Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor.multi.zAccess.gen Trojan


  • This topic is locked This topic is locked
26 replies to this topic

#1 redtux7777

redtux7777

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 16 May 2012 - 01:01 PM

Attached File  DDS.zip   24.7KB   3 downloadsI have Backdoor.multi.zAccess.gen Trojan Please Help!!

64bit windows 7

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Brianne Gallon at 14:42:55 on 2012-05-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.1659 [GMT -4:00]
.
AV: Norton AntiVirus *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Brianne Gallon\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://www.att.net
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: Hot MP3 Toolbar: {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - C:\Program Files (x86)\Hot_MP3\tbHot_.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
mWinlogon: Userinit=C:\Windows\SysWOW64\Userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {9193fbaf-bdaf-4751-a99a-1f5ef255c35b} - No File
BHO: Hot MP3 Toolbar: {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - C:\Program Files (x86)\Hot_MP3\tbHot_.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Hot MP3 Toolbar: {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - C:\Program Files (x86)\Hot_MP3\tbHot_.dll
TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
TB: {06C7AD57-B655-418D-9AB8-9526A6D2E052} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {167D9323-F7CC-48F5-948A-6F012831A69F} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
uRun: [DownloadManager] "C:\Program Files (x86)\Download Manager\DownloadManager.exe" /as
uRun: [Octoshape Streaming Services] "C:\Users\Brianne Gallon\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [ooVoo.exe] C:\program files (x86)\oovoo\oovoo.exe /minimized
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f
StartupFolder: C:\Users\BRIANN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LIMEWI~1.LNK - C:\Users\Brianne Gallon\Music\LimeWire\LimeWire.exe
StartupFolder: C:\Users\BRIANN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-system: WallpaperStyle = 2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll
LSP: mswsock.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8B020C02-C61D-47BA-A5EE-220AC6E31053} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F3764FCC-547C-481D-8403-10745F7C279E} : DhcpNameServer = 68.87.66.246 68.87.64.242
TCP: Interfaces\{F3764FCC-547C-481D-8403-10745F7C279E}\14E647F6E697 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F3764FCC-547C-481D-8403-10745F7C279E}\2456C6B696E6F5052756D2E4F5936363438323 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{F3764FCC-547C-481D-8403-10745F7C279E}\351637861697D20534D275962756C6563737 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F3764FCC-547C-481D-8403-10745F7C279E}\84F4D454D293642383 : DhcpNameServer = 68.87.64.208 68.87.66.208
TCP: Interfaces\{F3764FCC-547C-481D-8403-10745F7C279E}\C696E6B6379737 : DhcpNameServer = 75.75.76.76 75.75.75.75
AppInit_DLLs:
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
IFEO: image file execution options - svchost.exe
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: MediaBar: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
BHO-X64: MediaBar - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {9193fbaf-bdaf-4751-a99a-1f5ef255c35b} - No File
BHO-X64: BHO Project - No File
BHO-X64: Hot MP3 Toolbar: {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - C:\Program Files (x86)\Hot_MP3\tbHot_.dll
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
BHO-X64: Vuze Remote - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Hot MP3 Toolbar: {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - C:\Program Files (x86)\Hot_MP3\tbHot_.dll
TB-X64: MediaBar: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
TB-X64: {06C7AD57-B655-418D-9AB8-9526A6D2E052} - No File
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {167D9323-F7CC-48F5-948A-6F012831A69F} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
AppInit_DLLs-X64:
IFEO-X64: image file execution options - svchost.exe
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NAVx64\1207010.003\SYMDS64.SYS --> C:\Windows\system32\drivers\NAVx64\1207010.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAVx64\1207010.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\NAVx64\1207010.003\SYMEFA64.SYS [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120107.001\IDSviA64.sys [2012-1-9 488568]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NAVx64\1207010.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\NAVx64\1207010.003\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-11-6 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-10-1 375176]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-1-27 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccsvchst.exe [2012-4-3 130008]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-15 228408]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [2011-11-30 1157240]
S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NAVx64\1207010.003\Ironx64.SYS --> C:\Windows\system32\drivers\NAVx64\1207010.003\Ironx64.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\Windows\system32\DRIVERS\swnc8ua3.sys --> C:\Windows\system32\DRIVERS\swnc8ua3.sys [?]
S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);C:\Windows\system32\DRIVERS\swumxa3.sys --> C:\Windows\system32\DRIVERS\swumxa3.sys [?]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.Sys [2010-7-22 16392]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-05-16 21:25:56 -------- d-----w- C:\FRST
2012-05-16 17:13:29 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-16 17:00:36 -------- d-----we C:\Windows\system64
2012-05-14 06:27:56 -------- d-----w- C:\ProgramData\Geek Squad
2012-05-14 02:15:07 -------- d-----w- C:\Combo-Fix
2012-04-28 19:47:01 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2012-04-28 19:46:22 -------- d-----w- C:\Program Files\Common Files\McAfee
2012-04-28 19:46:21 -------- d-----w- C:\Program Files\McAfee.com
2012-04-28 19:46:21 -------- d-----w- C:\Program Files\McAfee
2012-04-28 19:46:18 -------- d-----w- C:\Program Files (x86)\McAfee
2012-04-26 14:03:03 86016 ---ha-w- C:\ProgramData\fbbfdbcefcebafdct.exe
.
==================== Find3M ====================
.
2012-05-16 17:34:04 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-04-03 14:20:35 2072064 ----a-w- C:\Users\Brianne Gallon\AppData\Roaming\Protector-qgrt.exe
2012-02-29 02:19:47 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 13:18:36 279656 ----a-w- C:\Windows\System32\MpSigStub.exe
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2010-07-22 18:20:16 115331072 ----a-w- C:\Program Files\Samsung New PC Studio.msi
.
============= FINISH: 14:44:27.26 ===============

Edited by redtux7777, 16 May 2012 - 02:08 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:17 AM

Posted 17 May 2012 - 01:57 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 redtux7777

redtux7777
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 17 May 2012 - 08:29 AM

My logs.
P.S.
Thank you for your help.

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:17 AM

Posted 17 May 2012 - 11:56 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 redtux7777

redtux7777
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 17 May 2012 - 12:55 PM

tddskiller found something and told me to reboot.
now the computer is in a reboot loop.
says windows is staring up and then reboots

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:17 AM

Posted 17 May 2012 - 01:06 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 redtux7777

redtux7777
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 17 May 2012 - 01:34 PM

Scan result of Farbar Recovery Scan Tool Version: 16-05-2012
Ran by SYSTEM at 17-05-2012 14:24:35
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [610872 2009-07-21] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2009-08-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2010-01-27] (LogMeIn, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [320056 2009-06-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [581480 2009-05-12] (Symantec Corporation)
HKLM-x32\...\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [296056 2012-02-24] (RealNetworks, Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKU\Brianne Gallon\...\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden [1025320 2009-04-23] (SupportSoft, Inc.)
HKU\Brianne Gallon\...\Run: [DownloadManager] "C:\Program Files (x86)\Download Manager\DownloadManager.exe" /as [x]
HKU\Brianne Gallon\...\Run: [Octoshape Streaming Services] "C:\Users\Brianne Gallon\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun [107800 2011-03-24] (Octoshape ApS)
HKU\Brianne Gallon\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Brianne Gallon\...\Run: [ooVoo.exe] C:\program files (x86)\oovoo\oovoo.exe /minimized [x]
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default\...\Policies\system: [WallpaperStyle] 2
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default User\...\Policies\system: [WallpaperStyle] 2
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
SubSystems: [Windows] ATTENTION! ====> ZeroAccess

==================== Services (Whitelisted) ======

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [206072 2010-10-12] (WildTangent, Inc.)
2 hpsrv; C:\Windows\System32\Hpservice.exe [30520 2009-07-08] (Hewlett-Packard)
2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375176 2012-02-08] (LogMeIn, Inc.)
2 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147336 2012-02-08] (LogMeIn, Inc.)
2 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2010-11-08] (LogMeIn, Inc.)
2 NAV; "C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe" /s "NAV" /m "C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-01-21] ()
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
2 VideoAcceleratorService; C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe -start -scm [265928 2012-02-24] (SpeedBit Ltd.)
2 RoxLiveShare9; "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [x]

========================== Drivers (Whitelisted) =============

3 Accelerometer; C:\Windows\System32\Drivers\Accelerometer.sys [41272 2009-07-08] (Hewlett-Packard)
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [1157240 2011-11-30] (Symantec Corporation)
3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [19968 2010-11-20] (Microsoft Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2011-11-09] (Symantec Corporation)
3 enecir; C:\Windows\System32\Drivers\enecir.sys [70656 2009-06-29] (ENE TECHNOLOGY INC.)
0 hpdskflt; C:\Windows\System32\Drivers\hpdskflt.sys [30008 2009-07-08] (Hewlett-Packard)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120107.001\IDSvia64.sys [488568 2011-08-22] (Symantec Corporation)
3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [6108416 2009-06-10] (Intel Corporation)
2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2010-01-27] (LogMeIn, Inc.)
3 lmimirr; C:\Windows\System32\Drivers\lmimirr.sys [11552 2010-01-27] (LogMeIn, Inc.)
2 LMIRfsDriver; C:\Windows\System32\Drivers\LMIRfsDriver.sys [72216 2010-01-27] (LogMeIn, Inc.)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120109.019\ENG64.SYS [117880 2011-08-04] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120109.019\EX64.SYS [2048632 2011-08-04] (Symantec Corporation)
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [216576 2009-06-24] (Realtek Semiconductor Corp.)
3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1207010.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\drivers\NAVx64\1207010.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
3 SWNC8UA3; C:\Windows\System32\Drivers\SWNC8UA3.sys [227840 2009-03-31] (Sierra Wireless Inc.)
3 SWUMXA3; C:\Windows\System32\Drivers\SWUMXA3.sys [198528 2009-05-04] (Sierra Wireless Inc.)
0 SymDS; C:\Windows\System32\drivers\NAVx64\1207010.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NAVx64\1207010.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-10] (Symantec Corporation)
1 SymIRON; C:\Windows\System32\drivers\NAVx64\1207010.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1207010.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
4 LMIRfsClientNP; [x]
3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 swmsflt; C:\Windows\System32\DRIVERS\swmsflt.sys [x]
3 SYMFW; C:\Windows\System32\Drivers\NAVx64\1008000.029\SYMFW.SYS [x]
3 SYMNDISV; C:\Windows\System32\Drivers\NAVx64\1008000.029\SYMNDISV.SYS [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: z800bus

============ One Month Created Files and Folders ==============

2012-05-17 09:50 - 2012-05-17 09:52 - 0139160 ____A C:\TDSSKiller.2.7.35.0_17.05.2012_13.50.40_log.txt
2012-05-17 09:50 - 2012-05-17 09:48 - 4731392 ____A (AVAST Software) C:\Users\Brianne Gallon\Desktop\aswMBR.exe
2012-05-17 09:50 - 2012-05-17 09:47 - 2126424 ____A (Kaspersky Lab ZAO) C:\Users\Brianne Gallon\Desktop\tdsskiller.exe
2012-05-17 05:26 - 2012-05-17 05:26 - 0021747 ____A C:\ComboFix.txt
2012-05-17 05:20 - 2012-05-17 05:20 - 0000000 ____D C:\$RECYCLE.BIN
2012-05-17 05:17 - 2012-05-17 05:19 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-05-17 05:08 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-05-17 05:08 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-05-17 05:08 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-05-17 05:08 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-05-17 05:08 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-05-17 05:08 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-05-17 05:08 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-05-17 05:07 - 2012-05-17 05:26 - 0000000 ____D C:\ComboFix
2012-05-17 05:07 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-05-17 04:59 - 2012-05-17 04:59 - 0000000 ____D C:\Users\Brianne Gallon\Desktop\helpdesk!bleeping
2012-05-17 04:59 - 2012-05-17 04:53 - 4496811 ____R (Swearware) C:\Users\Brianne Gallon\Desktop\ComboFix.exe
2012-05-17 04:59 - 2012-05-17 04:51 - 0879714 ____A C:\Users\Brianne Gallon\Desktop\SecurityCheck.exe
2012-05-16 13:25 - 2012-05-17 14:24 - 0000000 ____D C:\FRST
2012-05-16 10:51 - 2012-05-16 10:51 - 0025297 ____A C:\Users\Brianne Gallon\Desktop\DDS2.txt
2012-05-16 10:50 - 2012-05-16 10:50 - 0025297 ____A C:\Users\Brianne Gallon\Documents\DDS.zip
2012-05-16 10:50 - 2012-05-16 10:50 - 0025297 ____A C:\Users\Brianne Gallon\Desktop\DDS.zip
2012-05-16 10:42 - 2012-05-16 10:42 - 0000490 ____A C:\Users\Brianne Gallon\Desktop\defogger_disable.log
2012-05-16 10:42 - 2012-05-16 10:42 - 0000000 ____A C:\Users\Brianne Gallon\defogger_reenable
2012-05-16 10:42 - 2012-05-16 10:36 - 0607260 ____R (Swearware) C:\Users\Brianne Gallon\Desktop\dds.scr
2012-05-16 10:42 - 2012-05-16 10:30 - 0050477 ____A C:\Users\Brianne Gallon\Desktop\Defogger.exe
2012-05-16 09:16 - 2012-05-16 09:18 - 0134278 ____A C:\TDSSKiller.2.7.29.0_16.05.2012_13.16.08_log.txt
2012-05-16 09:13 - 2012-05-17 09:52 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-05-16 09:08 - 2012-05-16 09:13 - 0137138 ____A C:\TDSSKiller.2.7.29.0_16.05.2012_13.08.33_log.txt
2012-05-16 09:08 - 2012-04-19 06:02 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Brianne Gallon\Desktop\mbam-setup-1.61.0.1400.exe
2012-05-16 09:08 - 2012-04-19 05:58 - 2072112 ____A (Kaspersky Lab ZAO) C:\Users\Brianne Gallon\Desktop\sid.exe
2012-05-16 09:06 - 2012-05-16 09:08 - 0162120 ____A C:\Windows\ntbtlog.txt
2012-05-15 16:00 - 2012-05-15 16:00 - 0000348 ____A C:\TDSSKiller.2.7.29.0_15.05.2012_20.00.05_log.txt
2012-05-15 15:40 - 2012-05-15 15:40 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-05-15 15:40 - 2012-05-15 15:40 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-05-15 15:40 - 2012-05-15 15:40 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-05-15 15:40 - 2012-05-15 15:40 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-05-15 15:40 - 2012-05-15 15:40 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-05-15 15:40 - 2012-05-15 15:40 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-05-15 15:40 - 2012-05-15 15:40 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-05-15 15:40 - 2012-05-15 15:40 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-05-15 15:40 - 2012-05-15 15:40 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-05-15 15:40 - 2012-05-15 15:40 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-05-15 15:22 - 2012-05-16 12:57 - 0000000 ____D C:\Users\Brianne Gallon\Desktop\RKILLs
2012-05-13 22:27 - 2012-05-13 22:27 - 0000000 ____D C:\Users\All Users\Geek Squad
2012-05-13 22:27 - 2012-05-13 22:27 - 0000000 ____D C:\ProgramData\Geek Squad
2012-05-13 18:15 - 2012-05-15 16:49 - 0000000 ____D C:\Combo-Fix
2012-05-13 17:15 - 2012-05-17 05:25 - 0000000 ____D C:\Windows\ERDNT
2012-05-13 17:13 - 2012-05-17 05:26 - 0000000 ____D C:\Qoobox
2012-05-13 17:10 - 2012-05-15 15:23 - 0000361 ____A C:\rkill.log
2012-04-28 11:46 - 2012-05-13 21:00 - 0000000 ____D C:\Program Files\McAfee
2012-04-28 11:46 - 2012-05-13 21:00 - 0000000 ____D C:\Program Files\Common Files\McAfee
2012-04-28 11:46 - 2012-05-13 21:00 - 0000000 ____D C:\Program Files (x86)\McAfee
2012-04-28 11:46 - 2012-04-28 11:46 - 0000000 ____D C:\Program Files\McAfee.com
2012-04-28 11:36 - 2012-04-28 14:49 - 0000000 ____D C:\Users\All Users\McAfee
2012-04-28 11:36 - 2012-04-28 14:49 - 0000000 ____D C:\ProgramData\McAfee
2012-04-26 14:53 - 2012-04-26 14:53 - 0016880 ___AH C:\Users\Brianne Gallon\Documents\Jeremy Gallo1.docx
2012-04-26 06:13 - 2012-04-26 06:13 - 0000000 ___AH C:\Users\All Users\-ujs1iGMMVpETBb
2012-04-26 06:13 - 2012-04-26 06:13 - 0000000 ___AH C:\ProgramData\-ujs1iGMMVpETBb
2012-04-20 06:22 - 2012-04-23 13:27 - 0028214 ___AH C:\Users\Brianne Gallon\Desktop\To come where I come from.docx
2012-04-20 05:02 - 2012-04-20 05:02 - 0010709 ___AH C:\Users\Brianne Gallon\Desktop\This article speaks upon people growing up in rough areas such as myself.docx

============ 3 Months Modified Files and Folders =============

2012-05-17 14:24 - 2012-05-16 13:25 - 0000000 ____D C:\FRST
2012-05-17 09:54 - 2009-11-06 00:20 - 3016904704 __ASH C:\hiberfil.sys
2012-05-17 09:52 - 2012-05-17 09:50 - 0139160 ____A C:\TDSSKiller.2.7.35.0_17.05.2012_13.50.40_log.txt
2012-05-17 09:52 - 2012-05-16 09:13 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-05-17 09:52 - 2009-11-06 00:24 - 1282035 ____A C:\Windows\WindowsUpdate.log
2012-05-17 09:50 - 2009-07-13 20:51 - 0590318 ____A C:\Windows\setupact.log
2012-05-17 09:50 - 2009-07-13 18:34 - 0000438 ____A C:\Windows\win.ini
2012-05-17 09:48 - 2012-05-17 09:50 - 4731392 ____A (AVAST Software) C:\Users\Brianne Gallon\Desktop\aswMBR.exe
2012-05-17 09:47 - 2012-05-17 09:50 - 2126424 ____A (Kaspersky Lab ZAO) C:\Users\Brianne Gallon\Desktop\tdsskiller.exe
2012-05-17 05:30 - 2009-07-13 20:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-17 05:30 - 2009-07-13 20:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-17 05:26 - 2012-05-17 05:26 - 0021747 ____A C:\ComboFix.txt
2012-05-17 05:26 - 2012-05-17 05:07 - 0000000 ____D C:\ComboFix
2012-05-17 05:26 - 2012-05-13 17:13 - 0000000 ____D C:\Qoobox
2012-05-17 05:25 - 2012-05-13 17:15 - 0000000 ____D C:\Windows\ERDNT
2012-05-17 05:25 - 2009-07-13 21:13 - 0756228 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-17 05:20 - 2012-05-17 05:20 - 0000000 ____D C:\$RECYCLE.BIN
2012-05-17 05:20 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-05-17 05:19 - 2012-05-17 05:17 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-05-17 05:18 - 2010-08-19 14:59 - 0000374 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-05-17 05:18 - 2009-11-06 00:50 - 0244012 ____A C:\Windows\PFRO.log
2012-05-17 05:18 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-17 04:59 - 2012-05-17 04:59 - 0000000 ____D C:\Users\Brianne Gallon\Desktop\helpdesk!bleeping
2012-05-17 04:53 - 2012-05-17 04:59 - 4496811 ____R (Swearware) C:\Users\Brianne Gallon\Desktop\ComboFix.exe
2012-05-17 04:51 - 2012-05-17 04:59 - 0879714 ____A C:\Users\Brianne Gallon\Desktop\SecurityCheck.exe
2012-05-16 20:00 - 2010-09-16 07:50 - 0000000 ___HD C:\Users\All Users\LogMeIn
2012-05-16 20:00 - 2010-09-16 07:50 - 0000000 ___HD C:\ProgramData\LogMeIn
2012-05-16 12:58 - 2011-12-07 16:23 - 0000000 ____D C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)
2012-05-16 12:58 - 2010-08-25 11:57 - 0000000 ____D C:\Users\HP\Digital Imaging
2012-05-16 12:58 - 2009-11-30 18:36 - 0000000 ____D C:\Users\All Users\Real
2012-05-16 12:58 - 2009-11-30 18:36 - 0000000 ____D C:\ProgramData\Real
2012-05-16 12:58 - 2009-11-30 18:13 - 0000000 ____D C:\Windows\System32\Drivers\NAVx64
2012-05-16 12:58 - 2009-11-30 18:13 - 0000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-05-16 12:58 - 2009-11-30 18:13 - 0000000 ____D C:\Program Files (x86)\Norton AntiVirus
2012-05-16 12:58 - 2009-11-30 18:06 - 0000000 ____D C:\Program Files (x86)\NortonInstaller
2012-05-16 12:58 - 2009-11-06 00:33 - 0000000 ____D C:\Windows\Hewlett-Packard
2012-05-16 12:58 - 2009-08-14 21:40 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
2012-05-16 12:58 - 2009-08-14 21:05 - 0000000 ____D C:\Users\All Users\Norton
2012-05-16 12:58 - 2009-08-14 21:05 - 0000000 ____D C:\ProgramData\Norton
2012-05-16 12:58 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\restore
2012-05-16 12:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-05-16 12:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-05-16 12:57 - 2012-05-15 15:22 - 0000000 ____D C:\Users\Brianne Gallon\Desktop\RKILLs
2012-05-16 12:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-05-16 12:52 - 2010-08-25 11:57 - 0000000 ____D C:\users\HP
2012-05-16 12:52 - 2009-07-16 15:15 - 0000000 ____D C:\SYSTEM.SAV
2012-05-16 12:52 - 2009-07-16 15:15 - 0000000 ____D C:\SwSetup
2012-05-16 12:52 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-05-16 12:52 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-05-16 12:51 - 2010-08-25 09:30 - 0000000 ____D C:\_Memeo
2012-05-16 12:51 - 2009-08-14 21:33 - 0000000 ____D C:\HP
2012-05-16 10:51 - 2012-05-16 10:51 - 0025297 ____A C:\Users\Brianne Gallon\Desktop\DDS2.txt
2012-05-16 10:50 - 2012-05-16 10:50 - 0025297 ____A C:\Users\Brianne Gallon\Documents\DDS.zip
2012-05-16 10:50 - 2012-05-16 10:50 - 0025297 ____A C:\Users\Brianne Gallon\Desktop\DDS.zip
2012-05-16 10:42 - 2012-05-16 10:42 - 0000490 ____A C:\Users\Brianne Gallon\Desktop\defogger_disable.log
2012-05-16 10:42 - 2012-05-16 10:42 - 0000000 ____A C:\Users\Brianne Gallon\defogger_reenable
2012-05-16 10:42 - 2009-11-30 20:45 - 0000000 ____D C:\users\Brianne Gallon
2012-05-16 10:36 - 2012-05-16 10:42 - 0607260 ____R (Swearware) C:\Users\Brianne Gallon\Desktop\dds.scr
2012-05-16 10:30 - 2012-05-16 10:42 - 0050477 ____A C:\Users\Brianne Gallon\Desktop\Defogger.exe
2012-05-16 09:34 - 2012-04-11 12:17 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-05-16 09:34 - 2009-11-30 17:53 - 0000187 ____A C:\Users\All Users\HPWALog.txt
2012-05-16 09:34 - 2009-11-30 17:53 - 0000187 ____A C:\ProgramData\HPWALog.txt
2012-05-16 09:18 - 2012-05-16 09:16 - 0134278 ____A C:\TDSSKiller.2.7.29.0_16.05.2012_13.16.08_log.txt
2012-05-16 09:13 - 2012-05-16 09:08 - 0137138 ____A C:\TDSSKiller.2.7.29.0_16.05.2012_13.08.33_log.txt
2012-05-16 09:08 - 2012-05-16 09:06 - 0162120 ____A C:\Windows\ntbtlog.txt
2012-05-16 09:00 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\System32\config\TxR
2012-05-15 16:49 - 2012-05-13 18:15 - 0000000 ____D C:\Combo-Fix
2012-05-15 16:00 - 2012-05-15 16:00 - 0000348 ____A C:\TDSSKiller.2.7.29.0_15.05.2012_20.00.05_log.txt
2012-05-15 15:54 - 2012-02-12 16:27 - 0000000 ___HD C:\users\jstauffer
2012-05-15 15:54 - 2009-11-30 20:36 - 0000000 ___HD C:\users\Administrator
2012-05-15 15:40 - 2012-05-15 15:40 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-05-15 15:40 - 2012-05-15 15:40 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-05-15 15:40 - 2012-05-15 15:40 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-05-15 15:40 - 2012-05-15 15:40 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-05-15 15:40 - 2012-05-15 15:40 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-05-15 15:40 - 2012-05-15 15:40 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-05-15 15:40 - 2012-05-15 15:40 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-05-15 15:40 - 2012-05-15 15:40 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-05-15 15:40 - 2012-05-15 15:40 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-05-15 15:40 - 2012-05-15 15:40 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-05-15 15:40 - 2009-07-13 18:34 - 78381056 ____A C:\Windows\System32\config\software.bak
2012-05-15 15:40 - 2009-07-13 18:34 - 22282240 ____A C:\Windows\System32\config\system.bak
2012-05-15 15:40 - 2009-07-13 18:34 - 0524288 ____A C:\Windows\System32\config\default.bak
2012-05-15 15:40 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\security.bak
2012-05-15 15:40 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\sam.bak
2012-05-15 15:23 - 2012-05-13 17:10 - 0000361 ____A C:\rkill.log
2012-05-13 22:27 - 2012-05-13 22:27 - 0000000 ____D C:\Users\All Users\Geek Squad
2012-05-13 22:27 - 2012-05-13 22:27 - 0000000 ____D C:\ProgramData\Geek Squad
2012-05-13 21:00 - 2012-04-28 11:46 - 0000000 ____D C:\Program Files\McAfee
2012-05-13 21:00 - 2012-04-28 11:46 - 0000000 ____D C:\Program Files\Common Files\McAfee
2012-05-13 21:00 - 2012-04-28 11:46 - 0000000 ____D C:\Program Files (x86)\McAfee
2012-04-28 18:49 - 2010-09-21 13:30 - 0000000 ____D C:\MAGICDVDCOPY_TEMP
2012-04-28 14:49 - 2012-04-28 11:36 - 0000000 ____D C:\Users\All Users\McAfee
2012-04-28 14:49 - 2012-04-28 11:36 - 0000000 ____D C:\ProgramData\McAfee
2012-04-28 13:46 - 2012-04-02 16:33 - 0000022 ___AH C:\Users\Brianne Gallon\Downloads\setup (1).zip
2012-04-28 13:46 - 2012-04-02 16:32 - 0000022 ___AH C:\Users\Brianne Gallon\Downloads\setup.zip
2012-04-28 13:45 - 2012-04-02 16:35 - 0000022 ___AH C:\Users\Brianne Gallon\Desktop\setup.zip
2012-04-28 11:46 - 2012-04-28 11:46 - 0000000 ____D C:\Program Files\McAfee.com
2012-04-27 05:17 - 2009-12-18 08:41 - 0000000 ___HD C:\Users\Brianne Gallon\AppData\Local\ElevatedDiagnostics
2012-04-27 05:06 - 2012-04-16 07:37 - 0018981 ___AH C:\Users\Brianne Gallon\Desktop\Jeremy Gallo1.docx
2012-04-26 17:31 - 2010-01-13 09:02 - 0000000 ____D C:\Windows\Minidump
2012-04-26 17:12 - 2012-02-24 16:12 - 0000000 ____D C:\Program Files (x86)\SpeedBit Video Accelerator
2012-04-26 17:12 - 2011-10-31 16:56 - 0000000 ____D C:\Program Files\Bonjour
2012-04-26 17:12 - 2009-11-06 00:30 - 0000000 ____D C:\Program Files\LSI SoftModem
2012-04-26 17:06 - 2010-07-22 10:48 - 0000000 ____D C:\Windows\SysWOW64\Samsung_USB_Drivers
2012-04-26 17:06 - 2009-12-10 12:24 - 0000000 ____D C:\Windows\SysWOW64\spool
2012-04-26 17:06 - 2009-08-14 21:28 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-04-26 17:06 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-04-26 17:06 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-04-26 17:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\TAPI
2012-04-26 17:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Recovery
2012-04-26 17:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Msdtc
2012-04-26 17:05 - 2011-11-30 05:12 - 0000000 ____D C:\Windows\System32\SPReview
2012-04-26 17:05 - 2011-11-30 05:11 - 0000000 ____D C:\Windows\System32\EventProviders
2012-04-26 17:05 - 2011-07-07 11:35 - 0000000 ____D C:\Windows\SysWOW64\Adobe
2012-04-26 17:05 - 2009-11-30 18:24 - 0000000 ____D C:\Windows\SHELLNEW
2012-04-26 17:05 - 2009-11-06 00:33 - 0000000 ____D C:\Windows\System32\SRSLabs
2012-04-26 17:05 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\Setup
2012-04-26 17:05 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-04-26 17:05 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\security
2012-04-26 17:04 - 2010-08-25 12:13 - 0000000 ____D C:\Users\HP\HP Software Update
2012-04-26 17:04 - 2010-08-25 12:13 - 0000000 ____D C:\Users\HP\HP MediaSmart Demo
2012-04-26 17:04 - 2010-08-25 11:57 - 0000000 ____D C:\Users\HP\Common
2012-04-26 17:04 - 2010-08-25 11:57 - 0000000 ____D C:\Users\HP\Bin
2012-04-26 17:04 - 2009-08-14 22:41 - 0000000 ____D C:\Windows\Downloaded Installations
2012-04-26 17:04 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Help
2012-04-26 17:03 - 2012-02-28 18:21 - 0000000 ____D C:\Users\Brianne Gallon\AppData\Roaming\Octoshape
2012-04-26 17:03 - 2011-10-08 07:17 - 0000000 ____D C:\Users\Brianne Gallon\Documents\Drive Green
2012-04-26 17:03 - 2011-08-08 17:32 - 0000000 ____D C:\Users\Brianne Gallon\AppData\Roaming\AlderGames
2012-04-26 17:03 - 2011-01-05 13:47 - 0000000 ____D C:\Users\Brianne Gallon\AppData\Roaming\Azureus
2012-04-26 17:03 - 2010-11-12 05:26 - 0000000 ____D C:\Users\Brianne Gallon\AppData\Roaming\EasyMP3Downloader
2012-04-26 17:03 - 2010-08-13 21:24 - 0000000 ____D C:\Users\Brianne Gallon\AppData\Roaming\Blackberry Desktop
2012-04-26 17:03 - 2010-04-13 07:41 - 0000000 ____D C:\Users\Brianne Gallon\Documents\VodBurner
2012-04-26 17:03 - 2010-02-10 15:16 - 0000000 ____D C:\Users\Brianne Gallon\AppData\Roaming\Facebook
2012-04-26 17:03 - 2009-12-30 05:56 - 0000000 ____D C:\Users\Brianne Gallon\Documents\Webcam
2012-04-26 17:03 - 2009-11-30 19:04 - 0000000 ____D C:\Users\Brianne Gallon\AppData\Roaming\InstallShield
2012-04-26 17:02 - 2012-02-21 16:08 - 0000000 __HDC C:\Users\All Users\~0
2012-04-26 17:02 - 2012-02-21 16:08 - 0000000 __HDC C:\ProgramData\~0
2012-04-26 17:02 - 2011-12-03 09:58 - 0000000 ____D C:\Users\Brianne Gallon\.swt
2012-04-26 17:02 - 2011-09-05 12:53 - 0000000 ____D C:\Users\Brianne Gallon\.roescache
2012-04-26 17:02 - 2011-09-05 12:53 - 0000000 ____D C:\Users\Brianne Gallon\.DiscountPhotoProducts
2012-04-26 17:02 - 2011-01-05 13:33 - 0000000 ____D C:\Users\Brianne Gallon\AppData\Local\Conduit
2012-04-26 17:02 - 2010-09-16 07:41 - 0000000 ____D C:\Users\Brianne Gallon\AppData\Local\Apps\2.0
2012-04-26 17:02 - 2010-07-22 10:41 - 0000000 ____D C:\Users\Brianne Gallon\AppData\Local\Downloaded Installations
2012-04-26 17:02 - 2010-04-13 06:52 - 0000000 ____D C:\Users\All Users\Skype
2012-04-26 17:02 - 2010-04-13 06:52 - 0000000 ____D C:\ProgramData\Skype
2012-04-26 17:02 - 2010-03-16 21:46 - 0000000 ____D C:\Users\All Users\{657095DF-DBDB-4B17-8245-B38845C97069}
2012-04-26 17:02 - 2010-03-16 21:46 - 0000000 ____D C:\ProgramData\{657095DF-DBDB-4B17-8245-B38845C97069}
2012-04-26 17:02 - 2010-03-09 10:01 - 0000000 ____D C:\Users\All Users\NOS
2012-04-26 17:02 - 2010-03-09 10:01 - 0000000 ____D C:\ProgramData\NOS
2012-04-26 17:02 - 2009-12-02 10:44 - 0000000 ____D C:\Users\All Users\{B0689242-B0A0-4F2C-83E0-F3E560357B90}
2012-04-26 17:02 - 2009-12-02 10:44 - 0000000 ____D C:\ProgramData\{B0689242-B0A0-4F2C-83E0-F3E560357B90}
2012-04-26 17:02 - 2009-11-30 17:52 - 0000000 ____D C:\Users\Brianne Gallon\AppData\Local\Hewlett-Packard
2012-04-26 17:02 - 2009-08-14 21:51 - 0000000 ____D C:\Users\All Users\Symantec
2012-04-26 17:02 - 2009-08-14 21:51 - 0000000 ____D C:\ProgramData\Symantec
2012-04-26 17:02 - 2009-08-14 21:31 - 0000000 ____D C:\Users\All Users\WildTangent
2012-04-26 17:02 - 2009-08-14 21:31 - 0000000 ____D C:\ProgramData\WildTangent
2012-04-26 17:01 - 2012-04-09 15:52 - 0000000 ____D C:\Program Files\iTunes
2012-04-26 17:01 - 2012-02-23 08:18 - 0000000 ____D C:\Users\All Users\2ef7b2
2012-04-26 17:01 - 2012-02-23 08:18 - 0000000 ____D C:\ProgramData\2ef7b2
2012-04-26 17:01 - 2011-07-07 11:35 - 0000000 ____D C:\Users\All Users\Google
2012-04-26 17:01 - 2011-07-07 11:35 - 0000000 ____D C:\ProgramData\Google
2012-04-26 17:01 - 2011-03-26 16:24 - 0000000 ____D C:\Program Files (x86)\Xvid
2012-04-26 17:01 - 2011-01-18 16:08 - 0000000 ____D C:\Program Files (x86)\WePrint
2012-04-26 17:01 - 2011-01-12 07:10 - 0000000 ____D C:\Program Files (x86)\WildTangent Games
2012-04-26 17:01 - 2011-01-05 13:33 - 0000000 ____D C:\Program Files (x86)\Vuze_Remote
2012-04-26 17:01 - 2011-01-05 13:33 - 0000000 ____D C:\Program Files (x86)\Vuze
2012-04-26 17:01 - 2010-10-27 06:37 - 0000000 ____D C:\Program Files\Windows Live
2012-04-26 17:01 - 2010-06-23 07:00 - 0000000 ____D C:\Program Files (x86)\support.com
2012-04-26 17:01 - 2010-05-12 13:37 - 0000000 ____D C:\Users\All Users\HP Product Assistant
2012-04-26 17:01 - 2010-05-12 13:37 - 0000000 ____D C:\ProgramData\HP Product Assistant
2012-04-26 17:01 - 2010-04-14 16:17 - 0000000 ____D C:\Program Files (x86)\Supertintin for Skype
2012-04-26 17:01 - 2010-04-13 07:41 - 0000000 ____D C:\Program Files (x86)\VodBurner
2012-04-26 17:01 - 2009-11-30 19:32 - 0000000 ____D C:\Users\All Users\HP
2012-04-26 17:01 - 2009-11-30 19:32 - 0000000 ____D C:\ProgramData\HP
2012-04-26 17:01 - 2009-11-30 19:04 - 0000000 ____D C:\Program Files\Roxio
2012-04-26 17:01 - 2009-11-30 18:34 - 0000000 ____D C:\Users\All Users\Apple Computer
2012-04-26 17:01 - 2009-11-30 18:34 - 0000000 ____D C:\ProgramData\Apple Computer
2012-04-26 17:01 - 2009-11-30 18:32 - 0000000 ____D C:\Users\All Users\Apple
2012-04-26 17:01 - 2009-11-30 18:32 - 0000000 ____D C:\ProgramData\Apple
2012-04-26 17:01 - 2009-11-30 18:32 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-04-26 17:01 - 2009-11-30 18:23 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-04-26 17:01 - 2009-11-30 18:23 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-04-26 17:01 - 2009-11-06 00:32 - 0000000 ____D C:\Program Files\IDT
2012-04-26 17:01 - 2009-11-06 00:30 - 0000000 ____D C:\Program Files\DIFX
2012-04-26 17:01 - 2009-11-06 00:29 - 0000000 ____D C:\Program Files\Synaptics
2012-04-26 17:01 - 2009-08-14 22:24 - 0000000 ____D C:\Users\All Users\CyberLink
2012-04-26 17:01 - 2009-08-14 22:24 - 0000000 ____D C:\ProgramData\CyberLink
2012-04-26 17:01 - 2009-08-14 20:53 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-04-26 17:01 - 2009-08-14 20:51 - 0000000 ____D C:\Users\All Users\Hewlett-Packard
2012-04-26 17:01 - 2009-08-14 20:51 - 0000000 ____D C:\ProgramData\Hewlett-Packard
2012-04-26 17:01 - 2009-08-14 20:49 - 0000000 ____D C:\Program Files\Hewlett-Packard
2012-04-26 17:01 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Microsoft Games
2012-04-26 17:01 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-04-26 17:00 - 2012-04-09 15:52 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-04-26 17:00 - 2011-10-31 17:05 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-04-26 17:00 - 2010-09-16 07:49 - 0000000 ____D C:\Program Files (x86)\LogMeIn
2012-04-26 17:00 - 2010-07-22 10:43 - 0000000 ____D C:\Program Files (x86)\MarkAny
2012-04-26 17:00 - 2010-05-26 15:32 - 0000000 ____D C:\Program Files (x86)\MFInstall
2012-04-26 17:00 - 2010-01-15 07:31 - 0000000 ____D C:\Program Files (x86)\MagicDVDRipper
2012-04-26 17:00 - 2009-11-30 20:42 - 0000000 ____D C:\Program Files (x86)\Real
2012-04-26 17:00 - 2009-08-14 23:15 - 0000000 ____D C:\Program Files (x86)\NetZeroPreloader
2012-04-26 17:00 - 2009-08-14 23:14 - 0000000 ____D C:\Program Files (x86)\JunoPreloader
2012-04-26 17:00 - 2009-08-14 23:03 - 0000000 ____D C:\Program Files (x86)\MSN
2012-04-26 17:00 - 2009-08-14 22:41 - 0000000 ____D C:\Program Files (x86)\HP
2012-04-26 17:00 - 2009-08-14 21:40 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-04-26 17:00 - 2009-08-14 21:31 - 0000000 ___RD C:\Program Files (x86)\Online Services
2012-04-26 17:00 - 2009-08-14 21:31 - 0000000 ____D C:\Program Files (x86)\HP Games
2012-04-26 17:00 - 2009-08-14 20:54 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-04-26 17:00 - 2009-08-14 20:51 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-04-26 17:00 - 2009-08-14 20:49 - 0000000 ____D C:\Program Files (x86)\Hewlett-Packard
2012-04-26 16:59 - 2010-08-25 20:21 - 0000000 ____D C:\Program Files (x86)\Granny
2012-04-26 16:59 - 2009-08-14 22:24 - 0000000 ____D C:\Program Files (x86)\CyberLink
2012-04-26 16:58 - 2011-10-31 16:56 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-04-26 16:58 - 2011-10-31 16:50 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-04-26 16:58 - 2010-11-17 11:30 - 0000000 ____D C:\Program Files (x86)\Blubster
2012-04-26 16:58 - 2010-11-17 10:40 - 0000000 ____D C:\Program Files (x86)\BearShare Applications
2012-04-26 16:58 - 2010-11-12 05:25 - 0000000 ____D C:\Program Files (x86)\Conduit
2012-04-26 16:58 - 2010-08-31 12:18 - 0000000 ____D C:\e36cac14c819cb6534e6ebaf
2012-04-26 16:58 - 2010-05-17 18:14 - 0000000 ____D C:\Program Files (x86)\AT&T
2012-04-26 16:58 - 2009-12-07 18:08 - 0000000 ____D C:\Program Files (x86)\AIM
2012-04-26 16:58 - 2009-11-06 00:31 - 0000000 ____D C:\Program Files (x86)\Atheros
2012-04-26 16:58 - 2009-11-06 00:31 - 0000000 ____D C:\Program Files (x86)\AMD
2012-04-26 16:41 - 2009-11-06 01:19 - 0000000 __RHD C:\Users\Public\Recorded TV
2012-04-26 16:39 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\winrm
2012-04-26 16:39 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\WCN
2012-04-26 16:39 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\slmgr
2012-04-26 16:39 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2012-04-26 16:39 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2012-04-26 16:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Web
2012-04-26 16:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Vss
2012-04-26 16:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\spp
2012-04-26 16:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Speech
2012-04-26 16:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\NetworkList
2012-04-26 16:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\MUI
2012-04-26 16:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Msdtc
2012-04-26 16:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-04-26 16:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\InstallShield
2012-04-26 16:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\IME
2012-04-26 16:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-04-26 16:35 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\winrm
2012-04-26 16:35 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\WCN
2012-04-26 16:35 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\slmgr
2012-04-26 16:35 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2012-04-26 16:35 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WindowsPowerShell
2012-04-26 16:35 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WinBioPlugIns
2012-04-26 16:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\com
2012-04-26 16:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spp
2012-04-26 16:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spool
2012-04-26 16:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Speech
2012-04-26 16:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\SMI
2012-04-26 16:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2012-04-26 16:34 - 2011-11-13 17:07 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-26 16:34 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\ServiceProfiles
2012-04-26 16:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NetworkList
2012-04-26 16:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\MUI
2012-04-26 16:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-04-26 16:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\IME
2012-04-26 16:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2012-04-26 16:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\com
2012-04-26 16:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Speech
2012-04-26 16:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\schemas
2012-04-26 16:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Resources
2012-04-26 16:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-04-26 16:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PLA
2012-04-26 16:33 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Performance
2012-04-26 16:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\IME
2012-04-26 16:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Globalization
2012-04-26 16:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Branding
2012-04-26 16:22 - 2011-01-05 13:43 - 0000000 ____D C:\Users\Public\Downloads\Norton
2012-04-26 16:22 - 2010-08-25 12:13 - 0000000 ____D C:\Users\HP\Print Projects
2012-04-26 16:21 - 2010-03-09 10:01 - 0000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2012-04-26 16:21 - 2010-03-09 10:01 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2012-04-26 16:20 - 2011-01-18 16:08 - 0000000 ____D C:\Users\Brianne Gallon\Documents\WePrint
2012-04-26 16:20 - 2009-12-07 16:06 - 0000000 ____D C:\Users\Brianne Gallon\AppData\Roaming\U3
2012-04-26 16:19 - 2009-11-30 20:45 - 0000000 ____D C:\Users\Brianne Gallon\AppData\LocalLow
2012-04-26 16:19 - 2009-11-30 20:36 - 0000000 ____D C:\Users\Brianne Gallon\AppData\Roaming\Corel
2012-04-26 16:19 - 2009-11-30 19:09 - 0000000 ____D C:\Users\Brianne Gallon\AppData\Roaming\Research In Motion
2012-04-26 16:19 - 2009-11-30 18:36 - 0000000 ____D C:\Users\Brianne Gallon\AppData\Roaming\Real
2012-04-26 16:19 - 2009-11-30 18:29 - 0000000 ____D C:\Users\Brianne Gallon\AppData\Roaming\Mozilla
2012-04-26 16:19 - 2009-11-30 18:28 - 0000000 ____D C:\Users\Brianne Gallon\AppData\Roaming\LimeWire
2012-04-26 16:19 - 2009-11-30 18:19 - 0000000 ____D C:\Users\Brianne Gallon\AppData\Roaming\Macromedia
2012-04-26 16:19 - 2009-11-30 18:19 - 0000000 ____D C:\Users\Brianne Gallon\AppData\Roaming\Adobe
2012-04-26 16:18 - 2010-06-18 07:04 - 0000000 ____D C:\Users\Brianne Gallon\AppData\Local\SupportSoft
2012-04-26 16:18 - 2010-05-30 18:12 - 0000000 ____D C:\Users\Brianne Gallon\AppData\Local\Yahoo!
2012-04-26 16:18 - 2010-03-04 12:44 - 0000000 ____D C:\Users\Brianne Gallon\AppData\Local\Mozilla
2012-04-26 16:12 - 2011-07-07 11:35 - 0000000 ____D C:\Users\Brianne Gallon\AppData\Local\Google
2012-04-26 16:12 - 2010-06-12 16:35 - 0000000 ____D C:\Users\Brianne Gallon\AppData\Local\Microsoft Games
2012-04-26 16:12 - 2009-12-10 12:15 - 0000000 ____D C:\Users\Brianne Gallon\AppData\Local\MagicSoftware
2012-04-26 16:12 - 2009-12-10 08:34 - 0000000 ____D C:\Users\Brianne Gallon\AppData\Local\Adobe
2012-04-26 16:08 - 2010-04-13 08:46 - 0000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-04-26 16:08 - 2010-04-13 08:46 - 0000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-04-26 16:05 - 2012-03-11 17:53 - 0000000 ____D C:\Users\All Users\Tarma Installer
2012-04-26 16:05 - 2012-03-11 17:53 - 0000000 ____D C:\ProgramData\Tarma Installer
2012-04-26 16:05 - 2011-06-10 12:38 - 0000000 ____D C:\Users\All Users\Skype Extras
2012-04-26 16:05 - 2011-06-10 12:38 - 0000000 ____D C:\ProgramData\Skype Extras
2012-04-26 16:05 - 2009-11-30 19:04 - 0000000 ____D C:\Users\All Users\InstallShield
2012-04-26 16:05 - 2009-11-30 19:04 - 0000000 ____D C:\ProgramData\InstallShield
2012-04-26 16:05 - 2009-11-06 01:09 - 0000000 ____D C:\Users\All Users\Ulead Systems
2012-04-26 16:05 - 2009-11-06 01:09 - 0000000 ____D C:\ProgramData\Ulead Systems
2012-04-26 16:04 - 2011-09-16 17:13 - 0000000 ____D C:\Users\All Users\Deep Shadows
2012-04-26 16:04 - 2011-09-16 17:13 - 0000000 ____D C:\ProgramData\Deep Shadows
2012-04-26 16:04 - 2011-08-29 15:53 - 0000000 ____D C:\Users\All Users\Cateia Games
2012-04-26 16:04 - 2011-08-29 15:53 - 0000000 ____D C:\ProgramData\Cateia Games
2012-04-26 16:04 - 2009-11-06 01:19 - 0000000 ____D C:\Users\All Users\Corel
2012-04-26 16:04 - 2009-11-06 01:19 - 0000000 ____D C:\ProgramData\Corel
2012-04-26 16:04 - 2009-08-14 22:13 - 0000000 ____D C:\Users\All Users\Adobe
2012-04-26 16:04 - 2009-08-14 22:13 - 0000000 ____D C:\ProgramData\Adobe
2012-04-26 16:03 - 2012-04-09 15:52 - 0000000 ____D C:\Program Files\iPod
2012-04-26 16:03 - 2009-11-30 19:38 - 0000000 ____D C:\Program Files\HP
2012-04-26 16:03 - 2009-11-30 18:24 - 0000000 ____D C:\Program Files\Microsoft Office
2012-04-26 16:03 - 2009-08-14 23:15 - 0000000 ____D C:\Program Files\Java
2012-04-26 16:03 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-04-26 16:03 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-04-26 16:03 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Reference Assemblies
2012-04-26 16:03 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\MSBuild
2012-04-26 16:03 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Windows NT
2012-04-26 16:02 - 2010-08-16 19:47 - 0000000 ____D C:\Program Files (x86)\Xilisoft
2012-04-26 16:02 - 2010-05-12 13:39 - 0000000 ____D C:\Program Files (x86)\Yahoo!
2012-04-26 16:02 - 2009-11-06 01:12 - 0000000 ____D C:\Program Files (x86)\Windows Media Components
2012-04-26 16:02 - 2009-11-06 00:27 - 0000000 ____D C:\Program Files\ATI
2012-04-26 16:02 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-04-26 16:02 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-04-26 16:02 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2012-04-26 16:02 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-04-26 16:02 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-04-26 16:02 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files (x86)\Windows NT
2012-04-26 16:01 - 2011-07-04 13:57 - 0000000 ____D C:\Program Files (x86)\WildGames
2012-04-26 16:01 - 2009-08-14 21:51 - 0000000 ____D C:\Program Files (x86)\Symantec
2012-04-26 16:00 - 2010-07-22 10:42 - 0000000 ____D C:\Program Files (x86)\Samsung
2012-04-26 16:00 - 2010-05-17 18:10 - 0000000 ____D C:\Program Files (x86)\Sierra Wireless Inc
2012-04-26 15:59 - 2010-02-01 19:25 - 0000000 ____D C:\Program Files (x86)\Research In Motion
2012-04-26 15:59 - 2009-11-06 00:30 - 0000000 ____D C:\Program Files (x86)\Realtek
2012-04-26 15:59 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Reference Assemblies
2012-04-26 15:58 - 2010-03-04 12:44 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-26 15:58 - 2009-12-08 14:21 - 0000000 ____D C:\Program Files (x86)\Microsoft WSE
2012-04-26 15:58 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\MSBuild
2012-04-26 15:57 - 2009-08-14 23:15 - 0000000 ____D C:\Program Files (x86)\Java
2012-04-26 15:48 - 2009-11-06 01:09 - 0000000 ____D C:\Program Files (x86)\Corel
2012-04-26 15:47 - 2012-01-05 07:28 - 0000000 ____D C:\Program Files (x86)\ComcastUI
2012-04-26 15:47 - 2009-11-06 00:27 - 0000000 ____D C:\Program Files (x86)\ATI Technologies
2012-04-26 15:46 - 2009-11-30 18:22 - 0000000 ___RD C:\MSOCache
2012-04-26 15:46 - 2009-08-14 22:12 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-04-26 15:24 - 2012-03-13 07:27 - 0000000 ____D C:\1b671690d3987fd398f50d27
2012-04-26 14:53 - 2012-04-26 14:53 - 0016880 ___AH C:\Users\Brianne Gallon\Documents\Jeremy Gallo1.docx
2012-04-26 14:51 - 2012-04-16 07:37 - 0016874 ____H C:\Users\Brianne Gallon\Desktop\~WRL1832.tmp
2012-04-26 06:13 - 2012-04-26 06:13 - 0000000 ___AH C:\Users\All Users\-ujs1iGMMVpETBb
2012-04-26 06:13 - 2012-04-26 06:13 - 0000000 ___AH C:\ProgramData\-ujs1iGMMVpETBb
2012-04-23 13:57 - 2012-04-10 17:44 - 0080476 ___AH C:\Users\Brianne Gallon\Desktop\Musical history of Africa.docx
2012-04-23 13:27 - 2012-04-20 06:22 - 0028214 ___AH C:\Users\Brianne Gallon\Desktop\To come where I come from.docx
2012-04-21 10:25 - 2010-10-31 13:55 - 0000000 ___HD C:\Users\Brianne Gallon\AppData\Local\CrashDumps
2012-04-20 21:29 - 2009-12-14 14:45 - 0000000 ___HD C:\Users\All Users\Recovery
2012-04-20 21:29 - 2009-12-14 14:45 - 0000000 ___HD C:\ProgramData\Recovery
2012-04-20 05:09 - 2010-10-11 15:37 - 0000000 ___HD C:\Users\Brianne Gallon\Desktop\JG Work
2012-04-20 05:02 - 2012-04-20 05:02 - 0010709 ___AH C:\Users\Brianne Gallon\Desktop\This article speaks upon people growing up in rough areas such as myself.docx
2012-04-19 06:02 - 2012-05-16 09:08 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Brianne Gallon\Desktop\mbam-setup-1.61.0.1400.exe
2012-04-19 05:58 - 2012-05-16 09:08 - 2072112 ____A (Kaspersky Lab ZAO) C:\Users\Brianne Gallon\Desktop\sid.exe
2012-04-15 15:43 - 2012-04-15 15:23 - 0000000 ___AH C:\Users\Brianne Gallon\Downloads\oovoosetup.exe.tmp
2012-04-14 21:51 - 2012-04-08 17:07 - 0000000 ___HD C:\Users\Brianne Gallon\Desktop\Bri School Work
2012-04-14 19:33 - 2009-11-30 17:58 - 0000000 ___HD C:\Users\Brianne Gallon\AppData\Roaming\HpUpdate
2012-04-12 06:27 - 2012-04-12 06:27 - 0010404 ___AH C:\Users\Brianne Gallon\Desktop\sOc 495 response.docx
2012-04-11 19:01 - 2012-04-11 19:01 - 0000000 ___HD C:\Users\Brianne Gallon\AppData\Local\2DBoy
2012-04-11 19:01 - 2012-04-11 19:01 - 0000000 ___HD C:\Users\All Users\2DBoy
2012-04-11 19:01 - 2012-04-11 19:01 - 0000000 ___HD C:\ProgramData\2DBoy
2012-04-11 15:06 - 2012-04-11 15:06 - 0000000 ___HD C:\Users\All Users\HipSoft
2012-04-11 15:06 - 2012-04-11 15:06 - 0000000 ___HD C:\ProgramData\HipSoft
2012-04-11 14:59 - 2011-01-12 07:11 - 0002482 ____A C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2012-04-11 13:14 - 2011-06-19 11:37 - 0001848 ___AH C:\Users\Brianne Gallon\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-04-11 13:14 - 2010-08-13 18:46 - 0007041 ___AH C:\Users\Brianne Gallon\AppData\Roaming\Rim.Desktop.Exception.log
2012-04-11 12:34 - 2012-04-11 12:34 - 0000000 ___HD C:\Users\Brianne Gallon\AppData\Roaming\Tific
2012-04-11 12:34 - 2012-04-11 12:34 - 0000000 ___HD C:\Users\Brianne Gallon\AppData\Local\Symantec
2012-04-10 17:22 - 2012-04-10 17:22 - 0010163 ___AH C:\Users\Brianne Gallon\Documents\Steve human life is based on oxygen water and food.docx
2012-04-09 15:53 - 2012-04-09 15:53 - 0001743 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-09 04:41 - 2012-04-02 04:26 - 0012742 ___AH C:\Users\Brianne Gallon\Desktop\Jeremy Gallo125.docx
2012-04-06 12:52 - 2012-04-06 12:52 - 0000117 ____A C:\Users\Brianne Gallon\webct_upload_applet.properties
2012-04-05 06:09 - 2009-11-30 18:13 - 0002336 ____A C:\Users\Public\Desktop\Norton AntiVirus.lnk
2012-04-01 14:07 - 2011-07-07 11:36 - 0000000 ___HD C:\Program Files\Google
2012-04-01 14:07 - 2011-07-07 11:35 - 0000000 ___HD C:\Program Files (x86)\Google
2012-03-30 04:13 - 2012-03-30 04:13 - 0012179 ___AH C:\Users\Brianne Gallon\Desktop\Jeremy Gallo10.docx
2012-03-28 18:10 - 2012-03-28 18:10 - 0010428 ___AH C:\Users\Brianne Gallon\Documents\Jeremy Gallon.docx
2012-03-24 08:33 - 2009-12-10 15:26 - 0000000 ___HD C:\Users\Brianne Gallon\My Work
2012-03-23 15:23 - 2012-03-23 15:23 - 0000162 ___AH C:\Users\Brianne Gallon\Desktop\~$B Resume 2012.docx
2012-03-20 15:01 - 2012-03-20 15:01 - 0000000 ____D C:\7a792928f6f4593eadcb78
2012-03-20 07:18 - 2012-03-20 07:17 - 0000000 ____D C:\84c66e40e5351b3f664e6c6207
2012-03-18 15:13 - 2012-03-18 11:36 - 0000000 ___HD C:\Users\Brianne Gallon\Desktop\Sugar Bowl
2012-03-18 11:36 - 2012-03-18 11:36 - 0000000 ___HD C:\Users\Brianne Gallon\Desktop\Apt
2012-03-18 11:33 - 2010-08-13 18:47 - 0122880 ____A C:\Users\Brianne Gallon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-03-18 11:20 - 2011-07-10 07:51 - 0000000 ___HD C:\Users\Brianne Gallon\Desktop\Babies at work
2012-03-18 11:13 - 2009-07-13 20:45 - 0377040 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-17 05:47 - 2012-03-11 17:55 - 0000000 ___HD C:\Users\Brianne Gallon\AppData\Roaming\PerformerSoft
2012-03-17 05:40 - 2010-03-22 11:47 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-16 04:51 - 2012-03-16 04:51 - 0000000 ____D C:\69432559dd30c62d6b28
2012-03-11 17:56 - 2012-03-11 17:56 - 0000000 ___HD C:\Users\All Users\IBUpdaterService
2012-03-11 17:56 - 2012-03-11 17:56 - 0000000 ___HD C:\ProgramData\IBUpdaterService
2012-03-11 17:55 - 2012-03-11 17:55 - 0000000 ___HD C:\Users\All Users\boost_interprocess
2012-03-11 17:55 - 2012-03-11 17:55 - 0000000 ___HD C:\ProgramData\boost_interprocess
2012-03-10 08:50 - 2009-11-30 18:37 - 0000000 ___HD C:\Users\Brianne Gallon\AppData\Roaming\Apple Computer
2012-03-09 20:09 - 2011-11-21 16:22 - 0000628 ____A C:\Windows\System32\mapisvc.inf
2012-03-09 12:16 - 2012-03-09 12:16 - 0031744 ___AH C:\Users\Brianne Gallon\Desktop\midterms redo.doc
2012-03-09 07:29 - 2012-03-09 07:29 - 0010515 ___AH C:\Users\Brianne Gallon\Desktop\reading response 495 mmboi.docx
2012-03-08 17:55 - 2012-03-08 17:55 - 0010876 ___AH C:\Users\Brianne Gallon\Desktop\response 495.docx
2012-03-08 08:03 - 2012-03-08 08:03 - 0012109 ___AH C:\Users\Brianne Gallon\Desktop\READING RESPONSE BABY.docx
2012-02-28 18:19 - 2011-08-15 14:50 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-02-28 17:03 - 2012-02-24 16:00 - 0006378 ____A C:\Windows\SysWOW64\AppLog.log
2012-02-26 11:42 - 2009-11-30 17:52 - 0096384 ___AH C:\Users\Brianne Gallon\AppData\Local\GDIPFONTCACHEV1.DAT
2012-02-24 16:12 - 2012-02-24 16:12 - 0000000 ___HD C:\Users\Public\Documents\Speedbit
2012-02-24 16:07 - 2012-02-24 16:07 - 0198832 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2012-02-24 16:07 - 2012-02-24 16:07 - 0001046 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-02-24 16:07 - 2012-02-24 16:07 - 0000000 ___HD C:\Users\Brianne Gallon\AppData\Roaming\Registry Mechanic
2012-02-24 16:06 - 2012-02-24 16:06 - 0272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2012-02-24 16:06 - 2012-02-24 16:06 - 0006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-02-24 16:06 - 2012-02-24 16:06 - 0005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2012-02-24 16:06 - 2009-07-13 21:32 - 0000000 ___HD C:\Windows\Downloaded Program Files
2012-02-24 06:04 - 2009-11-30 17:53 - 0000000 ___HD C:\Users\Brianne Gallon\AppData\Local\VirtualStore
2012-02-24 04:11 - 2012-02-24 04:11 - 0000000 ___HD C:\Users\All Users\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-24 04:11 - 2012-02-24 04:11 - 0000000 ___HD C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-23 08:19 - 2012-02-23 08:19 - 0000000 __SHD C:\Users\All Users\SMTMD
2012-02-23 08:19 - 2012-02-23 08:19 - 0000000 __SHD C:\ProgramData\SMTMD
2012-02-23 05:18 - 2009-11-30 18:00 - 0279656 ____A (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-22 16:47 - 2012-02-22 16:47 - 0028858 ___AH C:\Users\Brianne Gallon\Desktop\READ SYLLABUS.docx

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 3836.2 MB
Available physical RAM: 3221.8 MB
Total Pagefile: 3834.39 MB
Available Pagefile: 3217.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:450.13 GB) (Free:79.59 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:15.33 GB) (Free:2.52 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
4 Drive f: (GSP1RMCHPXFRER_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF
5 Drive g: () (Removable) (Total:0.49 GB) (Free:0.37 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 199 MB
Disk 1 Online 500 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 450 GB 200 MB
Partition 2 Primary 15 GB 450 GB
Partition 3 Primary 103 MB 465 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 450 GB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D RECOVERY NTFS Partition 15 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E HP_TOOLS FAT32 Partition 103 MB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 499 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 499 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-17 05:46

======================= End Of Log ==========================

Attached Files

  • Attached File  FRST.txt   55.78KB   0 downloads


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:17 AM

Posted 17 May 2012 - 02:31 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ATTENTION! ====> ZeroAccess
2012-04-26 06:13 - 2012-04-26 06:13 - 0000000 ___AH C:\Users\All Users\-ujs1iGMMVpETBb
2012-04-26 06:13 - 2012-04-26 06:13 - 0000000 ___AH C:\ProgramData\-ujs1iGMMVpETBb

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 redtux7777

redtux7777
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 17 May 2012 - 02:47 PM

Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 16-05-2012
Ran by SYSTEM at 2012-05-17 15:46:19 Run:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
C:\Users\All Users\-ujs1iGMMVpETBb moved successfully.
C:\ProgramData\-ujs1iGMMVpETBb not found.

==== End of Fixlog ====

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:17 AM

Posted 17 May 2012 - 03:03 PM

Greetings


Is the computer booting now?


redo post 4 for me please



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 redtux7777

redtux7777
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 17 May 2012 - 03:38 PM

booted into windows.

16:13:27.0128 4696 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
16:13:27.0159 4696 ============================================================
16:13:27.0159 4696 Current date / time: 2012/05/17 16:13:27.0159
16:13:27.0159 4696 SystemInfo:
16:13:27.0159 4696
16:13:27.0159 4696 OS Version: 6.1.7601 ServicePack: 1.0
16:13:27.0159 4696 Product type: Workstation
16:13:27.0159 4696 ComputerName: PCBRI
16:13:27.0159 4696 UserName: Brianne Gallon
16:13:27.0159 4696 Windows directory: C:\Windows
16:13:27.0159 4696 System windows directory: C:\Windows
16:13:27.0159 4696 Running under WOW64
16:13:27.0159 4696 Processor architecture: Intel x64
16:13:27.0159 4696 Number of processors: 2
16:13:27.0159 4696 Page size: 0x1000
16:13:27.0159 4696 Boot type: Normal boot
16:13:27.0159 4696 ============================================================
16:13:32.0573 4696 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:13:32.0573 4696 Drive \Device\Harddisk1\DR1 - Size: 0x1F400000 (0.49 Gb), SectorSize: 0x200, Cylinders: 0x3F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:13:32.0573 4696 ============================================================
16:13:32.0573 4696 \Device\Harddisk0\DR0:
16:13:32.0573 4696 MBR partitions:
16:13:32.0573 4696 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x38444000
16:13:32.0573 4696 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x384A8000, BlocksNum 0x1EAA000
16:13:32.0573 4696 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
16:13:32.0573 4696 \Device\Harddisk1\DR1:
16:13:32.0573 4696 MBR partitions:
16:13:32.0573 4696 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xF9FE0
16:13:32.0573 4696 ============================================================
16:13:32.0697 4696 C: <-> \Device\Harddisk0\DR0\Partition0
16:13:32.0775 4696 D: <-> \Device\Harddisk0\DR0\Partition1
16:13:32.0775 4696 ============================================================
16:13:32.0775 4696 Initialize success
16:13:32.0775 4696 ============================================================
16:13:35.0069 5068 ============================================================
16:13:35.0069 5068 Scan started
16:13:35.0069 5068 Mode: Manual;
16:13:35.0069 5068 ============================================================
16:13:42.0354 5068 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:13:42.0369 5068 1394ohci - ok
16:13:42.0557 5068 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
16:13:42.0557 5068 Accelerometer - ok
16:13:43.0087 5068 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:13:43.0118 5068 ACPI - ok
16:13:43.0149 5068 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:13:43.0165 5068 AcpiPmi - ok
16:13:43.0555 5068 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:13:43.0571 5068 adp94xx - ok
16:13:43.0617 5068 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:13:43.0633 5068 adpahci - ok
16:13:43.0664 5068 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:13:43.0680 5068 adpu320 - ok
16:13:43.0711 5068 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:13:43.0711 5068 AeLookupSvc - ok
16:13:44.0273 5068 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
16:13:44.0304 5068 AESTFilters - ok
16:13:44.0865 5068 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:13:44.0865 5068 AFD - ok
16:13:45.0006 5068 AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
16:13:45.0006 5068 AgereModemAudio - ok
16:13:45.0911 5068 AgereSoftModem (af4748ef93416159459769a24a0053af) C:\Windows\system32\DRIVERS\agrsm64.sys
16:13:45.0942 5068 AgereSoftModem - ok
16:13:46.0020 5068 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:13:46.0035 5068 agp440 - ok
16:13:46.0191 5068 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:13:46.0191 5068 ALG - ok
16:13:46.0238 5068 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:13:47.0018 5068 aliide - ok
16:13:47.0361 5068 AMD External Events Utility (d0d8877969011d1b0ed9c3c55a9a9108) C:\Windows\system32\atiesrxx.exe
16:13:47.0377 5068 AMD External Events Utility - ok
16:13:47.0393 5068 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:13:47.0393 5068 amdide - ok
16:13:47.0627 5068 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:13:47.0673 5068 AmdK8 - ok
16:13:47.0767 5068 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:13:47.0767 5068 AmdPPM - ok
16:13:47.0829 5068 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:13:47.0829 5068 amdsata - ok
16:13:47.0954 5068 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:13:47.0985 5068 amdsbs - ok
16:13:48.0017 5068 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:13:48.0017 5068 amdxata - ok
16:13:48.0157 5068 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:13:48.0157 5068 AppID - ok
16:13:48.0251 5068 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:13:48.0251 5068 AppIDSvc - ok
16:13:48.0344 5068 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:13:48.0344 5068 Appinfo - ok
16:13:48.0703 5068 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:13:48.0703 5068 Apple Mobile Device - ok
16:13:48.0843 5068 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:13:48.0859 5068 arc - ok
16:13:48.0953 5068 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:13:48.0968 5068 arcsas - ok
16:13:49.0031 5068 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:13:49.0046 5068 AsyncMac - ok
16:13:49.0093 5068 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:13:49.0093 5068 atapi - ok
16:13:49.0795 5068 athr (38562a6a9cb10844759eaf2b01a7fcd3) C:\Windows\system32\DRIVERS\athrx.sys
16:13:49.0842 5068 athr - ok
16:13:50.0310 5068 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys
16:13:50.0325 5068 AtiHdmiService - ok
16:13:53.0055 5068 atikmdag (c5758bf1dfd762a5b17041ff061b7750) C:\Windows\system32\DRIVERS\atikmdag.sys
16:13:53.0211 5068 atikmdag - ok
16:13:53.0383 5068 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
16:13:53.0383 5068 AtiPcie - ok
16:13:53.0508 5068 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:13:53.0523 5068 AudioEndpointBuilder - ok
16:13:53.0539 5068 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:13:53.0539 5068 AudioSrv - ok
16:13:53.0789 5068 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:13:53.0789 5068 AxInstSV - ok
16:13:54.0350 5068 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:13:54.0366 5068 b06bdrv - ok
16:13:54.0569 5068 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:13:54.0584 5068 b57nd60a - ok
16:13:54.0803 5068 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:13:54.0834 5068 BDESVC - ok
16:13:54.0865 5068 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:13:54.0865 5068 Beep - ok
16:13:55.0302 5068 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:13:55.0317 5068 BFE - ok
16:13:56.0238 5068 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20111223.001\BHDrvx64.sys
16:13:56.0253 5068 BHDrvx64 - ok
16:13:56.0675 5068 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
16:13:56.0706 5068 BITS - ok
16:13:56.0784 5068 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:13:56.0784 5068 blbdrive - ok
16:13:57.0189 5068 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
16:13:57.0205 5068 Bonjour Service - ok
16:13:57.0283 5068 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:13:57.0283 5068 bowser - ok
16:13:57.0299 5068 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:13:57.0299 5068 BrFiltLo - ok
16:13:57.0314 5068 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:13:57.0314 5068 BrFiltUp - ok
16:13:57.0377 5068 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:13:57.0377 5068 BridgeMP - ok
16:13:57.0439 5068 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:13:57.0439 5068 Browser - ok
16:13:57.0486 5068 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:13:57.0486 5068 Brserid - ok
16:13:57.0517 5068 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:13:57.0517 5068 BrSerWdm - ok
16:13:57.0533 5068 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:13:57.0533 5068 BrUsbMdm - ok
16:13:57.0548 5068 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:13:57.0548 5068 BrUsbSer - ok
16:13:57.0595 5068 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:13:57.0626 5068 BTHMODEM - ok
16:13:57.0673 5068 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:13:57.0689 5068 bthserv - ok
16:13:57.0720 5068 catchme - ok
16:13:57.0751 5068 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:13:57.0767 5068 cdfs - ok
16:13:57.0876 5068 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:13:57.0876 5068 cdrom - ok
16:13:57.0954 5068 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:13:57.0969 5068 CertPropSvc - ok
16:13:58.0016 5068 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:13:58.0016 5068 circlass - ok
16:13:58.0219 5068 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:13:58.0250 5068 CLFS - ok
16:13:58.0297 5068 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:13:58.0328 5068 clr_optimization_v2.0.50727_32 - ok
16:13:58.0406 5068 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:13:58.0422 5068 clr_optimization_v2.0.50727_64 - ok
16:13:58.0515 5068 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:13:58.0547 5068 clr_optimization_v4.0.30319_32 - ok
16:13:58.0656 5068 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:13:58.0687 5068 clr_optimization_v4.0.30319_64 - ok
16:13:58.0718 5068 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:13:58.0734 5068 CmBatt - ok
16:13:58.0749 5068 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:13:58.0749 5068 cmdide - ok
16:13:58.0874 5068 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:13:58.0890 5068 CNG - ok
16:13:59.0015 5068 Com4QLBEx (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
16:13:59.0015 5068 Com4QLBEx - ok
16:13:59.0046 5068 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:13:59.0046 5068 Compbatt - ok
16:13:59.0093 5068 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:13:59.0093 5068 CompositeBus - ok
16:13:59.0108 5068 COMSysApp - ok
16:13:59.0139 5068 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:13:59.0139 5068 crcdisk - ok
16:13:59.0217 5068 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
16:13:59.0233 5068 CryptSvc - ok
16:13:59.0311 5068 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:13:59.0327 5068 DcomLaunch - ok
16:13:59.0373 5068 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:13:59.0420 5068 defragsvc - ok
16:13:59.0451 5068 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:13:59.0451 5068 DfsC - ok
16:13:59.0498 5068 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:13:59.0514 5068 Dhcp - ok
16:13:59.0545 5068 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:13:59.0545 5068 discache - ok
16:13:59.0654 5068 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:13:59.0670 5068 Disk - ok
16:13:59.0763 5068 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:13:59.0763 5068 Dnscache - ok
16:13:59.0888 5068 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:13:59.0904 5068 dot3svc - ok
16:13:59.0951 5068 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
16:13:59.0966 5068 Dot4 - ok
16:14:00.0029 5068 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
16:14:00.0029 5068 Dot4Print - ok
16:14:00.0075 5068 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
16:14:00.0075 5068 dot4usb - ok
16:14:00.0107 5068 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:14:00.0122 5068 DPS - ok
16:14:00.0216 5068 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:14:00.0216 5068 drmkaud - ok
16:14:00.0653 5068 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:14:00.0668 5068 DXGKrnl - ok
16:14:00.0824 5068 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:14:00.0824 5068 EapHost - ok
16:14:02.0618 5068 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:14:02.0774 5068 ebdrv - ok
16:14:03.0398 5068 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:14:03.0414 5068 eeCtrl - ok
16:14:03.0960 5068 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:14:03.0975 5068 EFS - ok
16:14:04.0131 5068 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:14:04.0163 5068 ehRecvr - ok
16:14:04.0194 5068 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:14:04.0209 5068 ehSched - ok
16:14:04.0319 5068 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:14:04.0350 5068 elxstor - ok
16:14:04.0397 5068 enecir (524c79054636d2e5751169005006460b) C:\Windows\system32\DRIVERS\enecir.sys
16:14:04.0397 5068 enecir - ok
16:14:04.0443 5068 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:14:04.0443 5068 ErrDev - ok
16:14:04.0584 5068 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:14:04.0599 5068 EventSystem - ok
16:14:04.0662 5068 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:14:04.0677 5068 exfat - ok
16:14:04.0709 5068 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:14:04.0709 5068 fastfat - ok
16:14:04.0802 5068 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:14:04.0833 5068 Fax - ok
16:14:04.0911 5068 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:14:04.0927 5068 fdc - ok
16:14:04.0958 5068 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:14:04.0974 5068 fdPHost - ok
16:14:05.0005 5068 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:14:05.0005 5068 FDResPub - ok
16:14:05.0021 5068 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:14:05.0021 5068 FileInfo - ok
16:14:05.0036 5068 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:14:05.0036 5068 Filetrace - ok
16:14:05.0052 5068 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:14:05.0067 5068 flpydisk - ok
16:14:05.0130 5068 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:14:05.0145 5068 FltMgr - ok
16:14:05.0286 5068 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:14:05.0317 5068 FontCache - ok
16:14:05.0395 5068 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:14:05.0395 5068 FontCache3.0.0.0 - ok
16:14:05.0457 5068 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:14:05.0457 5068 FsDepends - ok
16:14:05.0504 5068 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:14:05.0504 5068 Fs_Rec - ok
16:14:05.0832 5068 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:14:05.0847 5068 fvevol - ok
16:14:05.0894 5068 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:14:05.0925 5068 gagp30kx - ok
16:14:06.0097 5068 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
16:14:06.0097 5068 GamesAppService - ok
16:14:06.0128 5068 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:14:06.0128 5068 GEARAspiWDM - ok
16:14:06.0237 5068 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:14:06.0284 5068 gpsvc - ok
16:14:06.0347 5068 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:14:06.0347 5068 hcw85cir - ok
16:14:06.0534 5068 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:14:06.0549 5068 HdAudAddService - ok
16:14:06.0581 5068 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:14:06.0581 5068 HDAudBus - ok
16:14:06.0627 5068 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:14:06.0627 5068 HidBatt - ok
16:14:06.0659 5068 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:14:06.0659 5068 HidBth - ok
16:14:06.0690 5068 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:14:06.0690 5068 HidIr - ok
16:14:06.0705 5068 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
16:14:06.0705 5068 hidserv - ok
16:14:06.0737 5068 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
16:14:06.0737 5068 HidUsb - ok
16:14:06.0783 5068 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:14:06.0799 5068 hkmsvc - ok
16:14:06.0861 5068 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:14:06.0877 5068 HomeGroupListener - ok
16:14:06.0924 5068 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:14:06.0939 5068 HomeGroupProvider - ok
16:14:06.0955 5068 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
16:14:06.0955 5068 hpdskflt - ok
16:14:07.0189 5068 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
16:14:07.0205 5068 hpqcxs08 - ok
16:14:07.0251 5068 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
16:14:07.0251 5068 hpqddsvc - ok
16:14:07.0329 5068 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
16:14:07.0329 5068 HpqKbFiltr - ok
16:14:07.0423 5068 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
16:14:07.0439 5068 hpqwmiex - ok
16:14:07.0470 5068 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:14:07.0485 5068 HpSAMD - ok
16:14:07.0673 5068 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
16:14:07.0719 5068 HPSLPSVC - ok
16:14:07.0766 5068 hpsrv (aa036cc5f5221d9b915f4d4dce74ba9a) C:\Windows\system32\Hpservice.exe
16:14:07.0766 5068 hpsrv - ok
16:14:07.0907 5068 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:14:07.0922 5068 HTTP - ok
16:14:08.0031 5068 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:14:08.0031 5068 hwpolicy - ok
16:14:08.0109 5068 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:14:08.0109 5068 i8042prt - ok
16:14:08.0172 5068 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:14:08.0203 5068 iaStorV - ok
16:14:08.0312 5068 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
16:14:08.0390 5068 IDriverT - ok
16:14:08.0515 5068 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:14:08.0546 5068 idsvc - ok
16:14:08.0733 5068 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120107.001\IDSvia64.sys
16:14:08.0733 5068 IDSVia64 - ok
16:14:10.0543 5068 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:14:10.0652 5068 igfx - ok
16:14:11.0058 5068 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:14:11.0058 5068 iirsp - ok
16:14:11.0354 5068 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:14:11.0385 5068 IKEEXT - ok
16:14:11.0417 5068 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:14:11.0417 5068 intelide - ok
16:14:11.0495 5068 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:14:11.0495 5068 intelppm - ok
16:14:11.0541 5068 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:14:11.0541 5068 IPBusEnum - ok
16:14:11.0588 5068 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:14:11.0588 5068 IpFilterDriver - ok
16:14:11.0963 5068 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:14:11.0994 5068 iphlpsvc - ok
16:14:12.0056 5068 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:14:12.0056 5068 IPMIDRV - ok
16:14:12.0134 5068 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:14:12.0134 5068 IPNAT - ok
16:14:12.0555 5068 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
16:14:12.0587 5068 iPod Service - ok
16:14:12.0618 5068 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:14:12.0618 5068 IRENUM - ok
16:14:12.0649 5068 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:14:12.0649 5068 isapnp - ok
16:14:12.0711 5068 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:14:12.0727 5068 iScsiPrt - ok
16:14:12.0758 5068 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:14:12.0758 5068 kbdclass - ok
16:14:12.0789 5068 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:14:12.0789 5068 kbdhid - ok
16:14:12.0836 5068 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:14:12.0836 5068 KeyIso - ok
16:14:12.0852 5068 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:14:12.0867 5068 KSecDD - ok
16:14:12.0883 5068 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:14:12.0883 5068 KSecPkg - ok
16:14:12.0914 5068 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:14:12.0914 5068 ksthunk - ok
16:14:12.0992 5068 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:14:13.0008 5068 KtmRm - ok
16:14:13.0070 5068 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
16:14:13.0086 5068 LanmanServer - ok
16:14:13.0148 5068 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:14:13.0164 5068 LanmanWorkstation - ok
16:14:13.0304 5068 LightScribeService (83d8be94e1cbcbe2ea8372db1a95a159) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
16:14:13.0304 5068 LightScribeService - ok
16:14:13.0335 5068 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:14:13.0335 5068 lltdio - ok
16:14:13.0382 5068 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:14:13.0398 5068 lltdsvc - ok
16:14:13.0413 5068 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:14:13.0413 5068 lmhosts - ok
16:14:13.0647 5068 LMIGuardianSvc (ad988709675d9e35a60b2616bef108e9) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
16:14:13.0663 5068 LMIGuardianSvc - ok
16:14:13.0694 5068 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
16:14:13.0694 5068 LMIInfo - ok
16:14:13.0725 5068 LMIMaint (bd043199fc0bf5f2810f54c8b374590b) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
16:14:13.0741 5068 LMIMaint - ok
16:14:13.0803 5068 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
16:14:13.0803 5068 lmimirr - ok
16:14:13.0835 5068 LMIRfsClientNP - ok
16:14:13.0959 5068 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
16:14:13.0959 5068 LMIRfsDriver - ok
16:14:14.0037 5068 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
16:14:14.0069 5068 LogMeIn - ok
16:14:14.0131 5068 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:14:14.0131 5068 LSI_FC - ok
16:14:14.0162 5068 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:14:14.0162 5068 LSI_SAS - ok
16:14:14.0193 5068 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:14:14.0193 5068 LSI_SAS2 - ok
16:14:14.0209 5068 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:14:14.0225 5068 LSI_SCSI - ok
16:14:14.0256 5068 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:14:14.0256 5068 luafv - ok
16:14:14.0318 5068 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:14:14.0334 5068 Mcx2Svc - ok
16:14:14.0349 5068 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:14:14.0349 5068 megasas - ok
16:14:14.0412 5068 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:14:14.0427 5068 MegaSR - ok
16:14:14.0459 5068 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:14:14.0459 5068 MMCSS - ok
16:14:14.0490 5068 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:14:14.0490 5068 Modem - ok
16:14:14.0505 5068 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:14:14.0505 5068 monitor - ok
16:14:14.0599 5068 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
16:14:14.0599 5068 mouclass - ok
16:14:14.0646 5068 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:14:14.0646 5068 mouhid - ok
16:14:14.0755 5068 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:14:14.0771 5068 mountmgr - ok
16:14:14.0833 5068 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:14:14.0849 5068 mpio - ok
16:14:14.0989 5068 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:14:14.0989 5068 mpsdrv - ok
16:14:15.0395 5068 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:14:15.0410 5068 MpsSvc - ok
16:14:15.0488 5068 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:14:15.0519 5068 MRxDAV - ok
16:14:15.0566 5068 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:14:15.0582 5068 mrxsmb - ok
16:14:15.0660 5068 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:14:15.0675 5068 mrxsmb10 - ok
16:14:15.0707 5068 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:14:15.0722 5068 mrxsmb20 - ok
16:14:15.0753 5068 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:14:15.0753 5068 msahci - ok
16:14:15.0878 5068 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:14:15.0894 5068 msdsm - ok
16:14:15.0925 5068 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:14:15.0941 5068 MSDTC - ok
16:14:15.0972 5068 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:14:15.0972 5068 Msfs - ok
16:14:15.0987 5068 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:14:15.0987 5068 mshidkmdf - ok
16:14:16.0019 5068 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:14:16.0019 5068 msisadrv - ok
16:14:16.0050 5068 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:14:16.0065 5068 MSiSCSI - ok
16:14:16.0065 5068 msiserver - ok
16:14:16.0097 5068 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:14:16.0097 5068 MSKSSRV - ok
16:14:16.0112 5068 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:14:16.0128 5068 MSPCLOCK - ok
16:14:16.0128 5068 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:14:16.0143 5068 MSPQM - ok
16:14:16.0237 5068 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:14:16.0253 5068 MsRPC - ok
16:14:16.0284 5068 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:14:16.0284 5068 mssmbios - ok
16:14:16.0299 5068 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:14:16.0299 5068 MSTEE - ok
16:14:16.0331 5068 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:14:16.0331 5068 MTConfig - ok
16:14:16.0362 5068 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:14:16.0362 5068 Mup - ok
16:14:16.0518 5068 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:14:16.0533 5068 napagent - ok
16:14:16.0596 5068 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:14:16.0611 5068 NativeWifiP - ok
16:14:16.0814 5068 NAV (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
16:14:16.0814 5068 NAV - ok
16:14:17.0251 5068 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120109.019\ENG64.SYS
16:14:17.0282 5068 NAVENG - ok
16:14:18.0577 5068 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120109.019\EX64.SYS
16:14:18.0671 5068 NAVEX15 - ok
16:14:20.0028 5068 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:14:20.0059 5068 NDIS - ok
16:14:20.0137 5068 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:14:20.0153 5068 NdisCap - ok
16:14:20.0184 5068 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:14:20.0184 5068 NdisTapi - ok
16:14:20.0262 5068 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:14:20.0262 5068 Ndisuio - ok
16:14:20.0371 5068 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:14:20.0387 5068 NdisWan - ok
16:14:20.0496 5068 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:14:20.0511 5068 NDProxy - ok
16:14:20.0589 5068 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
16:14:20.0589 5068 Net Driver HPZ12 - ok
16:14:20.0621 5068 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:14:20.0636 5068 NetBIOS - ok
16:14:20.0823 5068 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:14:20.0855 5068 NetBT - ok
16:14:20.0886 5068 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:14:20.0886 5068 Netlogon - ok
16:14:21.0229 5068 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:14:21.0276 5068 Netman - ok
16:14:21.0572 5068 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:14:21.0603 5068 netprofm - ok
16:14:21.0697 5068 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:14:21.0697 5068 NetTcpPortSharing - ok
16:14:24.0630 5068 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
16:14:24.0957 5068 netw5v64 - ok
16:14:25.0753 5068 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:14:25.0753 5068 nfrd960 - ok
16:14:25.0971 5068 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:14:26.0003 5068 NlaSvc - ok
16:14:26.0081 5068 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:14:26.0205 5068 Npfs - ok
16:14:26.0237 5068 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:14:26.0237 5068 nsi - ok
16:14:26.0283 5068 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:14:26.0283 5068 nsiproxy - ok
16:14:27.0407 5068 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:14:27.0438 5068 Ntfs - ok
16:14:28.0545 5068 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:14:28.0545 5068 Null - ok
16:14:28.0701 5068 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:14:28.0717 5068 nvraid - ok
16:14:28.0748 5068 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:14:28.0764 5068 nvstor - ok
16:14:28.0811 5068 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:14:28.0811 5068 nv_agp - ok
16:14:29.0481 5068 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:14:29.0528 5068 odserv - ok
16:14:29.0591 5068 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:14:29.0606 5068 ohci1394 - ok
16:14:29.0747 5068 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:14:29.0762 5068 ose - ok
16:14:29.0825 5068 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:14:29.0840 5068 p2pimsvc - ok
16:14:29.0871 5068 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:14:29.0903 5068 p2psvc - ok
16:14:29.0949 5068 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:14:29.0965 5068 Parport - ok
16:14:30.0012 5068 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:14:30.0012 5068 partmgr - ok
16:14:30.0027 5068 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:14:30.0043 5068 PcaSvc - ok
16:14:30.0090 5068 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:14:30.0105 5068 pci - ok
16:14:30.0121 5068 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:14:30.0121 5068 pciide - ok
16:14:30.0199 5068 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:14:30.0215 5068 pcmcia - ok
16:14:30.0261 5068 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
16:14:30.0261 5068 pcouffin - ok
16:14:30.0277 5068 PCTINDIS5X64 - ok
16:14:30.0339 5068 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:14:30.0339 5068 pcw - ok
16:14:30.0433 5068 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:14:30.0449 5068 PEAUTH - ok
16:14:30.0573 5068 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:14:30.0573 5068 PerfHost - ok
16:14:31.0213 5068 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:14:31.0244 5068 pla - ok
16:14:31.0322 5068 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:14:31.0353 5068 PlugPlay - ok
16:14:31.0416 5068 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
16:14:31.0431 5068 Pml Driver HPZ12 - ok
16:14:31.0447 5068 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:14:31.0463 5068 PNRPAutoReg - ok
16:14:31.0494 5068 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:14:31.0494 5068 PNRPsvc - ok
16:14:31.0650 5068 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:14:31.0665 5068 PolicyAgent - ok
16:14:31.0728 5068 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:14:31.0728 5068 Power - ok
16:14:31.0837 5068 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:14:31.0853 5068 PptpMiniport - ok
16:14:31.0884 5068 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:14:31.0899 5068 Processor - ok
16:14:31.0946 5068 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
16:14:31.0962 5068 ProfSvc - ok
16:14:32.0009 5068 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:14:32.0024 5068 ProtectedStorage - ok
16:14:32.0118 5068 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:14:32.0118 5068 Psched - ok
16:14:32.0180 5068 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
16:14:32.0180 5068 PxHlpa64 - ok
16:14:33.0179 5068 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:14:33.0225 5068 ql2300 - ok
16:14:34.0161 5068 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:14:34.0208 5068 ql40xx - ok
16:14:34.0317 5068 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:14:34.0333 5068 QWAVE - ok
16:14:34.0395 5068 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:14:34.0395 5068 QWAVEdrv - ok
16:14:34.0411 5068 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:14:34.0411 5068 RasAcd - ok
16:14:34.0458 5068 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:14:34.0458 5068 RasAgileVpn - ok
16:14:34.0473 5068 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:14:34.0489 5068 RasAuto - ok
16:14:34.0520 5068 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:14:34.0536 5068 Rasl2tp - ok
16:14:34.0941 5068 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:14:34.0941 5068 RasMan - ok
16:14:34.0973 5068 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:14:34.0988 5068 RasPppoe - ok
16:14:35.0004 5068 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:14:35.0004 5068 RasSstp - ok
16:14:35.0035 5068 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:14:35.0035 5068 rdbss - ok
16:14:35.0113 5068 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:14:35.0129 5068 rdpbus - ok
16:14:35.0191 5068 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:14:35.0191 5068 RDPCDD - ok
16:14:35.0222 5068 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:14:35.0222 5068 RDPENCDD - ok
16:14:35.0253 5068 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:14:35.0253 5068 RDPREFMP - ok
16:14:35.0300 5068 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
16:14:35.0316 5068 RDPWD - ok
16:14:35.0378 5068 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:14:35.0394 5068 rdyboost - ok
16:14:35.0441 5068 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:14:35.0441 5068 RemoteAccess - ok
16:14:35.0456 5068 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:14:35.0487 5068 RemoteRegistry - ok
16:14:36.0033 5068 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
16:14:36.0033 5068 RichVideo - ok
16:14:36.0080 5068 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
16:14:36.0096 5068 RimUsb - ok
16:14:36.0127 5068 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
16:14:36.0127 5068 RimVSerPort - ok
16:14:36.0174 5068 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
16:14:36.0174 5068 ROOTMODEM - ok
16:14:36.0205 5068 RoxLiveShare9 - ok
16:14:36.0345 5068 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:14:36.0377 5068 RpcEptMapper - ok
16:14:36.0392 5068 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:14:36.0392 5068 RpcLocator - ok
16:14:36.0579 5068 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:14:36.0579 5068 RpcSs - ok
16:14:36.0626 5068 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:14:36.0626 5068 rspndr - ok
16:14:36.0673 5068 RSUSBSTOR (a5df2f732a6c95554e548fcb6932bd31) C:\Windows\system32\Drivers\RtsUStor.sys
16:14:36.0689 5068 RSUSBSTOR - ok
16:14:36.0735 5068 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:14:36.0751 5068 RTL8167 - ok
16:14:36.0767 5068 RtsUIR - ok
16:14:36.0798 5068 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:14:36.0798 5068 SamSs - ok
16:14:36.0845 5068 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:14:36.0845 5068 sbp2port - ok
16:14:36.0891 5068 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:14:36.0907 5068 SCardSvr - ok
16:14:36.0938 5068 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:14:36.0938 5068 scfilter - ok
16:14:38.0046 5068 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:14:38.0061 5068 Schedule - ok
16:14:38.0124 5068 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:14:38.0124 5068 SCPolicySvc - ok
16:14:38.0217 5068 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
16:14:38.0217 5068 sdbus - ok
16:14:38.0249 5068 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:14:38.0264 5068 SDRSVC - ok
16:14:38.0311 5068 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:14:38.0311 5068 secdrv - ok
16:14:38.0327 5068 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:14:38.0327 5068 seclogon - ok
16:14:38.0373 5068 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
16:14:38.0373 5068 SENS - ok
16:14:38.0405 5068 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:14:38.0405 5068 SensrSvc - ok
16:14:38.0420 5068 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:14:38.0420 5068 Serenum - ok
16:14:38.0436 5068 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:14:38.0436 5068 Serial - ok
16:14:38.0483 5068 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:14:38.0498 5068 sermouse - ok
16:14:38.0529 5068 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:14:38.0545 5068 SessionEnv - ok
16:14:38.0576 5068 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:14:38.0576 5068 sffdisk - ok
16:14:38.0607 5068 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:14:38.0607 5068 sffp_mmc - ok
16:14:38.0639 5068 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:14:38.0654 5068 sffp_sd - ok
16:14:38.0654 5068 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:14:38.0670 5068 sfloppy - ok
16:14:38.0717 5068 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:14:38.0732 5068 SharedAccess - ok
16:14:38.0826 5068 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:14:38.0841 5068 ShellHWDetection - ok
16:14:38.0888 5068 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:14:38.0888 5068 SiSRaid2 - ok
16:14:38.0904 5068 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:14:38.0904 5068 SiSRaid4 - ok
16:14:38.0997 5068 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:14:39.0013 5068 Smb - ok
16:14:39.0060 5068 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:14:39.0075 5068 SNMPTRAP - ok
16:14:39.0075 5068 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:14:39.0075 5068 spldr - ok
16:14:39.0122 5068 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:14:39.0138 5068 Spooler - ok
16:14:39.0309 5068 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:14:39.0403 5068 sppsvc - ok
16:14:39.0481 5068 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:14:39.0497 5068 sppuinotify - ok
16:14:39.0606 5068 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NAVx64\1207010.003\SRTSP64.SYS
16:14:39.0653 5068 SRTSP - ok
16:14:39.0668 5068 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NAVx64\1207010.003\SRTSPX64.SYS
16:14:39.0668 5068 SRTSPX - ok
16:14:39.0731 5068 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:14:39.0746 5068 srv - ok
16:14:39.0809 5068 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:14:39.0840 5068 srv2 - ok
16:14:39.0902 5068 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
16:14:39.0918 5068 SrvHsfHDA - ok
16:14:40.0011 5068 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
16:14:40.0058 5068 SrvHsfV92 - ok
16:14:40.0183 5068 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
16:14:40.0230 5068 SrvHsfWinac - ok
16:14:40.0261 5068 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:14:40.0277 5068 srvnet - ok
16:14:40.0308 5068 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:14:40.0308 5068 SSDPSRV - ok
16:14:40.0323 5068 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:14:40.0339 5068 SstpSvc - ok
16:14:40.0464 5068 STacSV (810199dcc3bdc38304d7d649992ea7bc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
16:14:40.0479 5068 STacSV - ok
16:14:40.0511 5068 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:14:40.0511 5068 stexstor - ok
16:14:40.0557 5068 STHDA (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys
16:14:40.0651 5068 STHDA - ok
16:14:40.0745 5068 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
16:14:40.0745 5068 StillCam - ok
16:14:40.0838 5068 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:14:40.0838 5068 stisvc - ok
16:14:40.0885 5068 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:14:40.0885 5068 swenum - ok
16:14:40.0901 5068 swmsflt - ok
16:14:40.0932 5068 SWNC8UA3 (808cb62212dd7a934074ed65d3106948) C:\Windows\system32\DRIVERS\swnc8ua3.sys
16:14:40.0932 5068 SWNC8UA3 - ok
16:14:40.0994 5068 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:14:41.0010 5068 swprv - ok
16:14:41.0041 5068 SWUMXA3 (df3f437a890a77cce5e3fd7b7bb93585) C:\Windows\system32\DRIVERS\swumxa3.sys
16:14:41.0041 5068 SWUMXA3 - ok
16:14:41.0119 5068 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NAVx64\1207010.003\SYMDS64.SYS
16:14:41.0135 5068 SymDS - ok
16:14:41.0197 5068 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NAVx64\1207010.003\SYMEFA64.SYS
16:14:41.0228 5068 SymEFA - ok
16:14:41.0259 5068 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
16:14:41.0259 5068 SymEvent - ok
16:14:41.0306 5068 SYMFW - ok
16:14:41.0353 5068 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NAVx64\1207010.003\Ironx64.SYS
16:14:41.0353 5068 SymIRON - ok
16:14:41.0353 5068 SYMNDISV - ok
16:14:41.0415 5068 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NAVx64\1207010.003\SYMNETS.SYS
16:14:41.0415 5068 SymNetS - ok
16:14:41.0478 5068 SynTP (929c9fa0b18ad2ebc8340591c4bf00ff) C:\Windows\system32\DRIVERS\SynTP.sys
16:14:41.0478 5068 SynTP - ok
16:14:41.0587 5068 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:14:41.0634 5068 SysMain - ok
16:14:41.0743 5068 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:14:41.0743 5068 TabletInputService - ok
16:14:41.0774 5068 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:14:41.0790 5068 TapiSrv - ok
16:14:41.0821 5068 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:14:41.0821 5068 TBS - ok
16:14:41.0977 5068 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:14:42.0039 5068 Tcpip - ok
16:14:42.0195 5068 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:14:42.0211 5068 TCPIP6 - ok
16:14:42.0351 5068 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:14:42.0351 5068 tcpipreg - ok
16:14:42.0383 5068 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:14:42.0383 5068 TDPIPE - ok
16:14:42.0414 5068 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:14:42.0414 5068 TDTCP - ok
16:14:42.0461 5068 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:14:42.0461 5068 tdx - ok
16:14:42.0507 5068 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:14:42.0507 5068 TermDD - ok
16:14:42.0554 5068 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:14:42.0585 5068 TermService - ok
16:14:42.0663 5068 TFsExDisk (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys
16:14:42.0663 5068 TFsExDisk - ok
16:14:42.0695 5068 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:14:42.0695 5068 Themes - ok
16:14:42.0726 5068 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:14:42.0726 5068 THREADORDER - ok
16:14:42.0741 5068 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:14:42.0741 5068 TrkWks - ok
16:14:42.0804 5068 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:14:42.0819 5068 TrustedInstaller - ok
16:14:42.0913 5068 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:14:42.0913 5068 tssecsrv - ok
16:14:42.0991 5068 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:14:42.0991 5068 TsUsbFlt - ok
16:14:43.0038 5068 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:14:43.0053 5068 tunnel - ok
16:14:43.0069 5068 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:14:43.0069 5068 uagp35 - ok
16:14:43.0116 5068 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:14:43.0131 5068 udfs - ok
16:14:43.0163 5068 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:14:43.0178 5068 UI0Detect - ok
16:14:43.0194 5068 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:14:43.0209 5068 uliagpkx - ok
16:14:43.0256 5068 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:14:43.0256 5068 umbus - ok
16:14:43.0287 5068 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:14:43.0287 5068 UmPass - ok
16:14:43.0334 5068 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:14:43.0350 5068 upnphost - ok
16:14:43.0365 5068 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
16:14:43.0365 5068 USBAAPL64 - ok
16:14:43.0397 5068 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:14:43.0397 5068 usbccgp - ok
16:14:43.0397 5068 USBCCID - ok
16:14:43.0428 5068 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:14:43.0428 5068 usbcir - ok
16:14:43.0459 5068 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:14:43.0459 5068 usbehci - ok
16:14:43.0490 5068 usbfilter (44d9c773febff10593b50ddfc2d6bc27) C:\Windows\system32\DRIVERS\usbfilter.sys
16:14:43.0490 5068 usbfilter - ok
16:14:43.0521 5068 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:14:43.0537 5068 usbhub - ok
16:14:43.0553 5068 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
16:14:43.0553 5068 usbohci - ok
16:14:43.0599 5068 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:14:43.0599 5068 usbprint - ok
16:14:43.0631 5068 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:14:43.0631 5068 usbscan - ok
16:14:43.0646 5068 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:14:43.0662 5068 USBSTOR - ok
16:14:43.0677 5068 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:14:43.0677 5068 usbuhci - ok
16:14:43.0740 5068 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
16:14:43.0755 5068 usbvideo - ok
16:14:43.0771 5068 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:14:43.0787 5068 UxSms - ok
16:14:43.0818 5068 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:14:43.0818 5068 VaultSvc - ok
16:14:43.0849 5068 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:14:43.0849 5068 vdrvroot - ok
16:14:43.0911 5068 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:14:43.0927 5068 vds - ok
16:14:43.0958 5068 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:14:43.0958 5068 vga - ok
16:14:43.0989 5068 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:14:43.0989 5068 VgaSave - ok
16:14:44.0021 5068 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:14:44.0021 5068 vhdmp - ok
16:14:44.0052 5068 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:14:44.0052 5068 viaide - ok
16:14:44.0114 5068 VideoAcceleratorService - ok
16:14:44.0145 5068 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:14:44.0145 5068 volmgr - ok
16:14:44.0192 5068 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:14:44.0208 5068 volmgrx - ok
16:14:44.0239 5068 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:14:44.0255 5068 volsnap - ok
16:14:44.0286 5068 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:14:44.0286 5068 vsmraid - ok
16:14:44.0379 5068 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:14:44.0426 5068 VSS - ok
16:14:44.0520 5068 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:14:44.0520 5068 vwifibus - ok
16:14:44.0567 5068 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:14:44.0567 5068 vwififlt - ok
16:14:44.0598 5068 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:14:44.0613 5068 W32Time - ok
16:14:44.0660 5068 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:14:44.0660 5068 WacomPen - ok
16:14:44.0707 5068 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:14:44.0707 5068 WANARP - ok
16:14:44.0723 5068 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:14:44.0723 5068 Wanarpv6 - ok
16:14:44.0832 5068 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:14:44.0879 5068 WatAdminSvc - ok
16:14:44.0988 5068 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:14:45.0035 5068 wbengine - ok
16:14:45.0128 5068 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:14:45.0128 5068 WbioSrvc - ok
16:14:45.0191 5068 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:14:45.0206 5068 wcncsvc - ok
16:14:45.0222 5068 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:14:45.0222 5068 WcsPlugInService - ok
16:14:45.0269 5068 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:14:45.0284 5068 Wd - ok
16:14:45.0331 5068 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:14:45.0347 5068 Wdf01000 - ok
16:14:45.0362 5068 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:14:45.0378 5068 WdiServiceHost - ok
16:14:45.0378 5068 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:14:45.0378 5068 WdiSystemHost - ok
16:14:45.0409 5068 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:14:45.0425 5068 WebClient - ok
16:14:45.0456 5068 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:14:45.0471 5068 Wecsvc - ok
16:14:45.0487 5068 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:14:45.0487 5068 wercplsupport - ok
16:14:45.0518 5068 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:14:45.0518 5068 WerSvc - ok
16:14:45.0565 5068 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:14:45.0565 5068 WfpLwf - ok
16:14:45.0581 5068 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:14:45.0581 5068 WIMMount - ok
16:14:45.0643 5068 WinDefend - ok
16:14:45.0643 5068 WinHttpAutoProxySvc - ok
16:14:45.0799 5068 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:14:45.0815 5068 Winmgmt - ok
16:14:45.0955 5068 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:14:46.0002 5068 WinRM - ok
16:14:46.0392 5068 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:14:46.0392 5068 WinUsb - ok
16:14:46.0548 5068 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:14:46.0579 5068 Wlansvc - ok
16:14:46.0938 5068 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:14:46.0985 5068 wlidsvc - ok
16:14:47.0078 5068 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:14:47.0078 5068 WmiAcpi - ok
16:14:47.0156 5068 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:14:47.0172 5068 wmiApSrv - ok
16:14:47.0203 5068 WMPNetworkSvc - ok
16:14:47.0234 5068 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:14:47.0234 5068 WPCSvc - ok
16:14:47.0406 5068 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:14:47.0437 5068 WPDBusEnum - ok
16:14:47.0453 5068 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:14:47.0453 5068 ws2ifsl - ok
16:14:47.0624 5068 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
16:14:47.0640 5068 wscsvc - ok
16:14:47.0640 5068 WSearch - ok
16:14:47.0827 5068 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
16:14:47.0889 5068 wuauserv - ok
16:14:47.0999 5068 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:14:47.0999 5068 WudfPf - ok
16:14:48.0108 5068 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:14:48.0123 5068 WUDFRd - ok
16:14:48.0170 5068 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:14:48.0170 5068 wudfsvc - ok
16:14:48.0217 5068 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:14:48.0217 5068 WwanSvc - ok
16:14:48.0279 5068 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
16:14:48.0295 5068 yukonw7 - ok
16:14:48.0342 5068 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:14:48.0654 5068 \Device\Harddisk0\DR0 - ok
16:14:48.0654 5068 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
16:14:48.0669 5068 \Device\Harddisk1\DR1 - ok
16:14:48.0669 5068 Boot (0x1200) (983054ded5b96046f45f317903ad762d) \Device\Harddisk0\DR0\Partition0
16:14:48.0669 5068 \Device\Harddisk0\DR0\Partition0 - ok
16:14:48.0716 5068 Boot (0x1200) (746a22c9f3bafb58b8811eed4334d5c0) \Device\Harddisk0\DR0\Partition1
16:14:48.0732 5068 \Device\Harddisk0\DR0\Partition1 - ok
16:14:48.0779 5068 Boot (0x1200) (1bdce424436730c41fd4e2dc31fdcccc) \Device\Harddisk0\DR0\Partition2
16:14:48.0779 5068 \Device\Harddisk0\DR0\Partition2 - ok
16:14:48.0794 5068 Boot (0x1200) (6aaa67aae10433a701d3219e75871274) \Device\Harddisk1\DR1\Partition0
16:14:48.0794 5068 \Device\Harddisk1\DR1\Partition0 - ok
16:14:48.0794 5068 ============================================================
16:14:48.0794 5068 Scan finished
16:14:48.0794 5068 ============================================================
16:14:48.0825 5060 Detected object count: 0
16:14:48.0825 5060 Actual detected object count: 0








aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-17 16:17:17
-----------------------------
16:17:17.385 OS Version: Windows x64 6.1.7601 Service Pack 1
16:17:17.385 Number of processors: 2 586 0x602
16:17:17.385 ComputerName: PCBRI UserName:
16:17:40.848 Initialize success
16:18:59.987 AVAST engine defs: 12051700
16:19:37.427 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:19:37.443 Disk 0 Vendor: ST9500420AS 0006HPM1 Size: 476940MB BusType: 11
16:19:37.474 Disk 0 MBR read successfully
16:19:37.489 Disk 0 MBR scan
16:19:37.489 Disk 0 Windows 7 default MBR code
16:19:37.521 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 460936 MB offset 409600
16:19:37.567 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15700 MB offset 944406528
16:19:37.723 Disk 0 Partition 3 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
16:19:37.817 Disk 0 scanning C:\Windows\system32\drivers
16:20:07.909 Service scanning
16:21:01.916 Modules scanning
16:21:01.932 Disk 0 trace - called modules:
16:21:01.948 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
16:21:02.462 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004363060]
16:21:02.462 3 CLASSPNP.SYS[fffff8800114543f] -> nt!IofCallDriver -> [0xfffffa800435e8d0]
16:21:02.478 5 hpdskflt.sys[fffff8800236b289] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80042e9680]
16:21:31.166 AVAST engine scan C:\Windows
16:21:57.296 AVAST engine scan C:\Windows\system32
16:22:48.043 File: C:\Windows\system32\dcstor32.dll **INFECTED** Win64:ZAccess-E [Rtk]
16:25:36.557 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
16:25:38.538 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
16:27:33.700 AVAST engine scan C:\Windows\system32\drivers
16:28:22.216 AVAST engine scan C:\Users\Brianne Gallon
16:29:06.692 Disk 0 MBR has been saved successfully to "F:\helpdesk!bleeping\MBR.dat"
16:34:37.557 Disk 0 MBR has been saved successfully to "C:\Users\Brianne Gallon\Desktop\MBR.dat"
16:34:37.573 The log file has been saved successfully to "C:\Users\Brianne Gallon\Desktop\aswMBR.txt"

Attached Files



#12 redtux7777

redtux7777
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 17 May 2012 - 03:50 PM

Opps I think aswMBR is still running.
ill repost when its done

#13 redtux7777

redtux7777
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 17 May 2012 - 04:08 PM

ok scan finnished

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-17 16:17:17
-----------------------------
16:17:17.385 OS Version: Windows x64 6.1.7601 Service Pack 1
16:17:17.385 Number of processors: 2 586 0x602
16:17:17.385 ComputerName: PCBRI UserName:
16:17:40.848 Initialize success
16:18:59.987 AVAST engine defs: 12051700
16:19:37.427 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:19:37.443 Disk 0 Vendor: ST9500420AS 0006HPM1 Size: 476940MB BusType: 11
16:19:37.474 Disk 0 MBR read successfully
16:19:37.489 Disk 0 MBR scan
16:19:37.489 Disk 0 Windows 7 default MBR code
16:19:37.521 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 460936 MB offset 409600
16:19:37.567 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15700 MB offset 944406528
16:19:37.723 Disk 0 Partition 3 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
16:19:37.817 Disk 0 scanning C:\Windows\system32\drivers
16:20:07.909 Service scanning
16:21:01.916 Modules scanning
16:21:01.932 Disk 0 trace - called modules:
16:21:01.948 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
16:21:02.462 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004363060]
16:21:02.462 3 CLASSPNP.SYS[fffff8800114543f] -> nt!IofCallDriver -> [0xfffffa800435e8d0]
16:21:02.478 5 hpdskflt.sys[fffff8800236b289] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80042e9680]
16:21:31.166 AVAST engine scan C:\Windows
16:21:35.082 Disk 0 MBR has been saved successfully to "F:\helpdesk!bleeping\MBR.dat"
16:21:57.296 AVAST engine scan C:\Windows\system32
16:22:48.043 File: C:\Windows\system32\dcstor32.dll **INFECTED** Win64:ZAccess-E [Rtk]
16:25:36.557 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
16:25:38.538 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
16:27:33.700 AVAST engine scan C:\Windows\system32\drivers
16:28:22.216 AVAST engine scan C:\Users\Brianne Gallon
16:29:06.692 Disk 0 MBR has been saved successfully to "F:\helpdesk!bleeping\MBR.dat"
16:34:37.557 Disk 0 MBR has been saved successfully to "C:\Users\Brianne Gallon\Desktop\MBR.dat"
16:34:37.573 The log file has been saved successfully to "C:\Users\Brianne Gallon\Desktop\aswMBR.txt"
16:59:17.964 AVAST engine scan C:\ProgramData
17:01:40.815 Scan finished successfully
17:06:10.536 Disk 0 MBR has been saved successfully to "C:\Users\Brianne Gallon\Desktop\MBR.dat"
17:06:10.596 The log file has been saved successfully to "C:\Users\Brianne Gallon\Desktop\aswMBR.txt"
17:06:37.844 Disk 0 MBR has been saved successfully to "C:\Users\Brianne Gallon\Desktop\MBR.dat"
17:06:37.860 The log file has been saved successfully to "C:\Users\Brianne Gallon\Desktop\aswMBR.txt"

Attached Files



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:17 AM

Posted 17 May 2012 - 04:59 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
C:\Windows\assembly\temp\U
c:\progra~2\BEARSH~1\MediaBar
 c:\program files (x86)\Vuze_Remote

File::
C:\Windows\system32\consrv.dll
C:\Windows\system32\dcstor32.dll
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
c:\windows\system32\dds_trash_log.cmd

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 redtux7777

redtux7777
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 17 May 2012 - 08:28 PM

Seems to be running good.


combofix log is to big to post.

Edited by redtux7777, 17 May 2012 - 08:31 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users