Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Post-S.M.A.R.T. HDD virus removal -- Windows will NOT boot


  • This topic is locked This topic is locked
33 replies to this topic

#1 absoluteajk

absoluteajk

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:04:20 AM

Posted 02 May 2012 - 01:58 PM

Hi, I'm new here. I recently unfortunately had the privilege of trying to eliminate the SMART HDD virus yesterday, as my Windows 7 64-bit PC had been affected by it. I used this guide: http://www.bleepingcomputer.com/virus-removal/remove-smart-hdd. I followed every step exactly. When I rebooted my PC out of safe mode and back into normal (step 22 I think), everything was fine and I unhid all my files/folders & fixed the desktop background. Well it turned out that avast kept blocking about 10-12 malwares/trojans. I searched online and saw somebody mention something about running TDSSKiller again, which I did. It returned no programs affected. I thought all was well and good and decided to restart my computer just to make sure. As I restarted, it got to the Windows logo and just went into a restart loop. I couldn't make out if it was a blue screen because it went away almost instantly. I really do not feel like reinstalling windows, which by the way, I do have the original Windows 7 DVD, or installing another OS (Linux), as I have several (!) files. Can someone please help me? I've already seen a couple of posts on this topic. -Thanks, Adam.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:20 AM

Posted 03 May 2012 - 12:56 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 absoluteajk

absoluteajk
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:04:20 AM

Posted 03 May 2012 - 09:23 PM

OK I did some further research and wrote down the BSOD error message: STOP: C0000135 The program can't start because %hs is missing. Here is the log:

Scan result of Farbar Recovery Scan Tool Version: 02-05-2012 01
Ran by SYSTEM at 03-05-2012 20:53:43
Running from L:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4156 2010-05-21] ()
HKLM\...\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe /a [1696992 2010-05-30] (FSPro Labs)
HKLM-x32\...\Run: [PRISMSVR.EXE] "C:\Windows\system32\PRISMSVR.EXE" /APPLY [x]
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [375000 2009-10-15] (DeviceVM, Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-08-12] (Logitech Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui [4241512 2012-03-06] (AVAST Software)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized [1446760 2012-01-06] (Garmin)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\Klobucar\...\Run: [AdobeBridge] [x]
HKU\Klobucar\...\Run: [Google Update] "C:\Users\Klobucar\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-07-20] (Google Inc.)
HKU\Klobucar\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Mcx1-KLOBUCAR-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 avast! Antivirus; "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [44768 2012-03-06] (AVAST Software)
2 BCUService; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [223464 2009-10-15] (DeviceVM, Inc.)
2 FlipShare Service; "C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe" [460144 2011-05-06] ()
2 FlipShareServer; "C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe" [1085440 2011-05-06] ()
2 fsproflt; C:\Windows\SysWOW64\fsproflt.exe [142648 2010-01-06] (FSPro Labs)
3 Macromedia Licensing Service; "C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe" [68096 2011-02-01] ()
3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [58944 2010-11-29] (NOS Microsystems Ltd.)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 Secunia PSI Agent; "C:\Program Files (x86)\Secunia\PSI\PSIA.exe" --start-service [994360 2011-10-13] (Secunia)
2 Secunia Update Agent; "C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service [399416 2011-10-13] (Secunia)
2 TabletServiceWacom; C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [6438264 2011-06-06] (Wacom Technology, Corp.)
2 hsfhwbs2; C:\Windows\System32\macformatservice.dll [x]
2 netwg311; C:\Windows\System32\savrt.dll [x]

========================== Drivers (Whitelisted) =============

3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2010-12-07] (LG Electronics Inc.)
3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2010-12-07] (LG Electronics Inc.)
3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2010-12-07] (LG Electronics Inc.)
3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2010-12-07] (LG Electronics Inc.)
3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2011-02-22] (Google Inc)
3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2012-03-06] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [69976 2012-03-06] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [42328 2011-11-28] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [819032 2012-03-06] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337240 2012-03-06] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59224 2012-03-06] (AVAST Software)
3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
3 FLASHSYS; \??\C:\Program Files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [15192 2008-02-15] ()
0 FSProFilter; C:\Windows\System32\Drivers\FSPFltd.sys [55440 2008-06-06] (FSPro Labs)
3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30304 2010-05-07] ()
3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [17976 2010-09-01] (Secunia)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13832 2010-05-21] ()
3 wacmoumonitor; C:\Windows\System32\Drivers\wacmoumonitor.sys [13312 2010-11-02] (Wacom Technology)
3 wacommousefilter; C:\Windows\System32\Drivers\wacommousefilter.sys [12848 2010-10-25] (Wacom Technology)
3 wacomvhid; C:\Windows\System32\Drivers\wacomvhid.sys [16168 2010-10-25] (Wacom Technology)
3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: SE2Cmgmt
NETSVC: L8042Kbd
NETSVC: cpntsrv
NETSVC: RTLE8023xp
NETSVC: netwg311
NETSVC: hsfhwbs2
NETSVC: SeratoUsb
NETSVC: TUWinStylerThemeSvc

============ One Month Created Files and Folders ==============

2012-05-01 18:30 - 2012-05-01 14:30 - 0130612 ____A C:\TDSSKiller.2.7.33.0_01.05.2012_21.30.43_log.txt
2012-05-01 16:27 - 2012-05-01 22:23 - 0000000 ____D C:\sh4ldr
2012-05-01 16:27 - 2012-04-30 17:00 - 0002264 ____A C:\Users\Klobucar\Desktop\SpyHunter.lnk
2012-05-01 16:27 - 2011-02-22 20:07 - 0000000 ____D C:\Program Files\Enigma Software Group
2012-05-01 16:26 - - 0000000 ____D C:\Windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-05-01 16:12 - 2012-05-01 16:12 - 0191264 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-05-01 16:12 - 2012-05-01 16:12 - 0172320 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-05-01 16:12 - 2009-07-13 19:20 - 0172320 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-05-01 16:10 - 2011-10-04 16:01 - 0000000 ____D C:\Users\Klobucar\AppData\Local\Secunia PSI
2012-05-01 16:09 - 2012-05-01 22:23 - 0000000 ____D C:\Program Files (x86)\Secunia
2012-05-01 16:09 - 2009-07-13 20:54 - 0001110 ____A C:\Users\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
2012-05-01 16:07 - 2012-04-26 18:45 - 1754456 ____A (Secunia) C:\Users\Klobucar\Downloads\PSISetup.exe
2012-05-01 16:03 - 2011-10-27 20:00 - 0002009 ____A C:\Users\Public\Desktop\Logitech Vid HD.lnk
2012-05-01 16:03 - 2011-02-03 14:00 - 0001624 ____A C:\Users\Public\Desktop\Logitech Webcam Software .lnk
2012-05-01 14:30 - 2012-05-01 18:31 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-05-01 14:29 - 2012-05-01 22:28 - 0135266 ____A C:\TDSSKiller.2.7.33.0_01.05.2012_17.29.05_log.txt
2012-04-30 17:48 - 2012-04-30 15:16 - 0001833 ____A C:\Users\Public\Desktop\Opera.lnk
2012-04-30 17:48 - 2011-02-01 17:42 - 0002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-04-30 17:48 - 2009-07-13 20:54 - 0001063 ____A C:\Users\Public\Desktop\Living Cookbook 2011.lnk
2012-04-30 17:48 - - 0000174 __ASH C:\Users\All Users\Start Menu\Programs\Startup\desktop.ini
2012-04-30 17:29 - 2011-02-01 14:57 - 0000357 ____A C:\rkill.log
2012-04-30 17:28 - 2012-05-01 16:27 - 0003694 ____A C:\Users\Klobucar\Desktop\unhide.txt
2012-04-30 17:28 - 2011-11-06 21:26 - 0399264 ____A (Bleeping Computer, LLC) C:\Users\Klobucar\Downloads\unhide.exe
2012-04-30 17:27 - 2011-06-02 16:29 - 1008141 ____A C:\Users\Klobucar\Downloads\rkill.exe
2012-04-30 17:17 - 2011-10-03 16:25 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-30 17:04 - 2009-07-13 17:40 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-30 17:03 - 2012-05-01 22:21 - 0000000 ____D C:\Windows\system64
2012-04-30 17:03 - 2009-06-10 12:31 - 0000000 ____D C:\Windows\Sun
2012-04-30 17:00 - 2012-04-24 18:27 - 0001262 ____A C:\Users\Klobucar\Desktop\Spybot - Search & Destroy.lnk
2012-04-30 17:00 - 2011-08-11 19:38 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-04-30 17:00 - 2011-08-11 19:38 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-04-30 17:00 - 2011-08-11 19:36 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-04-30 15:16 - 2011-02-01 18:38 - 0000000 ____D C:\Users\Klobucar\AppData\Roaming\Malwarebytes
2012-04-30 15:16 - 2011-02-01 18:38 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-30 15:16 - 2011-02-01 18:38 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-30 15:16 - 2011-02-01 18:37 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-30 15:13 - 2009-07-13 17:39 - 0750596 ____A C:\Windows\ntbtlog.txt
2012-04-30 09:35 - 2012-04-30 09:35 - 0000184 ____A C:\Users\All Users\-tEwGPYI1qZHqVOr
2012-04-30 09:35 - 2012-04-30 09:35 - 0000184 ____A C:\ProgramData\-tEwGPYI1qZHqVOr
2012-04-30 09:35 - 2009-07-13 21:08 - 0000256 ____A C:\Users\All Users\tEwGPYI1qZHqVO
2012-04-30 09:35 - 2009-07-13 21:08 - 0000256 ____A C:\ProgramData\tEwGPYI1qZHqVO
2012-04-30 09:35 - - 0000000 ____A C:\Users\All Users\-tEwGPYI1qZHqVO
2012-04-30 09:35 - - 0000000 ____A C:\ProgramData\-tEwGPYI1qZHqVO
2012-04-26 18:52 - 2011-11-06 19:43 - 2888129 ____A C:\Users\Klobucar\Downloads\BIG BAD JOHN ~ Jimmy Dean 1961.mp3
2012-04-26 18:45 - 2012-04-16 09:05 - 3905442 ____A C:\Users\Klobucar\Downloads\Project Pat Don't Turn Around.mp3
2012-04-26 18:42 - 2011-10-20 14:10 - 3743692 ____A C:\Users\Klobucar\Downloads\Three 6 Mafia-Big Business.mp3
2012-04-24 18:27 - 2011-12-22 19:28 - 0000000 ____D C:\Users\Klobucar\Desktop\Pictures of damage to costume
2012-04-17 18:42 - 2011-02-02 15:02 - 0005163 ____A C:\Users\Klobucar\.recently-used.xbel
2012-04-17 17:29 - 2011-08-22 19:54 - 0000000 ____D C:\Users\Klobucar\Downloads\Borknagar - Urd (2012)
2012-04-17 16:27 - 2012-05-01 22:23 - 0000000 ____D C:\Program Files\iTunes
2012-04-17 16:27 - 2012-05-01 22:23 - 0000000 ____D C:\Program Files\iPod
2012-04-17 16:27 - 2012-05-01 22:23 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-04-17 16:12 - 2011-09-20 15:50 - 0000000 ____D C:\Users\Klobucar\Downloads\Opeth - Discography (1995 - 2011)
2012-04-16 09:08 - 2011-09-03 08:52 - 0000000 ____D C:\Users\Klobucar\Downloads\Dashboard Confessional
2012-04-16 09:05 - 2011-07-28 16:40 - 0000000 ____D C:\Users\Klobucar\Downloads\Prince - Discography 1977-2010 Mp3 320 kbps
2012-04-16 09:03 - 2011-06-27 16:39 - 0000000 ____D C:\Users\Klobucar\Downloads\The Goo Goo Dolls - Greatest Hits
2012-04-16 09:03 - 2011-05-29 10:22 - 0000000 ____D C:\Users\Klobucar\Downloads\The Rolling Stones - Hot Rocks, 1964-1971 [ChattChitto RG]
2012-04-16 08:57 - 2011-12-05 18:27 - 0000000 ____D C:\Users\Klobucar\Downloads\Wide Open
2012-04-16 08:27 - 2012-04-16 08:27 - 8766112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-11 19:42 - 2012-02-27 23:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-11 19:42 - 2012-02-27 22:56 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-11 19:42 - 2012-02-27 22:48 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-11 19:42 - 2012-02-27 22:45 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-11 19:42 - 2012-02-27 22:42 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-11 19:42 - 2012-02-27 17:52 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-11 19:42 - 2012-02-27 17:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-11 19:42 - 2012-02-27 17:09 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-11 19:42 - 2012-02-27 17:06 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-11 19:42 - 2012-02-27 17:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-11 19:42 - 2011-05-02 21:29 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-11 19:42 - 2011-05-02 20:30 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-11 19:42 - 2011-03-19 22:16 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-11 19:42 - 2011-03-19 22:16 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-11 19:42 - 2011-03-19 22:16 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-11 19:42 - 2011-03-19 22:16 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-11 19:42 - 2011-03-19 22:16 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-11 19:42 - 2011-03-19 22:16 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-11 19:42 - 2011-03-19 22:16 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-11 19:42 - 2011-03-19 22:16 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-11 19:42 - 2010-11-20 05:27 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-11 19:42 - 2010-11-20 04:21 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-11 19:42 - 2009-07-13 17:41 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-11 19:42 - 2009-07-13 17:38 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-11 19:42 - 2009-07-13 17:16 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-11 19:42 - 2009-07-13 17:14 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-11 19:41 - 2009-07-13 17:41 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-11 19:41 - 2009-07-13 17:16 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-04-11 19:41 - 2009-07-13 17:16 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-11 19:40 - 2011-06-06 12:23 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-11 19:40 - 2011-06-06 12:23 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-11 19:40 - 2009-07-13 17:38 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-11 19:40 - 2009-07-13 17:33 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-11 19:40 - 2009-07-13 17:14 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-11 19:40 - 2009-07-13 17:11 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-11 19:40 - 2008-06-06 13:35 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-11 08:29 - 2011-02-13 21:44 - 0000000 ____D C:\Users\Klobucar\AppData\Roaming\Thinstall
2012-04-11 08:29 - 2011-02-01 14:57 - 0000000 ____D C:\Users\Klobucar\AppData\Local\Thinstall
2012-04-09 19:55 - - 0000000 ____D C:\Users\Klobucar\Desktop\Adobe DW-64 Bit Club


============ 3 Months Modified Files and Folders =============

2012-05-03 20:53 - 2012-05-03 20:53 - 0000000 ____D C:\FRST
2012-05-03 16:36 - 2011-02-03 13:56 - 0000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2012-05-03 16:36 - 2011-02-01 14:50 - 529879040 __ASH C:\hiberfil.sys
2012-05-02 07:42 - 2012-04-30 15:13 - 0750596 ____A C:\Windows\ntbtlog.txt
2012-05-01 22:24 - 2012-03-25 14:01 - 0000000 ____D C:\Program Files (x86)\Garmin GPS Plugin
2012-05-01 22:24 - 2012-03-25 14:01 - 0000000 ____D C:\Program Files (x86)\Garmin
2012-05-01 22:24 - 2011-12-12 21:37 - 0000000 ____D C:\Program Files (x86)\GIMP-2.0
2012-05-01 22:24 - 2011-10-12 16:04 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-05-01 22:24 - 2011-10-01 10:27 - 0000000 ____D C:\Program Files (x86)\Guild Wars
2012-05-01 22:24 - 2011-07-28 16:57 - 0000000 ____D C:\Program Files (x86)\Google
2012-05-01 22:24 - 2011-06-23 17:00 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-05-01 22:24 - 2011-06-16 15:42 - 0000000 ____D C:\Program Files (x86)\DVD Shrink
2012-05-01 22:24 - 2011-04-24 12:42 - 0000000 ____D C:\Program Files (x86)\Bodog Poker
2012-05-01 22:24 - 2011-03-28 14:15 - 0000000 ____D C:\Program Files (x86)\EA
2012-05-01 22:24 - 2011-03-25 19:36 - 0000000 ____D C:\Program Files (x86)\ffdshow
2012-05-01 22:24 - 2011-03-01 18:54 - 0000000 ____D C:\Program Files (x86)\FFmpeg for Audacity
2012-05-01 22:24 - 2011-03-01 18:49 - 0000000 ____D C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
2012-05-01 22:24 - 2011-02-02 21:28 - 0000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2012-05-01 22:24 - 2011-02-02 11:50 - 0000000 ____D C:\Program Files (x86)\Adobe Media Player
2012-05-01 22:24 - 2011-02-01 17:07 - 0000000 ____D C:\LS-ALL
2012-05-01 22:24 - 2011-02-01 16:03 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-05-01 22:23 - 2012-04-30 17:00 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-05-01 22:23 - 2012-04-30 17:00 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-05-01 22:23 - 2012-04-30 17:00 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-01 22:23 - 2012-04-30 15:16 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-01 22:23 - 2012-04-17 16:27 - 0000000 ____D C:\Program Files\iTunes
2012-05-01 22:23 - 2012-04-17 16:27 - 0000000 ____D C:\Program Files\iPod
2012-05-01 22:23 - 2012-04-17 16:27 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-05-01 22:23 - 2012-03-25 14:01 - 0000000 ____D C:\Program Files\Garmin GPS Plugin
2012-05-01 22:23 - 2012-03-25 14:01 - 0000000 ____D C:\Program Files\DIFX
2012-05-01 22:23 - 2011-12-04 19:46 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-05-01 22:23 - 2011-10-27 20:00 - 0000000 ___DC C:\Users\All Users\{45E721C2-9A3D-4E9E-9572-644CE1F67A8B}
2012-05-01 22:23 - 2011-10-27 20:00 - 0000000 ___DC C:\ProgramData\{45E721C2-9A3D-4E9E-9572-644CE1F67A8B}
2012-05-01 22:23 - 2011-10-12 16:04 - 0000000 ____D C:\Program Files\Bonjour
2012-05-01 22:23 - 2011-08-27 07:05 - 0000000 ____D C:\Program Files\Tablet
2012-05-01 22:23 - 2011-08-27 07:05 - 0000000 ____D C:\Program Files (x86)\TabletPlugins
2012-05-01 22:23 - 2011-06-16 15:06 - 0000000 ____D C:\Users\Klobucar\AppData\Local\HandBrake
2012-05-01 22:23 - 2011-06-02 21:02 - 0000000 ____D C:\Program Files (x86)\LG Electronics
2012-05-01 22:23 - 2011-06-02 20:52 - 0000000 ____D C:\Users\All Users\LGMOBILEAX
2012-05-01 22:23 - 2011-06-02 20:52 - 0000000 ____D C:\ProgramData\LGMOBILEAX
2012-05-01 22:23 - 2011-05-22 17:32 - 0000000 ____D C:\Users\Klobucar\AppData\Local\Flash Video Downloader 2.2
2012-05-01 22:23 - 2011-05-01 18:23 - 0000000 ____D C:\Program Files\My Lockbox
2012-05-01 22:23 - 2011-03-30 08:03 - 0000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2012-05-01 22:23 - 2011-03-30 08:01 - 0000000 ____D C:\Program Files (x86)\OpenOffice
2012-05-01 22:23 - 2011-03-13 15:14 - 0000000 ____D C:\Program Files (x86)\VSO
2012-05-01 22:23 - 2011-03-13 15:12 - 0000000 ____D C:\Program Files (x86)\ImgBurn
2012-05-01 22:23 - 2011-02-24 21:19 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-05-01 22:23 - 2011-02-06 21:34 - 0000000 ____D C:\Romance.Of.The.Three.Kingdoms.XI.PC.Game(djDEVASTATE�)
2012-05-01 22:23 - 2011-02-06 21:26 - 0000000 ____D C:\Program Files (x86)\WinRAR
2012-05-01 22:23 - 2011-02-03 15:29 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-05-01 22:23 - 2011-02-03 15:29 - 0000000 ____D C:\Users\All Users\Skype
2012-05-01 22:23 - 2011-02-03 15:29 - 0000000 ____D C:\ProgramData\Skype
2012-05-01 22:23 - 2011-02-03 13:55 - 0000000 ____D C:\Program Files\Common Files\Logishrd
2012-05-01 22:23 - 2011-02-03 13:55 - 0000000 ____D C:\Program Files (x86)\Logitech
2012-05-01 22:23 - 2011-02-02 21:27 - 0000000 ____D C:\Program Files (x86)\VstPlugins
2012-05-01 22:23 - 2011-02-02 10:45 - 0000000 ____D C:\Users\All Users\Apple Computer
2012-05-01 22:23 - 2011-02-02 10:45 - 0000000 ____D C:\ProgramData\Apple Computer
2012-05-01 22:23 - 2011-02-02 10:44 - 0000000 ____D C:\Users\All Users\Apple
2012-05-01 22:23 - 2011-02-02 10:44 - 0000000 ____D C:\ProgramData\Apple
2012-05-01 22:23 - 2011-02-01 19:30 - 0000000 ____D C:\Program Files (x86)\uTorrent
2012-05-01 22:23 - 2011-02-01 17:42 - 0000000 ____D C:\Program Files (x86)\Opera
2012-05-01 22:23 - 2011-02-01 16:58 - 0000000 ____D C:\Program Files (x86)\Steam
2012-05-01 22:23 - 2011-02-01 16:41 - 0000000 ____D C:\Program Files (x86)\NOS
2012-05-01 22:23 - 2011-02-01 16:17 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-05-01 22:23 - 2011-02-01 16:17 - 0000000 ____D C:\ProgramData\NVIDIA
2012-05-01 22:23 - 2011-02-01 16:17 - 0000000 ____D C:\Program Files (x86)\MSI Afterburner
2012-05-01 22:23 - 2011-02-01 16:11 - 0000000 ____D C:\Program Files\NVIDIA Corporation
2012-05-01 22:23 - 2011-02-01 16:11 - 0000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-05-01 22:23 - 2011-02-01 16:01 - 0000000 ____D C:\Users\All Users\Downloaded Installations
2012-05-01 22:23 - 2011-02-01 16:01 - 0000000 ____D C:\ProgramData\Downloaded Installations
2012-05-01 22:23 - 2011-02-01 16:01 - 0000000 ____D C:\Program Files\Realtek
2012-05-01 22:23 - 2011-02-01 16:01 - 0000000 ____D C:\Program Files (x86)\Renesas Electronics
2012-05-01 22:23 - 2011-02-01 15:58 - 0000000 ____D C:\Program Files (x86)\Realtek
2012-05-01 22:23 - 2011-02-01 15:37 - 0000000 ____D C:\Program Files (x86)\Yahoo!
2012-05-01 22:23 - 2011-02-01 15:37 - 0000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2012-05-01 22:23 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-05-01 22:23 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Microsoft Games
2012-05-01 22:23 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-05-01 22:23 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-05-01 22:22 - 2012-04-09 19:55 - 0000000 ____D C:\Users\Klobucar\Desktop\Adobe DW-64 Bit Club
2012-05-01 22:22 - 2011-11-30 18:21 - 0000000 ____D C:\Users\Klobucar\Downloads\The Twilight Saga Breaking Dawn Part 1 2011 720p TS XviD (New Source) - FYA
2012-05-01 22:22 - 2011-11-05 14:30 - 0000000 ____D C:\Users\Klobucar\Desktop\LG-Optimus-V
2012-05-01 22:22 - 2011-10-15 14:43 - 0000000 ____D C:\Users\Klobucar\Downloads\LMFAO Discography
2012-05-01 22:22 - 2011-08-27 07:33 - 0000000 ____D C:\Users\Klobucar\Downloads\FL 10.0.2
2012-05-01 22:22 - 2011-08-11 17:19 - 0000000 ____D C:\Users\Klobucar\Downloads\Anime Studio Pro 8
2012-05-01 22:22 - 2011-06-16 15:10 - 0000000 ____D C:\Users\Klobucar\AppData\Roaming\dvdcss
2012-05-01 22:22 - 2011-03-07 19:03 - 0000000 ____D C:\Users\Klobucar\AppData\Roaming\gtk-2.0
2012-05-01 22:22 - 2011-03-01 18:49 - 0000000 ____D C:\Users\Klobucar\AppData\Roaming\Audacity
2012-05-01 22:22 - 2011-02-03 15:29 - 0000000 ____D C:\Users\Klobucar\AppData\Roaming\Skype
2012-05-01 22:22 - 2011-02-02 11:54 - 0000000 ____D C:\Users\Klobucar\Documents\Adobe
2012-05-01 22:22 - 2011-02-01 19:30 - 0000000 ____D C:\Users\Klobucar\AppData\Roaming\uTorrent
2012-05-01 22:22 - 2011-02-01 19:04 - 0000000 ____D C:\Users\Klobucar\Desktop\Unused Folder
2012-05-01 22:22 - 2011-02-01 18:47 - 0000000 ____D C:\Users\Klobucar\AppData\Roaming\vlc
2012-05-01 22:22 - 2011-02-01 17:47 - 0000000 ___RD C:\Users\Klobucar\Documents\Joe's Recipes
2012-05-01 22:22 - 2011-02-01 17:47 - 0000000 ____D C:\Users\Klobucar\Documents\Jim's Stuff
2012-05-01 22:22 - 2011-02-01 14:57 - 0000000 ____D C:\Users\Klobucar\AppData\Local\VirtualStore
2012-05-01 22:22 - 2011-02-01 14:57 - 0000000 ____D C:\users\Klobucar
2012-05-01 22:21 - 2012-01-18 18:44 - 0000000 ____D C:\Windows\ShellNew
2012-05-01 22:21 - 2011-11-19 08:16 - 0000000 ____D C:\Windows\Internet Logs
2012-05-01 22:21 - 2011-11-16 15:41 - 0000000 ____D C:\Windows\Minidump
2012-05-01 22:21 - 2011-02-22 17:46 - 0000000 ____D C:\Windows\System32\SPReview
2012-05-01 22:21 - 2011-02-22 17:45 - 0000000 ____D C:\Windows\System32\EventProviders
2012-05-01 22:21 - 2011-02-03 13:55 - 0000000 ____D C:\Windows\System32\logishrd
2012-05-01 22:21 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-05-01 22:21 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\Setup
2012-05-01 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-05-01 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-05-01 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Msdtc
2012-05-01 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\GroupPolicy
2012-05-01 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\security
2012-05-01 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Help
2012-05-01 22:20 - 2011-02-03 13:55 - 0000000 ____D C:\Windows\SysWOW64\logishrd
2012-05-01 22:20 - 2011-02-01 16:01 - 0000000 ____D C:\Windows\SysWOW64\RTCOM
2012-05-01 22:20 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\TAPI
2012-05-01 22:20 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Recovery
2012-05-01 18:36 - 2011-02-01 16:19 - 0017052 ____A C:\Windows\PFRO.log
2012-05-01 18:31 - 2012-05-01 18:30 - 0130612 ____A C:\TDSSKiller.2.7.33.0_01.05.2012_21.30.43_log.txt
2012-05-01 18:31 - 2011-02-01 14:57 - 1744150 ____A C:\Windows\WindowsUpdate.log
2012-05-01 18:27 - 2012-04-02 08:34 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-05-01 18:06 - 2011-07-20 15:26 - 0000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2087916701-3293782736-3927786688-1000UA.job
2012-05-01 16:28 - 2012-05-01 16:27 - 0000000 ____D C:\sh4ldr
2012-05-01 16:27 - 2012-05-01 16:27 - 0002264 ____A C:\Users\Klobucar\Desktop\SpyHunter.lnk
2012-05-01 16:27 - 2012-05-01 16:27 - 0000000 ____D C:\Program Files\Enigma Software Group
2012-05-01 16:27 - 2012-05-01 16:26 - 0000000 ____D C:\Windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-05-01 16:23 - 2011-06-08 19:34 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-05-01 16:23 - 2011-06-08 19:34 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-05-01 16:23 - 2011-06-08 19:34 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-05-01 16:23 - 2011-03-23 19:58 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-05-01 16:13 - 2011-02-15 14:11 - 0000000 ____D C:\Users\Klobucar\Documents\Adam's Stuff
2012-05-01 16:12 - 2012-05-01 16:12 - 0191264 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-05-01 16:12 - 2012-05-01 16:12 - 0172320 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-05-01 16:12 - 2012-05-01 16:12 - 0172320 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-05-01 16:12 - 2011-10-03 16:06 - 0525544 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-05-01 16:10 - 2012-05-01 16:10 - 0000000 ____D C:\Users\Klobucar\AppData\Local\Secunia PSI
2012-05-01 16:09 - 2012-05-01 16:09 - 0001110 ____A C:\Users\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
2012-05-01 16:09 - 2012-05-01 16:09 - 0000000 ____D C:\Program Files (x86)\Secunia
2012-05-01 16:08 - 2012-05-01 16:07 - 1754456 ____A (Secunia) C:\Users\Klobucar\Downloads\PSISetup.exe
2012-05-01 16:03 - 2012-04-30 17:28 - 0003694 ____A C:\Users\Klobucar\Desktop\unhide.txt
2012-05-01 16:03 - 2009-07-13 20:45 - 0014416 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-01 16:03 - 2009-07-13 20:45 - 0014416 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-01 15:59 - 2009-07-13 21:13 - 0726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-01 15:53 - 2012-04-30 17:04 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-05-01 15:52 - 2009-07-13 21:08 - 0000006 ____A C:\Windows\Tasks\SA.DAT
2012-05-01 15:52 - 2009-07-13 20:51 - 0077470 ____A C:\Windows\setupact.log
2012-05-01 14:30 - 2012-05-01 14:30 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-05-01 14:30 - 2012-05-01 14:29 - 0135266 ____A C:\TDSSKiller.2.7.33.0_01.05.2012_17.29.05_log.txt
2012-05-01 14:21 - 2012-04-30 17:29 - 0000357 ____A C:\rkill.log
2012-05-01 14:13 - 2012-01-02 13:33 - 0000362 _RASH C:\Users\All Users\ntuser.pol
2012-05-01 14:13 - 2012-01-02 13:33 - 0000362 _RASH C:\ProgramData\ntuser.pol
2012-04-30 17:28 - 2012-04-30 17:28 - 0399264 ____A (Bleeping Computer, LLC) C:\Users\Klobucar\Downloads\unhide.exe
2012-04-30 17:27 - 2012-04-30 17:27 - 1008141 ____A C:\Users\Klobucar\Downloads\rkill.exe
2012-04-30 17:03 - 2012-04-30 17:03 - 0000000 ____D C:\Windows\system64
2012-04-30 17:03 - 2012-04-30 17:03 - 0000000 ____D C:\Windows\Sun
2012-04-30 17:00 - 2012-04-30 17:00 - 0001262 ____A C:\Users\Klobucar\Desktop\Spybot - Search & Destroy.lnk
2012-04-30 15:16 - 2012-04-30 17:17 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-30 15:16 - 2012-04-30 15:16 - 0000000 ____D C:\Users\Klobucar\AppData\Roaming\Malwarebytes
2012-04-30 15:16 - 2012-04-30 15:16 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-30 15:16 - 2012-04-30 15:16 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-30 09:35 - 2012-04-30 09:35 - 0000256 ____A C:\Users\All Users\tEwGPYI1qZHqVO
2012-04-30 09:35 - 2012-04-30 09:35 - 0000256 ____A C:\ProgramData\tEwGPYI1qZHqVO
2012-04-30 09:35 - 2012-04-30 09:35 - 0000184 ____A C:\Users\All Users\-tEwGPYI1qZHqVOr
2012-04-30 09:35 - 2012-04-30 09:35 - 0000184 ____A C:\ProgramData\-tEwGPYI1qZHqVOr
2012-04-30 09:35 - 2012-04-30 09:35 - 0000000 ____A C:\Users\All Users\-tEwGPYI1qZHqVO
2012-04-30 09:35 - 2012-04-30 09:35 - 0000000 ____A C:\ProgramData\-tEwGPYI1qZHqVO
2012-04-28 21:25 - 2011-07-20 15:26 - 0000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2087916701-3293782736-3927786688-1000Core.job
2012-04-26 18:53 - 2012-04-26 18:52 - 2888129 ____A C:\Users\Klobucar\Downloads\BIG BAD JOHN ~ Jimmy Dean 1961.mp3
2012-04-26 18:45 - 2012-04-26 18:45 - 3905442 ____A C:\Users\Klobucar\Downloads\Project Pat Don't Turn Around.mp3
2012-04-26 18:43 - 2012-04-26 18:42 - 3743692 ____A C:\Users\Klobucar\Downloads\Three 6 Mafia-Big Business.mp3
2012-04-24 18:27 - 2012-04-24 18:27 - 0000000 ____D C:\Users\Klobucar\Desktop\Pictures of damage to costume
2012-04-17 18:42 - 2012-04-17 18:42 - 0005163 ____A C:\Users\Klobucar\.recently-used.xbel
2012-04-17 18:42 - 2011-02-02 15:00 - 0000000 ____D C:\Users\Klobucar\.gimp-2.6
2012-04-17 18:13 - 2012-04-17 17:29 - 0000000 ____D C:\Users\Klobucar\Downloads\Borknagar - Urd (2012)
2012-04-17 16:18 - 2012-04-17 16:12 - 0000000 ____D C:\Users\Klobucar\Downloads\Opeth - Discography (1995 - 2011)
2012-04-16 09:08 - 2012-04-16 09:08 - 0000000 ____D C:\Users\Klobucar\Downloads\Dashboard Confessional
2012-04-16 09:05 - 2012-04-16 09:05 - 0000000 ____D C:\Users\Klobucar\Downloads\Prince - Discography 1977-2010 Mp3 320 kbps
2012-04-16 09:03 - 2012-04-16 09:03 - 0000000 ____D C:\Users\Klobucar\Downloads\The Rolling Stones - Hot Rocks, 1964-1971 [ChattChitto RG]
2012-04-16 09:03 - 2012-04-16 09:03 - 0000000 ____D C:\Users\Klobucar\Downloads\The Goo Goo Dolls - Greatest Hits
2012-04-16 09:02 - 2012-04-16 08:57 - 0000000 ____D C:\Users\Klobucar\Downloads\Wide Open
2012-04-16 09:01 - 2012-01-03 18:01 - 0000000 ____D C:\Users\Klobucar\Downloads\Billboard 2011 Year end Top Hot 100 Songs Charts (Best Singles)
2012-04-16 08:27 - 2012-04-16 08:27 - 8766112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-16 08:27 - 2012-04-02 08:34 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-16 08:27 - 2011-05-19 14:17 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-11 19:40 - 2011-02-02 13:13 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-11 08:29 - 2012-04-11 08:29 - 0000000 ____D C:\Users\Klobucar\AppData\Roaming\Thinstall
2012-04-11 08:29 - 2012-04-11 08:29 - 0000000 ____D C:\Users\Klobucar\AppData\Local\Thinstall
2012-04-02 20:06 - 2012-04-02 20:06 - 0196774 ____A C:\Users\Klobucar\Desktop\chicago-comic-con-2012-wizard-world-convention.pdf
2012-03-25 17:50 - 2012-03-25 14:25 - 0000000 ____D C:\Users\All Users\Garmin
2012-03-25 17:50 - 2012-03-25 14:25 - 0000000 ____D C:\ProgramData\Garmin
2012-03-25 14:25 - 2011-04-23 11:19 - 0000000 ____D C:\Users\Klobucar\AppData\Roaming\GARMIN
2012-03-25 14:14 - 2012-03-25 14:13 - 12378352 ____A (Garmin International) C:\Users\Klobucar\Downloads\GarminLifetimeUpdaterInstaller.exe
2012-03-25 14:01 - 2012-03-25 14:00 - 14923552 ____A (Igor Pavlov) C:\Users\Klobucar\Downloads\CommunicatorPlugin_401.exe
2012-03-24 15:41 - 2012-03-24 15:41 - 0000000 ____D C:\Users\Klobucar\Downloads\Time Life - Legends [2003]
2012-03-22 11:12 - 2012-03-22 11:12 - 4435968 ____A (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2012-03-20 08:06 - 2011-02-01 17:32 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2012-03-18 18:46 - 2012-03-18 18:26 - 0000000 ____D C:\Users\Klobucar\Downloads\Jason_Aldean_2010My Kinda Party
2012-03-18 18:28 - 2012-03-18 18:27 - 0000000 ____D C:\Users\Klobucar\Downloads\Zac Brown Band - You Get What You Give [2010-MP3-Cov][MJN]
2012-03-14 08:11 - 2009-07-13 20:45 - 4857872 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-12 09:12 - 2011-06-16 15:51 - 0000000 ____D C:\Users\All Users\DVD Shrink
2012-03-12 09:12 - 2011-06-16 15:51 - 0000000 ____D C:\ProgramData\DVD Shrink
2012-03-11 17:28 - 2011-02-02 10:46 - 0000000 ____D C:\Users\Klobucar\AppData\Roaming\Apple Computer
2012-03-10 19:01 - 2011-11-26 22:19 - 0000628 ____A C:\Windows\System32\mapisvc.inf
2012-03-06 15:15 - 2011-02-01 17:32 - 0258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-03-06 15:15 - 2011-02-01 17:31 - 0201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-03-06 15:15 - 2011-02-01 17:31 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-03-06 15:04 - 2011-06-06 15:25 - 0819032 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-03-06 15:04 - 2011-02-01 17:32 - 0337240 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-03-06 15:02 - 2012-02-25 09:10 - 0053080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-03-06 15:01 - 2011-02-01 17:32 - 0069976 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-03-06 15:01 - 2011-02-01 17:32 - 0059224 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-03-06 15:01 - 2011-02-01 17:32 - 0024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-03-05 22:53 - 2012-04-11 19:41 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-05 21:59 - 2012-04-11 19:41 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-05 21:59 - 2012-04-11 19:41 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-02-29 22:46 - 2012-04-11 19:40 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:38 - 2012-04-11 19:40 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 22:33 - 2012-04-11 19:40 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 22:28 - 2012-04-11 19:40 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 21:37 - 2012-04-11 19:40 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 21:33 - 2012-04-11 19:40 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:29 - 2012-04-11 19:40 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-27 23:34 - 2012-04-11 19:42 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 23:02 - 2012-04-11 19:42 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 22:56 - 2012-04-11 19:42 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 22:50 - 2012-04-11 19:42 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 22:49 - 2012-04-11 19:42 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 22:48 - 2012-04-11 19:42 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 22:48 - 2012-04-11 19:42 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 22:47 - 2012-04-11 19:42 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 22:45 - 2012-04-11 19:42 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 22:43 - 2012-04-11 19:42 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 22:43 - 2012-04-11 19:42 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 22:42 - 2012-04-11 19:42 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 22:39 - 2012-04-11 19:42 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 17:52 - 2012-04-11 19:42 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 17:27 - 2012-04-11 19:42 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 17:18 - 2012-04-11 19:42 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 17:12 - 2012-04-11 19:42 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 17:11 - 2012-04-11 19:42 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 17:11 - 2012-04-11 19:42 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 17:09 - 2012-04-11 19:42 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 17:08 - 2012-04-11 19:42 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 17:06 - 2012-04-11 19:42 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 17:04 - 2012-04-11 19:42 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 17:03 - 2012-04-11 19:42 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 17:03 - 2012-04-11 19:42 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 16:59 - 2012-04-11 19:42 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-23 07:18 - 2011-02-01 16:52 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-16 22:38 - 2012-03-13 16:27 - 1112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-02-16 22:38 - 2012-03-13 16:27 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-13 16:27 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-13 16:27 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-13 16:27 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-15 09:01 - 2012-02-15 09:01 - 4547944 ____A (Apple, Inc.) C:\Windows\System32\usbaaplrc.dll
2012-02-15 09:01 - 2012-02-15 09:01 - 0052736 ____A (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl64.sys
2012-02-15 08:43 - 2011-02-01 14:57 - 0000174 ___SH C:\Users\Klobucar\Start Menu\Programs\Startup\desktop.ini
2012-02-15 08:43 - 2011-02-01 14:57 - 0000174 ___SH C:\Users\Klobucar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-09 22:36 - 2012-03-13 16:28 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-03-13 16:28 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-09 15:33 - 2011-02-27 12:21 - 0000000 ____D C:\Users\Klobucar\Documents\David Stuff
2012-02-08 19:01 - 2011-02-01 16:22 - 0000000 ____D C:\Users\Klobucar\AppData\Local\Adobe
2012-02-08 19:01 - 2011-02-01 16:03 - 0000000 ____D C:\Users\All Users\Adobe
2012-02-08 19:01 - 2011-02-01 16:03 - 0000000 ____D C:\ProgramData\Adobe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 6135.11 MB
Available physical RAM: 5404.91 MB
Total Pagefile: 6133.26 MB
Available Pagefile: 5403.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:931.4 GB) (Free:674.77 GB) NTFS
2 Drive e: (GRMCULXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
6 Drive i: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
9 Drive l: (Cruzer) (Removable) (Total:1.86 GB) (Free:1.78 GB) FAT
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
11 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 8 MB
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 1907 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 C NTFS Partition 931 GB Healthy

======================================================================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1907 MB 64 KB

======================================================================================================

Disk: 5
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 L Cruzer FAT Removable 1907 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-23 17:19

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:20 AM

Posted 03 May 2012 - 09:31 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ==> ZeroAccess
2012-04-30 17:04 - 2009-07-13 17:40 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-30 09:35 - 2012-04-30 09:35 - 0000184 ____A C:\Users\All Users\-tEwGPYI1qZHqVOr
2012-04-30 09:35 - 2012-04-30 09:35 - 0000184 ____A C:\ProgramData\-tEwGPYI1qZHqVOr
2012-04-30 09:35 - 2009-07-13 21:08 - 0000256 ____A C:\Users\All Users\tEwGPYI1qZHqVO
2012-04-30 09:35 - 2009-07-13 21:08 - 0000256 ____A C:\ProgramData\tEwGPYI1qZHqVO
2012-04-30 09:35 - - 0000000 ____A C:\Users\All Users\-tEwGPYI1qZHqVO
2012-04-30 09:35 - - 0000000 ____A C:\ProgramData\-tEwGPYI1qZHqVO 


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 absoluteajk

absoluteajk
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:04:20 AM

Posted 03 May 2012 - 10:23 PM

Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 02-05-2012 01
Ran by SYSTEM at 2012-05-03 22:19:27 Run:1
Running from L:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
C:\Windows\System32\dds_trash_log.cmd moved successfully.
C:\Users\All Users\-tEwGPYI1qZHqVOr moved successfully.
C:\ProgramData\-tEwGPYI1qZHqVOr not found.
C:\Users\All Users\tEwGPYI1qZHqVO moved successfully.
C:\ProgramData\tEwGPYI1qZHqVO not found.
C:\Users\All Users\-tEwGPYI1qZHqVO moved successfully.
C:\ProgramData\-tEwGPYI1qZHqVO not found.

==== End of Fixlog ====

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:20 AM

Posted 03 May 2012 - 10:42 PM

Hello


Is the computer booting now?

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 absoluteajk

absoluteajk
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:04:20 AM

Posted 03 May 2012 - 10:47 PM

Yes! It's loading the desktop rather slowly. What is the next step?

Edited by absoluteajk, 03 May 2012 - 10:48 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:20 AM

Posted 03 May 2012 - 10:48 PM

Hello

Well getting it started was just the first step.

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 absoluteajk

absoluteajk
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:04:20 AM

Posted 03 May 2012 - 11:12 PM

I have an issue, I cannot disable avast, even though I hit "disable until computer is restarted". Combofix is still showing I have anti-spyware and anti-virus as avast as a warning.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:20 AM

Posted 03 May 2012 - 11:26 PM

disable what you can and go ahead and run it


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 absoluteajk

absoluteajk
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:04:20 AM

Posted 03 May 2012 - 11:47 PM

Thank you so much for your help thus far, you are very fast with responding. Here is the log file, and by the way, the computer started up much faster than I can last remember after logging in:


ComboFix 12-05-03.03 - Klobucar 05/03/2012 23:16:46.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.4571 [GMT -5:00]
Running from: c:\users\Klobucar\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Klobucar\AppData\Roaming\vso_ts_preview.xml
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-04-04 to 2012-05-04 )))))))))))))))))))))))))))))))
.
.
2012-05-04 04:53 . 2012-05-04 04:54 -------- d-----w- C:\FRST
2012-05-04 04:23 . 2012-05-04 04:23 -------- d-----w- c:\users\Mcx1-KLOBUCAR-PC\AppData\Local\temp
2012-05-04 04:23 . 2012-05-04 04:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-02 00:27 . 2012-05-02 00:27 110080 ----a-r- c:\users\Klobucar\AppData\Roaming\Microsoft\Installer\{5B210B8A-B66E-4702-B44D-0D6F388D29EB}\IconF7A21AF7.exe
2012-05-02 00:27 . 2012-05-02 00:27 110080 ----a-r- c:\users\Klobucar\AppData\Roaming\Microsoft\Installer\{5B210B8A-B66E-4702-B44D-0D6F388D29EB}\IconD7F16134.exe
2012-05-02 00:27 . 2012-05-02 00:27 110080 ----a-r- c:\users\Klobucar\AppData\Roaming\Microsoft\Installer\{5B210B8A-B66E-4702-B44D-0D6F388D29EB}\Icon1226A4C5.exe
2012-05-02 00:27 . 2012-05-02 00:28 -------- d-----w- C:\sh4ldr
2012-05-02 00:27 . 2012-05-02 00:27 -------- d-----w- c:\program files\Enigma Software Group
2012-05-02 00:26 . 2012-05-02 06:24 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-05-02 00:26 . 2012-05-02 00:27 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-05-02 00:23 . 2012-05-02 00:23 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-02 00:10 . 2012-05-02 00:10 -------- d-----w- c:\users\Klobucar\AppData\Local\Secunia PSI
2012-05-02 00:09 . 2012-05-02 00:09 -------- d-----w- c:\program files (x86)\Secunia
2012-05-01 22:30 . 2012-05-01 22:30 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-01 01:03 . 2012-05-01 01:03 -------- d-----we c:\windows\system64
2012-05-01 01:03 . 2012-05-01 01:03 -------- d-----w- c:\windows\Sun
2012-05-01 01:00 . 2012-05-02 06:23 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-05-01 01:00 . 2012-05-02 06:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-30 23:16 . 2012-04-30 23:16 -------- d-----w- c:\users\Klobucar\AppData\Roaming\Malwarebytes
2012-04-30 23:16 . 2012-05-02 06:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-30 23:16 . 2012-04-30 23:16 -------- d-----w- c:\programdata\Malwarebytes
2012-04-28 16:01 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{065F4619-C838-464D-8BED-AB1144560F83}\mpengine.dll
2012-04-18 00:27 . 2012-05-02 06:23 -------- d-----w- c:\program files\iPod
2012-04-18 00:27 . 2012-05-02 06:23 -------- d-----w- c:\program files (x86)\iTunes
2012-04-18 00:27 . 2012-05-02 06:23 -------- d-----w- c:\program files\iTunes
2012-04-16 16:27 . 2012-04-16 16:27 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-12 03:41 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 03:41 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 03:41 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 03:40 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 03:40 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 03:40 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 03:40 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 03:40 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 03:40 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 03:40 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 16:29 . 2012-04-11 16:29 -------- d-----w- c:\users\Klobucar\AppData\Roaming\Thinstall
2012-04-11 16:29 . 2012-04-11 16:29 -------- d-----w- c:\users\Klobucar\AppData\Local\Thinstall
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-02 00:23 . 2011-03-24 03:58 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-02 00:12 . 2011-10-04 00:06 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-16 16:27 . 2012-04-02 16:34 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-16 16:27 . 2011-05-19 22:17 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-06 23:15 . 2011-02-02 01:31 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-02-02 01:31 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-02-02 01:32 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2011-06-06 23:25 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2011-02-02 01:32 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2012-02-25 17:10 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01 . 2011-02-02 01:32 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-02-02 01:32 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-02-02 01:32 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 15:18 . 2011-02-02 00:52 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 00:27 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 06:38 . 2012-03-14 00:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 00:27 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 00:27 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 00:27 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 17:01 . 2012-02-15 17:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 17:01 . 2012-02-15 17:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-10 06:36 . 2012-03-14 00:28 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 00:28 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-06 4241512]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Klobucar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
2WireSetup.lnk - c:\program files\2Wire\LaunchSetupWiz.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 253088]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]
R3 FLASHSYS;FLASHSYS;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [2008-02-15 15192]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-05-06 1085440]
S2 fsproflt;FSPro Filter Service;c:\windows\SysWOW64\fsproflt.exe [2010-01-06 142648]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-03-10 240232]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2011-06-06 6438264]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-05-21 134928]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 16:27]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2087916701-3293782736-3927786688-1000Core.job
- c:\users\Klobucar\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-20 23:26]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2087916701-3293782736-3927786688-1000UA.job
- c:\users\Klobucar\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-20 23:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"mylbx"="c:\program files\My Lockbox\mylbx.exe" [2010-05-30 1696992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
SE2Cmgmt
L8042Kbd
cpntsrv
RTLE8023xp
netwg311
hsfhwbs2
SeratoUsb
TUWinStylerThemeSvc
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.254
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-PRISMSVR.EXE - c:\windows\system32\PRISMSVR.EXE
AddRemove-2Wire SetupWiz - c:\program files\2Wire\Uninstaller.exe
AddRemove-LADSPA_plugins-win_is1 - c:\program files (x86)\Audacity\Plug-Ins\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-05-03 23:31:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-04 04:31
.
Pre-Run: 724,057,219,072 bytes free
Post-Run: 725,062,803,456 bytes free
.
- - End Of File - - 80BFC00BD68D76BE2C67C6D6DFE0A410

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:20 AM

Posted 03 May 2012 - 11:53 PM

Greetings

If I am online at night then I normaly do repond pretty quick


I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 absoluteajk

absoluteajk
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:04:20 AM

Posted 04 May 2012 - 12:22 AM

I will post these when I wake up, as the scan is still running for asw, thanks for everything so far

#14 absoluteajk

absoluteajk
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:04:20 AM

Posted 04 May 2012 - 12:32 AM

TDSS log:

23:59:04.0008 4748 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
23:59:04.0320 4748 ============================================================
23:59:04.0320 4748 Current date / time: 2012/05/03 23:59:04.0320
23:59:04.0320 4748 SystemInfo:
23:59:04.0320 4748
23:59:04.0320 4748 OS Version: 6.1.7601 ServicePack: 1.0
23:59:04.0320 4748 Product type: Workstation
23:59:04.0320 4748 ComputerName: KLOBUCAR-PC
23:59:04.0320 4748 UserName: Klobucar
23:59:04.0320 4748 Windows directory: C:\Windows
23:59:04.0320 4748 System windows directory: C:\Windows
23:59:04.0320 4748 Running under WOW64
23:59:04.0321 4748 Processor architecture: Intel x64
23:59:04.0321 4748 Number of processors: 8
23:59:04.0321 4748 Page size: 0x1000
23:59:04.0321 4748 Boot type: Normal boot
23:59:04.0321 4748 ============================================================
23:59:05.0020 4748 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:59:05.0043 4748 ============================================================
23:59:05.0043 4748 \Device\Harddisk0\DR0:
23:59:05.0043 4748 MBR partitions:
23:59:05.0043 4748 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:59:05.0043 4748 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746CF5B0
23:59:05.0043 4748 ============================================================
23:59:05.0067 4748 C: <-> \Device\Harddisk0\DR0\Partition1
23:59:05.0067 4748 ============================================================
23:59:05.0067 4748 Initialize success
23:59:05.0067 4748 ============================================================
23:59:28.0684 5608 ============================================================
23:59:28.0684 5608 Scan started
23:59:28.0684 5608 Mode: Manual;
23:59:28.0684 5608 ============================================================
23:59:29.0511 5608 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:59:29.0526 5608 1394ohci - ok
23:59:29.0558 5608 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:59:29.0573 5608 ACPI - ok
23:59:29.0589 5608 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:59:29.0589 5608 AcpiPmi - ok
23:59:29.0729 5608 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:59:29.0729 5608 AdobeFlashPlayerUpdateSvc - ok
23:59:29.0776 5608 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:59:29.0776 5608 adp94xx - ok
23:59:29.0792 5608 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:59:29.0807 5608 adpahci - ok
23:59:29.0807 5608 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:59:29.0823 5608 adpu320 - ok
23:59:29.0838 5608 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:59:29.0838 5608 AeLookupSvc - ok
23:59:29.0901 5608 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:59:29.0916 5608 AFD - ok
23:59:29.0932 5608 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:59:29.0932 5608 agp440 - ok
23:59:29.0948 5608 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:59:29.0948 5608 ALG - ok
23:59:29.0963 5608 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:59:29.0963 5608 aliide - ok
23:59:29.0994 5608 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:59:29.0994 5608 amdide - ok
23:59:30.0010 5608 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:59:30.0010 5608 AmdK8 - ok
23:59:30.0010 5608 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:59:30.0026 5608 AmdPPM - ok
23:59:30.0041 5608 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:59:30.0041 5608 amdsata - ok
23:59:30.0072 5608 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:59:30.0072 5608 amdsbs - ok
23:59:30.0072 5608 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:59:30.0072 5608 amdxata - ok
23:59:30.0088 5608 Andbus (48cd7e6520d47d62eab0e6ce3ec30c65) C:\Windows\system32\DRIVERS\lgandbus64.sys
23:59:30.0088 5608 Andbus - ok
23:59:30.0119 5608 AndDiag (08cbacc00d15dcdbbaae1a7c8f231c61) C:\Windows\system32\DRIVERS\lganddiag64.sys
23:59:30.0119 5608 AndDiag - ok
23:59:30.0150 5608 AndGps (cea9a4cd6b3a83428ce8501240833668) C:\Windows\system32\DRIVERS\lgandgps64.sys
23:59:30.0150 5608 AndGps - ok
23:59:30.0166 5608 ANDModem (e2b5663e547fa5e756b253efa8ec8286) C:\Windows\system32\DRIVERS\lgandmodem64.sys
23:59:30.0166 5608 ANDModem - ok
23:59:30.0197 5608 andnetadb (ac00b4a1faf27cc2ff99d0961fc9b77c) C:\Windows\system32\Drivers\lgandnetadb.sys
23:59:30.0197 5608 andnetadb - ok
23:59:30.0244 5608 androidusb (363571bc0c79e394e69300d1f2e3ddae) C:\Windows\system32\Drivers\androidusb.sys
23:59:30.0244 5608 androidusb - ok
23:59:30.0260 5608 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:59:30.0260 5608 AppID - ok
23:59:30.0275 5608 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:59:30.0275 5608 AppIDSvc - ok
23:59:30.0322 5608 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:59:30.0322 5608 Appinfo - ok
23:59:30.0400 5608 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:59:30.0400 5608 Apple Mobile Device - ok
23:59:30.0416 5608 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
23:59:30.0416 5608 AppMgmt - ok
23:59:30.0431 5608 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:59:30.0431 5608 arc - ok
23:59:30.0447 5608 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:59:30.0447 5608 arcsas - ok
23:59:30.0478 5608 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
23:59:30.0478 5608 aswFsBlk - ok
23:59:30.0494 5608 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
23:59:30.0494 5608 aswMonFlt - ok
23:59:30.0525 5608 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
23:59:30.0525 5608 aswRdr - ok
23:59:30.0603 5608 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
23:59:30.0603 5608 aswSnx - ok
23:59:30.0618 5608 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
23:59:30.0634 5608 aswSP - ok
23:59:30.0634 5608 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
23:59:30.0634 5608 aswTdi - ok
23:59:30.0634 5608 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:59:30.0650 5608 AsyncMac - ok
23:59:30.0650 5608 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:59:30.0650 5608 atapi - ok
23:59:30.0712 5608 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:59:30.0728 5608 AudioEndpointBuilder - ok
23:59:30.0728 5608 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:59:30.0728 5608 AudioSrv - ok
23:59:30.0806 5608 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
23:59:30.0806 5608 avast! Antivirus - ok
23:59:30.0837 5608 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:59:30.0837 5608 AxInstSV - ok
23:59:30.0868 5608 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:59:30.0884 5608 b06bdrv - ok
23:59:30.0915 5608 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:59:30.0915 5608 b57nd60a - ok
23:59:30.0946 5608 BCUService (2025c7707d8b298e0b3fd4767db72bf1) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
23:59:30.0962 5608 BCUService - ok
23:59:30.0962 5608 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:59:30.0977 5608 BDESVC - ok
23:59:30.0977 5608 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:59:30.0977 5608 Beep - ok
23:59:31.0040 5608 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
23:59:31.0040 5608 BFE - ok
23:59:31.0102 5608 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
23:59:31.0118 5608 BITS - ok
23:59:31.0164 5608 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:59:31.0164 5608 blbdrive - ok
23:59:31.0242 5608 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
23:59:31.0242 5608 Bonjour Service - ok
23:59:31.0274 5608 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:59:31.0274 5608 bowser - ok
23:59:31.0274 5608 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:59:31.0274 5608 BrFiltLo - ok
23:59:31.0274 5608 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:59:31.0274 5608 BrFiltUp - ok
23:59:31.0289 5608 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:59:31.0289 5608 BridgeMP - ok
23:59:31.0320 5608 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:59:31.0320 5608 Browser - ok
23:59:31.0336 5608 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:59:31.0352 5608 Brserid - ok
23:59:31.0352 5608 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:59:31.0352 5608 BrSerWdm - ok
23:59:31.0352 5608 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:59:31.0352 5608 BrUsbMdm - ok
23:59:31.0352 5608 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:59:31.0352 5608 BrUsbSer - ok
23:59:31.0367 5608 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:59:31.0367 5608 BTHMODEM - ok
23:59:31.0383 5608 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:59:31.0383 5608 bthserv - ok
23:59:31.0383 5608 catchme - ok
23:59:31.0398 5608 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:59:31.0398 5608 cdfs - ok
23:59:31.0430 5608 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:59:31.0430 5608 cdrom - ok
23:59:31.0461 5608 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:59:31.0476 5608 CertPropSvc - ok
23:59:31.0476 5608 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:59:31.0476 5608 circlass - ok
23:59:31.0492 5608 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:59:31.0508 5608 CLFS - ok
23:59:31.0570 5608 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:59:31.0586 5608 clr_optimization_v2.0.50727_32 - ok
23:59:31.0617 5608 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:59:31.0617 5608 clr_optimization_v2.0.50727_64 - ok
23:59:31.0679 5608 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:59:31.0679 5608 clr_optimization_v4.0.30319_32 - ok
23:59:31.0726 5608 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:59:31.0726 5608 clr_optimization_v4.0.30319_64 - ok
23:59:31.0726 5608 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:59:31.0726 5608 CmBatt - ok
23:59:31.0742 5608 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:59:31.0742 5608 cmdide - ok
23:59:31.0788 5608 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
23:59:31.0788 5608 CNG - ok
23:59:31.0804 5608 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:59:31.0804 5608 Compbatt - ok
23:59:31.0866 5608 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:59:31.0866 5608 CompositeBus - ok
23:59:31.0882 5608 COMSysApp - ok
23:59:31.0976 5608 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:59:31.0976 5608 crcdisk - ok
23:59:32.0022 5608 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
23:59:32.0022 5608 CryptSvc - ok
23:59:32.0069 5608 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
23:59:32.0069 5608 CSC - ok
23:59:32.0132 5608 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
23:59:32.0132 5608 CscService - ok
23:59:32.0178 5608 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:59:32.0194 5608 DcomLaunch - ok
23:59:32.0225 5608 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:59:32.0225 5608 defragsvc - ok
23:59:32.0288 5608 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:59:32.0303 5608 DfsC - ok
23:59:32.0350 5608 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:59:32.0350 5608 Dhcp - ok
23:59:32.0366 5608 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:59:32.0366 5608 discache - ok
23:59:32.0366 5608 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:59:32.0366 5608 Disk - ok
23:59:32.0412 5608 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:59:32.0412 5608 Dnscache - ok
23:59:32.0444 5608 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:59:32.0459 5608 dot3svc - ok
23:59:32.0490 5608 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:59:32.0490 5608 DPS - ok
23:59:32.0522 5608 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:59:32.0522 5608 drmkaud - ok
23:59:32.0568 5608 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:59:32.0584 5608 DXGKrnl - ok
23:59:32.0584 5608 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:59:32.0584 5608 EapHost - ok
23:59:32.0709 5608 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:59:32.0756 5608 ebdrv - ok
23:59:32.0849 5608 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:59:32.0849 5608 EFS - ok
23:59:32.0896 5608 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:59:32.0912 5608 ehRecvr - ok
23:59:32.0927 5608 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:59:32.0927 5608 ehSched - ok
23:59:32.0974 5608 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
23:59:32.0974 5608 ElbyCDIO - ok
23:59:33.0021 5608 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:59:33.0021 5608 elxstor - ok
23:59:33.0052 5608 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:59:33.0052 5608 ErrDev - ok
23:59:33.0146 5608 esgiguard (df96c3cd6ae15f6d0a6bcb70f9c1e88d) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
23:59:33.0146 5608 esgiguard - ok
23:59:33.0177 5608 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:59:33.0192 5608 EventSystem - ok
23:59:33.0208 5608 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:59:33.0208 5608 exfat - ok
23:59:33.0239 5608 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:59:33.0239 5608 fastfat - ok
23:59:33.0302 5608 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:59:33.0333 5608 Fax - ok
23:59:33.0333 5608 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:59:33.0333 5608 fdc - ok
23:59:33.0348 5608 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:59:33.0348 5608 fdPHost - ok
23:59:33.0364 5608 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:59:33.0364 5608 FDResPub - ok
23:59:33.0380 5608 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:59:33.0380 5608 FileInfo - ok
23:59:33.0380 5608 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:59:33.0380 5608 Filetrace - ok
23:59:33.0411 5608 FLASHSYS (5b314cc7640d091de8f3bc822490da28) C:\Program Files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys
23:59:33.0411 5608 FLASHSYS - ok
23:59:33.0504 5608 FlipShare Service (b8602c90d3c427d8a86ce60437615cf5) C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
23:59:33.0504 5608 FlipShare Service - ok
23:59:33.0582 5608 FlipShareServer (ac5fb7094f31534594cae48306972cbd) C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
23:59:33.0582 5608 FlipShareServer - ok
23:59:33.0614 5608 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:59:33.0614 5608 flpydisk - ok
23:59:33.0645 5608 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:59:33.0645 5608 FltMgr - ok
23:59:33.0707 5608 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
23:59:33.0738 5608 FontCache - ok
23:59:33.0801 5608 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:59:33.0801 5608 FontCache3.0.0.0 - ok
23:59:33.0816 5608 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:59:33.0816 5608 FsDepends - ok
23:59:33.0848 5608 FSProFilter (bce299c96e94670680b72b1d4476eaa8) C:\Windows\system32\Drivers\FSPFltd.sys
23:59:33.0848 5608 FSProFilter - ok
23:59:33.0910 5608 fsproflt (b6911cb6436139af4b65f0c26c0f69ad) C:\Windows\SysWOW64\fsproflt.exe
23:59:33.0910 5608 fsproflt - ok
23:59:33.0941 5608 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
23:59:33.0941 5608 Fs_Rec - ok
23:59:33.0988 5608 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:59:33.0988 5608 fvevol - ok
23:59:33.0988 5608 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:59:33.0988 5608 gagp30kx - ok
23:59:34.0019 5608 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:59:34.0019 5608 GEARAspiWDM - ok
23:59:34.0019 5608 GMSIPCI - ok
23:59:34.0082 5608 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:59:34.0097 5608 gpsvc - ok
23:59:34.0160 5608 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:59:34.0160 5608 gusvc - ok
23:59:34.0160 5608 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:59:34.0160 5608 hcw85cir - ok
23:59:34.0222 5608 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:59:34.0222 5608 HdAudAddService - ok
23:59:34.0253 5608 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:59:34.0269 5608 HDAudBus - ok
23:59:34.0269 5608 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:59:34.0269 5608 HidBatt - ok
23:59:34.0269 5608 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:59:34.0269 5608 HidBth - ok
23:59:34.0284 5608 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:59:34.0284 5608 HidIr - ok
23:59:34.0300 5608 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
23:59:34.0300 5608 hidserv - ok
23:59:34.0316 5608 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:59:34.0316 5608 HidUsb - ok
23:59:34.0347 5608 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:59:34.0362 5608 hkmsvc - ok
23:59:34.0394 5608 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:59:34.0394 5608 HomeGroupListener - ok
23:59:34.0409 5608 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:59:34.0425 5608 HomeGroupProvider - ok
23:59:34.0456 5608 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:59:34.0456 5608 HpSAMD - ok
23:59:34.0472 5608 hsfhwbs2 - ok
23:59:34.0518 5608 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:59:34.0534 5608 HTTP - ok
23:59:34.0565 5608 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:59:34.0565 5608 hwpolicy - ok
23:59:34.0596 5608 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:59:34.0596 5608 i8042prt - ok
23:59:34.0628 5608 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:59:34.0643 5608 iaStorV - ok
23:59:34.0706 5608 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:59:34.0706 5608 idsvc - ok
23:59:34.0721 5608 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:59:34.0721 5608 iirsp - ok
23:59:34.0768 5608 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:59:34.0768 5608 IKEEXT - ok
23:59:34.0877 5608 IntcAzAudAddService (e8017f1662d9142f45ceab694d013c00) C:\Windows\system32\drivers\RTKVHD64.sys
23:59:34.0893 5608 IntcAzAudAddService - ok
23:59:35.0002 5608 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:59:35.0002 5608 intelide - ok
23:59:35.0018 5608 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:59:35.0018 5608 intelppm - ok
23:59:35.0033 5608 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:59:35.0033 5608 IPBusEnum - ok
23:59:35.0064 5608 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:59:35.0064 5608 IpFilterDriver - ok
23:59:35.0111 5608 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
23:59:35.0127 5608 iphlpsvc - ok
23:59:35.0142 5608 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:59:35.0142 5608 IPMIDRV - ok
23:59:35.0174 5608 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:59:35.0174 5608 IPNAT - ok
23:59:35.0267 5608 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
23:59:35.0283 5608 iPod Service - ok
23:59:35.0314 5608 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:59:35.0314 5608 IRENUM - ok
23:59:35.0330 5608 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:59:35.0330 5608 isapnp - ok
23:59:35.0345 5608 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:59:35.0361 5608 iScsiPrt - ok
23:59:35.0376 5608 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
23:59:35.0376 5608 kbdclass - ok
23:59:35.0408 5608 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
23:59:35.0408 5608 kbdhid - ok
23:59:35.0423 5608 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:59:35.0423 5608 KeyIso - ok
23:59:35.0454 5608 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
23:59:35.0454 5608 KSecDD - ok
23:59:35.0470 5608 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
23:59:35.0470 5608 KSecPkg - ok
23:59:35.0486 5608 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:59:35.0486 5608 ksthunk - ok
23:59:35.0517 5608 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:59:35.0532 5608 KtmRm - ok
23:59:35.0564 5608 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
23:59:35.0579 5608 LanmanServer - ok
23:59:35.0610 5608 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:59:35.0626 5608 LanmanWorkstation - ok
23:59:35.0642 5608 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:59:35.0642 5608 lltdio - ok
23:59:35.0673 5608 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:59:35.0688 5608 lltdsvc - ok
23:59:35.0704 5608 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:59:35.0704 5608 lmhosts - ok
23:59:35.0735 5608 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:59:35.0735 5608 LSI_FC - ok
23:59:35.0751 5608 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:59:35.0751 5608 LSI_SAS - ok
23:59:35.0766 5608 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:59:35.0766 5608 LSI_SAS2 - ok
23:59:35.0782 5608 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:59:35.0782 5608 LSI_SCSI - ok
23:59:35.0798 5608 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:59:35.0798 5608 luafv - ok
23:59:35.0844 5608 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
23:59:35.0844 5608 LVPr2M64 - ok
23:59:35.0860 5608 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
23:59:35.0860 5608 LVPr2Mon - ok
23:59:35.0907 5608 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys
23:59:35.0907 5608 LVRS64 - ok
23:59:36.0094 5608 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys
23:59:36.0110 5608 LVUVC64 - ok
23:59:36.0141 5608 Macromedia Licensing Service (4c14b1315e7be1838e11c34d368e94bf) C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
23:59:36.0141 5608 Macromedia Licensing Service - ok
23:59:36.0234 5608 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:59:36.0250 5608 Mcx2Svc - ok
23:59:36.0281 5608 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:59:36.0281 5608 megasas - ok
23:59:36.0312 5608 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:59:36.0312 5608 MegaSR - ok
23:59:36.0328 5608 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:59:36.0328 5608 MMCSS - ok
23:59:36.0328 5608 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:59:36.0344 5608 Modem - ok
23:59:36.0359 5608 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:59:36.0359 5608 monitor - ok
23:59:36.0375 5608 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:59:36.0375 5608 mouclass - ok
23:59:36.0390 5608 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:59:36.0390 5608 mouhid - ok
23:59:36.0437 5608 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:59:36.0437 5608 mountmgr - ok
23:59:36.0453 5608 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:59:36.0453 5608 mpio - ok
23:59:36.0468 5608 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:59:36.0484 5608 mpsdrv - ok
23:59:36.0546 5608 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
23:59:36.0562 5608 MpsSvc - ok
23:59:36.0609 5608 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:59:36.0609 5608 MRxDAV - ok
23:59:36.0624 5608 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:59:36.0640 5608 mrxsmb - ok
23:59:36.0671 5608 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:59:36.0671 5608 mrxsmb10 - ok
23:59:36.0687 5608 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:59:36.0687 5608 mrxsmb20 - ok
23:59:36.0702 5608 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:59:36.0702 5608 msahci - ok
23:59:36.0718 5608 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:59:36.0734 5608 msdsm - ok
23:59:36.0749 5608 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:59:36.0749 5608 MSDTC - ok
23:59:36.0765 5608 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:59:36.0765 5608 Msfs - ok
23:59:36.0780 5608 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:59:36.0780 5608 mshidkmdf - ok
23:59:36.0796 5608 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:59:36.0796 5608 msisadrv - ok
23:59:36.0812 5608 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:59:36.0827 5608 MSiSCSI - ok
23:59:36.0827 5608 msiserver - ok
23:59:36.0858 5608 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:59:36.0858 5608 MSKSSRV - ok
23:59:36.0874 5608 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:59:36.0874 5608 MSPCLOCK - ok
23:59:36.0890 5608 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:59:36.0890 5608 MSPQM - ok
23:59:36.0921 5608 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:59:36.0936 5608 MsRPC - ok
23:59:36.0936 5608 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:59:36.0952 5608 mssmbios - ok
23:59:36.0952 5608 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:59:36.0968 5608 MSTEE - ok
23:59:36.0983 5608 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:59:36.0983 5608 MTConfig - ok
23:59:37.0046 5608 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:59:37.0046 5608 Mup - ok
23:59:37.0092 5608 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:59:37.0108 5608 napagent - ok
23:59:37.0155 5608 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:59:37.0155 5608 NativeWifiP - ok
23:59:37.0202 5608 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:59:37.0217 5608 NDIS - ok
23:59:37.0233 5608 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:59:37.0233 5608 NdisCap - ok
23:59:37.0248 5608 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:59:37.0248 5608 NdisTapi - ok
23:59:37.0280 5608 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:59:37.0280 5608 Ndisuio - ok
23:59:37.0311 5608 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:59:37.0311 5608 NdisWan - ok
23:59:37.0326 5608 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:59:37.0342 5608 NDProxy - ok
23:59:37.0342 5608 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:59:37.0342 5608 NetBIOS - ok
23:59:37.0373 5608 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:59:37.0373 5608 NetBT - ok
23:59:37.0404 5608 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:59:37.0420 5608 Netlogon - ok
23:59:37.0451 5608 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:59:37.0467 5608 Netman - ok
23:59:37.0498 5608 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:59:37.0514 5608 netprofm - ok
23:59:37.0576 5608 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:59:37.0576 5608 NetTcpPortSharing - ok
23:59:37.0607 5608 netwg311 - ok
23:59:37.0623 5608 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:59:37.0623 5608 nfrd960 - ok
23:59:37.0654 5608 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:59:37.0670 5608 NlaSvc - ok
23:59:37.0716 5608 nosGetPlusHelper (431ada51e9d032f533548688ce5a2a24) C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll
23:59:37.0716 5608 nosGetPlusHelper - ok
23:59:37.0748 5608 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:59:37.0748 5608 Npfs - ok
23:59:37.0748 5608 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:59:37.0763 5608 nsi - ok
23:59:37.0763 5608 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:59:37.0779 5608 nsiproxy - ok
23:59:37.0857 5608 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:59:37.0872 5608 Ntfs - ok
23:59:37.0966 5608 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:59:37.0966 5608 Null - ok
23:59:37.0997 5608 nusb3hub (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
23:59:37.0997 5608 nusb3hub - ok
23:59:38.0013 5608 nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
23:59:38.0013 5608 nusb3xhc - ok
23:59:38.0044 5608 NVHDA (cddd4478757288df4bb1494bfd084259) C:\Windows\system32\drivers\nvhda64v.sys
23:59:38.0044 5608 NVHDA - ok
23:59:38.0418 5608 nvlddmkm (299dfeb3c471f8c5bc6a8cddf771b56c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:59:38.0465 5608 nvlddmkm - ok
23:59:38.0512 5608 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:59:38.0512 5608 nvraid - ok
23:59:38.0543 5608 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:59:38.0543 5608 nvstor - ok
23:59:38.0574 5608 nvsvc (7820a1888bf907813e8ebf003c1f904a) C:\Windows\system32\nvvsvc.exe
23:59:38.0590 5608 nvsvc - ok
23:59:38.0621 5608 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:59:38.0621 5608 nv_agp - ok
23:59:38.0652 5608 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:59:38.0652 5608 ohci1394 - ok
23:59:38.0684 5608 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:59:38.0699 5608 p2pimsvc - ok
23:59:38.0730 5608 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:59:38.0746 5608 p2psvc - ok
23:59:38.0762 5608 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:59:38.0777 5608 Parport - ok
23:59:38.0793 5608 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
23:59:38.0808 5608 partmgr - ok
23:59:38.0808 5608 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:59:38.0824 5608 PcaSvc - ok
23:59:38.0855 5608 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:59:38.0855 5608 pci - ok
23:59:38.0871 5608 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:59:38.0871 5608 pciide - ok
23:59:38.0886 5608 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:59:38.0902 5608 pcmcia - ok
23:59:38.0902 5608 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:59:38.0918 5608 pcw - ok
23:59:38.0949 5608 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:59:38.0964 5608 PEAUTH - ok
23:59:39.0027 5608 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
23:59:39.0042 5608 PeerDistSvc - ok
23:59:39.0120 5608 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:59:39.0120 5608 PerfHost - ok
23:59:39.0230 5608 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:59:39.0276 5608 pla - ok
23:59:39.0339 5608 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:59:39.0386 5608 PlugPlay - ok
23:59:39.0401 5608 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:59:39.0417 5608 PNRPAutoReg - ok
23:59:39.0432 5608 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:59:39.0432 5608 PNRPsvc - ok
23:59:39.0479 5608 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:59:39.0510 5608 PolicyAgent - ok
23:59:39.0526 5608 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:59:39.0542 5608 Power - ok
23:59:39.0588 5608 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:59:39.0588 5608 PptpMiniport - ok
23:59:39.0604 5608 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:59:39.0604 5608 Processor - ok
23:59:39.0635 5608 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
23:59:39.0635 5608 ProfSvc - ok
23:59:39.0666 5608 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:59:39.0666 5608 ProtectedStorage - ok
23:59:39.0713 5608 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:59:39.0713 5608 Psched - ok
23:59:39.0744 5608 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
23:59:39.0744 5608 PSI - ok
23:59:39.0776 5608 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
23:59:39.0776 5608 PxHlpa64 - ok
23:59:39.0838 5608 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:59:39.0869 5608 ql2300 - ok
23:59:39.0947 5608 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:59:39.0947 5608 ql40xx - ok
23:59:39.0963 5608 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:59:39.0978 5608 QWAVE - ok
23:59:39.0994 5608 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:59:39.0994 5608 QWAVEdrv - ok
23:59:39.0994 5608 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:59:40.0010 5608 RasAcd - ok
23:59:40.0025 5608 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:59:40.0025 5608 RasAgileVpn - ok
23:59:40.0041 5608 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:59:40.0056 5608 RasAuto - ok
23:59:40.0088 5608 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:59:40.0088 5608 Rasl2tp - ok
23:59:40.0134 5608 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:59:40.0150 5608 RasMan - ok
23:59:40.0166 5608 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:59:40.0166 5608 RasPppoe - ok
23:59:40.0181 5608 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:59:40.0181 5608 RasSstp - ok
23:59:40.0212 5608 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:59:40.0212 5608 rdbss - ok
23:59:40.0212 5608 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:59:40.0228 5608 rdpbus - ok
23:59:40.0228 5608 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:59:40.0228 5608 RDPCDD - ok
23:59:40.0259 5608 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
23:59:40.0275 5608 RDPDR - ok
23:59:40.0275 5608 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:59:40.0275 5608 RDPENCDD - ok
23:59:40.0275 5608 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:59:40.0275 5608 RDPREFMP - ok
23:59:40.0322 5608 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
23:59:40.0322 5608 RdpVideoMiniport - ok
23:59:40.0353 5608 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
23:59:40.0368 5608 RDPWD - ok
23:59:40.0400 5608 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:59:40.0400 5608 rdyboost - ok
23:59:40.0431 5608 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:59:40.0446 5608 RemoteAccess - ok
23:59:40.0462 5608 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:59:40.0478 5608 RemoteRegistry - ok
23:59:40.0478 5608 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:59:40.0493 5608 RpcEptMapper - ok
23:59:40.0509 5608 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:59:40.0509 5608 RpcLocator - ok
23:59:40.0556 5608 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:59:40.0571 5608 RpcSs - ok
23:59:40.0587 5608 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:59:40.0587 5608 rspndr - ok
23:59:40.0634 5608 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:59:40.0634 5608 RTL8167 - ok
23:59:40.0649 5608 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
23:59:40.0649 5608 s3cap - ok
23:59:40.0680 5608 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:59:40.0680 5608 SamSs - ok
23:59:40.0712 5608 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:59:40.0712 5608 sbp2port - ok
23:59:40.0883 5608 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
23:59:40.0883 5608 SBSDWSCService - ok
23:59:40.0914 5608 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:59:40.0930 5608 SCardSvr - ok
23:59:40.0977 5608 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:59:40.0977 5608 scfilter - ok
23:59:41.0055 5608 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:59:41.0086 5608 Schedule - ok
23:59:41.0117 5608 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:59:41.0117 5608 SCPolicySvc - ok
23:59:41.0133 5608 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:59:41.0148 5608 SDRSVC - ok
23:59:41.0164 5608 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:59:41.0164 5608 secdrv - ok
23:59:41.0195 5608 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:59:41.0195 5608 seclogon - ok
23:59:41.0320 5608 Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
23:59:41.0320 5608 Secunia PSI Agent - ok
23:59:41.0367 5608 Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) C:\Program Files (x86)\Secunia\PSI\sua.exe
23:59:41.0382 5608 Secunia Update Agent - ok
23:59:41.0460 5608 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
23:59:41.0476 5608 SENS - ok
23:59:41.0492 5608 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:59:41.0492 5608 SensrSvc - ok
23:59:41.0523 5608 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:59:41.0523 5608 Serenum - ok
23:59:41.0538 5608 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:59:41.0538 5608 Serial - ok
23:59:41.0554 5608 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:59:41.0570 5608 sermouse - ok
23:59:41.0601 5608 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:59:41.0616 5608 SessionEnv - ok
23:59:41.0632 5608 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:59:41.0632 5608 sffdisk - ok
23:59:41.0632 5608 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:59:41.0632 5608 sffp_mmc - ok
23:59:41.0648 5608 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:59:41.0648 5608 sffp_sd - ok
23:59:41.0663 5608 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:59:41.0663 5608 sfloppy - ok
23:59:41.0710 5608 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:59:41.0710 5608 SharedAccess - ok
23:59:41.0757 5608 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:59:41.0788 5608 ShellHWDetection - ok
23:59:41.0804 5608 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:59:41.0804 5608 SiSRaid2 - ok
23:59:41.0819 5608 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:59:41.0819 5608 SiSRaid4 - ok
23:59:41.0835 5608 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:59:41.0835 5608 Smb - ok
23:59:41.0850 5608 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:59:41.0866 5608 SNMPTRAP - ok
23:59:41.0866 5608 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:59:41.0866 5608 spldr - ok
23:59:41.0913 5608 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:59:41.0944 5608 Spooler - ok
23:59:42.0084 5608 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:59:42.0100 5608 sppsvc - ok
23:59:42.0147 5608 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:59:42.0147 5608 sppuinotify - ok
23:59:42.0194 5608 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:59:42.0209 5608 srv - ok
23:59:42.0256 5608 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:59:42.0272 5608 srv2 - ok
23:59:42.0287 5608 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:59:42.0287 5608 srvnet - ok
23:59:42.0318 5608 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:59:42.0334 5608 SSDPSRV - ok
23:59:42.0350 5608 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:59:42.0350 5608 SstpSvc - ok
23:59:42.0396 5608 Steam Client Service - ok
23:59:42.0428 5608 Stereo Service (a44c2e235ebc2e0d2bde07b5def2d42c) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
23:59:42.0428 5608 Stereo Service - ok
23:59:42.0443 5608 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:59:42.0443 5608 stexstor - ok
23:59:42.0490 5608 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:59:42.0506 5608 stisvc - ok
23:59:42.0537 5608 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
23:59:42.0537 5608 storflt - ok
23:59:42.0537 5608 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
23:59:42.0552 5608 storvsc - ok
23:59:42.0568 5608 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:59:42.0568 5608 swenum - ok
23:59:42.0615 5608 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
23:59:42.0630 5608 SwitchBoard - ok
23:59:42.0646 5608 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:59:42.0677 5608 swprv - ok
23:59:42.0677 5608 Synth3dVsc - ok
23:59:42.0771 5608 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:59:42.0818 5608 SysMain - ok
23:59:42.0864 5608 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:59:42.0864 5608 TabletInputService - ok
23:59:43.0176 5608 TabletServiceWacom (34d92e8cb04dcaeeae054fede7526282) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
23:59:43.0192 5608 TabletServiceWacom - ok
23:59:43.0254 5608 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:59:43.0270 5608 TapiSrv - ok
23:59:43.0286 5608 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:59:43.0286 5608 TBS - ok
23:59:43.0379 5608 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
23:59:43.0410 5608 Tcpip - ok
23:59:43.0504 5608 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
23:59:43.0520 5608 TCPIP6 - ok
23:59:43.0582 5608 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:59:43.0582 5608 tcpipreg - ok
23:59:43.0598 5608 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:59:43.0613 5608 TDPIPE - ok
23:59:43.0644 5608 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:59:43.0644 5608 TDTCP - ok
23:59:43.0676 5608 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:59:43.0676 5608 tdx - ok
23:59:43.0691 5608 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:59:43.0691 5608 TermDD - ok
23:59:43.0754 5608 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:59:43.0769 5608 TermService - ok
23:59:43.0769 5608 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:59:43.0785 5608 Themes - ok
23:59:43.0800 5608 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:59:43.0816 5608 THREADORDER - ok
23:59:43.0816 5608 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:59:43.0847 5608 TrkWks - ok
23:59:43.0878 5608 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:59:43.0878 5608 TrustedInstaller - ok
23:59:43.0910 5608 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:59:43.0910 5608 tssecsrv - ok
23:59:43.0925 5608 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:59:43.0925 5608 TsUsbFlt - ok
23:59:43.0941 5608 tsusbhub - ok
23:59:43.0972 5608 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:59:43.0988 5608 tunnel - ok
23:59:44.0019 5608 TurboB (f37d49111a12a97de4bb5d8ff444bd2c) C:\Windows\system32\DRIVERS\TurboB.sys
23:59:44.0019 5608 TurboB - ok
23:59:44.0050 5608 TurboBoost (44d81b1bfd2428274bba98316d9606dc) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
23:59:44.0050 5608 TurboBoost - ok
23:59:44.0050 5608 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:59:44.0066 5608 uagp35 - ok
23:59:44.0097 5608 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:59:44.0097 5608 udfs - ok
23:59:44.0128 5608 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:59:44.0128 5608 UI0Detect - ok
23:59:44.0159 5608 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:59:44.0159 5608 uliagpkx - ok
23:59:44.0175 5608 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
23:59:44.0175 5608 umbus - ok
23:59:44.0190 5608 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:59:44.0190 5608 UmPass - ok
23:59:44.0206 5608 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
23:59:44.0222 5608 UmRdpService - ok
23:59:44.0315 5608 UMVPFSrv (927754abf077aeb5504be4e0f2c60c1b) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
23:59:44.0315 5608 UMVPFSrv - ok
23:59:44.0331 5608 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:59:44.0346 5608 upnphost - ok
23:59:44.0378 5608 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
23:59:44.0378 5608 USBAAPL64 - ok
23:59:44.0409 5608 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
23:59:44.0409 5608 usbaudio - ok
23:59:44.0424 5608 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:59:44.0424 5608 usbccgp - ok
23:59:44.0471 5608 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:59:44.0471 5608 usbcir - ok
23:59:44.0502 5608 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
23:59:44.0502 5608 usbehci - ok
23:59:44.0534 5608 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:59:44.0549 5608 usbhub - ok
23:59:44.0565 5608 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
23:59:44.0565 5608 usbohci - ok
23:59:44.0580 5608 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:59:44.0580 5608 usbprint - ok
23:59:44.0596 5608 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:59:44.0612 5608 USBSTOR - ok
23:59:44.0627 5608 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
23:59:44.0643 5608 usbuhci - ok
23:59:44.0674 5608 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
23:59:44.0674 5608 usbvideo - ok
23:59:44.0690 5608 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:59:44.0705 5608 UxSms - ok
23:59:44.0721 5608 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:59:44.0736 5608 VaultSvc - ok
23:59:44.0768 5608 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
23:59:44.0768 5608 VClone - ok
23:59:44.0783 5608 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:59:44.0783 5608 vdrvroot - ok
23:59:44.0830 5608 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:59:44.0846 5608 vds - ok
23:59:44.0861 5608 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:59:44.0861 5608 vga - ok
23:59:44.0877 5608 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:59:44.0877 5608 VgaSave - ok
23:59:44.0877 5608 VGPU - ok
23:59:44.0908 5608 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:59:44.0924 5608 vhdmp - ok
23:59:44.0924 5608 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:59:44.0939 5608 viaide - ok
23:59:44.0955 5608 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
23:59:44.0970 5608 vmbus - ok
23:59:44.0986 5608 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
23:59:44.0986 5608 VMBusHID - ok
23:59:45.0002 5608 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:59:45.0017 5608 volmgr - ok
23:59:45.0064 5608 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:59:45.0064 5608 volmgrx - ok
23:59:45.0111 5608 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:59:45.0111 5608 volsnap - ok
23:59:45.0142 5608 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:59:45.0142 5608 vsmraid - ok
23:59:45.0236 5608 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:59:45.0267 5608 VSS - ok
23:59:45.0345 5608 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
23:59:45.0360 5608 vwifibus - ok
23:59:45.0392 5608 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:59:45.0423 5608 W32Time - ok
23:59:45.0438 5608 wacmoumonitor (fe75777289278a4941fe6139e82b3bd9) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
23:59:45.0438 5608 wacmoumonitor - ok
23:59:45.0485 5608 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
23:59:45.0485 5608 wacommousefilter - ok
23:59:45.0501 5608 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:59:45.0501 5608 WacomPen - ok
23:59:45.0532 5608 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
23:59:45.0532 5608 wacomvhid - ok
23:59:45.0548 5608 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:59:45.0548 5608 WANARP - ok
23:59:45.0563 5608 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:59:45.0563 5608 Wanarpv6 - ok
23:59:45.0641 5608 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:59:45.0657 5608 WatAdminSvc - ok
23:59:45.0735 5608 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:59:45.0766 5608 wbengine - ok
23:59:45.0797 5608 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:59:45.0813 5608 WbioSrvc - ok
23:59:45.0860 5608 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:59:45.0875 5608 wcncsvc - ok
23:59:45.0875 5608 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:59:45.0891 5608 WcsPlugInService - ok
23:59:45.0906 5608 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:59:45.0906 5608 Wd - ok
23:59:45.0953 5608 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:59:45.0969 5608 Wdf01000 - ok
23:59:45.0969 5608 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:59:45.0984 5608 WdiServiceHost - ok
23:59:45.0984 5608 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:59:46.0000 5608 WdiSystemHost - ok
23:59:46.0031 5608 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:59:46.0047 5608 WebClient - ok
23:59:46.0078 5608 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:59:46.0094 5608 Wecsvc - ok
23:59:46.0109 5608 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:59:46.0125 5608 wercplsupport - ok
23:59:46.0140 5608 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:59:46.0156 5608 WerSvc - ok
23:59:46.0156 5608 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:59:46.0172 5608 WfpLwf - ok
23:59:46.0187 5608 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:59:46.0187 5608 WIMMount - ok
23:59:46.0218 5608 WinDefend - ok
23:59:46.0234 5608 WinHttpAutoProxySvc - ok
23:59:46.0281 5608 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:59:46.0281 5608 Winmgmt - ok
23:59:46.0390 5608 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:59:46.0406 5608 WinRM - ok
23:59:46.0468 5608 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:59:46.0484 5608 WinUsb - ok
23:59:46.0530 5608 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:59:46.0562 5608 Wlansvc - ok
23:59:46.0577 5608 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:59:46.0577 5608 WmiAcpi - ok
23:59:46.0608 5608 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:59:46.0608 5608 wmiApSrv - ok
23:59:46.0624 5608 WMPNetworkSvc - ok
23:59:46.0640 5608 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:59:46.0655 5608 WPCSvc - ok
23:59:46.0655 5608 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:59:46.0671 5608 WPDBusEnum - ok
23:59:46.0671 5608 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:59:46.0671 5608 ws2ifsl - ok
23:59:46.0686 5608 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
23:59:46.0702 5608 wscsvc - ok
23:59:46.0702 5608 WSearch - ok
23:59:46.0811 5608 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
23:59:46.0842 5608 wuauserv - ok
23:59:46.0889 5608 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:59:46.0889 5608 WudfPf - ok
23:59:46.0920 5608 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:59:46.0920 5608 WUDFRd - ok
23:59:46.0952 5608 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:59:46.0967 5608 wudfsvc - ok
23:59:46.0983 5608 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:59:46.0983 5608 WwanSvc - ok
23:59:47.0061 5608 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
23:59:47.0076 5608 xnacc - ok
23:59:47.0092 5608 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:59:47.0139 5608 \Device\Harddisk0\DR0 - ok
23:59:47.0154 5608 Boot (0x1200) (678381f4ade2a6048d1d55f9a17d8b3c) \Device\Harddisk0\DR0\Partition0
23:59:47.0154 5608 \Device\Harddisk0\DR0\Partition0 - ok
23:59:47.0154 5608 Boot (0x1200) (92b8d7ec808bda41f65de5233d3cba13) \Device\Harddisk0\DR0\Partition1
23:59:47.0154 5608 \Device\Harddisk0\DR0\Partition1 - ok
23:59:47.0154 5608 ============================================================
23:59:47.0154 5608 Scan finished
23:59:47.0154 5608 ============================================================
23:59:47.0170 5976 Detected object count: 0
23:59:47.0170 5976 Actual detected object count: 0
00:01:25.0440 1148 Deinitialize success








asw log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-04 00:01:27
-----------------------------
00:01:27.265 OS Version: Windows x64 6.1.7601 Service Pack 1
00:01:27.265 Number of processors: 8 586 0x1A05
00:01:27.265 ComputerName: KLOBUCAR-PC UserName: Klobucar
00:01:28.357 Initialize success
00:01:32.001 AVAST engine defs: 12050301
00:01:58.554 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP6T0L0-c
00:01:58.554 Disk 0 Vendor: WDC_WD1002FAEX-00Z3A0 05.01D05 Size: 953869MB BusType: 3
00:01:58.569 Disk 0 MBR read successfully
00:01:58.569 Disk 0 MBR scan
00:01:58.585 Disk 0 Windows 7 default MBR code
00:01:58.585 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
00:01:58.585 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953758 MB offset 206848
00:01:58.601 Disk 0 scanning C:\Windows\system32\drivers
00:02:03.983 Service scanning
00:02:07.305 Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
00:02:14.513 Modules scanning
00:02:14.513 Disk 0 trace - called modules:
00:02:14.528 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
00:02:14.544 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800655c790]
00:02:14.544 3 CLASSPNP.SYS[fffff88001bb543f] -> nt!IofCallDriver -> [0xfffffa8006345520]
00:02:14.560 5 ACPI.sys[fffff88000ed57a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP6T0L0-c[0xfffffa800633f060]
00:02:15.371 AVAST engine scan C:\Windows
00:02:17.586 AVAST engine scan C:\Windows\system32
00:02:31.876 File: C:\Windows\system32\ICAM3NT5.dll **INFECTED** Win64:ZAccess-E [Rtk]
00:02:35.994 File: C:\Windows\system32\lmouflt2.dll **INFECTED** Win64:ZAccess-E [Rtk]
00:02:44.855 File: C:\Windows\system32\nmindexingservice.dll **INFECTED** Win64:ZAccess-E [Rtk]
00:02:46.789 File: C:\Windows\system32\owstimer.dll **INFECTED** Win64:ZAccess-E [Rtk]
00:02:53.762 File: C:\Windows\system32\sisagp.dll **INFECTED** Win64:ZAccess-E [Rtk]
00:02:58.536 File: C:\Windows\system32\UxTuneUp.dll **INFECTED** Win64:ZAccess-E [Rtk]
00:03:38.956 AVAST engine scan C:\Windows\system32\drivers
00:03:48.238 AVAST engine scan C:\Users\Klobucar
00:08:41.289 File: C:\Users\Klobucar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\3fe82d8-2086144f **INFECTED** Win32:Rootkit-gen [Rtk]
00:21:03.429 AVAST engine scan C:\ProgramData
00:23:08.136 Scan finished successfully
00:30:09.430 Disk 0 MBR has been saved successfully to "C:\Users\Klobucar\Desktop\MBR.dat"
00:30:09.430 The log file has been saved successfully to "C:\Users\Klobucar\Desktop\aswMBR.txt"

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:20 AM

Posted 04 May 2012 - 12:43 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
C:\Windows\system32\ICAM3NT5.dll 
C:\Windows\system32\lmouflt2.dll
C:\Windows\system32\nmindexingservice.dll 
C:\Windows\system32\owstimer.dll
C:\Windows\system32\sisagp.dll 
C:\Windows\system32\UxTuneUp.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users