Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DNS Changer Trojan


  • This topic is locked This topic is locked
54 replies to this topic

#1 Ekoroski

Ekoroski

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 22 May 2012 - 08:01 AM

Avast and MS security keep coming up saying im infected with WIN 32 DNSchanger I cant seem to get rid of this. I've looked through some of the other forums on here about similar problems but cant get anything to work. Any help would be greatly appreciated.

Here's my DDS log
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by ekoroski at 8:55:04 on 2012-05-22
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3893.2476 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\HPSIsvc.exe
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\DeleteHistoryFree\dhf.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Users\ekoroski\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\ekoroski\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ekoroski\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ekoroski\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ekoroski\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ekoroski\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\ekoroski\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ekoroski\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Users\ekoroski\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ekoroski\AppData\Local\Google\Chrome\Application\chrome.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://blekkosearch.mystart.com/blekkotb_soc/?source=86adbc52&toolbarid=blekkotb_soc&u=20120509DAD04FD5BA337A0F4DE42057&tbp=homepage
uWindow Title = Microsoft Internet Explorer provided by Eastwick Colleges
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Google Update] "C:\Users\ekoroski\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DeleteHistoryFree] C:\Program Files (x86)\DeleteHistoryFree\dhf.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave
mRun: [<NO NAME>]
mRun: [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\Users\ekoroski\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\ekoroski\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 167.206.112.3 167.206.112.4
TCP: Interfaces\{F0D916AA-090D-447B-81FD-DC19F0815AEF} : NameServer = 10.91.100.100,10.91.100.120
TCP: Interfaces\{F0D916AA-090D-447B-81FD-DC19F0815AEF} : DhcpNameServer = 167.206.112.3 167.206.112.4
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave
mRun-x64: [(Default)]
mRun-x64: [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
IE-X64: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-5-16 44768]
R2 HPSIService;HP SI Service;C:\Windows\system32\HPSIsvc.exe --> C:\Windows\system32\HPSIsvc.exe [?]
R2 tvnserver;TightVNC Server;C:\Program Files (x86)\TightVNC\tvnserver.exe [2011-8-3 828944]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
S1 pasjehrv;pasjehrv;\??\C:\Windows\system32\drivers\pasjehrv.sys --> C:\Windows\system32\drivers\pasjehrv.sys [?]
S1 tryudpue;tryudpue;\??\C:\Windows\system32\drivers\tryudpue.sys --> C:\Windows\system32\drivers\tryudpue.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-22 136176]
S2 HP LaserJet Service;HP LaserJet Service;C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-6-24 136704]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-30 257696]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-22 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-18 129976]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
SUnknown donrtsid;donrtsid; [x]
SUnknown tvnycqyk;tvnycqyk; [x]
SUnknown vrsicdhc;vrsicdhc; [x]
.
=============== Created Last 30 ================
.
2012-05-22 12:43:01 -------- d-----w- C:\Program Files (x86)\ESET
2012-05-21 22:21:17 50000 ----a-w- C:\Windows\System32\drivers\tryudpue.sys
2012-05-21 22:10:01 50000 ----a-w- C:\Windows\System32\drivers\pasjehrv.sys
2012-05-21 22:09:08 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{33B96555-1090-4D33-B41B-491EEA461001}\offreg.dll
2012-05-21 15:20:31 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{33B96555-1090-4D33-B41B-491EEA461001}\mpengine.dll
2012-05-18 14:00:56 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{59A8C2CF-2C1E-44F3-AA01-B982167EC731}\gapaengine.dll
2012-05-18 14:00:54 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-18 13:53:53 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-05-18 13:53:51 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-05-16 14:44:07 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-05-16 14:44:05 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-05-16 14:44:03 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-05-16 14:43:42 41184 ----a-w- C:\Windows\avastSS.scr
2012-05-16 14:43:34 -------- d-----w- C:\ProgramData\AVAST Software
2012-05-16 14:43:34 -------- d-----w- C:\Program Files\AVAST Software
2012-05-15 13:21:31 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-05-10 17:28:42 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-09 19:32:04 -------- d-----w- C:\Program Files (x86)\blekkotb_soc
2012-05-09 19:28:15 -------- d-----w- C:\ProgramData\blekko toolbars
2012-05-09 18:37:59 -------- d-----w- C:\Program Files (x86)\DVDFab 8 Qt
2012-05-04 13:38:48 -------- d-----w- C:\Program Files\iTunes
2012-05-04 13:38:48 -------- d-----w- C:\Program Files\iPod
2012-05-04 12:53:50 -------- d-----w- C:\Users\ekoroski\AppData\Local\Apple Computer
2012-05-04 12:53:43 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-05-04 12:53:43 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-05-04 12:53:43 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-05-04 12:53:17 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-05-04 12:53:17 -------- d-----w- C:\Program Files (x86)\iTunes
2012-05-04 12:52:44 -------- d-----w- C:\Users\ekoroski\AppData\Local\Apple
2012-05-04 12:52:09 -------- d-----w- C:\Program Files\Bonjour
2012-05-04 12:52:09 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-05-02 13:42:39 49664 ----a-r- C:\Windows\System32\HP1100SMs.dll
2012-05-02 13:42:38 74240 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HP1100PP.dll
2012-05-02 13:42:38 290304 ----a-w- C:\Windows\System32\HP1100LM.DLL
2012-05-02 13:42:38 1696256 ----a-w- C:\Windows\System32\HP1100SM.EXE
2012-05-02 13:41:51 126520 ----a-w- C:\Windows\System32\HPSIsvc.exe
2012-05-02 13:41:23 -------- d-----w- C:\Program Files (x86)\HP
2012-05-02 13:41:05 350720 ----a-w- C:\Windows\System32\mvhlewsi.dll
2012-05-02 13:41:05 -------- d-----w- C:\Program Files\HP
2012-05-02 13:40:35 -------- d-----w- C:\Program Files (x86)\Common Files\SWF Studio
2012-05-02 13:40:01 -------- d-----w- C:\LJP1100_P1560_P1600_Full_Solution
2012-04-30 20:35:17 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2012-04-30 20:34:59 -------- d-----w- C:\Program Files\DivX
2012-04-30 20:33:51 -------- d-----w- C:\Program Files (x86)\DivX
2012-04-30 20:33:14 -------- d-----w- C:\ProgramData\DivX
2012-04-30 15:15:05 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-30 14:37:32 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-27 14:54:09 -------- d-----w- C:\Users\ekoroski\AppData\Roaming\Unity
.
==================== Find3M ====================
.
2012-05-16 14:17:30 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-03 14:56:45 60304 ----a-w- C:\Users\ekoroski\g2mdlhlpx.exe
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-21 00:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-21 00:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-03-09 13:12:53 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-03 06:35:38 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-03 05:31:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 8:55:24.93 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:02 AM

Posted 22 May 2012 - 08:35 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Ekoroski

Ekoroski
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 22 May 2012 - 10:11 AM

Here is the result from Security Check Results of screen317's Security Check version 0.99.34
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
avast! Free Antivirus
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 31
Java version out of date!
Adobe Reader X (10.1.3)
Mozilla Firefox (12.0)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````



But I cant run ComboFix Every time i start it up i either get a message about explorer not working and everything closes or the program closes my desktop refreshes and the task bar turns black and just stays that way???

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:02 AM

Posted 22 May 2012 - 01:23 PM

Hello Ekoroski

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo

Edited by gringo_pr, 22 May 2012 - 01:26 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Ekoroski

Ekoroski
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 23 May 2012 - 09:56 AM

Ok i tried running it in safe mode and the same thing happened
this is the box that comes up
Posted Image
It runs through this and then closes and nothing happens both in safe mode and normally.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:02 AM

Posted 23 May 2012 - 10:17 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Ekoroski

Ekoroski
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 23 May 2012 - 11:27 AM

Here is the report from tdsskiller

12:22:54.0388 2916 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
12:22:54.0653 2916 ============================================================
12:22:54.0653 2916 Current date / time: 2012/05/23 12:22:54.0653
12:22:54.0653 2916 SystemInfo:
12:22:54.0653 2916
12:22:54.0653 2916 OS Version: 6.1.7601 ServicePack: 1.0
12:22:54.0653 2916 Product type: Workstation
12:22:54.0653 2916 ComputerName: USER-PC
12:22:54.0653 2916 UserName: ekoroski
12:22:54.0653 2916 Windows directory: C:\Windows
12:22:54.0653 2916 System windows directory: C:\Windows
12:22:54.0653 2916 Running under WOW64
12:22:54.0653 2916 Processor architecture: Intel x64
12:22:54.0653 2916 Number of processors: 4
12:22:54.0653 2916 Page size: 0x1000
12:22:54.0653 2916 Boot type: Normal boot
12:22:54.0653 2916 ============================================================
12:22:55.0433 2916 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:22:55.0433 2916 ============================================================
12:22:55.0433 2916 \Device\Harddisk0\DR0:
12:22:55.0433 2916 MBR partitions:
12:22:55.0433 2916 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:22:55.0433 2916 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
12:22:55.0433 2916 ============================================================
12:22:55.0449 2916 C: <-> \Device\Harddisk0\DR0\Partition1
12:22:55.0449 2916 ============================================================
12:22:55.0449 2916 Initialize success
12:22:55.0449 2916 ============================================================
12:22:57.0867 4416 ============================================================
12:22:57.0867 4416 Scan started
12:22:57.0867 4416 Mode: Manual;
12:22:57.0867 4416 ============================================================
12:22:58.0709 4416 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:22:58.0709 4416 1394ohci - ok
12:22:58.0756 4416 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:22:58.0756 4416 ACPI - ok
12:22:58.0787 4416 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:22:58.0787 4416 AcpiPmi - ok
12:22:58.0865 4416 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:22:58.0865 4416 AdobeARMservice - ok
12:22:58.0959 4416 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:22:58.0959 4416 AdobeFlashPlayerUpdateSvc - ok
12:22:59.0005 4416 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:22:59.0005 4416 adp94xx - ok
12:22:59.0037 4416 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:22:59.0037 4416 adpahci - ok
12:22:59.0052 4416 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:22:59.0052 4416 adpu320 - ok
12:22:59.0068 4416 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:22:59.0068 4416 AeLookupSvc - ok
12:22:59.0115 4416 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:22:59.0130 4416 AFD - ok
12:22:59.0161 4416 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:22:59.0161 4416 agp440 - ok
12:22:59.0177 4416 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:22:59.0177 4416 ALG - ok
12:22:59.0193 4416 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:22:59.0193 4416 aliide - ok
12:22:59.0193 4416 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:22:59.0193 4416 amdide - ok
12:22:59.0224 4416 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:22:59.0224 4416 AmdK8 - ok
12:22:59.0224 4416 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:22:59.0224 4416 AmdPPM - ok
12:22:59.0239 4416 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:22:59.0239 4416 amdsata - ok
12:22:59.0271 4416 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:22:59.0271 4416 amdsbs - ok
12:22:59.0286 4416 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:22:59.0286 4416 amdxata - ok
12:22:59.0317 4416 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:22:59.0317 4416 AppID - ok
12:22:59.0333 4416 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:22:59.0333 4416 AppIDSvc - ok
12:22:59.0364 4416 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:22:59.0364 4416 Appinfo - ok
12:22:59.0442 4416 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:22:59.0458 4416 Apple Mobile Device - ok
12:22:59.0473 4416 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
12:22:59.0473 4416 AppMgmt - ok
12:22:59.0505 4416 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:22:59.0505 4416 arc - ok
12:22:59.0520 4416 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:22:59.0520 4416 arcsas - ok
12:22:59.0551 4416 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
12:22:59.0551 4416 aswFsBlk - ok
12:22:59.0567 4416 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
12:22:59.0567 4416 aswMonFlt - ok
12:22:59.0583 4416 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
12:22:59.0583 4416 aswRdr - ok
12:22:59.0614 4416 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
12:22:59.0614 4416 aswSnx - ok
12:22:59.0629 4416 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
12:22:59.0629 4416 aswSP - ok
12:22:59.0645 4416 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
12:22:59.0645 4416 aswTdi - ok
12:22:59.0661 4416 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:22:59.0661 4416 AsyncMac - ok
12:22:59.0692 4416 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:22:59.0692 4416 atapi - ok
12:22:59.0739 4416 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:22:59.0754 4416 AudioEndpointBuilder - ok
12:22:59.0754 4416 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:22:59.0770 4416 AudioSrv - ok
12:22:59.0832 4416 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:22:59.0832 4416 avast! Antivirus - ok
12:22:59.0879 4416 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:22:59.0879 4416 AxInstSV - ok
12:22:59.0926 4416 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:22:59.0926 4416 b06bdrv - ok
12:22:59.0957 4416 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:22:59.0957 4416 b57nd60a - ok
12:22:59.0973 4416 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:22:59.0973 4416 BDESVC - ok
12:22:59.0988 4416 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:22:59.0988 4416 Beep - ok
12:23:00.0035 4416 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
12:23:00.0051 4416 BITS - ok
12:23:00.0082 4416 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:23:00.0082 4416 blbdrive - ok
12:23:00.0129 4416 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
12:23:00.0129 4416 Bonjour Service - ok
12:23:00.0160 4416 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:23:00.0160 4416 bowser - ok
12:23:00.0160 4416 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:23:00.0160 4416 BrFiltLo - ok
12:23:00.0175 4416 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:23:00.0175 4416 BrFiltUp - ok
12:23:00.0207 4416 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:23:00.0207 4416 BridgeMP - ok
12:23:00.0222 4416 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:23:00.0222 4416 Browser - ok
12:23:00.0238 4416 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:23:00.0238 4416 Brserid - ok
12:23:00.0253 4416 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:23:00.0253 4416 BrSerWdm - ok
12:23:00.0253 4416 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:23:00.0253 4416 BrUsbMdm - ok
12:23:00.0253 4416 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:23:00.0253 4416 BrUsbSer - ok
12:23:00.0253 4416 bsyybxme - ok
12:23:00.0269 4416 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:23:00.0269 4416 BTHMODEM - ok
12:23:00.0285 4416 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:23:00.0285 4416 bthserv - ok
12:23:00.0300 4416 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:23:00.0300 4416 cdfs - ok
12:23:00.0347 4416 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
12:23:00.0347 4416 cdrom - ok
12:23:00.0394 4416 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:23:00.0394 4416 CertPropSvc - ok
12:23:00.0409 4416 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:23:00.0409 4416 circlass - ok
12:23:00.0441 4416 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:23:00.0441 4416 CLFS - ok
12:23:00.0487 4416 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:23:00.0487 4416 clr_optimization_v2.0.50727_32 - ok
12:23:00.0503 4416 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:23:00.0519 4416 clr_optimization_v2.0.50727_64 - ok
12:23:00.0565 4416 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:23:00.0565 4416 clr_optimization_v4.0.30319_32 - ok
12:23:00.0612 4416 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:23:00.0612 4416 clr_optimization_v4.0.30319_64 - ok
12:23:00.0659 4416 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:23:00.0659 4416 CmBatt - ok
12:23:00.0675 4416 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:23:00.0690 4416 cmdide - ok
12:23:00.0706 4416 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:23:00.0721 4416 CNG - ok
12:23:00.0737 4416 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:23:00.0737 4416 Compbatt - ok
12:23:00.0768 4416 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:23:00.0768 4416 CompositeBus - ok
12:23:00.0784 4416 COMSysApp - ok
12:23:00.0799 4416 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:23:00.0799 4416 crcdisk - ok
12:23:00.0831 4416 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
12:23:00.0831 4416 CryptSvc - ok
12:23:00.0877 4416 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
12:23:00.0877 4416 CSC - ok
12:23:00.0893 4416 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
12:23:00.0924 4416 CscService - ok
12:23:00.0940 4416 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:23:00.0955 4416 DcomLaunch - ok
12:23:00.0987 4416 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:23:01.0002 4416 defragsvc - ok
12:23:01.0049 4416 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:23:01.0049 4416 DfsC - ok
12:23:01.0111 4416 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:23:01.0111 4416 Dhcp - ok
12:23:01.0127 4416 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:23:01.0127 4416 discache - ok
12:23:01.0143 4416 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:23:01.0143 4416 Disk - ok
12:23:01.0174 4416 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:23:01.0174 4416 Dnscache - ok
12:23:01.0205 4416 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:23:01.0205 4416 dot3svc - ok
12:23:01.0236 4416 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:23:01.0236 4416 DPS - ok
12:23:01.0252 4416 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:23:01.0252 4416 drmkaud - ok
12:23:01.0299 4416 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:23:01.0299 4416 DXGKrnl - ok
12:23:01.0345 4416 e1kexpress (60c5b36e07be8b3af3911c3d10303cfe) C:\Windows\system32\DRIVERS\e1k62x64.sys
12:23:01.0345 4416 e1kexpress - ok
12:23:01.0361 4416 EagleX64 - ok
12:23:01.0377 4416 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:23:01.0377 4416 EapHost - ok
12:23:01.0486 4416 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:23:01.0517 4416 ebdrv - ok
12:23:01.0579 4416 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:23:01.0579 4416 EFS - ok
12:23:01.0626 4416 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:23:01.0642 4416 ehRecvr - ok
12:23:01.0673 4416 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:23:01.0673 4416 ehSched - ok
12:23:01.0720 4416 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:23:01.0720 4416 elxstor - ok
12:23:01.0751 4416 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:23:01.0751 4416 ErrDev - ok
12:23:01.0782 4416 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:23:01.0782 4416 EventSystem - ok
12:23:01.0798 4416 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:23:01.0798 4416 exfat - ok
12:23:01.0813 4416 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:23:01.0813 4416 fastfat - ok
12:23:01.0876 4416 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:23:01.0891 4416 Fax - ok
12:23:01.0907 4416 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:23:01.0907 4416 fdc - ok
12:23:01.0923 4416 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:23:01.0923 4416 fdPHost - ok
12:23:01.0938 4416 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:23:01.0938 4416 FDResPub - ok
12:23:01.0938 4416 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:23:01.0938 4416 FileInfo - ok
12:23:01.0954 4416 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:23:01.0954 4416 Filetrace - ok
12:23:01.0954 4416 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:23:01.0954 4416 flpydisk - ok
12:23:01.0985 4416 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:23:01.0985 4416 FltMgr - ok
12:23:02.0047 4416 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:23:02.0063 4416 FontCache - ok
12:23:02.0110 4416 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:23:02.0110 4416 FontCache3.0.0.0 - ok
12:23:02.0141 4416 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:23:02.0141 4416 FsDepends - ok
12:23:02.0172 4416 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:23:02.0172 4416 Fs_Rec - ok
12:23:02.0203 4416 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:23:02.0219 4416 fvevol - ok
12:23:02.0219 4416 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:23:02.0235 4416 gagp30kx - ok
12:23:02.0250 4416 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:23:02.0250 4416 GEARAspiWDM - ok
12:23:02.0297 4416 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:23:02.0313 4416 gpsvc - ok
12:23:02.0391 4416 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:23:02.0391 4416 gupdate - ok
12:23:02.0406 4416 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:23:02.0406 4416 gupdatem - ok
12:23:02.0422 4416 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:23:02.0422 4416 hcw85cir - ok
12:23:02.0469 4416 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:23:02.0469 4416 HdAudAddService - ok
12:23:02.0484 4416 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:23:02.0484 4416 HDAudBus - ok
12:23:02.0515 4416 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
12:23:02.0515 4416 HECIx64 - ok
12:23:02.0515 4416 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:23:02.0531 4416 HidBatt - ok
12:23:02.0531 4416 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:23:02.0531 4416 HidBth - ok
12:23:02.0531 4416 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:23:02.0531 4416 HidIr - ok
12:23:02.0547 4416 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:23:02.0562 4416 hidserv - ok
12:23:02.0609 4416 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:23:02.0609 4416 HidUsb - ok
12:23:02.0640 4416 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:23:02.0640 4416 hkmsvc - ok
12:23:02.0656 4416 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:23:02.0671 4416 HomeGroupListener - ok
12:23:02.0703 4416 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:23:02.0703 4416 HomeGroupProvider - ok
12:23:02.0781 4416 HP LaserJet Service (53dca61931847e35c950504bfb7559c6) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
12:23:02.0781 4416 HP LaserJet Service - ok
12:23:02.0812 4416 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:23:02.0812 4416 HpSAMD - ok
12:23:02.0843 4416 HPSIService (f7bc8c61850e51fada9087b6d3155023) C:\Windows\system32\HPSIsvc.exe
12:23:02.0843 4416 HPSIService - ok
12:23:02.0890 4416 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:23:02.0905 4416 HTTP - ok
12:23:02.0937 4416 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:23:02.0937 4416 hwpolicy - ok
12:23:02.0968 4416 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:23:02.0968 4416 i8042prt - ok
12:23:03.0015 4416 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:23:03.0030 4416 iaStorV - ok
12:23:03.0093 4416 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:23:03.0108 4416 idsvc - ok
12:23:03.0405 4416 igfx (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:23:03.0561 4416 igfx - ok
12:23:03.0639 4416 ihhyqzsq - ok
12:23:03.0654 4416 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:23:03.0654 4416 iirsp - ok
12:23:03.0717 4416 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:23:03.0732 4416 IKEEXT - ok
12:23:03.0748 4416 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:23:03.0748 4416 intelide - ok
12:23:03.0779 4416 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:23:03.0779 4416 intelppm - ok
12:23:03.0810 4416 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:23:03.0810 4416 IPBusEnum - ok
12:23:03.0826 4416 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:23:03.0826 4416 IpFilterDriver - ok
12:23:03.0888 4416 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:23:03.0904 4416 iphlpsvc - ok
12:23:03.0935 4416 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:23:03.0935 4416 IPMIDRV - ok
12:23:03.0951 4416 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:23:03.0966 4416 IPNAT - ok
12:23:04.0029 4416 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
12:23:04.0044 4416 iPod Service - ok
12:23:04.0060 4416 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:23:04.0075 4416 IRENUM - ok
12:23:04.0107 4416 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:23:04.0107 4416 isapnp - ok
12:23:04.0122 4416 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:23:04.0122 4416 iScsiPrt - ok
12:23:04.0153 4416 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
12:23:04.0153 4416 kbdclass - ok
12:23:04.0169 4416 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
12:23:04.0169 4416 kbdhid - ok
12:23:04.0185 4416 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:23:04.0185 4416 KeyIso - ok
12:23:04.0200 4416 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:23:04.0200 4416 KSecDD - ok
12:23:04.0216 4416 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:23:04.0216 4416 KSecPkg - ok
12:23:04.0231 4416 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:23:04.0231 4416 ksthunk - ok
12:23:04.0263 4416 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:23:04.0278 4416 KtmRm - ok
12:23:04.0325 4416 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
12:23:04.0325 4416 LanmanServer - ok
12:23:04.0341 4416 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:23:04.0356 4416 LanmanWorkstation - ok
12:23:04.0387 4416 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:23:04.0387 4416 lltdio - ok
12:23:04.0419 4416 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:23:04.0419 4416 lltdsvc - ok
12:23:04.0434 4416 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:23:04.0434 4416 lmhosts - ok
12:23:04.0465 4416 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:23:04.0465 4416 LSI_FC - ok
12:23:04.0481 4416 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:23:04.0481 4416 LSI_SAS - ok
12:23:04.0497 4416 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:23:04.0497 4416 LSI_SAS2 - ok
12:23:04.0512 4416 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:23:04.0512 4416 LSI_SCSI - ok
12:23:04.0528 4416 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:23:04.0528 4416 luafv - ok
12:23:04.0559 4416 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:23:04.0559 4416 Mcx2Svc - ok
12:23:04.0575 4416 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:23:04.0575 4416 megasas - ok
12:23:04.0606 4416 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:23:04.0606 4416 MegaSR - ok
12:23:04.0653 4416 Microsoft SharePoint Workspace Audit Service - ok
12:23:04.0699 4416 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:23:04.0699 4416 MMCSS - ok
12:23:04.0715 4416 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:23:04.0715 4416 Modem - ok
12:23:04.0746 4416 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:23:04.0746 4416 monitor - ok
12:23:04.0777 4416 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:23:04.0777 4416 mouclass - ok
12:23:04.0809 4416 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:23:04.0809 4416 mouhid - ok
12:23:04.0840 4416 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:23:04.0840 4416 mountmgr - ok
12:23:05.0074 4416 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:23:05.0089 4416 MozillaMaintenance - ok
12:23:05.0105 4416 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
12:23:05.0121 4416 MpFilter - ok
12:23:05.0136 4416 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:23:05.0152 4416 mpio - ok
12:23:05.0167 4416 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:23:05.0167 4416 mpsdrv - ok
12:23:05.0199 4416 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:23:05.0199 4416 MRxDAV - ok
12:23:05.0214 4416 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:23:05.0214 4416 mrxsmb - ok
12:23:05.0230 4416 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:23:05.0230 4416 mrxsmb10 - ok
12:23:05.0245 4416 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:23:05.0245 4416 mrxsmb20 - ok
12:23:05.0277 4416 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:23:05.0277 4416 msahci - ok
12:23:05.0292 4416 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:23:05.0292 4416 msdsm - ok
12:23:05.0308 4416 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:23:05.0308 4416 MSDTC - ok
12:23:05.0339 4416 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:23:05.0339 4416 Msfs - ok
12:23:05.0339 4416 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:23:05.0355 4416 mshidkmdf - ok
12:23:05.0370 4416 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:23:05.0370 4416 msisadrv - ok
12:23:05.0401 4416 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:23:05.0401 4416 MSiSCSI - ok
12:23:05.0401 4416 msiserver - ok
12:23:05.0433 4416 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:23:05.0433 4416 MSKSSRV - ok
12:23:05.0495 4416 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:23:05.0495 4416 MsMpSvc - ok
12:23:05.0526 4416 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:23:05.0526 4416 MSPCLOCK - ok
12:23:05.0589 4416 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:23:05.0589 4416 MSPQM - ok
12:23:05.0620 4416 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:23:05.0620 4416 MsRPC - ok
12:23:05.0635 4416 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:23:05.0635 4416 mssmbios - ok
12:23:05.0651 4416 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:23:05.0651 4416 MSTEE - ok
12:23:05.0651 4416 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:23:05.0651 4416 MTConfig - ok
12:23:05.0682 4416 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:23:05.0682 4416 Mup - ok
12:23:05.0698 4416 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:23:05.0713 4416 napagent - ok
12:23:05.0745 4416 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:23:05.0745 4416 NativeWifiP - ok
12:23:05.0776 4416 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:23:05.0791 4416 NDIS - ok
12:23:05.0807 4416 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:23:05.0807 4416 NdisCap - ok
12:23:05.0838 4416 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:23:05.0838 4416 NdisTapi - ok
12:23:05.0854 4416 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:23:05.0854 4416 Ndisuio - ok
12:23:05.0869 4416 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:23:05.0869 4416 NdisWan - ok
12:23:05.0901 4416 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:23:05.0901 4416 NDProxy - ok
12:23:05.0932 4416 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:23:05.0932 4416 NetBIOS - ok
12:23:05.0947 4416 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:23:05.0963 4416 NetBT - ok
12:23:05.0963 4416 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:23:05.0963 4416 Netlogon - ok
12:23:05.0994 4416 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:23:06.0010 4416 Netman - ok
12:23:06.0010 4416 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:23:06.0025 4416 netprofm - ok
12:23:06.0057 4416 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:23:06.0057 4416 NetTcpPortSharing - ok
12:23:06.0088 4416 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:23:06.0088 4416 nfrd960 - ok
12:23:06.0119 4416 nhhdzjca (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\nhhdzjca.sys
12:23:06.0119 4416 nhhdzjca - ok
12:23:06.0150 4416 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:23:06.0150 4416 NisDrv - ok
12:23:06.0197 4416 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
12:23:06.0213 4416 NisSrv - ok
12:23:06.0244 4416 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:23:06.0259 4416 NlaSvc - ok
12:23:06.0259 4416 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:23:06.0275 4416 Npfs - ok
12:23:06.0291 4416 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:23:06.0291 4416 nsi - ok
12:23:06.0306 4416 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:23:06.0306 4416 nsiproxy - ok
12:23:06.0384 4416 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:23:06.0400 4416 Ntfs - ok
12:23:06.0462 4416 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:23:06.0462 4416 Null - ok
12:23:06.0493 4416 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:23:06.0493 4416 nvraid - ok
12:23:06.0493 4416 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:23:06.0509 4416 nvstor - ok
12:23:06.0525 4416 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:23:06.0525 4416 nv_agp - ok
12:23:06.0540 4416 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:23:06.0540 4416 ohci1394 - ok
12:23:06.0618 4416 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:23:06.0618 4416 ose - ok
12:23:06.0774 4416 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:23:06.0837 4416 osppsvc - ok
12:23:06.0923 4416 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:23:06.0927 4416 p2pimsvc - ok
12:23:06.0948 4416 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:23:06.0954 4416 p2psvc - ok
12:23:06.0992 4416 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:23:06.0993 4416 Parport - ok
12:23:07.0025 4416 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
12:23:07.0026 4416 partmgr - ok
12:23:07.0048 4416 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:23:07.0051 4416 PcaSvc - ok
12:23:07.0076 4416 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:23:07.0078 4416 pci - ok
12:23:07.0092 4416 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:23:07.0092 4416 pciide - ok
12:23:07.0117 4416 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:23:07.0120 4416 pcmcia - ok
12:23:07.0135 4416 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:23:07.0136 4416 pcw - ok
12:23:07.0159 4416 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:23:07.0178 4416 PEAUTH - ok
12:23:07.0228 4416 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
12:23:07.0254 4416 PeerDistSvc - ok
12:23:07.0297 4416 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:23:07.0299 4416 PerfHost - ok
12:23:07.0479 4416 PEVSystemStart (f042ee4c8d66248d9b86dcf52abae416) C:\32788R22FWJFW\pev.3XE
12:23:07.0482 4416 PEVSystemStart - ok
12:23:07.0565 4416 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:23:07.0593 4416 pla - ok
12:23:07.0639 4416 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:23:07.0645 4416 PlugPlay - ok
12:23:07.0664 4416 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:23:07.0667 4416 PNRPAutoReg - ok
12:23:07.0680 4416 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:23:07.0683 4416 PNRPsvc - ok
12:23:07.0720 4416 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:23:07.0725 4416 PolicyAgent - ok
12:23:07.0745 4416 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:23:07.0749 4416 Power - ok
12:23:07.0805 4416 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:23:07.0806 4416 PptpMiniport - ok
12:23:07.0822 4416 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:23:07.0823 4416 Processor - ok
12:23:07.0853 4416 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
12:23:07.0854 4416 ProfSvc - ok
12:23:07.0869 4416 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:23:07.0869 4416 ProtectedStorage - ok
12:23:07.0901 4416 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:23:07.0901 4416 Psched - ok
12:23:07.0947 4416 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:23:07.0963 4416 ql2300 - ok
12:23:08.0041 4416 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:23:08.0041 4416 ql40xx - ok
12:23:08.0057 4416 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:23:08.0057 4416 QWAVE - ok
12:23:08.0072 4416 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:23:08.0072 4416 QWAVEdrv - ok
12:23:08.0072 4416 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:23:08.0072 4416 RasAcd - ok
12:23:08.0110 4416 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:23:08.0111 4416 RasAgileVpn - ok
12:23:08.0121 4416 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:23:08.0124 4416 RasAuto - ok
12:23:08.0145 4416 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:23:08.0147 4416 Rasl2tp - ok
12:23:08.0179 4416 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:23:08.0184 4416 RasMan - ok
12:23:08.0203 4416 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:23:08.0205 4416 RasPppoe - ok
12:23:08.0227 4416 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:23:08.0228 4416 RasSstp - ok
12:23:08.0261 4416 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:23:08.0264 4416 rdbss - ok
12:23:08.0274 4416 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:23:08.0275 4416 rdpbus - ok
12:23:08.0280 4416 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:23:08.0281 4416 RDPCDD - ok
12:23:08.0311 4416 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
12:23:08.0313 4416 RDPDR - ok
12:23:08.0316 4416 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:23:08.0317 4416 RDPENCDD - ok
12:23:08.0332 4416 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:23:08.0333 4416 RDPREFMP - ok
12:23:08.0367 4416 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
12:23:08.0369 4416 RDPWD - ok
12:23:08.0399 4416 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:23:08.0401 4416 rdyboost - ok
12:23:08.0427 4416 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:23:08.0430 4416 RemoteAccess - ok
12:23:08.0445 4416 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:23:08.0449 4416 RemoteRegistry - ok
12:23:08.0458 4416 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:23:08.0461 4416 RpcEptMapper - ok
12:23:08.0477 4416 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:23:08.0479 4416 RpcLocator - ok
12:23:08.0513 4416 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:23:08.0517 4416 RpcSs - ok
12:23:08.0544 4416 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:23:08.0545 4416 rspndr - ok
12:23:08.0569 4416 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
12:23:08.0570 4416 s3cap - ok
12:23:08.0597 4416 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:23:08.0599 4416 SamSs - ok
12:23:08.0613 4416 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:23:08.0615 4416 sbp2port - ok
12:23:08.0638 4416 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:23:08.0643 4416 SCardSvr - ok
12:23:08.0668 4416 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:23:08.0669 4416 scfilter - ok
12:23:08.0723 4416 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:23:08.0746 4416 Schedule - ok
12:23:08.0777 4416 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:23:08.0777 4416 SCPolicySvc - ok
12:23:08.0803 4416 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:23:08.0807 4416 SDRSVC - ok
12:23:08.0846 4416 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:23:08.0847 4416 secdrv - ok
12:23:08.0877 4416 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:23:08.0880 4416 seclogon - ok
12:23:08.0895 4416 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
12:23:08.0898 4416 SENS - ok
12:23:08.0909 4416 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:23:08.0912 4416 SensrSvc - ok
12:23:08.0929 4416 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:23:08.0929 4416 Serenum - ok
12:23:08.0940 4416 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:23:08.0941 4416 Serial - ok
12:23:08.0958 4416 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:23:08.0959 4416 sermouse - ok
12:23:08.0985 4416 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:23:08.0988 4416 SessionEnv - ok
12:23:09.0004 4416 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:23:09.0005 4416 sffdisk - ok
12:23:09.0019 4416 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:23:09.0019 4416 sffp_mmc - ok
12:23:09.0031 4416 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:23:09.0031 4416 sffp_sd - ok
12:23:09.0056 4416 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:23:09.0057 4416 sfloppy - ok
12:23:09.0091 4416 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:23:09.0096 4416 ShellHWDetection - ok
12:23:09.0105 4416 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:23:09.0106 4416 SiSRaid2 - ok
12:23:09.0111 4416 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:23:09.0111 4416 SiSRaid4 - ok
12:23:09.0126 4416 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:23:09.0126 4416 Smb - ok
12:23:09.0157 4416 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:23:09.0157 4416 SNMPTRAP - ok
12:23:09.0173 4416 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:23:09.0189 4416 spldr - ok
12:23:09.0220 4416 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:23:09.0235 4416 Spooler - ok
12:23:09.0329 4416 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:23:09.0391 4416 sppsvc - ok
12:23:09.0454 4416 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:23:09.0454 4416 sppuinotify - ok
12:23:09.0501 4416 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:23:09.0501 4416 srv - ok
12:23:09.0516 4416 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:23:09.0516 4416 srv2 - ok
12:23:09.0532 4416 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:23:09.0532 4416 srvnet - ok
12:23:09.0563 4416 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:23:09.0563 4416 SSDPSRV - ok
12:23:09.0579 4416 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:23:09.0579 4416 SstpSvc - ok
12:23:09.0594 4416 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:23:09.0594 4416 stexstor - ok
12:23:09.0658 4416 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:23:09.0677 4416 stisvc - ok
12:23:09.0700 4416 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
12:23:09.0701 4416 storflt - ok
12:23:09.0725 4416 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
12:23:09.0728 4416 StorSvc - ok
12:23:09.0761 4416 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
12:23:09.0762 4416 storvsc - ok
12:23:09.0773 4416 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:23:09.0774 4416 swenum - ok
12:23:09.0811 4416 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:23:09.0818 4416 swprv - ok
12:23:09.0887 4416 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:23:09.0917 4416 SysMain - ok
12:23:09.0985 4416 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:23:09.0988 4416 TabletInputService - ok
12:23:10.0006 4416 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:23:10.0011 4416 TapiSrv - ok
12:23:10.0033 4416 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:23:10.0036 4416 TBS - ok
12:23:10.0179 4416 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
12:23:10.0207 4416 Tcpip - ok
12:23:10.0423 4416 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
12:23:10.0431 4416 TCPIP6 - ok
12:23:10.0512 4416 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:23:10.0513 4416 tcpipreg - ok
12:23:10.0532 4416 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:23:10.0533 4416 TDPIPE - ok
12:23:10.0562 4416 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:23:10.0563 4416 TDTCP - ok
12:23:10.0593 4416 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:23:10.0594 4416 tdx - ok
12:23:10.0619 4416 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:23:10.0619 4416 TermDD - ok
12:23:10.0646 4416 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:23:10.0662 4416 TermService - ok
12:23:10.0684 4416 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:23:10.0688 4416 Themes - ok
12:23:10.0706 4416 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:23:10.0708 4416 THREADORDER - ok
12:23:10.0719 4416 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:23:10.0722 4416 TrkWks - ok
12:23:10.0768 4416 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:23:10.0770 4416 TrustedInstaller - ok
12:23:10.0796 4416 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:23:10.0797 4416 tssecsrv - ok
12:23:10.0819 4416 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:23:10.0820 4416 TsUsbFlt - ok
12:23:10.0864 4416 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:23:10.0866 4416 tunnel - ok
12:23:10.0948 4416 tvnserver (aaf458cc200326bef602b5339400bf86) C:\Program Files (x86)\TightVNC\tvnserver.exe
12:23:10.0951 4416 tvnserver - ok
12:23:10.0972 4416 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:23:10.0973 4416 uagp35 - ok
12:23:10.0998 4416 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:23:11.0001 4416 udfs - ok
12:23:11.0024 4416 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:23:11.0027 4416 UI0Detect - ok
12:23:11.0053 4416 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:23:11.0054 4416 uliagpkx - ok
12:23:11.0091 4416 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
12:23:11.0092 4416 umbus - ok
12:23:11.0112 4416 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:23:11.0113 4416 UmPass - ok
12:23:11.0136 4416 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
12:23:11.0140 4416 UmRdpService - ok
12:23:11.0165 4416 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:23:11.0170 4416 upnphost - ok
12:23:11.0198 4416 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
12:23:11.0199 4416 USBAAPL64 - ok
12:23:11.0222 4416 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
12:23:11.0223 4416 usbccgp - ok
12:23:11.0255 4416 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:23:11.0257 4416 usbcir - ok
12:23:11.0280 4416 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:23:11.0281 4416 usbehci - ok
12:23:11.0308 4416 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:23:11.0311 4416 usbhub - ok
12:23:11.0323 4416 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:23:11.0324 4416 usbohci - ok
12:23:11.0338 4416 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:23:11.0340 4416 usbprint - ok
12:23:11.0351 4416 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:23:11.0353 4416 USBSTOR - ok
12:23:11.0363 4416 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:23:11.0364 4416 usbuhci - ok
12:23:11.0426 4416 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:23:11.0530 4416 UxSms - ok
12:23:11.0724 4416 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:23:11.0726 4416 VaultSvc - ok
12:23:11.0748 4416 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:23:11.0748 4416 vdrvroot - ok
12:23:11.0799 4416 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:23:11.0811 4416 vds - ok
12:23:11.0834 4416 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:23:11.0835 4416 vga - ok
12:23:11.0846 4416 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:23:11.0847 4416 VgaSave - ok
12:23:11.0870 4416 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:23:11.0870 4416 vhdmp - ok
12:23:11.0885 4416 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:23:11.0901 4416 viaide - ok
12:23:11.0917 4416 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
12:23:11.0917 4416 vmbus - ok
12:23:11.0948 4416 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
12:23:11.0948 4416 VMBusHID - ok
12:23:11.0963 4416 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:23:11.0963 4416 volmgr - ok
12:23:11.0995 4416 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:23:11.0995 4416 volmgrx - ok
12:23:12.0010 4416 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:23:12.0010 4416 volsnap - ok
12:23:12.0041 4416 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:23:12.0041 4416 vsmraid - ok
12:23:12.0112 4416 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:23:12.0169 4416 VSS - ok
12:23:12.0239 4416 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
12:23:12.0240 4416 vwifibus - ok
12:23:12.0273 4416 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:23:12.0274 4416 WacomPen - ok
12:23:12.0310 4416 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:23:12.0317 4416 WANARP - ok
12:23:12.0320 4416 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:23:12.0321 4416 Wanarpv6 - ok
12:23:12.0408 4416 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:23:12.0436 4416 WatAdminSvc - ok
12:23:12.0501 4416 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:23:12.0527 4416 wbengine - ok
12:23:12.0647 4416 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:23:12.0653 4416 WbioSrvc - ok
12:23:12.0696 4416 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:23:12.0703 4416 wcncsvc - ok
12:23:12.0737 4416 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:23:12.0741 4416 WcsPlugInService - ok
12:23:12.0784 4416 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:23:12.0785 4416 Wd - ok
12:23:12.0815 4416 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:23:12.0832 4416 Wdf01000 - ok
12:23:12.0846 4416 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:23:12.0851 4416 WdiServiceHost - ok
12:23:12.0854 4416 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:23:12.0856 4416 WdiSystemHost - ok
12:23:12.0886 4416 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:23:12.0893 4416 WebClient - ok
12:23:12.0915 4416 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:23:12.0921 4416 Wecsvc - ok
12:23:12.0933 4416 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:23:12.0937 4416 wercplsupport - ok
12:23:12.0948 4416 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:23:12.0952 4416 WerSvc - ok
12:23:12.0997 4416 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:23:12.0998 4416 WfpLwf - ok
12:23:13.0016 4416 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:23:13.0018 4416 WIMMount - ok
12:23:13.0047 4416 WinDefend - ok
12:23:13.0052 4416 WinHttpAutoProxySvc - ok
12:23:13.0178 4416 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:23:13.0181 4416 Winmgmt - ok
12:23:13.0256 4416 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:23:13.0294 4416 WinRM - ok
12:23:13.0387 4416 WinVNC4 (f3edc9909a02e6bca863eb702d37b505) C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe
12:23:13.0391 4416 WinVNC4 - ok
12:23:13.0490 4416 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:23:13.0511 4416 Wlansvc - ok
12:23:13.0550 4416 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:23:13.0551 4416 WmiAcpi - ok
12:23:13.0986 4416 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:23:13.0988 4416 wmiApSrv - ok
12:23:14.0025 4416 WMPNetworkSvc - ok
12:23:14.0042 4416 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:23:14.0045 4416 WPCSvc - ok
12:23:14.0103 4416 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:23:14.0118 4416 WPDBusEnum - ok
12:23:14.0175 4416 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:23:14.0176 4416 ws2ifsl - ok
12:23:14.0500 4416 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
12:23:14.0503 4416 wscsvc - ok
12:23:14.0533 4416 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
12:23:14.0535 4416 WSDPrintDevice - ok
12:23:14.0537 4416 WSearch - ok
12:23:14.0681 4416 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
12:23:14.0736 4416 wuauserv - ok
12:23:14.0944 4416 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:23:14.0946 4416 WudfPf - ok
12:23:14.0981 4416 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:23:14.0982 4416 WUDFRd - ok
12:23:15.0006 4416 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:23:15.0009 4416 wudfsvc - ok
12:23:15.0033 4416 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:23:15.0039 4416 WwanSvc - ok
12:23:15.0047 4416 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:23:15.0346 4416 \Device\Harddisk0\DR0 - ok
12:23:15.0349 4416 Boot (0x1200) (cda33b72d586eacfbd09e1e6a25176e7) \Device\Harddisk0\DR0\Partition0
12:23:15.0350 4416 \Device\Harddisk0\DR0\Partition0 - ok
12:23:15.0365 4416 Boot (0x1200) (664b7019571f7318ac86eb7114070a42) \Device\Harddisk0\DR0\Partition1
12:23:15.0366 4416 \Device\Harddisk0\DR0\Partition1 - ok
12:23:15.0366 4416 ============================================================
12:23:15.0366 4416 Scan finished
12:23:15.0366 4416 ============================================================
12:23:15.0376 3148 Detected object count: 0
12:23:15.0376 3148 Actual detected object count: 0

Here is the report from aswMBR


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-23 12:24:50
-----------------------------
12:24:50.739 OS Version: Windows x64 6.1.7601 Service Pack 1
12:24:50.739 Number of processors: 4 586 0x2505
12:24:50.740 ComputerName: USER-PC UserName:
12:24:51.289 Initialize success
12:24:51.330 AVAST engine defs: 12052300
12:24:59.114 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
12:24:59.115 Disk 0 Vendor: ST3250318AS CC38 Size: 238475MB BusType: 3
12:24:59.151 Disk 0 MBR read successfully
12:24:59.152 Disk 0 MBR scan
12:24:59.154 Disk 0 Windows 7 default MBR code
12:24:59.171 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:24:59.180 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
12:24:59.197 Disk 0 scanning C:\Windows\system32\drivers
12:25:06.771 Service scanning
12:25:20.135 Modules scanning
12:25:20.139 Disk 0 trace - called modules:
12:25:20.148 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
12:25:20.151 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004531060]
12:25:20.477 3 CLASSPNP.SYS[fffff88001b9043f] -> nt!IofCallDriver -> [0xfffffa8004263e40]
12:25:20.480 5 ACPI.sys[fffff88000f807a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa8004294060]
12:25:21.231 AVAST engine scan C:\Windows
12:25:22.556 AVAST engine scan C:\Windows\system32
12:26:38.618 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
12:26:40.382 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
12:27:34.766 AVAST engine scan C:\Windows\system32\drivers
12:27:43.282 AVAST engine scan C:\Users\ekoroski
12:28:50.536 AVAST engine scan C:\ProgramData
12:30:01.226 Scan finished successfully
12:30:56.360 Disk 0 MBR has been saved successfully to "C:\Users\ekoroski\Desktop\MBR.dat"
12:30:56.360 The log file has been saved successfully to "C:\Users\ekoroski\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:02 AM

Posted 23 May 2012 - 11:56 AM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Ekoroski

Ekoroski
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 23 May 2012 - 01:20 PM

Here's the results of the scan

Scan result of Farbar Recovery Scan Tool Version: 23-05-2012
Ran by SYSTEM at 23-05-2012 14:15:46
Running from F:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-08-31] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-08-31] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-08-31] (Intel Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave [828944 2011-08-03] (GlavSoft LLC.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\" [30264 2009-08-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4241512 2012-03-06] (AVAST Software)
HKU\ekoroski\...\Run: [Google Update] "C:\Users\ekoroski\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-02-13] (Google Inc.)
HKU\ekoroski\...\Run: [DeleteHistoryFree] C:\Program Files (x86)\DeleteHistoryFree\dhf.exe [284160 2012-03-07] (MoRUN.net)
HKU\User\...\Run: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-02-02] (Google Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 167.206.112.3 167.206.112.4
Tcpip\..\Interfaces\{F0D916AA-090D-447B-81FD-DC19F0815AEF}: [NameServer]10.91.100.100,10.91.100.120

==================== Services (Whitelisted) ======

2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44768 2012-03-06] (AVAST Software)
2 HP LaserJet Service; "C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe" [136704 2009-06-24] (HP)
2 HPSIService; C:\Windows\system32\HPSIsvc.exe [126520 2011-11-10] (HP)
2 PEVSystemStart; "C:\32788R22FWJFW\pev.3XE" EXEC /i CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:15 "C:\32788R22FWJFW\KNetSvcs.vbs" [407 2012-05-20] ()
2 tvnserver; "C:\Program Files (x86)\TightVNC\tvnserver.exe" -service [828944 2011-08-03] (GlavSoft LLC.)
2 WinVNC4; "C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe" -service [439632 2008-10-15] (RealVNC Ltd.)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2012-03-06] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [69976 2012-03-06] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [53080 2012-03-06] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [819032 2012-03-06] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337240 2012-03-06] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59224 2012-03-06] (AVAST Software)
3 e1kexpress; C:\Windows\System32\DRIVERS\e1k62x64.sys [301232 2010-04-05] (Intel Corporation)
1 koubinbp; C:\Windows\System32\Drivers\koubinbp.sys [50000 2012-05-23] (Microsoft Corporation)
1 bsyybxme; \??\C:\Windows\system32\drivers\bsyybxme.sys [x]
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
1 ihhyqzsq; \??\C:\Windows\system32\drivers\ihhyqzsq.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-05-23 09:14 - 2012-05-23 09:14 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\koubinbp.sys
2012-05-23 08:30 - 2012-05-23 08:30 - 0002141 ____A C:\Users\ekoroski\Desktop\aswMBR.txt
2012-05-23 08:30 - 2012-05-23 08:30 - 0000512 ____A C:\Users\ekoroski\Desktop\MBR.dat
2012-05-23 08:22 - 2012-05-23 08:23 - 0122398 ____A C:\TDSSKiller.2.7.37.0_23.05.2012_12.22.54_log.txt
2012-05-23 07:12 - 2012-05-23 07:12 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bsoqidzu.sys
2012-05-23 07:10 - 2012-05-23 07:10 - 0000000 ____D C:\Windows\System32\%LOCALAPPDATA%
2012-05-23 06:57 - 2012-05-23 06:57 - 0038827 ____A C:\Users\ekoroski\Desktop\Capture.JPG
2012-05-23 06:57 - 2012-05-23 06:57 - 0001272 ____A C:\Users\ekoroski\Desktop\Snipping Tool.lnk
2012-05-22 11:57 - 2012-05-23 06:53 - 0313012 ____A C:\Windows\ntbtlog.txt
2012-05-22 06:50 - 2012-05-23 13:12 - 0000000 ___SD C:\32788R22FWJFW
2012-05-22 06:49 - 2012-05-22 06:49 - 0001000 ____A C:\Users\ekoroski\Desktop\checkup.txt
2012-05-22 06:47 - 2012-05-22 06:47 - 0851898 ____A C:\Users\ekoroski\Desktop\SecurityCheck.exe
2012-05-22 05:14 - 2012-05-22 05:14 - 0093799 ____A C:\Users\ekoroski\Documents\GMER.log
2012-05-22 04:58 - 2012-05-22 04:58 - 0294216 ____A C:\Users\ekoroski\Downloads\gmer.zip
2012-05-18 05:54 - 2012-05-18 05:53 - 0001915 ____A C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
2012-05-18 05:53 - 2012-05-18 05:53 - 0254152 ____A (Secure By Design Inc.) C:\Users\rahmed\Downloads\Ninite Essentials Installer(1).exe
2012-05-18 05:53 - 2012-05-18 05:53 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-05-18 05:53 - 2012-05-18 05:53 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-05-18 05:52 - 2012-05-18 05:52 - 0254152 ____A (Secure By Design Inc.) C:\Users\rahmed\Downloads\Ninite Essentials Installer.exe
2012-05-17 05:10 - 2012-05-17 05:10 - 0000129 ____A C:\Users\ekoroski\Desktop\Trouble Ticket.url
2012-05-16 06:44 - 2012-05-16 06:44 - 0001841 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-05-16 06:44 - 2012-05-16 06:44 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2012-05-16 06:44 - 2012-03-06 15:15 - 0258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-05-16 06:44 - 2012-03-06 15:04 - 0819032 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-05-16 06:44 - 2012-03-06 15:04 - 0337240 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-05-16 06:44 - 2012-03-06 15:02 - 0053080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-05-16 06:44 - 2012-03-06 15:01 - 0069976 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-05-16 06:44 - 2012-03-06 15:01 - 0059224 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-05-16 06:44 - 2012-03-06 15:01 - 0024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-05-16 06:43 - 2012-05-16 06:43 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-05-16 06:43 - 2012-05-16 06:43 - 0000000 ____D C:\Program Files\AVAST Software
2012-05-16 06:43 - 2012-03-06 15:15 - 0201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-05-16 06:43 - 2012-03-06 15:15 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-05-16 06:25 - 2012-05-16 06:25 - 0388608 ____A (Trend Micro Inc.) C:\Users\ekoroski\Downloads\HijackThis.exe
2012-05-16 06:08 - 2012-05-16 06:08 - 0076764 ____A C:\Users\ekoroski\Documents\invoice.tif
2012-05-15 14:19 - 2012-05-15 14:19 - 0000000 ____D C:\Users\rahmed\AppData\Local\Adobe
2012-05-15 14:18 - 2012-05-15 14:18 - 0001049 ____A C:\Users\rahmed\Desktop\Mozilla Firefox.lnk
2012-05-15 14:18 - 2012-05-15 14:18 - 0000000 ____D C:\Users\rahmed\AppData\Roaming\Mozilla
2012-05-15 14:18 - 2012-05-15 14:18 - 0000000 ____D C:\Users\rahmed\AppData\Local\Mozilla
2012-05-15 14:12 - 2012-05-15 14:19 - 0000000 ____D C:\Users\rahmed\AppData\Roaming\Adobe
2012-05-15 14:12 - 2012-05-15 14:12 - 0000000 ____D C:\Users\rahmed\AppData\Roaming\Macromedia
2012-05-15 14:11 - 2012-05-23 13:12 - 0000000 ____D C:\users\rahmed
2012-05-15 14:11 - 2012-05-18 05:52 - 0000000 ____D C:\Users\rahmed\AppData\LocalLow
2012-05-15 14:11 - 2012-05-15 14:11 - 0109224 ____A C:\Users\rahmed\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-15 14:11 - 2012-05-15 14:11 - 0000702 _RASH C:\Users\rahmed\ntuser.pol
2012-05-15 14:11 - 2012-05-15 14:11 - 0000020 ___SH C:\Users\rahmed\ntuser.ini
2012-05-15 14:11 - 2012-05-15 14:11 - 0000000 __SHD C:\Users\rahmed\Templates
2012-05-15 14:11 - 2012-05-15 14:11 - 0000000 __SHD C:\Users\rahmed\Start Menu
2012-05-15 14:11 - 2012-05-15 14:11 - 0000000 __SHD C:\Users\rahmed\PrintHood
2012-05-15 14:11 - 2012-05-15 14:11 - 0000000 __SHD C:\Users\rahmed\NetHood
2012-05-15 14:11 - 2012-05-15 14:11 - 0000000 __SHD C:\Users\rahmed\My Documents
2012-05-15 14:11 - 2012-05-15 14:11 - 0000000 __SHD C:\Users\rahmed\Documents\My Videos
2012-05-15 14:11 - 2012-05-15 14:11 - 0000000 __SHD C:\Users\rahmed\Documents\My Pictures
2012-05-15 14:11 - 2012-05-15 14:11 - 0000000 __SHD C:\Users\rahmed\Documents\My Music
2012-05-15 14:11 - 2012-05-15 14:11 - 0000000 __SHD C:\Users\rahmed\AppData\Local\Temporary Internet Files
2012-05-15 14:11 - 2012-05-15 14:11 - 0000000 __SHD C:\Users\rahmed\AppData\Local\History
2012-05-15 14:11 - 2012-05-15 14:11 - 0000000 ____D C:\Users\rahmed\AppData\Roaming\Apple Computer
2012-05-15 14:11 - 2012-05-15 14:11 - 0000000 ____D C:\Users\rahmed\AppData\Local\VirtualStore
2012-05-15 14:11 - 2012-01-19 15:29 - 0000000 ____D C:\Users\rahmed\AppData\Local\Microsoft Help
2012-05-15 14:11 - 2009-07-13 23:12 - 0000000 ____D C:\Users\rahmed\AppData\Roaming\Media Center Programs
2012-05-15 05:21 - 2012-05-15 05:21 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-05-15 05:19 - 2012-05-16 06:33 - 0000000 ____D C:\Users\ekoroski\Downloads\Windows XP Pro Keygen
2012-05-15 04:22 - 2012-05-15 04:22 - 0000600 ____A C:\Users\ekoroski\AppData\Local\PUTTY.RND
2012-05-14 06:47 - 2012-03-30 22:05 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-14 06:47 - 2012-03-30 20:39 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-14 06:47 - 2012-03-30 20:39 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-14 06:47 - 2012-03-30 19:10 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 06:47 - 2012-03-30 03:35 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-14 06:47 - 2012-03-16 23:58 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-14 06:47 - 2012-03-02 22:35 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-14 06:47 - 2012-03-02 21:31 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-10 09:28 - 2012-05-18 05:39 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-10 09:28 - 2012-05-10 09:28 - 0000000 ____D C:\Users\All Users\Mozilla
2012-05-10 07:00 - 2012-05-10 07:00 - 0046276 ____A C:\Users\ekoroski\Documents\20120413140443087.pdf
2012-05-09 11:32 - 2012-05-09 11:32 - 0000000 ____D C:\Program Files (x86)\blekkotb_soc
2012-05-09 11:28 - 2012-05-09 11:32 - 0000000 ____D C:\Users\All Users\blekko toolbars
2012-05-09 10:38 - 2012-05-09 10:38 - 0000000 ____D C:\Users\ekoroski\Documents\DVDFab
2012-05-07 09:15 - 2012-05-07 09:15 - 0319093 ____A C:\Users\ekoroski\Downloads\346167_5951293_ll.jpg
2012-05-07 06:44 - 2012-05-07 06:44 - 0000000 ____D C:\Users\All Users\Hewlett-Packard
2012-05-04 11:18 - 2012-05-04 11:18 - 0000000 ____D C:\Users\ekoroski\Downloads\Beastie Boys
2012-05-04 07:53 - 2012-05-04 07:53 - 0008986 ____A C:\Users\ekoroski\Documents\SmartBoard Inventory.xlsx
2012-05-04 05:40 - 2012-05-04 05:40 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-05-04 05:39 - 2012-05-04 05:39 - 0001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-05-04 05:38 - 2012-05-04 05:39 - 0000000 ____D C:\Program Files\iTunes
2012-05-04 05:38 - 2012-05-04 05:38 - 0000000 ____D C:\Program Files\iPod
2012-05-04 04:53 - 2012-05-08 04:31 - 0000000 ____D C:\Users\ekoroski\AppData\Roaming\Apple Computer
2012-05-04 04:53 - 2012-05-04 05:39 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-05-04 04:53 - 2012-05-04 05:38 - 0000000 ____D C:\Users\All Users\Apple Computer
2012-05-04 04:53 - 2012-05-04 04:53 - 0000000 ____D C:\Users\ekoroski\AppData\Local\Apple Computer
2012-05-04 04:53 - 2012-05-04 04:53 - 0000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-05-04 04:53 - 2009-05-18 09:17 - 0034152 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-05-04 04:53 - 2008-04-17 08:12 - 0126312 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
2012-05-04 04:53 - 2008-04-17 08:12 - 0107368 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2012-05-04 04:52 - 2012-05-04 04:52 - 0000000 ____D C:\Users\ekoroski\AppData\Local\Apple
2012-05-04 04:52 - 2012-05-04 04:52 - 0000000 ____D C:\Users\All Users\Apple
2012-05-04 04:52 - 2012-05-04 04:52 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-05-04 04:52 - 2012-05-04 04:52 - 0000000 ____D C:\Program Files\Bonjour
2012-05-04 04:52 - 2012-05-04 04:52 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-05-04 04:52 - 2012-05-04 04:52 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-05-02 05:43 - 2012-05-02 05:43 - 0000000 ____D C:\Program Files (x86)\Hewlett-Packard
2012-05-02 05:42 - 2011-10-07 23:28 - 0049664 ___RA C:\Windows\System32\HP1100SMs.dll
2012-05-02 05:42 - 2011-04-02 12:05 - 1696256 ____A C:\Windows\System32\HP1100SM.EXE
2012-05-02 05:42 - 2011-04-02 12:05 - 0290304 ____A C:\Windows\System32\HP1100LM.DLL
2012-05-02 05:41 - 2012-05-02 05:41 - 0000199 ____A C:\Windows\SysWOW64\msiexec.log
2012-05-02 05:41 - 2012-05-02 05:41 - 0000000 ____D C:\Users\All Users\HPSSUPPLY
2012-05-02 05:41 - 2012-05-02 05:41 - 0000000 ____D C:\Program Files\HP
2012-05-02 05:41 - 2012-05-02 05:41 - 0000000 ____D C:\Program Files (x86)\HP
2012-05-02 05:41 - 2011-11-10 18:08 - 0126520 ____A (HP) C:\Windows\System32\HPSIsvc.exe
2012-05-02 05:41 - 2011-10-24 23:24 - 0350720 ____A C:\Windows\System32\mvhlewsi.dll
2012-05-02 05:40 - 2012-05-02 05:40 - 0000000 ____D C:\LJP1100_P1560_P1600_Full_Solution
2012-05-02 04:42 - 2012-05-02 04:42 - 1494470 ____A C:\Users\ekoroski\Downloads\Harry Potter and the Deathly Hallows [REAL] [PDF] [CLEAN].pdf
2012-04-30 12:35 - 2012-04-30 12:35 - 0000000 ____D C:\Users\ekoroski\AppData\Roaming\DivX
2012-04-30 12:34 - 2012-05-16 06:12 - 0000000 ____D C:\Program Files\DivX
2012-04-30 12:33 - 2012-05-16 06:13 - 0000000 ____D C:\Users\All Users\DivX
2012-04-30 12:33 - 2012-05-16 06:13 - 0000000 ____D C:\Program Files (x86)\DivX
2012-04-30 07:15 - 2012-05-07 08:15 - 8744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-30 07:02 - 2012-04-30 07:02 - 2397602 ____A C:\Users\ekoroski\Documents\Room Schedule.pdf
2012-04-30 06:37 - 2012-05-23 09:15 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-30 06:37 - 2012-05-16 06:17 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-27 09:05 - 2012-05-01 04:40 - 0000000 ____D C:\Users\ekoroski\Documents\Hankdance
2012-04-27 06:54 - 2012-04-27 06:54 - 0000000 ____D C:\Users\ekoroski\AppData\Roaming\Unity
2012-04-24 11:56 - 2012-04-24 11:56 - 0000000 ____D C:\Users\ekoroski\Downloads\Robbers & Cowards
2012-04-24 11:49 - 2012-04-24 11:49 - 8746829 ____A C:\Users\ekoroski\Downloads\Atlas Genius -- Trojans.mp3
2012-04-24 11:48 - 2012-04-24 11:52 - 0000000 ____D C:\Users\ekoroski\Downloads\Morning Parade-Morning Parade (2012) 320Kbit(mp3) DMT
2012-04-24 11:45 - 2012-04-24 11:52 - 0000000 ____D C:\Users\ekoroski\Downloads\ZZWard
2012-04-24 11:41 - 2012-04-24 11:55 - 0000000 ____D C:\Users\ekoroski\Downloads\The Black Keys - El Camino
2012-04-24 11:41 - 2012-04-24 11:41 - 0000000 ____D C:\Users\ekoroski\Downloads\Jack White - Blunderbuss (2012) MP3 @320kbps
2012-04-24 08:26 - 2012-04-24 11:51 - 0000000 ____D C:\Users\ekoroski\Downloads\Awolnation - Megalithic Symphony (2011)


============ 3 Months Modified Files and Folders =============

2012-05-23 14:16 - 2012-05-23 14:15 - 0000000 ____D C:\FRST
2012-05-23 13:12 - 2012-05-22 06:50 - 0000000 ___SD C:\32788R22FWJFW
2012-05-23 13:12 - 2012-05-15 14:11 - 0000000 ____D C:\users\rahmed
2012-05-23 13:12 - 2012-03-22 08:05 - 0000000 ____D C:\users\Bsbarra
2012-05-23 13:12 - 2012-03-22 08:02 - 0000000 ____D C:\users\Dyano
2012-05-23 13:12 - 2012-03-22 06:33 - 0000000 ____D C:\users\rzayas
2012-05-23 13:12 - 2012-03-07 14:16 - 0000000 ____D C:\users\instructor
2012-05-23 13:12 - 2012-01-20 06:39 - 0000000 ____D C:\users\User_2
2012-05-23 13:12 - 2012-01-14 09:56 - 0000000 ____D C:\users\User
2012-05-23 13:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-05-23 13:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-05-23 10:13 - 2012-02-23 11:12 - 0000000 ____D C:\Users\ekoroski\Documents\Outlook Files
2012-05-23 10:13 - 2012-01-14 09:56 - 1787814 ____A C:\Windows\WindowsUpdate.log
2012-05-23 10:11 - 2012-02-13 07:43 - 0000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3782014962-646431304-3289449863-2181UA.job
2012-05-23 10:10 - 2012-02-22 11:52 - 0000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-05-23 10:10 - 2012-02-22 11:52 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-05-23 09:42 - 2012-02-02 06:37 - 0000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-603575411-106062429-2390400312-1000UA.job
2012-05-23 09:20 - 2009-07-13 20:45 - 0015360 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-23 09:20 - 2009-07-13 20:45 - 0015360 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-23 09:19 - 2009-07-13 21:13 - 0729828 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-23 09:15 - 2012-04-30 06:37 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-05-23 09:14 - 2012-05-23 09:14 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\koubinbp.sys
2012-05-23 09:14 - 2012-04-16 13:20 - 0000000 ___RD C:\Users\ekoroski\Dropbox
2012-05-23 09:14 - 2012-04-16 13:19 - 0000000 ____D C:\Users\ekoroski\AppData\Roaming\Dropbox
2012-05-23 09:13 - 2012-02-10 11:05 - 0000000 ____D C:\users\ekoroski
2012-05-23 09:13 - 2012-02-10 10:56 - 0000128 ____A C:\Windows\System32\config\netlogon.ftl
2012-05-23 09:13 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-23 09:13 - 2009-07-13 20:51 - 0027532 ____A C:\Windows\setupact.log
2012-05-23 09:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-05-23 09:12 - 2012-01-14 12:49 - 3061829632 __ASH C:\hiberfil.sys
2012-05-23 08:30 - 2012-05-23 08:30 - 0002141 ____A C:\Users\ekoroski\Desktop\aswMBR.txt
2012-05-23 08:30 - 2012-05-23 08:30 - 0000512 ____A C:\Users\ekoroski\Desktop\MBR.dat
2012-05-23 08:23 - 2012-05-23 08:22 - 0122398 ____A C:\TDSSKiller.2.7.37.0_23.05.2012_12.22.54_log.txt
2012-05-23 07:12 - 2012-05-23 07:12 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bsoqidzu.sys
2012-05-23 07:12 - 2009-07-13 21:08 - 0016930 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-23 07:10 - 2012-05-23 07:10 - 0000000 ____D C:\Windows\System32\%LOCALAPPDATA%
2012-05-23 07:10 - 2012-02-10 11:05 - 0000702 _RASH C:\Users\ekoroski\ntuser.pol
2012-05-23 06:57 - 2012-05-23 06:57 - 0038827 ____A C:\Users\ekoroski\Desktop\Capture.JPG
2012-05-23 06:57 - 2012-05-23 06:57 - 0001272 ____A C:\Users\ekoroski\Desktop\Snipping Tool.lnk
2012-05-23 06:53 - 2012-05-22 11:57 - 0313012 ____A C:\Windows\ntbtlog.txt
2012-05-22 09:37 - 2012-02-28 09:23 - 0000000 ____D C:\Users\ekoroski\Documents\Timesheets
2012-05-22 07:22 - 2012-01-18 15:43 - 0000000 ____D C:\Users\All Users\DiamondD
2012-05-22 06:49 - 2012-05-22 06:49 - 0001000 ____A C:\Users\ekoroski\Desktop\checkup.txt
2012-05-22 06:47 - 2012-05-22 06:47 - 0851898 ____A C:\Users\ekoroski\Desktop\SecurityCheck.exe
2012-05-22 05:42 - 2012-02-02 06:37 - 0000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-603575411-106062429-2390400312-1000Core.job
2012-05-22 05:14 - 2012-05-22 05:14 - 0093799 ____A C:\Users\ekoroski\Documents\GMER.log
2012-05-22 04:58 - 2012-05-22 04:58 - 0294216 ____A C:\Users\ekoroski\Downloads\gmer.zip
2012-05-22 04:20 - 2012-02-13 07:43 - 0000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3782014962-646431304-3289449863-2181Core.job
2012-05-18 08:39 - 2012-01-14 11:05 - 0000000 __SHD C:\Users\ekoroski\AppData\Local\{59e54c66-4edc-95da-525b-287f83af9d3d}
2012-05-18 05:53 - 2012-05-18 05:54 - 0001915 ____A C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
2012-05-18 05:53 - 2012-05-18 05:53 - 0254152 ____A (Secure By Design Inc.) C:\Users\rahmed\Downloads\Ninite Essentials Installer(1).exe
2012-05-18 05:53 - 2012-05-18 05:53 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-05-18 05:53 - 2012-05-18 05:53 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-05-18 05:53 - 2012-01-18 12:32 - 0743486 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-05-18 05:53 - 2012-01-18 12:32 - 0001945 ____A C:\Windows\epplauncher.mif
2012-05-18 05:52 - 2012-05-18 05:52 - 0254152 ____A (Secure By Design Inc.) C:\Users\rahmed\Downloads\Ninite Essentials Installer.exe
2012-05-18 05:52 - 2012-05-15 14:11 - 0000000 ____D C:\Users\rahmed\AppData\LocalLow
2012-05-18 05:39 - 2012-05-10 09:28 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-18 05:39 - 2012-01-18 12:29 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-05-17 05:10 - 2012-05-17 05:10 - 0000129 ____A C:\Users\ekoroski\Desktop\Trouble Ticket.url
2012-05-16 09:21 - 2012-02-13 07:43 - 0000000 ____D C:\Users\ekoroski\AppData\Local\Google
2012-05-16 09:20 - 2012-02-13 07:42 - 0000000 ____D C:\Users\ekoroski\AppData\Local\Deployment
2012-05-16 09:19 - 2012-02-22 11:52 - 0000000 ____D C:\Program Files (x86)\Google
2012-05-16 09:12 - 2012-01-18 12:41 - 0036068 ____A C:\Windows\PFRO.log
2012-05-16 06:44 - 2012-05-16 06:44 - 0001841 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-05-16 06:44 - 2012-05-16 06:44 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2012-05-16 06:43 - 2012-05-16 06:43 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-05-16 06:43 - 2012-05-16 06:43 - 0000000 ____D C:\Program Files\AVAST Software
2012-05-16 06:33 - 2012-05-15 05:19 - 0000000 ____D C:\Users\ekoroski\Downloads\Windows XP Pro Keygen
2012-05-16 06:26 - 2012-02-10 11:05 - 0000000 ____D C:\Users\ekoroski\AppData\Local\VirtualStore
2012-05-16 06:25 - 2012-05-16 06:25 - 0388608 ____A (Trend Micro Inc.) C:\Users\ekoroski\Downloads\HijackThis.exe
2012-05-16 06:17 - 2012-04-30 06:37 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-16 06:17 - 2012-01-18 12:30 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-16 06:13 - 2012-04-30 12:33 - 0000000 ____D C:\Users\All Users\DivX
2012-05-16 06:13 - 2012-04-30 12:33 - 0000000 ____D C:\Program Files (x86)\DivX
2012-05-16 06:12 - 2012-04-30 12:34 - 0000000 ____D C:\Program Files\DivX
2012-05-16 06:12 - 2012-02-10 11:05 - 0000000 ____D C:\Users\ekoroski\AppData\LocalLow
2012-05-16 06:08 - 2012-05-16 06:08 - 0076764 ____A C:\Users\ekoroski\Documents\invoice.tif
2012-05-15 14:19 - 2012-05-15 14:19 - 0000000 ____D C:\Users\rahmed\AppData\Local\Adobe
2012-05-15 14:19 - 2012-05-15 14:12 - 0000000 ____D C:\Users\rahmed\AppData\Roaming\Adobe
2012-05-15 14:18 - 2012-05-15 14:18 - 0001049 ____A C:\Users\rahmed\Desktop\Mozilla Firefox.lnk
2012-05-15 14:18 - 2012-05-15 14:18 - 0000000 ____D C:\Users\rahmed\AppData\Roaming\Mozilla
2012-05-15 14:18 - 2012-05-15 14:18 - 0000000 ____D C:\Users\rahmed\AppData\Local\Mozilla
2012-05-15 14:12 - 2012-05-15 14:12 - 0000000 ____D C:\Users\rahmed\AppData\Roaming\Macromedia
2012-05-15 14:11 - 2012-05-15 14:11 - 0109224 ____A C:\Users\rahmed\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-15 14:11 - 2012-05-15 14:11 - 0000702 _RASH C:\Users\rahmed\ntuser.pol
2012-05-15 14:11 - 2012-05-15 14:11 - 0000020 ___SH C:\Users\rahmed\ntuser.ini
2012-05-15 14:11 - 2012-05-15 14:11 - 0000000 __SHD C:\Users\rahmed\Templates
2012-05-15 14:11 - 2012-05-15 14:11 - 0000000 __SHD C:\Users\rahmed\Start Menu
2012-05-15 14:11 - 2012-05-15 14:11 - 0000000 __SHD C:\Users\rahmed\PrintHood
2012-05-15 14:11 - 2012-05-15 14:11 - 0000000 __SHD C:\Users\rahmed\NetHood
2012-05-15 14:11 - 2012-05-15 14:11 - 0000000 __SHD C:\Users\rahmed\My Documents
2012-05-15 14:11 - 2012-05-15 14:11 - 0000000 __SHD C:\Users\rahmed\Documents\My Videos
2012-05-15 14:11 - 2012-05-15 14:11 - 0000000 __SHD C:\Users\rahmed\Documents\My Pictures
2012-05-15 14:11 - 2012-05-15 14:11 - 0000000 __SHD C:\Users\rahmed\Documents\My Music
2012-05-15 14:11 - 2012-05-15 14:11 - 0000000 __SHD C:\Users\rahmed\AppData\Local\Temporary Internet Files
2012-05-15 14:11 - 2012-05-15 14:11 - 0000000 __SHD C:\Users\rahmed\AppData\Local\History
2012-05-15 14:11 - 2012-05-15 14:11 - 0000000 ____D C:\Users\rahmed\AppData\Roaming\Apple Computer
2012-05-15 14:11 - 2012-05-15 14:11 - 0000000 ____D C:\Users\rahmed\AppData\Local\VirtualStore
2012-05-15 14:11 - 2009-07-13 19:18 - 0000000 __SHD C:\$Recycle.Bin
2012-05-15 05:21 - 2012-05-15 05:21 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-05-15 05:09 - 2012-02-15 13:40 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-15 05:08 - 2012-04-16 10:20 - 0000000 ____D C:\Users\ekoroski\AppData\Roaming\FileZilla
2012-05-15 05:08 - 2012-02-15 13:41 - 0001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-15 04:22 - 2012-05-15 04:22 - 0000600 ____A C:\Users\ekoroski\AppData\Local\PUTTY.RND
2012-05-14 23:26 - 2009-07-13 20:45 - 0416024 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-14 23:08 - 2012-01-18 11:39 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-14 23:08 - 2012-01-14 11:32 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-14 23:00 - 2009-07-13 23:12 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-10 09:28 - 2012-05-10 09:28 - 0000000 ____D C:\Users\All Users\Mozilla
2012-05-10 07:00 - 2012-05-10 07:00 - 0046276 ____A C:\Users\ekoroski\Documents\20120413140443087.pdf
2012-05-09 11:32 - 2012-05-09 11:32 - 0000000 ____D C:\Program Files (x86)\blekkotb_soc
2012-05-09 11:32 - 2012-05-09 11:28 - 0000000 ____D C:\Users\All Users\blekko toolbars
2012-05-09 11:31 - 2012-03-14 08:29 - 0000000 ____D C:\Users\All Users\Tarma Installer
2012-05-09 10:38 - 2012-05-09 10:38 - 0000000 ____D C:\Users\ekoroski\Documents\DVDFab
2012-05-09 06:54 - 2012-02-14 13:28 - 0000000 ____D C:\Users\ekoroski\Documents\Ledgers
2012-05-08 04:31 - 2012-05-04 04:53 - 0000000 ____D C:\Users\ekoroski\AppData\Roaming\Apple Computer
2012-05-07 09:15 - 2012-05-07 09:15 - 0319093 ____A C:\Users\ekoroski\Downloads\346167_5951293_ll.jpg
2012-05-07 08:15 - 2012-04-30 07:15 - 8744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-07 06:44 - 2012-05-07 06:44 - 0000000 ____D C:\Users\All Users\Hewlett-Packard
2012-05-04 11:18 - 2012-05-04 11:18 - 0000000 ____D C:\Users\ekoroski\Downloads\Beastie Boys
2012-05-04 07:53 - 2012-05-04 07:53 - 0008986 ____A C:\Users\ekoroski\Documents\SmartBoard Inventory.xlsx
2012-05-04 05:40 - 2012-05-04 05:40 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-05-04 05:39 - 2012-05-04 05:39 - 0001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-05-04 05:39 - 2012-05-04 05:38 - 0000000 ____D C:\Program Files\iTunes
2012-05-04 05:39 - 2012-05-04 04:53 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-05-04 05:38 - 2012-05-04 05:38 - 0000000 ____D C:\Program Files\iPod
2012-05-04 05:38 - 2012-05-04 04:53 - 0000000 ____D C:\Users\All Users\Apple Computer
2012-05-04 04:53 - 2012-05-04 04:53 - 0000000 ____D C:\Users\ekoroski\AppData\Local\Apple Computer
2012-05-04 04:53 - 2012-05-04 04:53 - 0000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-05-04 04:52 - 2012-05-04 04:52 - 0000000 ____D C:\Users\ekoroski\AppData\Local\Apple
2012-05-04 04:52 - 2012-05-04 04:52 - 0000000 ____D C:\Users\All Users\Apple
2012-05-04 04:52 - 2012-05-04 04:52 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-05-04 04:52 - 2012-05-04 04:52 - 0000000 ____D C:\Program Files\Bonjour
2012-05-04 04:52 - 2012-05-04 04:52 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-05-04 04:52 - 2012-05-04 04:52 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-05-02 05:43 - 2012-05-02 05:43 - 0000000 ____D C:\Program Files (x86)\Hewlett-Packard
2012-05-02 05:41 - 2012-05-02 05:41 - 0000199 ____A C:\Windows\SysWOW64\msiexec.log
2012-05-02 05:41 - 2012-05-02 05:41 - 0000000 ____D C:\Users\All Users\HPSSUPPLY
2012-05-02 05:41 - 2012-05-02 05:41 - 0000000 ____D C:\Program Files\HP
2012-05-02 05:41 - 2012-05-02 05:41 - 0000000 ____D C:\Program Files (x86)\HP
2012-05-02 05:40 - 2012-05-02 05:40 - 0000000 ____D C:\LJP1100_P1560_P1600_Full_Solution
2012-05-02 04:42 - 2012-05-02 04:42 - 1494470 ____A C:\Users\ekoroski\Downloads\Harry Potter and the Deathly Hallows [REAL] [PDF] [CLEAN].pdf
2012-05-01 04:40 - 2012-04-27 09:05 - 0000000 ____D C:\Users\ekoroski\Documents\Hankdance
2012-04-30 12:35 - 2012-04-30 12:35 - 0000000 ____D C:\Users\ekoroski\AppData\Roaming\DivX
2012-04-30 07:02 - 2012-04-30 07:02 - 2397602 ____A C:\Users\ekoroski\Documents\Room Schedule.pdf
2012-04-27 06:54 - 2012-04-27 06:54 - 0000000 ____D C:\Users\ekoroski\AppData\Roaming\Unity
2012-04-25 14:24 - 2009-07-13 19:20 - 0000000 __RHD C:\Users\Public\Libraries
2012-04-24 11:56 - 2012-04-24 11:56 - 0000000 ____D C:\Users\ekoroski\Downloads\Robbers & Cowards
2012-04-24 11:55 - 2012-04-24 11:41 - 0000000 ____D C:\Users\ekoroski\Downloads\The Black Keys - El Camino
2012-04-24 11:52 - 2012-04-24 11:48 - 0000000 ____D C:\Users\ekoroski\Downloads\Morning Parade-Morning Parade (2012) 320Kbit(mp3) DMT
2012-04-24 11:52 - 2012-04-24 11:45 - 0000000 ____D C:\Users\ekoroski\Downloads\ZZWard
2012-04-24 11:51 - 2012-04-24 08:26 - 0000000 ____D C:\Users\ekoroski\Downloads\Awolnation - Megalithic Symphony (2011)
2012-04-24 11:49 - 2012-04-24 11:49 - 8746829 ____A C:\Users\ekoroski\Downloads\Atlas Genius -- Trojans.mp3
2012-04-24 11:41 - 2012-04-24 11:41 - 0000000 ____D C:\Users\ekoroski\Downloads\Jack White - Blunderbuss (2012) MP3 @320kbps
2012-04-24 07:14 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\FxsTmp
2012-04-20 06:42 - 2012-04-20 06:42 - 0000000 ____D C:\Users\ekoroski\Documents\Medisoft v16
2012-04-20 06:42 - 2012-04-20 06:42 - 0000000 ____D C:\Users\ekoroski\Documents\Examview
2012-04-20 06:27 - 2012-04-20 06:27 - 0011298 ____A C:\Users\ekoroski\Documents\headphone.xlsx
2012-04-18 05:37 - 2012-04-18 05:37 - 0000000 ____D C:\Users\ekoroski\AppData\Local\Unity
2012-04-16 12:53 - 2012-04-16 12:52 - 0000000 ____D C:\Users\ekoroski\AppData\Roaming\vlc
2012-04-16 10:20 - 2012-04-16 10:20 - 0000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2012-04-12 23:03 - 2009-07-13 18:34 - 0000478 ____A C:\Windows\win.ini
2012-04-09 06:45 - 2012-04-09 06:45 - 0061440 ____A C:\Users\ekoroski\Documents\PTO Request Form.doc
2012-04-04 11:56 - 2012-02-15 13:40 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 11:46 - 2012-02-10 11:05 - 0000000 ____D C:\Users\ekoroski\AppData\Local\Microsoft Help
2012-04-03 09:09 - 2012-04-03 09:09 - 0012685 ____A C:\Users\ekoroski\Documents\Julio.docx
2012-04-03 06:57 - 2012-04-03 06:57 - 0000000 ____D C:\Program Files (x86)\Citrix
2012-04-03 06:56 - 2012-04-03 06:56 - 0060304 ____A C:\Users\ekoroski\g2mdlhlpx.exe
2012-03-30 22:05 - 2012-05-14 06:47 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-14 06:47 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-14 06:47 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-14 06:47 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 03:35 - 2012-05-14 06:47 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-28 12:57 - 2012-02-10 10:58 - 0004780 _RASH C:\Users\All Users\ntuser.pol
2012-03-28 12:25 - 2012-03-28 11:11 - 0000000 ____D C:\Users\ekoroski\Downloads\wsusoffline
2012-03-28 11:11 - 2012-03-28 11:11 - 2043518 ____A C:\Users\ekoroski\Downloads\wsusoffline73.zip
2012-03-22 08:06 - 2012-01-18 15:53 - 0000459 ____A C:\Windows\ODBC.INI
2012-03-22 08:05 - 2012-03-22 08:05 - 0109224 ____A C:\Users\Bsbarra\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-22 08:05 - 2012-03-22 08:05 - 0000702 _RASH C:\Users\Bsbarra\ntuser.pol
2012-03-22 08:05 - 2012-03-22 08:05 - 0000020 __ASH C:\Users\Bsbarra\ntuser.ini
2012-03-22 08:05 - 2012-03-22 08:05 - 0000000 __SHD C:\Users\Bsbarra\Templates
2012-03-22 08:05 - 2012-03-22 08:05 - 0000000 __SHD C:\Users\Bsbarra\Start Menu
2012-03-22 08:05 - 2012-03-22 08:05 - 0000000 __SHD C:\Users\Bsbarra\PrintHood
2012-03-22 08:05 - 2012-03-22 08:05 - 0000000 __SHD C:\Users\Bsbarra\NetHood
2012-03-22 08:05 - 2012-03-22 08:05 - 0000000 __SHD C:\Users\Bsbarra\My Documents
2012-03-22 08:05 - 2012-03-22 08:05 - 0000000 __SHD C:\Users\Bsbarra\Documents\My Videos
2012-03-22 08:05 - 2012-03-22 08:05 - 0000000 __SHD C:\Users\Bsbarra\Documents\My Pictures
2012-03-22 08:05 - 2012-03-22 08:05 - 0000000 __SHD C:\Users\Bsbarra\Documents\My Music
2012-03-22 08:05 - 2012-03-22 08:05 - 0000000 __SHD C:\Users\Bsbarra\AppData\Local\Temporary Internet Files
2012-03-22 08:05 - 2012-03-22 08:05 - 0000000 __SHD C:\Users\Bsbarra\AppData\Local\History
2012-03-22 08:05 - 2012-03-22 08:05 - 0000000 ____D C:\Users\Bsbarra\AppData\LocalLow
2012-03-22 08:05 - 2012-03-22 08:05 - 0000000 ____D C:\Users\Bsbarra\AppData\Local\VirtualStore
2012-03-22 08:03 - 2012-03-22 08:03 - 0109224 ____A C:\Users\Dyano\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-22 08:03 - 2012-03-22 08:03 - 0000702 _RASH C:\Users\Dyano\ntuser.pol
2012-03-22 08:03 - 2012-03-22 08:03 - 0000000 ____D C:\Users\Dyano\AppData\Local\VirtualStore
2012-03-22 08:02 - 2012-03-22 08:02 - 0000020 __ASH C:\Users\Dyano\ntuser.ini
2012-03-22 08:02 - 2012-03-22 08:02 - 0000000 __SHD C:\Users\Dyano\Templates
2012-03-22 08:02 - 2012-03-22 08:02 - 0000000 __SHD C:\Users\Dyano\Start Menu
2012-03-22 08:02 - 2012-03-22 08:02 - 0000000 __SHD C:\Users\Dyano\PrintHood
2012-03-22 08:02 - 2012-03-22 08:02 - 0000000 __SHD C:\Users\Dyano\NetHood
2012-03-22 08:02 - 2012-03-22 08:02 - 0000000 __SHD C:\Users\Dyano\My Documents
2012-03-22 08:02 - 2012-03-22 08:02 - 0000000 __SHD C:\Users\Dyano\Documents\My Videos
2012-03-22 08:02 - 2012-03-22 08:02 - 0000000 __SHD C:\Users\Dyano\Documents\My Pictures
2012-03-22 08:02 - 2012-03-22 08:02 - 0000000 __SHD C:\Users\Dyano\Documents\My Music
2012-03-22 08:02 - 2012-03-22 08:02 - 0000000 __SHD C:\Users\Dyano\AppData\Local\Temporary Internet Files
2012-03-22 08:02 - 2012-03-22 08:02 - 0000000 __SHD C:\Users\Dyano\AppData\Local\History
2012-03-22 08:02 - 2012-03-22 08:02 - 0000000 ____D C:\Users\Dyano\AppData\LocalLow
2012-03-22 06:49 - 2012-03-22 06:49 - 0000000 ____D C:\Users\rzayas\AppData\Roaming\Mozilla
2012-03-22 06:49 - 2012-03-22 06:49 - 0000000 ____D C:\Users\rzayas\AppData\Local\Mozilla
2012-03-22 06:49 - 2012-03-22 06:33 - 0000000 ____D C:\Users\rzayas\AppData\LocalLow
2012-03-22 06:37 - 2012-03-22 06:36 - 0000000 ____D C:\Program Files (x86)\TightVNC
2012-03-22 06:34 - 2012-03-22 06:34 - 0109224 ____A C:\Users\rzayas\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-22 06:33 - 2012-03-22 06:33 - 0000702 _RASH C:\Users\rzayas\ntuser.pol
2012-03-22 06:33 - 2012-03-22 06:33 - 0000020 ___SH C:\Users\rzayas\ntuser.ini
2012-03-22 06:33 - 2012-03-22 06:33 - 0000000 __SHD C:\Users\rzayas\Templates
2012-03-22 06:33 - 2012-03-22 06:33 - 0000000 __SHD C:\Users\rzayas\Start Menu
2012-03-22 06:33 - 2012-03-22 06:33 - 0000000 __SHD C:\Users\rzayas\PrintHood
2012-03-22 06:33 - 2012-03-22 06:33 - 0000000 __SHD C:\Users\rzayas\NetHood
2012-03-22 06:33 - 2012-03-22 06:33 - 0000000 __SHD C:\Users\rzayas\My Documents
2012-03-22 06:33 - 2012-03-22 06:33 - 0000000 __SHD C:\Users\rzayas\Documents\My Videos
2012-03-22 06:33 - 2012-03-22 06:33 - 0000000 __SHD C:\Users\rzayas\Documents\My Pictures
2012-03-22 06:33 - 2012-03-22 06:33 - 0000000 __SHD C:\Users\rzayas\Documents\My Music
2012-03-22 06:33 - 2012-03-22 06:33 - 0000000 __SHD C:\Users\rzayas\AppData\Local\Temporary Internet Files
2012-03-22 06:33 - 2012-03-22 06:33 - 0000000 __SHD C:\Users\rzayas\AppData\Local\History
2012-03-22 06:33 - 2012-03-22 06:33 - 0000000 ____D C:\Users\rzayas\AppData\Local\VirtualStore
2012-03-22 06:32 - 2012-03-22 06:32 - 0000000 ____D C:\Program Files (x86)\RealVNC
2012-03-21 11:57 - 2012-03-21 11:57 - 0003607 ____A C:\Users\ekoroski\Documents\RDC-Shortcuts.zip
2012-03-20 16:44 - 2012-03-20 16:44 - 0203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 16:44 - 2012-03-20 16:44 - 0098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-16 23:58 - 2012-05-14 06:47 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-14 09:56 - 2012-03-14 09:56 - 0659337 ____A C:\Users\ekoroski\Downloads\YES.png
2012-03-14 08:29 - 2012-03-14 08:29 - 0000000 ____D C:\Program Files (x86)\fbphotozoom
2012-03-14 08:20 - 2012-03-14 08:20 - 0000000 ____D C:\Users\All Users\SimulationExams.com
2012-03-14 08:20 - 2012-03-14 08:20 - 0000000 ____D C:\Program Files (x86)\SimulationExams.com
2012-03-09 13:24 - 2012-03-07 15:37 - 0000000 ____D C:\Program Files (x86)\DeleteHistoryFree
2012-03-09 05:12 - 2012-03-09 05:13 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-03-09 05:12 - 2012-03-09 05:13 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-03-09 05:12 - 2012-03-09 05:13 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-03-09 05:12 - 2012-03-09 05:12 - 0000000 ____D C:\Program Files (x86)\Java
2012-03-09 05:12 - 2012-01-18 12:30 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-03-07 14:16 - 2012-03-07 14:16 - 0109224 ____A C:\Users\instructor\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-07 14:16 - 2012-03-07 14:16 - 0000702 _RASH C:\Users\instructor\ntuser.pol
2012-03-07 14:16 - 2012-03-07 14:16 - 0000020 __ASH C:\Users\instructor\ntuser.ini
2012-03-07 14:16 - 2012-03-07 14:16 - 0000000 __SHD C:\Users\instructor\Templates
2012-03-07 14:16 - 2012-03-07 14:16 - 0000000 __SHD C:\Users\instructor\Start Menu
2012-03-07 14:16 - 2012-03-07 14:16 - 0000000 __SHD C:\Users\instructor\PrintHood
2012-03-07 14:16 - 2012-03-07 14:16 - 0000000 __SHD C:\Users\instructor\NetHood
2012-03-07 14:16 - 2012-03-07 14:16 - 0000000 __SHD C:\Users\instructor\My Documents
2012-03-07 14:16 - 2012-03-07 14:16 - 0000000 __SHD C:\Users\instructor\Documents\My Videos
2012-03-07 14:16 - 2012-03-07 14:16 - 0000000 __SHD C:\Users\instructor\Documents\My Pictures
2012-03-07 14:16 - 2012-03-07 14:16 - 0000000 __SHD C:\Users\instructor\Documents\My Music
2012-03-07 14:16 - 2012-03-07 14:16 - 0000000 __SHD C:\Users\instructor\AppData\Local\Temporary Internet Files
2012-03-07 14:16 - 2012-03-07 14:16 - 0000000 __SHD C:\Users\instructor\AppData\Local\History
2012-03-07 14:16 - 2012-03-07 14:16 - 0000000 ____D C:\Users\instructor\AppData\LocalLow
2012-03-07 14:16 - 2012-03-07 14:16 - 0000000 ____D C:\Users\instructor\AppData\Local\VirtualStore
2012-03-06 15:15 - 2012-05-16 06:44 - 0258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-03-06 15:15 - 2012-05-16 06:43 - 0201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-03-06 15:15 - 2012-05-16 06:43 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-03-06 15:04 - 2012-05-16 06:44 - 0819032 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-03-06 15:04 - 2012-05-16 06:44 - 0337240 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-03-06 15:02 - 2012-05-16 06:44 - 0053080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-03-06 15:01 - 2012-05-16 06:44 - 0069976 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-03-06 15:01 - 2012-05-16 06:44 - 0059224 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-03-06 15:01 - 2012-05-16 06:44 - 0024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-03-02 22:35 - 2012-05-14 06:47 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-02 21:31 - 2012-05-14 06:47 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-29 22:46 - 2012-04-12 23:00 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:38 - 2012-04-12 23:00 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 22:33 - 2012-04-12 23:00 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 22:28 - 2012-04-12 23:00 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 21:37 - 2012-04-12 23:00 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 21:33 - 2012-04-12 23:00 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:29 - 2012-04-12 23:00 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-29 08:38 - 2012-02-29 08:38 - 0012491 ___AT C:\Users\ekoroski\Documents\Ramsey Printers and Faxes.xlsx
2012-02-28 13:33 - 2012-02-28 13:33 - 0010340 ____A C:\Users\ekoroski\Documents\Ramsey Software Inventory.xlsx
2012-02-27 23:34 - 2012-04-12 23:02 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 23:02 - 2012-04-12 23:02 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 22:56 - 2012-04-12 23:03 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 22:50 - 2012-04-12 23:03 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 22:49 - 2012-04-12 23:03 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 22:48 - 2012-04-12 23:03 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 22:48 - 2012-04-12 23:03 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 22:47 - 2012-04-12 23:03 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 22:45 - 2012-04-12 23:03 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 22:43 - 2012-04-12 23:03 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 22:43 - 2012-04-12 23:03 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 22:42 - 2012-04-12 23:03 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 22:39 - 2012-04-12 23:03 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 17:52 - 2012-04-12 23:03 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 17:27 - 2012-04-12 23:02 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 17:18 - 2012-04-12 23:03 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 17:12 - 2012-04-12 23:03 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 17:11 - 2012-04-12 23:03 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 17:11 - 2012-04-12 23:03 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 17:09 - 2012-04-12 23:03 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 17:08 - 2012-04-12 23:03 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 17:06 - 2012-04-12 23:03 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 17:04 - 2012-04-12 23:03 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 17:03 - 2012-04-12 23:03 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 17:03 - 2012-04-12 23:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 16:59 - 2012-04-12 23:03 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 3893.32 MB
Available physical RAM: 3284.39 MB
Total Pagefile: 3891.47 MB
Available Pagefile: 3267.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:232.79 GB) (Free:189.94 GB) NTFS
3 Drive f: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 1910 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 232 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 232 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1910 MB 31 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 1910 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-21 07:37

======================= End Of Log ==========================

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:02 AM

Posted 23 May 2012 - 02:13 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

1 bsyybxme; \??\C:\Windows\system32\drivers\bsyybxme.sys [x]
1 ihhyqzsq; \??\C:\Windows\system32\drivers\ihhyqzsq.sys [x]
1 koubinbp; C:\Windows\System32\Drivers\koubinbp.sys [50000 2012-05-23] (Microsoft Corporation)
C:\Windows\System32\Drivers\koubinbp.sys

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Ekoroski

Ekoroski
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 23 May 2012 - 02:55 PM

Here's the results of that
Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 23-05-2012
Ran by SYSTEM at 2012-05-23 15:47:19 Run:1
Running from F:\

==============================================

bsyybxme service deleted successfully.
ihhyqzsq service deleted successfully.
koubinbp service not found.
C:\Windows\System32\Drivers\koubinbp.sys not found.

==== End of Fixlog ====

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:02 AM

Posted 24 May 2012 - 07:19 AM

Greetings

I would like you to try and run combofix again for me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Ekoroski

Ekoroski
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 24 May 2012 - 07:27 AM

Hello,

I'm still getting the same problem. ComboFix starts up same box from before pops up. It closes everything out and then closes itself and nothing happens.

#14 Ekoroski

Ekoroski
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 24 May 2012 - 08:13 AM

I've just noticed something.

It seems ComboFix has created a folder on my C Drive called 32788R22FWJFW but when I go to open the folder it just directs me back to My Computer.

Any idea what this could be?

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:02 AM

Posted 24 May 2012 - 11:27 AM

I would like you to rescan with FRST again and send me the report


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users