 4984 Wecsvc - ok
13:03:26.0550 4984 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:03:26.0550 4984 wercplsupport - ok
13:03:26.0566 4984 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:03:26.0566 4984 WerSvc - ok
13:03:26.0613 4984 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:03:26.0613 4984 WfpLwf - ok
13:03:26.0628 4984 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:03:26.0628 4984 WIMMount - ok
13:03:26.0722 4984 WinDefend - ok
13:03:26.0722 4984 WinHttpAutoProxySvc - ok
13:03:26.0785 4984 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:03:26.0832 4984 Winmgmt - ok
13:03:26.0925 4984 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:03:26.0972 4984 WinRM - ok
13:03:27.0128 4984 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
13:03:27.0128 4984 WinUsb - ok
13:03:27.0191 4984 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:03:27.0207 4984 Wlansvc - ok
13:03:27.0332 4984 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:03:27.0332 4984 wlcrasvc - ok
13:03:27.0535 4984 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:03:27.0597 4984 wlidsvc - ok
13:03:27.0722 4984 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:03:27.0722 4984 WmiAcpi - ok
13:03:27.0769 4984 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:03:27.0800 4984 wmiApSrv - ok
13:03:27.0847 4984 WMPNetworkSvc - ok
13:03:27.0863 4984 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:03:27.0863 4984 WPCSvc - ok
13:03:27.0910 4984 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:03:27.0925 4984 WPDBusEnum - ok
13:03:27.0941 4984 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:03:27.0957 4984 ws2ifsl - ok
13:03:28.0003 4984 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
13:03:28.0003 4984 wscsvc - ok
13:03:28.0019 4984 WSearch - ok
13:03:28.0144 4984 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
13:03:28.0207 4984 wuauserv - ok
13:03:28.0332 4984 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:03:28.0332 4984 WudfPf - ok
13:03:28.0394 4984 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:03:28.0394 4984 WUDFRd - ok
13:03:28.0425 4984 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:03:28.0441 4984 wudfsvc - ok
13:03:28.0472 4984 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:03:28.0488 4984 WwanSvc - ok
13:03:28.0613 4984 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
13:03:28.0628 4984 YahooAUService - ok
13:03:28.0691 4984 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
13:03:28.0707 4984 yukonw7 - ok
13:03:28.0753 4984 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
13:03:28.0800 4984 \Device\Harddisk1\DR1 - ok
13:03:28.0800 4984 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:03:28.0800 4984 \Device\Harddisk0\DR0 - ok
13:03:28.0800 4984 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk2\DR2
13:03:31.0347 4984 \Device\Harddisk2\DR2 - ok
13:03:31.0363 4984 Boot (0x1200) (3abe0898cac795042ad8a13bd9aed4c2) \Device\Harddisk1\DR1\Partition0
13:03:31.0363 4984 \Device\Harddisk1\DR1\Partition0 - ok
13:03:31.0363 4984 Boot (0x1200) (8763480d700103082bafd64bfae09b74) \Device\Harddisk0\DR0\Partition0
13:03:31.0363 4984 \Device\Harddisk0\DR0\Partition0 - ok
13:03:31.0378 4984 Boot (0x1200) (2b193b49e6bb100a15a735a294e01ac3) \Device\Harddisk2\DR2\Partition0
13:03:31.0378 4984 \Device\Harddisk2\DR2\Partition0 - ok
13:03:31.0378 4984 ============================================================
13:03:31.0378 4984 Scan finished
13:03:31.0378 4984 ============================================================
13:03:31.0378 4356 Detected object count: 1
13:03:31.0378 4356 Actual detected object count: 1
13:03:36.0582 4356 sptd ( LockedFile.Multi.Generic ) - skipped by user
13:03:36.0582 4356 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
13:04:04.0425 4544 Deinitialize success


aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-25 11:26:02
-----------------------------
11:26:02.546 OS Version: Windows x64 6.1.7601 Service Pack 1
11:26:02.546 Number of processors: 2 586 0x170A
11:26:02.546 ComputerName: DJBASSEL-STUDIO UserName: DJ Bassel
11:26:04.915 Initialize success
11:26:32.731 AVAST engine defs: 12042400
11:26:45.982 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-6
11:26:45.982 Disk 0 Vendor: WDC_WD1002FAEX-00Z3A0 05.01D05 Size: 953869MB BusType: 3
11:26:45.982 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
11:26:45.982 Disk 1 Vendor: ST3500630A 3.AAF Size: 476940MB BusType: 3
11:26:45.998 Disk 1 MBR read successfully
11:26:45.998 Disk 1 MBR scan
11:26:45.998 Disk 1 Windows 7 default MBR code
11:26:45.998 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 2048
11:26:46.107 Disk 1 scanning C:\Windows\system32\drivers
11:27:02.748 Service scanning
11:27:36.811 Modules scanning
11:27:36.811 Disk 1 trace - called modules:
11:27:36.827 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80049c42c0]<<spff.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
11:27:36.827 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8004ca3060]
11:27:36.842 3 CLASSPNP.SYS[fffff88001bc543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004b1a060]
11:27:36.842 \Driver\atapi[0xfffffa8004af9060] -> IRP_MJ_CREATE -> 0xfffffa80049c42c0
11:27:37.983 AVAST engine scan C:\Windows
11:27:43.764 AVAST engine scan C:\Windows\system32
11:32:28.652 AVAST engine scan C:\Windows\system32\drivers
11:32:43.167 AVAST engine scan C:\Users\DJ Bassel
12:20:45.246 File: C:\Users\DJ Bassel\Pictures\Funny + WTF\MyWebFace.exe **INFECTED** Win32:Adware-gen [Adw]
12:23:16.639 AVAST engine scan C:\ProgramData
12:34:05.580 Scan finished successfully
13:02:20.126 Disk 1 MBR has been saved successfully to "E:\MBR.dat"
13:02:20.783 The log file has been saved successfully to "E:\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:14 AM

Posted 26 April 2012 - 11:33 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\program files (x86)\Ask.com

File::
C:\Users\DJ Bassel\Pictures\Funny + WTF\MyWebFace.exe 

FireFox::
FF - ProfilePath - c:\users\DJ Bassel\AppData\Roaming\Mozilla\Firefox\Profiles\qaczfagz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3052046&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3052046&SearchSource=13

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:14 AM

Posted 30 April 2012 - 02:55 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:14 AM

Posted 03 May 2012 - 12:14 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:14 AM

Posted 06 May 2012 - 03:48 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users