Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Alureon.e


  • This topic is locked This topic is locked
25 replies to this topic

#1 bhz

bhz

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern Calilfornia
  • Local time:07:13 AM

Posted 07 June 2012 - 04:42 PM

Tryed everyting...

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by AngelicaV at 14:33:31 on 2012-06-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2940.2019 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\AngelicaV\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\86TVV24P\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
TCP: DhcpNameServer = 192.168.192.11
TCP: Interfaces\{5EC57926-4FA0-4B2F-A5DB-8C49E3D6C2C4} : DhcpNameServer = 192.168.192.11
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-30 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-30 22344]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-3-31 379904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-5-30 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-5-30 136176]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-5-31 1343400]
.
=============== Created Last 30 ================
.
2012-06-07 21:32:42 6737808 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{27fee228-bbc9-46ce-8ffa-5050982b4dd6}\mpengine.dll
2012-06-05 20:30:22 6737808 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-06-01 14:19:00 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-01 13:21:08 805376 ----a-w- c:\windows\system32\FntCache.dll
2012-06-01 13:21:08 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-05-31 14:31:25 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-05-31 14:16:35 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{dcf341a3-1837-4142-8da8-3c4727baec3c}\gapaengine.dll
2012-05-31 14:08:45 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-31 13:48:21 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-31 13:48:21 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-31 13:48:21 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-05-31 13:48:21 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-31 13:47:21 -------- d-----w- C:\Intel
2012-05-31 13:21:43 -------- d-----w- c:\windows\system32\Wat
2012-05-30 22:34:58 -------- d-----w- c:\windows\Panther
2012-05-30 22:31:11 -------- d-----w- c:\program files\Synaptics
2012-05-30 22:27:59 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-30 22:25:43 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-05-30 22:24:20 -------- d-----w- C:\Windows.old.000
2012-05-30 22:20:42 -------- d-----w- c:\program files\Defraggler
2012-05-30 22:17:01 -------- d-----w- c:\users\angelicav\appdata\roaming\SUPERAntiSpyware.com
2012-05-30 22:16:17 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-05-30 22:15:25 -------- d-sh--w- c:\windows\Installer
2012-05-30 22:15:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-30 22:15:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-30 22:15:08 -------- d-----w- c:\users\angelicav\appdata\local\Google
2012-05-30 22:11:34 -------- d-----w- c:\users\angelicav\appdata\roaming\Malwarebytes
2012-05-30 22:11:29 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-30 22:11:29 -------- d-----w- c:\programdata\Malwarebytes
2012-05-30 22:11:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-30 22:06:02 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-05-30 22:06:02 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-05-30 22:06:02 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-30 22:06:01 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-05-30 22:06:01 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-30 22:06:01 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-30 13:04:59 -------- d-sh--w- C:\Recovery
2012-05-29 22:40:59 -------- d-----w- C:\Windows.old
.
==================== Find3M ====================
.
2012-03-31 04:39:37 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 02:36:11 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 10:23:11 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-21 03:44:12 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-17 07:27:18 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
============= FINISH: 14:34:06.29 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:13 AM

Posted 07 June 2012 - 11:45 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 bhz

bhz
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern Calilfornia
  • Local time:07:13 AM

Posted 08 June 2012 - 10:57 PM

Ok i will have to go into my office tomorrow and do what you suggest. I used gparted and found a strange partition the size of the whole hard drive with a yellow mark in it, so I delete it. Since then it seem to be much better. Should I follow your post?
I will not do anything else with talking with you first.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:13 AM

Posted 08 June 2012 - 11:10 PM

Greetings


How big was the partition? and yes go ahead and follow my instructions when you go in.

what time do you have now so I can tell you when to go in


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 bhz

bhz
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern Calilfornia
  • Local time:07:13 AM

Posted 11 June 2012 - 06:47 PM

The partition was the size of the whole raw disk. but it was marked with an yellow exclimation point.

Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.61.0.1400
Google Chrome 19.0.1084.52
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

I will send in pieces, the first try the combobox messed up. had to reboot.

#6 bhz

bhz
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern Calilfornia
  • Local time:07:13 AM

Posted 11 June 2012 - 06:50 PM

Combobox comes up with a green box runs a bunch of stuff then goes away not log file?

Is the some application that can go thru the hard drive and find all the keys to my software?

Seems to be working ok now?

Thanks,

Brent

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:13 AM

Posted 11 June 2012 - 07:07 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 bhz

bhz
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern Calilfornia
  • Local time:07:13 AM

Posted 12 June 2012 - 01:09 PM

Ok booted in to Safe Mode and ran ComboFix, I got the attached error.
Remembered I whould run it as administrator so right clicked on the icon and ran as administrator.
A box came up and a bunch of green text scrolled across, box closed, that was it?

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:13 AM

Posted 12 June 2012 - 01:16 PM

Hello

download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 bhz

bhz
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern Calilfornia
  • Local time:07:13 AM

Posted 12 June 2012 - 05:55 PM

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 12-06-2012 02
Ran by SYSTEM at 12-06-2012 15:53:21
Running from G:\
Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [137752 2011-02-11] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [171032 2011-02-11] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [172568 2011-02-11] (Intel Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.192.11

================================ Services (Whitelisted) ==================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [116608 2011-08-11] (SUPERAntiSpyware.com)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
3 hkmsvc; C:\Windows\System32\kmsvc.dll [71168 2010-11-20] (Microsoft Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============

3 AgereSoftModem; C:\Windows\System32\DRIVERS\AGRSM.sys [1035776 2009-07-13] (LSI Corp)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [78336 2009-07-13] (Microsoft Corporation)
3 iirsp; C:\Windows\system32\drivers\iirsp.sys [41040 2009-07-13] (Intel Corp./ICP vortex GmbH)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [74112 2012-03-20] (Microsoft Corporation)
3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [379904 2010-03-31] (Realtek Semiconductor Corporation )
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
0 TVALZ; C:\Windows\System32\DRIVERS\TVALZ_O.SYS [23640 2007-11-09] (TOSHIBA Corporation)
3 BFE; . [x]
3 catchme; \??\C:\Users\ANGELI~1\AppData\Local\Temp\catchme.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-12 15:53 - 2012-06-12 15:53 - 00000000 ____D C:\FRST
2012-06-12 10:02 - 2012-06-12 10:02 - 00500349 ____A C:\Users\AngelicaV\Desktop\Error.rtf
2012-06-12 10:02 - 2012-06-12 10:02 - 00000000 ____D C:\ComboFix
2012-06-11 15:47 - 2012-06-12 10:02 - 00000000 ___SD C:\32788R22FWJFW
2012-06-11 15:07 - 2012-06-11 15:07 - 00000000 ____D C:\Windows\ERDNT
2012-06-11 15:07 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-11 15:07 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-11 15:07 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-11 15:07 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-11 15:07 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-11 15:07 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-11 15:07 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-11 15:07 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-11 15:06 - 2012-06-11 15:07 - 00000000 ____D C:\Qoobox
2012-06-11 15:05 - 2012-06-11 15:05 - 04542341 ____R (Swearware) C:\Users\AngelicaV\Desktop\ComboFix.exe
2012-06-11 14:59 - 2012-06-11 14:59 - 00853862 ____A C:\Users\AngelicaV\Desktop\SecurityCheck.exe
2012-06-11 14:38 - 2012-06-11 14:38 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-06-07 14:19 - 2012-06-07 14:19 - 00032768 ____A C:\bcd_backup
2012-06-07 14:19 - 2012-06-07 14:19 - 00029696 __ASH C:\bcd_backup.LOG
2012-06-07 14:19 - 2012-06-07 14:19 - 00000000 __ASH C:\bcd_backup.LOG2
2012-06-07 14:19 - 2012-06-07 14:19 - 00000000 __ASH C:\bcd_backup.LOG1
2012-06-07 13:58 - 2012-06-07 13:58 - 00026866 ____A C:\Users\AngelicaV\Desktop\Extras.Txt
2012-06-07 13:57 - 2012-06-07 13:57 - 00085752 ____A C:\Users\AngelicaV\Desktop\OTL.Txt
2012-06-07 13:52 - 2012-06-07 13:52 - 00595456 ____A (OldTimer Tools) C:\Users\AngelicaV\Desktop\OTL.exe
2012-06-07 13:38 - 2012-06-07 13:38 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-07 13:38 - 2012-06-07 13:38 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-07 13:38 - 2012-06-07 13:38 - 00000000 ____D C:\Windows\System32\Macromed
2012-06-07 13:38 - 2012-06-07 13:38 - 00000000 ____D C:\Users\AngelicaV\AppData\Roaming\Macromedia
2012-06-07 13:38 - 2012-06-07 13:38 - 00000000 ____D C:\Users\AngelicaV\AppData\Roaming\Adobe
2012-06-07 13:34 - 2012-06-07 13:35 - 00302592 ____A C:\Users\AngelicaV\Desktop\pk71urqq.exe
2012-06-07 13:32 - 2012-06-07 13:32 - 00000480 ____A C:\Users\AngelicaV\Desktop\defogger_disable.log
2012-06-07 13:32 - 2012-06-07 13:32 - 00000000 ____A C:\Users\AngelicaV\defogger_reenable
2012-06-07 13:29 - 2012-06-07 13:30 - 00116338 ____A C:\TDSSKiller.2.7.36.0_07.06.2012_14.29.57_log.txt
2012-06-07 13:28 - 2012-06-07 13:28 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\AngelicaV\Desktop\brent.exe
2012-06-04 15:32 - 2012-06-04 15:32 - 00115862 ____A C:\TDSSKiller.2.7.36.0_04.06.2012_16.32.20_log.txt
2012-06-01 12:22 - 2012-06-01 12:24 - 00228708 ____A C:\TDSSKiller.2.7.36.0_01.06.2012_13.22.32_log.txt
2012-06-01 06:19 - 2012-06-01 12:24 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-01 06:13 - 2012-06-01 06:28 - 00230590 ____A C:\TDSSKiller.2.7.36.0_01.06.2012_07.13.12_log.txt
2012-06-01 06:13 - 2012-06-01 06:07 - 04731392 ____A (AVAST Software) C:\Users\AngelicaV\Desktop\aswMBR.exe
2012-06-01 05:40 - 2012-06-12 10:00 - 00508368 ____A C:\Windows\ntbtlog.txt
2012-06-01 05:21 - 2011-02-18 22:30 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-06-01 05:21 - 2011-02-18 22:30 - 00739840 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-06-01 02:11 - 2012-02-27 17:52 - 12281856 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-01 02:11 - 2012-02-27 17:27 - 09705984 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-01 02:11 - 2012-02-27 17:18 - 01799168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-01 02:11 - 2012-02-27 17:12 - 01103360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-01 02:11 - 2012-02-27 17:11 - 01427456 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-01 02:11 - 2012-02-27 17:11 - 01127424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-01 02:11 - 2012-02-27 17:09 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-01 02:11 - 2012-02-27 17:08 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-01 02:11 - 2012-02-27 17:06 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-01 02:11 - 2012-02-27 17:04 - 01792000 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-01 02:11 - 2012-02-27 17:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-01 02:11 - 2012-02-27 17:03 - 00072704 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-01 02:11 - 2012-02-27 16:59 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-31 06:31 - 2011-03-24 18:58 - 00284672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2012-05-31 06:31 - 2011-03-24 18:58 - 00258560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2012-05-31 06:31 - 2011-03-24 18:58 - 00075776 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2012-05-31 06:31 - 2011-03-24 18:57 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2012-05-31 06:31 - 2011-03-24 18:57 - 00024064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2012-05-31 06:31 - 2011-03-24 18:57 - 00020480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2012-05-31 06:31 - 2011-03-24 18:57 - 00005888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2012-05-31 06:31 - 2011-03-10 21:39 - 01211264 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-05-31 06:31 - 2011-03-10 21:39 - 00148864 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2012-05-31 06:31 - 2011-03-10 21:39 - 00143744 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys
2012-05-31 06:31 - 2011-03-10 21:39 - 00117120 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys
2012-05-31 06:31 - 2011-03-10 21:38 - 00332160 ____A (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys
2012-05-31 06:31 - 2011-03-10 21:38 - 00080256 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys
2012-05-31 06:31 - 2011-03-10 21:38 - 00022400 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys
2012-05-31 06:31 - 2011-03-10 21:33 - 01699328 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
2012-05-31 06:31 - 2011-03-10 21:31 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\fsutil.exe
2012-05-31 06:31 - 2011-03-10 20:01 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2012-05-31 06:22 - 2012-05-31 06:23 - 00152216 ____A C:\Windows\Minidump\053112-34382-01.dmp
2012-05-31 06:22 - 2012-05-31 06:22 - 267261438 ____A C:\Windows\MEMORY.DMP
2012-05-31 06:22 - 2012-05-31 06:22 - 00000000 ____D C:\Windows\Minidump
2012-05-31 06:12 - 2012-05-31 06:12 - 00000000 ____D C:\Program Files\Microsoft.NET
2012-05-31 06:09 - 2012-06-06 06:11 - 00002198 ____A C:\Windows\epplauncher.mif
2012-05-31 06:09 - 2012-05-31 06:09 - 00057560 ____A C:\Users\AngelicaV\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-31 06:08 - 2012-05-31 06:09 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-05-31 05:54 - 2012-05-31 05:54 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-05-31 05:53 - 2012-04-26 19:08 - 55656824 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-31 05:48 - 2012-02-29 21:46 - 00019824 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-05-31 05:48 - 2012-02-29 21:37 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-05-31 05:48 - 2012-02-29 21:33 - 00159232 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-05-31 05:48 - 2012-02-29 21:29 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-05-31 05:47 - 2012-05-31 05:47 - 00000000 ____D C:\Program Files\Intel
2012-05-31 05:47 - 2012-05-31 05:47 - 00000000 ____D C:\Intel
2012-05-31 05:23 - 2012-05-31 05:23 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-05-31 05:23 - 2012-05-31 05:23 - 00580608 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-05-31 05:23 - 2012-05-31 05:23 - 00353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-05-31 05:23 - 2012-05-31 05:23 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-05-31 05:23 - 2012-05-31 05:23 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-31 05:23 - 2012-05-31 05:23 - 00130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-05-31 05:23 - 2012-05-31 05:23 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-05-31 05:23 - 2012-05-31 05:23 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-05-31 05:23 - 2012-05-31 05:23 - 00072822 ____A C:\Windows\System32\ieuinit.inf
2012-05-31 05:23 - 2012-05-31 05:23 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-05-31 05:23 - 2012-05-31 05:23 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-05-31 05:23 - 2012-05-31 05:23 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-05-31 05:22 - 2012-05-31 05:23 - 00003555 ____A C:\Windows\IE9_main.log
2012-05-30 14:34 - 2012-05-30 14:03 - 00000000 ____D C:\Windows\Panther
2012-05-30 14:31 - 2012-05-30 14:31 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SynTP_01007.Wdf
2012-05-30 14:31 - 2012-05-30 14:31 - 00000000 ____D C:\Program Files\Synaptics
2012-05-30 14:29 - 2011-11-04 20:26 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-05-30 14:29 - 2011-07-15 20:27 - 00868352 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-05-30 14:29 - 2011-07-15 20:27 - 00290816 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-05-30 14:29 - 2011-07-15 20:15 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-05-30 14:29 - 2011-07-15 20:15 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-05-30 14:29 - 2011-07-15 20:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-05-30 14:29 - 2011-07-15 20:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-05-30 14:29 - 2011-07-15 20:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-05-30 14:29 - 2011-07-15 20:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-05-30 14:29 - 2011-07-15 20:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-05-30 14:29 - 2011-07-15 20:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-05-30 14:29 - 2011-07-15 20:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-05-30 14:29 - 2011-07-15 20:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-05-30 14:29 - 2011-07-15 20:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-05-30 14:29 - 2011-07-15 20:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-05-30 14:29 - 2011-07-15 20:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-05-30 14:29 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-05-30 14:29 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-05-30 14:29 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-05-30 14:29 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-05-30 14:29 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-05-30 14:29 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-05-30 14:29 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-05-30 14:29 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-05-30 14:29 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-05-30 14:29 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-05-30 14:29 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-05-30 14:29 - 2011-07-15 18:17 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-05-30 14:29 - 2011-07-15 18:17 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-05-30 14:29 - 2011-07-15 18:17 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-05-30 14:29 - 2011-07-15 18:17 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-05-30 14:29 - 2011-06-23 20:27 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-05-30 14:29 - 2011-06-23 20:22 - 00271360 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-05-30 14:29 - 2011-02-24 21:30 - 02616320 ____A (Microsoft Corporation) C:\Windows\explorer.exe
2012-05-30 14:29 - 2011-02-17 21:39 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\prevhost.exe
2012-05-30 14:28 - 2012-03-30 20:39 - 03968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-05-30 14:28 - 2012-03-30 20:39 - 03913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-30 14:28 - 2012-03-30 18:36 - 02343424 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-30 14:28 - 2012-03-30 02:23 - 01291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-30 14:28 - 2012-03-02 21:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-30 14:28 - 2012-01-04 00:59 - 12872704 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-05-30 14:28 - 2012-01-04 00:58 - 00442880 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-05-30 14:28 - 2011-11-16 21:41 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-05-30 14:28 - 2011-11-16 21:41 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-05-30 14:28 - 2011-11-16 21:39 - 00369352 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-05-30 14:28 - 2011-11-16 21:35 - 00314880 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-05-30 14:28 - 2011-11-16 21:34 - 00224768 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-05-30 14:28 - 2011-11-16 21:34 - 00100352 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-05-30 14:28 - 2011-11-16 21:34 - 00022016 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-05-30 14:28 - 2011-11-16 21:34 - 00015872 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-05-30 14:28 - 2011-11-16 21:32 - 01038848 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-05-30 14:28 - 2011-11-16 21:29 - 00022528 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-05-30 14:28 - 2011-10-25 20:32 - 01328128 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-05-30 14:28 - 2011-10-25 20:32 - 00514560 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-05-30 14:28 - 2011-10-14 21:38 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2012-05-30 14:28 - 2011-08-16 20:24 - 00465408 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2012-05-30 14:28 - 2011-08-16 20:19 - 00075776 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2012-05-30 14:28 - 2011-07-08 18:30 - 00223744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2012-05-30 14:28 - 2011-06-15 20:33 - 00180224 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2012-05-30 14:28 - 2011-06-15 00:55 - 00319488 ____A (Microsoft Corporation) C:\Windows\System32\odbcjt32.dll
2012-05-30 14:28 - 2011-06-15 00:55 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll
2012-05-30 14:28 - 2011-06-15 00:55 - 00122880 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll
2012-05-30 14:28 - 2011-06-15 00:55 - 00086016 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll
2012-05-30 14:28 - 2011-06-15 00:55 - 00081920 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll
2012-05-30 14:28 - 2011-05-03 20:34 - 01549312 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2012-05-30 14:28 - 2011-05-03 20:32 - 01401344 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2012-05-30 14:28 - 2011-05-03 20:32 - 00666624 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2012-05-30 14:28 - 2011-05-03 20:32 - 00337408 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2012-05-30 14:28 - 2011-05-03 20:32 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\mssphtb.dll
2012-05-30 14:28 - 2011-05-03 20:32 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2012-05-30 14:28 - 2011-05-03 20:28 - 00427520 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2012-05-30 14:28 - 2011-05-03 20:28 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2012-05-30 14:28 - 2011-05-03 20:28 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2012-05-30 14:28 - 2011-05-02 20:30 - 00741376 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2012-05-30 14:28 - 2011-04-26 18:17 - 00123904 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2012-05-30 14:28 - 2011-04-26 18:17 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2012-05-30 14:28 - 2011-04-24 18:18 - 00338944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-05-30 14:28 - 2011-03-10 21:33 - 01164288 ____A (Microsoft Corporation) C:\Windows\System32\mfc42u.dll
2012-05-30 14:28 - 2011-03-10 21:33 - 01137664 ____A (Microsoft Corporation) C:\Windows\System32\mfc42.dll
2012-05-30 14:28 - 2011-03-02 21:38 - 00270336 ____A (Microsoft Corporation) C:\Windows\System32\dnsapi.dll
2012-05-30 14:28 - 2011-03-02 21:38 - 00132608 ____A (Microsoft Corporation) C:\Windows\System32\dnsrslvr.dll
2012-05-30 14:28 - 2011-03-02 21:36 - 00028672 ____A (Microsoft Corporation) C:\Windows\System32\dnscacheugc.exe
2012-05-30 14:28 - 2011-02-22 20:47 - 00069632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
2012-05-30 14:28 - 2011-02-11 21:35 - 00191488 ____A (Microsoft Corporation) C:\Windows\System32\FXSCOVER.exe
2012-05-30 14:28 - 2010-12-22 21:54 - 00850944 ____A (Microsoft Corporation) C:\Windows\System32\sbe.dll
2012-05-30 14:28 - 2010-12-22 21:54 - 00642048 ____A (Microsoft Corporation) C:\Windows\System32\CPFilters.dll
2012-05-30 14:28 - 2010-12-22 21:50 - 00199680 ____A (Microsoft Corporation) C:\Windows\System32\mpg2splt.ax
2012-05-30 14:27 - 2012-03-16 23:27 - 00056176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-30 14:27 - 2012-01-31 04:44 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-30 14:27 - 2011-12-29 21:27 - 00478720 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-05-30 14:27 - 2011-12-15 23:52 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-05-30 14:27 - 2011-11-19 06:01 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-05-30 14:27 - 2011-11-16 21:38 - 01288472 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-05-30 14:27 - 2011-10-25 20:28 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2012-05-30 14:27 - 2011-08-26 20:26 - 00571904 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2012-05-30 14:27 - 2011-08-26 20:26 - 00233472 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2012-05-30 14:27 - 2011-05-24 02:44 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
2012-05-30 14:27 - 2011-04-28 18:46 - 00311808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2012-05-30 14:27 - 2011-04-28 18:46 - 00310272 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2012-05-30 14:27 - 2011-04-28 18:46 - 00114688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2012-05-30 14:27 - 2011-04-08 21:56 - 00123904 ____A (Microsoft Corporation) C:\Windows\System32\poqexec.exe
2012-05-30 14:27 - 2011-03-12 03:23 - 00870912 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-05-30 14:27 - 2011-02-23 21:38 - 00288256 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-05-30 14:27 - 2011-02-18 22:30 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-05-30 14:27 - 2011-02-18 20:34 - 00294912 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-05-30 14:27 - 2011-01-16 21:47 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-05-30 14:27 - 2010-12-16 23:07 - 00542208 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-05-30 14:27 - 2010-09-29 22:47 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2012-05-30 14:25 - 2011-04-22 11:14 - 00027008 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2012-05-30 14:24 - 2012-05-30 14:24 - 00000000 ____D C:\Windows.old.000
2012-05-30 14:21 - 2012-06-12 10:30 - 00002301 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-05-30 14:20 - 2012-05-30 14:22 - 00000000 ____D C:\Program Files\Defraggler
2012-05-30 14:20 - 2012-05-30 14:20 - 00001878 ____A C:\Users\Public\Desktop\Defraggler.lnk
2012-05-30 14:17 - 2012-05-30 14:17 - 00000000 ____D C:\Users\AngelicaV\AppData\Roaming\SUPERAntiSpyware.com
2012-05-30 14:16 - 2011-02-02 21:54 - 00219008 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2012-05-30 14:15 - 2012-06-12 12:27 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-05-30 14:15 - 2012-06-12 11:27 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-05-30 14:15 - 2012-05-30 14:21 - 00000000 ____D C:\Users\AngelicaV\AppData\Local\Google
2012-05-30 14:15 - 2012-05-30 14:21 - 00000000 ____D C:\Program Files\Google
2012-05-30 14:15 - 2012-05-30 14:17 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-05-30 14:15 - 2012-05-30 14:15 - 00001976 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-05-30 14:15 - 2012-05-30 14:15 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-05-30 14:11 - 2012-05-30 14:11 - 00001082 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-30 14:11 - 2012-05-30 14:11 - 00000000 ____D C:\Users\AngelicaV\AppData\Roaming\Malwarebytes
2012-05-30 14:11 - 2012-05-30 14:11 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-05-30 14:11 - 2012-05-30 14:11 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-05-30 14:11 - 2012-04-04 14:56 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-05-30 14:06 - 2012-02-16 21:34 - 00826880 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-05-30 14:06 - 2012-02-16 20:14 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-05-30 14:06 - 2012-02-16 20:13 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-05-30 14:06 - 2012-01-24 21:32 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-05-30 14:06 - 2012-01-24 21:32 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-05-30 14:06 - 2012-01-24 21:27 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-05-30 14:03 - 2012-06-07 13:32 - 00000000 ____D C:\users\AngelicaV
2012-05-30 14:03 - 2012-05-30 14:05 - 00000000 ____D C:\Users\AngelicaV\AppData\LocalLow
2012-05-30 14:03 - 2012-05-30 14:03 - 00000020 ___SH C:\Users\AngelicaV\ntuser.ini
2012-05-30 14:03 - 2012-05-30 14:03 - 00000000 __SHD C:\Users\AngelicaV\Templates
2012-05-30 14:03 - 2012-05-30 14:03 - 00000000 __SHD C:\Users\AngelicaV\Start Menu
2012-05-30 14:03 - 2012-05-30 14:03 - 00000000 __SHD C:\Users\AngelicaV\PrintHood
2012-05-30 14:03 - 2012-05-30 14:03 - 00000000 __SHD C:\Users\AngelicaV\NetHood
2012-05-30 14:03 - 2012-05-30 14:03 - 00000000 __SHD C:\Users\AngelicaV\My Documents
2012-05-30 14:03 - 2012-05-30 14:03 - 00000000 __SHD C:\Users\AngelicaV\Documents\My Videos
2012-05-30 14:03 - 2012-05-30 14:03 - 00000000 __SHD C:\Users\AngelicaV\Documents\My Pictures
2012-05-30 14:03 - 2012-05-30 14:03 - 00000000 __SHD C:\Users\AngelicaV\Documents\My Music
2012-05-30 14:03 - 2012-05-30 14:03 - 00000000 __SHD C:\Users\AngelicaV\AppData\Local\Temporary Internet Files
2012-05-30 14:03 - 2012-05-30 14:03 - 00000000 __SHD C:\Users\AngelicaV\AppData\Local\History
2012-05-30 14:03 - 2012-05-30 14:03 - 00000000 ____D C:\Users\AngelicaV\AppData\Local\VirtualStore
2012-05-30 14:03 - 2011-04-11 18:24 - 00000000 ____D C:\Users\AngelicaV\AppData\Roaming\Media Center Programs
2012-05-30 13:54 - 2012-06-12 13:21 - 01643255 ____A C:\Windows\WindowsUpdate.log
2012-05-30 13:52 - 2012-05-30 13:54 - 00001355 ____A C:\Windows\TSSysprep.log
2012-05-30 05:04 - 2012-05-30 14:03 - 00000000 __SHD C:\Recovery
2012-05-29 14:40 - 2012-05-29 14:40 - 00000000 ____D C:\Windows.old

============ 3 Months Modified Files and Folders ===============

2012-06-12 15:53 - 2012-06-12 15:53 - 00000000 ____D C:\FRST
2012-06-12 13:21 - 2012-05-30 13:54 - 01643255 ____A C:\Windows\WindowsUpdate.log
2012-06-12 13:21 - 2009-07-13 20:34 - 00020864 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-12 13:21 - 2009-07-13 20:34 - 00020864 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-12 12:27 - 2012-05-30 14:15 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-12 11:27 - 2012-05-30 14:15 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-12 10:30 - 2012-05-30 14:21 - 00002301 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-06-12 10:09 - 2010-11-20 13:01 - 00729688 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-12 10:04 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-12 10:04 - 2009-07-13 20:39 - 00028331 ____A C:\Windows\setupact.log
2012-06-12 10:02 - 2012-06-12 10:02 - 00500349 ____A C:\Users\AngelicaV\Desktop\Error.rtf
2012-06-12 10:02 - 2012-06-12 10:02 - 00000000 ____D C:\ComboFix
2012-06-12 10:02 - 2012-06-11 15:47 - 00000000 ___SD C:\32788R22FWJFW
2012-06-12 10:00 - 2012-06-01 05:40 - 00508368 ____A C:\Windows\ntbtlog.txt
2012-06-11 15:18 - 2010-11-20 13:48 - 00007310 ____A C:\Windows\PFRO.log
2012-06-11 15:12 - 2009-07-13 18:04 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-06-11 15:07 - 2012-06-11 15:07 - 00000000 ____D C:\Windows\ERDNT
2012-06-11 15:07 - 2012-06-11 15:06 - 00000000 ____D C:\Qoobox
2012-06-11 15:05 - 2012-06-11 15:05 - 04542341 ____R (Swearware) C:\Users\AngelicaV\Desktop\ComboFix.exe
2012-06-11 14:59 - 2012-06-11 14:59 - 00853862 ____A C:\Users\AngelicaV\Desktop\SecurityCheck.exe
2012-06-11 14:38 - 2012-06-11 14:38 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-06-07 14:19 - 2012-06-07 14:19 - 00032768 ____A C:\bcd_backup
2012-06-07 14:19 - 2012-06-07 14:19 - 00029696 __ASH C:\bcd_backup.LOG
2012-06-07 14:19 - 2012-06-07 14:19 - 00000000 __ASH C:\bcd_backup.LOG2
2012-06-07 14:19 - 2012-06-07 14:19 - 00000000 __ASH C:\bcd_backup.LOG1
2012-06-07 13:58 - 2012-06-07 13:58 - 00026866 ____A C:\Users\AngelicaV\Desktop\Extras.Txt
2012-06-07 13:57 - 2012-06-07 13:57 - 00085752 ____A C:\Users\AngelicaV\Desktop\OTL.Txt
2012-06-07 13:52 - 2012-06-07 13:52 - 00595456 ____A (OldTimer Tools) C:\Users\AngelicaV\Desktop\OTL.exe
2012-06-07 13:38 - 2012-06-07 13:38 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-07 13:38 - 2012-06-07 13:38 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-07 13:38 - 2012-06-07 13:38 - 00000000 ____D C:\Windows\System32\Macromed
2012-06-07 13:38 - 2012-06-07 13:38 - 00000000 ____D C:\Users\AngelicaV\AppData\Roaming\Macromedia
2012-06-07 13:38 - 2012-06-07 13:38 - 00000000 ____D C:\Users\AngelicaV\AppData\Roaming\Adobe
2012-06-07 13:38 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\Downloaded Program Files
2012-06-07 13:35 - 2012-06-07 13:34 - 00302592 ____A C:\Users\AngelicaV\Desktop\pk71urqq.exe
2012-06-07 13:32 - 2012-06-07 13:32 - 00000480 ____A C:\Users\AngelicaV\Desktop\defogger_disable.log
2012-06-07 13:32 - 2012-06-07 13:32 - 00000000 ____A C:\Users\AngelicaV\defogger_reenable
2012-06-07 13:32 - 2012-05-30 14:03 - 00000000 ____D C:\users\AngelicaV
2012-06-07 13:30 - 2012-06-07 13:29 - 00116338 ____A C:\TDSSKiller.2.7.36.0_07.06.2012_14.29.57_log.txt
2012-06-07 13:28 - 2012-06-07 13:28 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\AngelicaV\Desktop\brent.exe
2012-06-06 06:11 - 2012-05-31 06:09 - 00002198 ____A C:\Windows\epplauncher.mif
2012-06-04 15:32 - 2012-06-04 15:32 - 00115862 ____A C:\TDSSKiller.2.7.36.0_04.06.2012_16.32.20_log.txt
2012-06-01 13:35 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2012-06-01 13:00 - 2009-11-15 15:41 - 00000000 ____D C:\Config.Msi
2012-06-01 12:24 - 2012-06-01 12:22 - 00228708 ____A C:\TDSSKiller.2.7.36.0_01.06.2012_13.22.32_log.txt
2012-06-01 12:24 - 2012-06-01 06:19 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-01 06:28 - 2012-06-01 06:13 - 00230590 ____A C:\TDSSKiller.2.7.36.0_01.06.2012_07.13.12_log.txt
2012-06-01 06:07 - 2012-06-01 06:13 - 04731392 ____A (AVAST Software) C:\Users\AngelicaV\Desktop\aswMBR.exe
2012-06-01 05:03 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2012-06-01 02:32 - 2009-07-13 20:33 - 00266808 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-01 02:30 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
2012-05-31 06:23 - 2012-05-31 06:22 - 00152216 ____A C:\Windows\Minidump\053112-34382-01.dmp
2012-05-31 06:22 - 2012-05-31 06:22 - 267261438 ____A C:\Windows\MEMORY.DMP
2012-05-31 06:22 - 2012-05-31 06:22 - 00000000 ____D C:\Windows\Minidump
2012-05-31 06:12 - 2012-05-31 06:12 - 00000000 ____D C:\Program Files\Microsoft.NET
2012-05-31 06:09 - 2012-05-31 06:09 - 00057560 ____A C:\Users\AngelicaV\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-31 06:09 - 2012-05-31 06:08 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-05-31 06:01 - 2011-04-11 18:24 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-31 06:01 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\System
2012-05-31 05:54 - 2012-05-31 05:54 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-05-31 05:47 - 2012-05-31 05:47 - 00000000 ____D C:\Program Files\Intel
2012-05-31 05:47 - 2012-05-31 05:47 - 00000000 ____D C:\Intel
2012-05-31 05:23 - 2012-05-31 05:23 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-05-31 05:23 - 2012-05-31 05:23 - 00580608 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-05-31 05:23 - 2012-05-31 05:23 - 00353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-05-31 05:23 - 2012-05-31 05:23 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-05-31 05:23 - 2012-05-31 05:23 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-31 05:23 - 2012-05-31 05:23 - 00130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-05-31 05:23 - 2012-05-31 05:23 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-05-31 05:23 - 2012-05-31 05:23 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-05-31 05:23 - 2012-05-31 05:23 - 00072822 ____A C:\Windows\System32\ieuinit.inf
2012-05-31 05:23 - 2012-05-31 05:23 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-05-31 05:23 - 2012-05-31 05:23 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-05-31 05:23 - 2012-05-31 05:23 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-05-31 05:23 - 2012-05-31 05:23 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-05-31 05:23 - 2012-05-31 05:22 - 00003555 ____A C:\Windows\IE9_main.log
2012-05-31 05:17 - 2009-07-13 20:34 - 00000000 ____D C:\Windows\ServiceProfiles
2012-05-30 14:34 - 2009-07-13 20:57 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2012-05-30 14:34 - 2009-07-13 20:52 - 00028672 ____A C:\Windows\System32\config\BCD-Template
2012-05-30 14:31 - 2012-05-30 14:31 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SynTP_01007.Wdf
2012-05-30 14:31 - 2012-05-30 14:31 - 00000000 ____D C:\Program Files\Synaptics
2012-05-30 14:24 - 2012-05-30 14:24 - 00000000 ____D C:\Windows.old.000
2012-05-30 14:22 - 2012-05-30 14:20 - 00000000 ____D C:\Program Files\Defraggler
2012-05-30 14:21 - 2012-05-30 14:15 - 00000000 ____D C:\Users\AngelicaV\AppData\Local\Google
2012-05-30 14:21 - 2012-05-30 14:15 - 00000000 ____D C:\Program Files\Google
2012-05-30 14:20 - 2012-05-30 14:20 - 00001878 ____A C:\Users\Public\Desktop\Defraggler.lnk
2012-05-30 14:17 - 2012-05-30 14:17 - 00000000 ____D C:\Users\AngelicaV\AppData\Roaming\SUPERAntiSpyware.com
2012-05-30 14:17 - 2012-05-30 14:15 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-05-30 14:15 - 2012-05-30 14:15 - 00001976 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-05-30 14:15 - 2012-05-30 14:15 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-05-30 14:11 - 2012-05-30 14:11 - 00001082 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-30 14:11 - 2012-05-30 14:11 - 00000000 ____D C:\Users\AngelicaV\AppData\Roaming\Malwarebytes
2012-05-30 14:11 - 2012-05-30 14:11 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-05-30 14:11 - 2012-05-30 14:11 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-05-30 14:06 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\System32\restore
2012-05-30 14:05 - 2012-05-30 14:03 - 00000000 ____D C:\Users\AngelicaV\AppData\LocalLow
2012-05-30 14:03 - 2012-05-30 14:34 - 00000000 ____D C:\Windows\Panther
2012-05-30 14:03 - 2012-05-30 14:03 - 00000020 ___SH C:\Users\AngelicaV\ntuser.ini
2012-05-30 14:03 - 2012-05-30 14:03 - 00000000 __SHD C:\Users\AngelicaV\Templates
2012-05-30 14:03 - 2012-05-30 14:03 - 00000000 __SHD C:\Users\AngelicaV\Start Menu
2012-05-30 14:03 - 2012-05-30 14:03 - 00000000 __SHD C:\Users\AngelicaV\PrintHood
2012-05-30 14:03 - 2012-05-30 14:03 - 00000000 __SHD C:\Users\AngelicaV\NetHood
2012-05-30 14:03 - 2012-05-30 14:03 - 00000000 __SHD C:\Users\AngelicaV\My Documents
2012-05-30 14:03 - 2012-05-30 14:03 - 00000000 __SHD C:\Users\AngelicaV\Documents\My Videos
2012-05-30 14:03 - 2012-05-30 14:03 - 00000000 __SHD C:\Users\AngelicaV\Documents\My Pictures
2012-05-30 14:03 - 2012-05-30 14:03 - 00000000 __SHD C:\Users\AngelicaV\Documents\My Music
2012-05-30 14:03 - 2012-05-30 14:03 - 00000000 __SHD C:\Users\AngelicaV\AppData\Local\Temporary Internet Files
2012-05-30 14:03 - 2012-05-30 14:03 - 00000000 __SHD C:\Users\AngelicaV\AppData\Local\History
2012-05-30 14:03 - 2012-05-30 14:03 - 00000000 ____D C:\Users\AngelicaV\AppData\Local\VirtualStore
2012-05-30 14:03 - 2012-05-30 05:04 - 00000000 __SHD C:\Recovery
2012-05-30 13:55 - 2009-07-13 20:46 - 00115640 ____A C:\Windows\System32\license.rtf
2012-05-30 13:55 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\config\TxR
2012-05-30 13:54 - 2012-05-30 13:52 - 00001355 ____A C:\Windows\TSSysprep.log
2012-05-30 13:52 - 2009-07-13 20:34 - 00002790 ____A C:\Windows\DtcInstall.log
2012-05-29 14:40 - 2012-05-29 14:40 - 00000000 ____D C:\Windows.old
2012-04-26 19:08 - 2012-05-31 05:53 - 55656824 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-04 14:56 - 2012-05-30 14:11 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-30 20:39 - 2012-05-30 14:28 - 03968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-30 14:28 - 03913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 18:36 - 2012-05-30 14:28 - 02343424 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 02:23 - 2012-05-30 14:28 - 01291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-20 19:44 - 2012-03-20 19:44 - 00171064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 19:44 - 2012-03-20 19:44 - 00074112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-16 23:27 - 2012-05-30 14:27 - 00056176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 2939.99 MB
Available physical RAM: 2515.95 MB
Total Pagefile: 2938.27 MB
Available Pagefile: 2516.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.29 MB

======================= Partitions =========================

1 Drive c: (TI102805W0E) (Fixed) (Total:288.62 GB) (Free:199.33 GB) NTFS
2 Drive e: (System) (Fixed) (Total:1.46 GB) (Free:1.28 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: (PATRIOT) (Removable) (Total:30.59 GB) (Free:30.3 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (HDDRECOVERY) (Fixed) (Total:8 GB) (Free:0.55 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 30 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 288 GB 1501 MB
Partition 3 Primary 8 GB 290 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E System NTFS Partition 1500 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI102805W0E NTFS Partition 288 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y HDDRECOVERY NTFS Partition 8 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 30 GB 3792 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G PATRIOT FAT32 Removable 30 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-07 23:29

======================= End Of Log ==========================

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:13 AM

Posted 12 June 2012 - 08:26 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 bhz

bhz
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern Calilfornia
  • Local time:07:13 AM

Posted 12 June 2012 - 09:39 PM

19:22:25.0475 3164 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
19:22:26.0113 3164 ============================================================
19:22:26.0113 3164 Current date / time: 2012/06/12 19:22:26.0113
19:22:26.0113 3164 SystemInfo:
19:22:26.0113 3164
19:22:26.0113 3164 OS Version: 6.1.7601 ServicePack: 1.0
19:22:26.0113 3164 Product type: Workstation
19:22:26.0113 3164 ComputerName: ANGELICAV-PC
19:22:26.0113 3164 UserName: AngelicaV
19:22:26.0114 3164 Windows directory: C:\Windows
19:22:26.0114 3164 System windows directory: C:\Windows
19:22:26.0114 3164 Processor architecture: Intel x86
19:22:26.0114 3164 Number of processors: 2
19:22:26.0114 3164 Page size: 0x1000
19:22:26.0114 3164 Boot type: Normal boot
19:22:26.0114 3164 ============================================================
19:22:28.0849 3164 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:22:28.0853 3164 ============================================================
19:22:28.0853 3164 \Device\Harddisk0\DR0:
19:22:28.0853 3164 MBR partitions:
19:22:28.0853 3164 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x2413D800
19:22:28.0853 3164 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2442C000, BlocksNum 0x1002800
19:22:28.0853 3164 ============================================================
19:22:28.0892 3164 C: <-> \Device\Harddisk0\DR0\Partition0
19:22:29.0022 3164 D: <-> \Device\Harddisk0\DR0\Partition1
19:22:29.0022 3164 ============================================================
19:22:29.0023 3164 Initialize success
19:22:29.0023 3164 ============================================================
19:22:32.0814 3948 ============================================================
19:22:32.0814 3948 Scan started
19:22:32.0814 3948 Mode: Manual;
19:22:32.0814 3948 ============================================================
19:22:33.0941 3948 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:22:33.0943 3948 !SASCORE - ok
19:22:34.0149 3948 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
19:22:34.0150 3948 1394ohci - ok
19:22:34.0199 3948 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
19:22:34.0201 3948 ACPI - ok
19:22:34.0242 3948 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
19:22:34.0243 3948 AcpiPmi - ok
19:22:34.0353 3948 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
19:22:34.0359 3948 adp94xx - ok
19:22:34.0387 3948 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
19:22:34.0389 3948 adpahci - ok
19:22:34.0456 3948 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
19:22:34.0457 3948 adpu320 - ok
19:22:34.0503 3948 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
19:22:34.0503 3948 AeLookupSvc - ok
19:22:34.0572 3948 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
19:22:34.0576 3948 AFD - ok
19:22:34.0654 3948 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
19:22:34.0665 3948 AgereSoftModem - ok
19:22:34.0691 3948 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
19:22:34.0692 3948 agp440 - ok
19:22:34.0728 3948 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
19:22:34.0729 3948 aic78xx - ok
19:22:34.0789 3948 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
19:22:34.0790 3948 ALG - ok
19:22:34.0839 3948 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
19:22:34.0840 3948 aliide - ok
19:22:34.0857 3948 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
19:22:34.0858 3948 amdagp - ok
19:22:34.0865 3948 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
19:22:34.0866 3948 amdide - ok
19:22:34.0911 3948 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
19:22:34.0912 3948 AmdK8 - ok
19:22:34.0943 3948 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
19:22:34.0943 3948 AmdPPM - ok
19:22:35.0011 3948 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
19:22:35.0012 3948 amdsata - ok
19:22:35.0040 3948 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
19:22:35.0042 3948 amdsbs - ok
19:22:35.0063 3948 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
19:22:35.0064 3948 amdxata - ok
19:22:35.0109 3948 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
19:22:35.0109 3948 AppID - ok
19:22:35.0165 3948 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
19:22:35.0167 3948 AppIDSvc - ok
19:22:35.0185 3948 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
19:22:35.0186 3948 Appinfo - ok
19:22:35.0243 3948 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
19:22:35.0244 3948 arc - ok
19:22:35.0265 3948 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
19:22:35.0267 3948 arcsas - ok
19:22:35.0305 3948 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
19:22:35.0306 3948 AsyncMac - ok
19:22:35.0327 3948 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
19:22:35.0328 3948 atapi - ok
19:22:35.0394 3948 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
19:22:35.0397 3948 AudioEndpointBuilder - ok
19:22:35.0410 3948 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
19:22:35.0415 3948 Audiosrv - ok
19:22:35.0445 3948 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
19:22:35.0448 3948 AxInstSV - ok
19:22:35.0508 3948 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
19:22:35.0511 3948 b06bdrv - ok
19:22:35.0554 3948 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
19:22:35.0555 3948 b57nd60x - ok
19:22:35.0613 3948 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
19:22:35.0617 3948 BDESVC - ok
19:22:35.0629 3948 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
19:22:35.0631 3948 Beep - ok
19:22:35.0652 3948 BFE - ok
19:22:35.0717 3948 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
19:22:35.0723 3948 BITS - ok
19:22:35.0775 3948 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
19:22:35.0776 3948 blbdrive - ok
19:22:35.0835 3948 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
19:22:35.0837 3948 bowser - ok
19:22:35.0880 3948 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
19:22:35.0882 3948 BrFiltLo - ok
19:22:35.0913 3948 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
19:22:35.0913 3948 BrFiltUp - ok
19:22:35.0951 3948 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
19:22:35.0952 3948 BridgeMP - ok
19:22:36.0021 3948 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
19:22:36.0023 3948 Browser - ok
19:22:36.0061 3948 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
19:22:36.0063 3948 Brserid - ok
19:22:36.0087 3948 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
19:22:36.0089 3948 BrSerWdm - ok
19:22:36.0108 3948 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:22:36.0109 3948 BrUsbMdm - ok
19:22:36.0126 3948 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
19:22:36.0127 3948 BrUsbSer - ok
19:22:36.0150 3948 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
19:22:36.0151 3948 BTHMODEM - ok
19:22:36.0201 3948 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
19:22:36.0202 3948 bthserv - ok
19:22:36.0352 3948 catchme - ok
19:22:36.0429 3948 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
19:22:36.0430 3948 cdfs - ok
19:22:36.0480 3948 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
19:22:36.0481 3948 cdrom - ok
19:22:36.0541 3948 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
19:22:36.0542 3948 CertPropSvc - ok
19:22:36.0558 3948 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
19:22:36.0560 3948 circlass - ok
19:22:36.0593 3948 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
19:22:36.0596 3948 CLFS - ok
19:22:36.0713 3948 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:22:36.0715 3948 clr_optimization_v2.0.50727_32 - ok
19:22:36.0812 3948 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:22:36.0813 3948 clr_optimization_v4.0.30319_32 - ok
19:22:36.0847 3948 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
19:22:36.0849 3948 CmBatt - ok
19:22:36.0868 3948 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
19:22:36.0869 3948 cmdide - ok
19:22:36.0920 3948 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
19:22:36.0922 3948 CNG - ok
19:22:36.0979 3948 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
19:22:36.0979 3948 Compbatt - ok
19:22:37.0013 3948 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:22:37.0015 3948 CompositeBus - ok
19:22:37.0042 3948 COMSysApp - ok
19:22:37.0089 3948 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
19:22:37.0091 3948 crcdisk - ok
19:22:37.0148 3948 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
19:22:37.0151 3948 CryptSvc - ok
19:22:37.0199 3948 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
19:22:37.0204 3948 DcomLaunch - ok
19:22:37.0240 3948 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
19:22:37.0242 3948 defragsvc - ok
19:22:37.0276 3948 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
19:22:37.0277 3948 DfsC - ok
19:22:37.0348 3948 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
19:22:37.0351 3948 Dhcp - ok
19:22:37.0367 3948 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
19:22:37.0370 3948 discache - ok
19:22:37.0433 3948 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
19:22:37.0434 3948 Disk - ok
19:22:37.0489 3948 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
19:22:37.0491 3948 Dnscache - ok
19:22:37.0527 3948 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
19:22:37.0531 3948 dot3svc - ok
19:22:37.0553 3948 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
19:22:37.0555 3948 DPS - ok
19:22:37.0604 3948 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
19:22:37.0605 3948 drmkaud - ok
19:22:37.0652 3948 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
19:22:37.0657 3948 DXGKrnl - ok
19:22:37.0695 3948 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
19:22:37.0697 3948 EapHost - ok
19:22:37.0856 3948 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
19:22:37.0878 3948 ebdrv - ok
19:22:38.0013 3948 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
19:22:38.0016 3948 EFS - ok
19:22:38.0101 3948 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
19:22:38.0107 3948 ehRecvr - ok
19:22:38.0124 3948 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
19:22:38.0127 3948 ehSched - ok
19:22:38.0226 3948 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
19:22:38.0230 3948 elxstor - ok
19:22:38.0261 3948 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
19:22:38.0262 3948 ErrDev - ok
19:22:38.0317 3948 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
19:22:38.0320 3948 EventSystem - ok
19:22:38.0361 3948 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
19:22:38.0364 3948 exfat - ok
19:22:38.0403 3948 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
19:22:38.0404 3948 fastfat - ok
19:22:38.0479 3948 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
19:22:38.0483 3948 Fax - ok
19:22:38.0532 3948 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
19:22:38.0533 3948 fdc - ok
19:22:38.0567 3948 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
19:22:38.0569 3948 fdPHost - ok
19:22:38.0588 3948 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
19:22:38.0592 3948 FDResPub - ok
19:22:38.0631 3948 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
19:22:38.0632 3948 FileInfo - ok
19:22:38.0665 3948 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
19:22:38.0666 3948 Filetrace - ok
19:22:38.0674 3948 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
19:22:38.0674 3948 flpydisk - ok
19:22:38.0699 3948 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
19:22:38.0702 3948 FltMgr - ok
19:22:38.0759 3948 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
19:22:38.0765 3948 FontCache - ok
19:22:38.0869 3948 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:22:38.0870 3948 FontCache3.0.0.0 - ok
19:22:38.0918 3948 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
19:22:38.0920 3948 FsDepends - ok
19:22:38.0959 3948 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
19:22:38.0960 3948 Fs_Rec - ok
19:22:39.0002 3948 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
19:22:39.0004 3948 fvevol - ok
19:22:39.0050 3948 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
19:22:39.0051 3948 gagp30kx - ok
19:22:39.0101 3948 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
19:22:39.0106 3948 gpsvc - ok
19:22:39.0194 3948 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:22:39.0196 3948 gupdate - ok
19:22:39.0218 3948 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:22:39.0220 3948 gupdatem - ok
19:22:39.0263 3948 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
19:22:39.0265 3948 hcw85cir - ok
19:22:39.0306 3948 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
19:22:39.0310 3948 HdAudAddService - ok
19:22:39.0348 3948 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:22:39.0350 3948 HDAudBus - ok
19:22:39.0385 3948 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
19:22:39.0386 3948 HidBatt - ok
19:22:39.0410 3948 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
19:22:39.0411 3948 HidBth - ok
19:22:39.0436 3948 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
19:22:39.0437 3948 HidIr - ok
19:22:39.0473 3948 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
19:22:39.0475 3948 hidserv - ok
19:22:39.0537 3948 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
19:22:39.0540 3948 HidUsb - ok
19:22:39.0574 3948 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
19:22:39.0578 3948 hkmsvc - ok
19:22:39.0611 3948 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
19:22:39.0615 3948 HomeGroupListener - ok
19:22:39.0661 3948 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
19:22:39.0665 3948 HomeGroupProvider - ok
19:22:39.0723 3948 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
19:22:39.0724 3948 HpSAMD - ok
19:22:39.0779 3948 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
19:22:39.0785 3948 HTTP - ok
19:22:39.0803 3948 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
19:22:39.0804 3948 hwpolicy - ok
19:22:39.0851 3948 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
19:22:39.0853 3948 i8042prt - ok
19:22:39.0924 3948 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
19:22:39.0927 3948 iaStorV - ok
19:22:40.0074 3948 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:22:40.0081 3948 idsvc - ok
19:22:40.0560 3948 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:22:40.0770 3948 igfx - ok
19:22:40.0955 3948 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
19:22:40.0956 3948 iirsp - ok
19:22:41.0029 3948 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
19:22:41.0034 3948 IKEEXT - ok
19:22:41.0058 3948 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
19:22:41.0059 3948 intelide - ok
19:22:41.0087 3948 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
19:22:41.0088 3948 intelppm - ok
19:22:41.0129 3948 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
19:22:41.0131 3948 IPBusEnum - ok
19:22:41.0153 3948 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:22:41.0155 3948 IpFilterDriver - ok
19:22:41.0193 3948 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
19:22:41.0199 3948 iphlpsvc - ok
19:22:41.0234 3948 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
19:22:41.0235 3948 IPMIDRV - ok
19:22:41.0252 3948 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
19:22:41.0253 3948 IPNAT - ok
19:22:41.0291 3948 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
19:22:41.0293 3948 IRENUM - ok
19:22:41.0308 3948 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
19:22:41.0309 3948 isapnp - ok
19:22:41.0353 3948 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
19:22:41.0355 3948 iScsiPrt - ok
19:22:41.0375 3948 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:22:41.0377 3948 kbdclass - ok
19:22:41.0413 3948 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
19:22:41.0413 3948 kbdhid - ok
19:22:41.0446 3948 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:22:41.0448 3948 KeyIso - ok
19:22:41.0469 3948 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
19:22:41.0470 3948 KSecDD - ok
19:22:41.0500 3948 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
19:22:41.0501 3948 KSecPkg - ok
19:22:41.0540 3948 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
19:22:41.0544 3948 KtmRm - ok
19:22:41.0603 3948 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
19:22:41.0607 3948 LanmanServer - ok
19:22:41.0637 3948 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
19:22:41.0641 3948 LanmanWorkstation - ok
19:22:41.0694 3948 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
19:22:41.0696 3948 lltdio - ok
19:22:41.0739 3948 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
19:22:41.0742 3948 lltdsvc - ok
19:22:41.0758 3948 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
19:22:41.0760 3948 lmhosts - ok
19:22:41.0904 3948 LMIGuardianSvc (c2bc96051da4330c1fcf2fe13f60a748) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
19:22:41.0906 3948 LMIGuardianSvc - ok
19:22:41.0966 3948 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
19:22:41.0967 3948 LMIInfo - ok
19:22:42.0012 3948 LMIMaint (8960ac10842199c9dc2ec0956f5a4a8d) C:\Program Files\LogMeIn\x86\RaMaint.exe
19:22:42.0013 3948 LMIMaint - ok
19:22:42.0032 3948 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
19:22:42.0033 3948 lmimirr - ok
19:22:42.0059 3948 LMIRfsClientNP - ok
19:22:42.0098 3948 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
19:22:42.0099 3948 LMIRfsDriver - ok
19:22:42.0147 3948 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe
19:22:42.0150 3948 LogMeIn - ok
19:22:42.0213 3948 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
19:22:42.0214 3948 LSI_FC - ok
19:22:42.0287 3948 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
19:22:42.0288 3948 LSI_SAS - ok
19:22:42.0339 3948 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
19:22:42.0340 3948 LSI_SAS2 - ok
19:22:42.0362 3948 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
19:22:42.0363 3948 LSI_SCSI - ok
19:22:42.0384 3948 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
19:22:42.0386 3948 luafv - ok
19:22:42.0430 3948 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
19:22:42.0431 3948 MBAMProtector - ok
19:22:42.0481 3948 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:22:42.0486 3948 MBAMService - ok
19:22:42.0513 3948 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
19:22:42.0517 3948 Mcx2Svc - ok
19:22:42.0558 3948 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
19:22:42.0559 3948 megasas - ok
19:22:42.0609 3948 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
19:22:42.0610 3948 MegaSR - ok
19:22:42.0640 3948 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
19:22:42.0642 3948 MMCSS - ok
19:22:42.0658 3948 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
19:22:42.0659 3948 Modem - ok
19:22:42.0712 3948 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
19:22:42.0713 3948 monitor - ok
19:22:42.0745 3948 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
19:22:42.0747 3948 mouclass - ok
19:22:42.0757 3948 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\drivers\mouhid.sys
19:22:42.0758 3948 mouhid - ok
19:22:42.0791 3948 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
19:22:42.0792 3948 mountmgr - ok
19:22:42.0850 3948 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
19:22:42.0853 3948 MpFilter - ok
19:22:42.0890 3948 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
19:22:42.0892 3948 mpio - ok
19:22:43.0027 3948 MpKsl6c3b6c16 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5E9422AE-6F23-4A72-8CAA-86A43B151EB0}\MpKsl6c3b6c16.sys
19:22:43.0028 3948 MpKsl6c3b6c16 - ok
19:22:43.0044 3948 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
19:22:43.0046 3948 mpsdrv - ok
19:22:43.0093 3948 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
19:22:43.0098 3948 MpsSvc - ok
19:22:43.0134 3948 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
19:22:43.0135 3948 MRxDAV - ok
19:22:43.0196 3948 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:22:43.0197 3948 mrxsmb - ok
19:22:43.0228 3948 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:22:43.0234 3948 mrxsmb10 - ok
19:22:43.0259 3948 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:22:43.0260 3948 mrxsmb20 - ok
19:22:43.0299 3948 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
19:22:43.0300 3948 msahci - ok
19:22:43.0327 3948 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
19:22:43.0328 3948 msdsm - ok
19:22:43.0359 3948 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
19:22:43.0362 3948 MSDTC - ok
19:22:43.0389 3948 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
19:22:43.0390 3948 Msfs - ok
19:22:43.0424 3948 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
19:22:43.0425 3948 mshidkmdf - ok
19:22:43.0434 3948 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
19:22:43.0435 3948 msisadrv - ok
19:22:43.0499 3948 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
19:22:43.0502 3948 MSiSCSI - ok
19:22:43.0507 3948 msiserver - ok
19:22:43.0564 3948 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
19:22:43.0565 3948 MSKSSRV - ok
19:22:43.0701 3948 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:22:43.0702 3948 MsMpSvc - ok
19:22:43.0738 3948 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
19:22:43.0738 3948 MSPCLOCK - ok
19:22:43.0778 3948 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
19:22:43.0778 3948 MSPQM - ok
19:22:43.0794 3948 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
19:22:43.0796 3948 MsRPC - ok
19:22:43.0819 3948 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
19:22:43.0821 3948 mssmbios - ok
19:22:43.0859 3948 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
19:22:43.0860 3948 MSTEE - ok
19:22:43.0896 3948 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
19:22:43.0897 3948 MTConfig - ok
19:22:43.0920 3948 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
19:22:43.0922 3948 Mup - ok
19:22:43.0965 3948 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
19:22:43.0969 3948 napagent - ok
19:22:44.0030 3948 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
19:22:44.0033 3948 NativeWifiP - ok
19:22:44.0081 3948 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
19:22:44.0086 3948 NDIS - ok
19:22:44.0119 3948 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
19:22:44.0121 3948 NdisCap - ok
19:22:44.0151 3948 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
19:22:44.0155 3948 NdisTapi - ok
19:22:44.0174 3948 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
19:22:44.0175 3948 Ndisuio - ok
19:22:44.0202 3948 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
19:22:44.0204 3948 NdisWan - ok
19:22:44.0215 3948 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
19:22:44.0219 3948 NDProxy - ok
19:22:44.0295 3948 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
19:22:44.0296 3948 NetBIOS - ok
19:22:44.0349 3948 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
19:22:44.0352 3948 NetBT - ok
19:22:44.0380 3948 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:22:44.0383 3948 Netlogon - ok
19:22:44.0451 3948 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
19:22:44.0454 3948 Netman - ok
19:22:44.0506 3948 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
19:22:44.0511 3948 netprofm - ok
19:22:44.0658 3948 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:22:44.0661 3948 NetTcpPortSharing - ok
19:22:44.0716 3948 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
19:22:44.0716 3948 nfrd960 - ok
19:22:44.0759 3948 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:22:44.0761 3948 NisDrv - ok
19:22:44.0861 3948 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
19:22:44.0865 3948 NisSrv - ok
19:22:44.0909 3948 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
19:22:44.0913 3948 NlaSvc - ok
19:22:44.0927 3948 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
19:22:44.0928 3948 Npfs - ok
19:22:44.0941 3948 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
19:22:44.0944 3948 nsi - ok
19:22:44.0974 3948 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
19:22:44.0976 3948 nsiproxy - ok
19:22:45.0059 3948 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
19:22:45.0067 3948 Ntfs - ok
19:22:45.0103 3948 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
19:22:45.0104 3948 Null - ok
19:22:45.0156 3948 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
19:22:45.0157 3948 nvraid - ok
19:22:45.0186 3948 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
19:22:45.0188 3948 nvstor - ok
19:22:45.0220 3948 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
19:22:45.0222 3948 nv_agp - ok
19:22:45.0249 3948 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
19:22:45.0251 3948 ohci1394 - ok
19:22:45.0292 3948 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
19:22:45.0296 3948 p2pimsvc - ok
19:22:45.0320 3948 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
19:22:45.0327 3948 p2psvc - ok
19:22:45.0356 3948 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys
19:22:45.0358 3948 Parport - ok
19:22:45.0387 3948 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
19:22:45.0388 3948 partmgr - ok
19:22:45.0408 3948 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys
19:22:45.0409 3948 Parvdm - ok
19:22:45.0446 3948 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
19:22:45.0449 3948 PcaSvc - ok
19:22:45.0483 3948 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
19:22:45.0484 3948 pci - ok
19:22:45.0507 3948 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
19:22:45.0508 3948 pciide - ok
19:22:45.0534 3948 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
19:22:45.0536 3948 pcmcia - ok
19:22:45.0568 3948 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
19:22:45.0569 3948 pcw - ok
19:22:45.0625 3948 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
19:22:45.0632 3948 PEAUTH - ok
19:22:45.0733 3948 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
19:22:45.0744 3948 pla - ok
19:22:45.0902 3948 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
19:22:45.0907 3948 PlugPlay - ok
19:22:45.0944 3948 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
19:22:45.0947 3948 PNRPAutoReg - ok
19:22:45.0981 3948 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
19:22:45.0985 3948 PNRPsvc - ok
19:22:46.0049 3948 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
19:22:46.0053 3948 PolicyAgent - ok
19:22:46.0104 3948 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
19:22:46.0107 3948 Power - ok
19:22:46.0191 3948 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
19:22:46.0194 3948 PptpMiniport - ok
19:22:46.0209 3948 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
19:22:46.0211 3948 Processor - ok
19:22:46.0248 3948 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
19:22:46.0274 3948 ProfSvc - ok
19:22:46.0313 3948 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:22:46.0316 3948 ProtectedStorage - ok
19:22:46.0405 3948 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
19:22:46.0407 3948 Psched - ok
19:22:46.0488 3948 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
19:22:46.0498 3948 ql2300 - ok
19:22:46.0700 3948 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
19:22:46.0701 3948 ql40xx - ok
19:22:46.0734 3948 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
19:22:46.0739 3948 QWAVE - ok
19:22:46.0763 3948 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
19:22:46.0765 3948 QWAVEdrv - ok
19:22:46.0786 3948 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
19:22:46.0787 3948 RasAcd - ok
19:22:46.0838 3948 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:22:46.0840 3948 RasAgileVpn - ok
19:22:46.0882 3948 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
19:22:46.0886 3948 RasAuto - ok
19:22:46.0930 3948 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:22:46.0932 3948 Rasl2tp - ok
19:22:46.0983 3948 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
19:22:46.0988 3948 RasMan - ok
19:22:47.0017 3948 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
19:22:47.0019 3948 RasPppoe - ok
19:22:47.0066 3948 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
19:22:47.0071 3948 RasSstp - ok
19:22:47.0099 3948 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
19:22:47.0102 3948 rdbss - ok
19:22:47.0118 3948 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\drivers\rdpbus.sys
19:22:47.0119 3948 rdpbus - ok
19:22:47.0131 3948 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:22:47.0132 3948 RDPCDD - ok
19:22:47.0183 3948 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
19:22:47.0184 3948 RDPENCDD - ok
19:22:47.0203 3948 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
19:22:47.0204 3948 RDPREFMP - ok
19:22:47.0239 3948 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
19:22:47.0240 3948 RDPWD - ok
19:22:47.0289 3948 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
19:22:47.0291 3948 rdyboost - ok
19:22:47.0329 3948 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
19:22:47.0331 3948 RemoteAccess - ok
19:22:47.0351 3948 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
19:22:47.0357 3948 RemoteRegistry - ok
19:22:47.0385 3948 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
19:22:47.0389 3948 RpcEptMapper - ok
19:22:47.0426 3948 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
19:22:47.0428 3948 RpcLocator - ok
19:22:47.0466 3948 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\System32\rpcss.dll
19:22:47.0471 3948 RpcSs - ok
19:22:47.0519 3948 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
19:22:47.0521 3948 rspndr - ok
19:22:47.0597 3948 RTL8167 (5283b9a27ff230f2ff70d92451ff409a) C:\Windows\system32\DRIVERS\Rt86win7.sys
19:22:47.0600 3948 RTL8167 - ok
19:22:47.0665 3948 RTL8187B (949f74cb383a1d5da67aea9ccd4a8b87) C:\Windows\system32\DRIVERS\RTL8187B.sys
19:22:47.0670 3948 RTL8187B - ok
19:22:47.0713 3948 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:22:47.0715 3948 SamSs - ok
19:22:47.0815 3948 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:22:47.0816 3948 SASDIFSV - ok
19:22:47.0850 3948 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:22:47.0851 3948 SASKUTIL - ok
19:22:47.0894 3948 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
19:22:47.0895 3948 sbp2port - ok
19:22:47.0924 3948 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
19:22:47.0928 3948 SCardSvr - ok
19:22:47.0962 3948 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
19:22:47.0963 3948 scfilter - ok
19:22:48.0009 3948 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
19:22:48.0015 3948 Schedule - ok
19:22:48.0052 3948 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
19:22:48.0053 3948 SCPolicySvc - ok
19:22:48.0095 3948 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
19:22:48.0099 3948 SDRSVC - ok
19:22:48.0148 3948 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:22:48.0149 3948 secdrv - ok
19:22:48.0175 3948 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
19:22:48.0178 3948 seclogon - ok
19:22:48.0217 3948 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
19:22:48.0219 3948 SENS - ok
19:22:48.0245 3948 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
19:22:48.0271 3948 SensrSvc - ok
19:22:48.0303 3948 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\drivers\serenum.sys
19:22:48.0304 3948 Serenum - ok
19:22:48.0359 3948 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\drivers\serial.sys
19:22:48.0360 3948 Serial - ok
19:22:48.0374 3948 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
19:22:48.0375 3948 sermouse - ok
19:22:48.0434 3948 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
19:22:48.0437 3948 SessionEnv - ok
19:22:48.0463 3948 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
19:22:48.0464 3948 sffdisk - ok
19:22:48.0474 3948 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
19:22:48.0475 3948 sffp_mmc - ok
19:22:48.0513 3948 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
19:22:48.0514 3948 sffp_sd - ok
19:22:48.0522 3948 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
19:22:48.0523 3948 sfloppy - ok
19:22:48.0595 3948 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
19:22:48.0600 3948 SharedAccess - ok
19:22:48.0644 3948 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
19:22:48.0649 3948 ShellHWDetection - ok
19:22:48.0684 3948 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
19:22:48.0684 3948 sisagp - ok
19:22:48.0706 3948 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
19:22:48.0708 3948 SiSRaid2 - ok
19:22:48.0733 3948 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
19:22:48.0735 3948 SiSRaid4 - ok
19:22:48.0761 3948 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
19:22:48.0763 3948 Smb - ok
19:22:48.0810 3948 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
19:22:48.0814 3948 SNMPTRAP - ok
19:22:48.0845 3948 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
19:22:48.0846 3948 spldr - ok
19:22:48.0898 3948 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
19:22:48.0902 3948 Spooler - ok
19:22:49.0039 3948 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
19:22:49.0064 3948 sppsvc - ok
19:22:49.0193 3948 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
19:22:49.0197 3948 sppuinotify - ok
19:22:49.0282 3948 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
19:22:49.0285 3948 srv - ok
19:22:49.0331 3948 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
19:22:49.0335 3948 srv2 - ok
19:22:49.0371 3948 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
19:22:49.0373 3948 srvnet - ok
19:22:49.0408 3948 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
19:22:49.0413 3948 SSDPSRV - ok
19:22:49.0421 3948 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
19:22:49.0428 3948 SstpSvc - ok
19:22:49.0456 3948 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
19:22:49.0457 3948 stexstor - ok
19:22:49.0496 3948 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
19:22:49.0503 3948 StiSvc - ok
19:22:49.0528 3948 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
19:22:49.0529 3948 swenum - ok
19:22:49.0568 3948 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
19:22:49.0574 3948 swprv - ok
19:22:49.0632 3948 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys
19:22:49.0634 3948 SynTP - ok
19:22:49.0700 3948 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
19:22:49.0710 3948 SysMain - ok
19:22:49.0722 3948 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
19:22:49.0726 3948 TabletInputService - ok
19:22:49.0759 3948 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
19:22:49.0766 3948 TapiSrv - ok
19:22:49.0786 3948 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
19:22:49.0790 3948 TBS - ok
19:22:49.0911 3948 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
19:22:49.0920 3948 Tcpip - ok
19:22:49.0957 3948 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
19:22:49.0967 3948 TCPIP6 - ok
19:22:50.0014 3948 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
19:22:50.0015 3948 tcpipreg - ok
19:22:50.0032 3948 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
19:22:50.0033 3948 TDPIPE - ok
19:22:50.0071 3948 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
19:22:50.0072 3948 TDTCP - ok
19:22:50.0105 3948 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
19:22:50.0107 3948 tdx - ok
19:22:50.0135 3948 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
19:22:50.0137 3948 TermDD - ok
19:22:50.0186 3948 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
19:22:50.0191 3948 TermService - ok
19:22:50.0201 3948 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
19:22:50.0204 3948 Themes - ok
19:22:50.0230 3948 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
19:22:50.0233 3948 THREADORDER - ok
19:22:50.0291 3948 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
19:22:50.0294 3948 TrkWks - ok
19:22:50.0356 3948 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
19:22:50.0358 3948 TrustedInstaller - ok
19:22:50.0390 3948 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:22:50.0392 3948 tssecsrv - ok
19:22:50.0411 3948 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
19:22:50.0414 3948 TsUsbFlt - ok
19:22:50.0442 3948 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
19:22:50.0443 3948 TsUsbGD - ok
19:22:50.0504 3948 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
19:22:50.0506 3948 tunnel - ok
19:22:50.0565 3948 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
19:22:50.0566 3948 TVALZ - ok
19:22:50.0599 3948 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
19:22:50.0601 3948 uagp35 - ok
19:22:50.0625 3948 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
19:22:50.0627 3948 udfs - ok
19:22:50.0666 3948 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
19:22:50.0672 3948 UI0Detect - ok
19:22:50.0707 3948 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
19:22:50.0708 3948 uliagpkx - ok
19:22:50.0731 3948 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
19:22:50.0767 3948 umbus - ok
19:22:50.0788 3948 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
19:22:50.0788 3948 UmPass - ok
19:22:50.0829 3948 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
19:22:50.0833 3948 upnphost - ok
19:22:50.0860 3948 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys
19:22:50.0861 3948 usbccgp - ok
19:22:50.0907 3948 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
19:22:50.0909 3948 usbcir - ok
19:22:50.0950 3948 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
19:22:50.0951 3948 usbehci - ok
19:22:51.0004 3948 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
19:22:51.0008 3948 usbhub - ok
19:22:51.0034 3948 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
19:22:51.0035 3948 usbohci - ok
19:22:51.0085 3948 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys
19:22:51.0086 3948 usbprint - ok
19:22:51.0121 3948 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:22:51.0123 3948 USBSTOR - ok
19:22:51.0155 3948 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
19:22:51.0156 3948 usbuhci - ok
19:22:51.0194 3948 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
19:22:51.0197 3948 UxSms - ok
19:22:51.0224 3948 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:22:51.0226 3948 VaultSvc - ok
19:22:51.0282 3948 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
19:22:51.0283 3948 vdrvroot - ok
19:22:51.0328 3948 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
19:22:51.0338 3948 vds - ok
19:22:51.0360 3948 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
19:22:51.0361 3948 vga - ok
19:22:51.0372 3948 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
19:22:51.0373 3948 VgaSave - ok
19:22:51.0402 3948 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
19:22:51.0403 3948 vhdmp - ok
19:22:51.0437 3948 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
19:22:51.0438 3948 viaagp - ok
19:22:51.0458 3948 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
19:22:51.0460 3948 ViaC7 - ok
19:22:51.0480 3948 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
19:22:51.0481 3948 viaide - ok
19:22:51.0513 3948 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
19:22:51.0514 3948 volmgr - ok
19:22:51.0543 3948 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
19:22:51.0546 3948 volmgrx - ok
19:22:51.0576 3948 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
19:22:51.0578 3948 volsnap - ok
19:22:51.0624 3948 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
19:22:51.0626 3948 vsmraid - ok
19:22:51.0696 3948 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
19:22:51.0705 3948 VSS - ok
19:22:51.0736 3948 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
19:22:51.0738 3948 vwifibus - ok
19:22:51.0778 3948 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
19:22:51.0780 3948 vwififlt - ok
19:22:51.0822 3948 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
19:22:51.0827 3948 W32Time - ok
19:22:51.0868 3948 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
19:22:51.0869 3948 WacomPen - ok
19:22:51.0907 3948 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:22:51.0908 3948 WANARP - ok
19:22:51.0919 3948 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:22:51.0920 3948 Wanarpv6 - ok
19:22:52.0033 3948 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
19:22:52.0042 3948 WatAdminSvc - ok
19:22:52.0113 3948 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
19:22:52.0127 3948 wbengine - ok
19:22:52.0141 3948 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
19:22:52.0148 3948 WbioSrvc - ok
19:22:52.0167 3948 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
19:22:52.0175 3948 wcncsvc - ok
19:22:52.0188 3948 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
19:22:52.0193 3948 WcsPlugInService - ok
19:22:52.0278 3948 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
19:22:52.0279 3948 Wd - ok
19:22:52.0358 3948 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:22:52.0361 3948 Wdf01000 - ok
19:22:52.0429 3948 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
19:22:52.0432 3948 WdiServiceHost - ok
19:22:52.0441 3948 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
19:22:52.0444 3948 WdiSystemHost - ok
19:22:52.0462 3948 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
19:22:52.0468 3948 WebClient - ok
19:22:52.0494 3948 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
19:22:52.0498 3948 Wecsvc - ok
19:22:52.0524 3948 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
19:22:52.0528 3948 wercplsupport - ok
19:22:52.0554 3948 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
19:22:52.0558 3948 WerSvc - ok
19:22:52.0605 3948 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
19:22:52.0606 3948 WfpLwf - ok
19:22:52.0622 3948 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
19:22:52.0623 3948 WIMMount - ok
19:22:52.0761 3948 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
19:22:52.0765 3948 WinDefend - ok
19:22:52.0779 3948 WinHttpAutoProxySvc - ok
19:22:52.0868 3948 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
19:22:52.0870 3948 Winmgmt - ok
19:22:52.0937 3948 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
19:22:52.0948 3948 WinRM - ok
19:22:53.0032 3948 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
19:22:53.0044 3948 Wlansvc - ok
19:22:53.0118 3948 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
19:22:53.0119 3948 WmiAcpi - ok
19:22:53.0203 3948 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
19:22:53.0206 3948 wmiApSrv - ok
19:22:53.0337 3948 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:22:53.0349 3948 WMPNetworkSvc - ok
19:22:53.0400 3948 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
19:22:53.0403 3948 WPCSvc - ok
19:22:53.0419 3948 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
19:22:53.0426 3948 WPDBusEnum - ok
19:22:53.0510 3948 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
19:22:53.0511 3948 ws2ifsl - ok
19:22:53.0548 3948 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
19:22:53.0551 3948 wscsvc - ok
19:22:53.0560 3948 WSearch - ok
19:22:53.0647 3948 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
19:22:53.0661 3948 wuauserv - ok
19:22:53.0814 3948 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
19:22:53.0817 3948 WudfPf - ok
19:22:53.0865 3948 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:22:53.0868 3948 WUDFRd - ok
19:22:53.0916 3948 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
19:22:53.0921 3948 wudfsvc - ok
19:22:53.0945 3948 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
19:22:53.0951 3948 WwanSvc - ok
19:22:54.0006 3948 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:22:54.0171 3948 \Device\Harddisk0\DR0 - ok
19:22:54.0188 3948 Boot (0x1200) (6f381ef7e452d9b253211668fe68a4e0) \Device\Harddisk0\DR0\Partition0
19:22:54.0190 3948 \Device\Harddisk0\DR0\Partition0 - ok
19:22:54.0228 3948 Boot (0x1200) (60fb60723d1b305a35da7e7ef6ecd8a2) \Device\Harddisk0\DR0\Partition1
19:22:54.0259 3948 \Device\Harddisk0\DR0\Partition1 - ok
19:22:54.0260 3948 ============================================================
19:22:54.0260 3948 Scan finished
19:22:54.0260 3948 ============================================================
19:22:54.0291 3832 Detected object count: 0
19:22:54.0291 3832 Actual detected object count: 0
19:22:59.0353 2672 Deinitialize success


When I ran the second program you suggested, it started and ran for a period the I got a windows error box.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:13 AM

Posted 12 June 2012 - 10:01 PM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 bhz

bhz
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern Calilfornia
  • Local time:07:13 AM

Posted 12 June 2012 - 10:28 PM

ComboFix 12-06-12.03 - AngelicaV 06/12/2012 20:09:12.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2940.1993 [GMT -7:00]
Running from: c:\users\AngelicaV\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\install.exe
c:\users\ANGELI~1\AppData\Local\Temp\{45971C29-55CC-4255-B5D7-9F6C060807F1}\fpb.tmp
c:\users\AngelicaV\AppData\Local\Temp\{45971C29-55CC-4255-B5D7-9F6C060807F1}\fpb.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-13 to 2012-06-13 )))))))))))))))))))))))))))))))
.
.
2012-06-13 03:13 . 2012-06-13 03:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-13 03:06 . 2012-06-13 03:06 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5E9422AE-6F23-4A72-8CAA-86A43B151EB0}\offreg.dll
2012-06-13 02:58 . 2012-06-13 02:58 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5E9422AE-6F23-4A72-8CAA-86A43B151EB0}\MpKsl8ad45c6e.sys
2012-06-13 02:19 . 2012-06-13 02:19 -------- d-----w- c:\users\LogMeInRemoteUser
2012-06-13 00:21 . 2012-05-11 17:40 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-06-13 00:21 . 2012-05-11 17:40 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-06-13 00:21 . 2012-05-11 17:40 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-06-13 00:21 . 2012-04-02 19:17 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-06-13 00:21 . 2012-05-11 17:40 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-06-13 00:21 . 2012-06-13 00:21 -------- d-----w- c:\programdata\LogMeIn
2012-06-13 00:21 . 2012-06-13 02:20 -------- d-----w- c:\program files\LogMeIn
2012-06-12 23:53 . 2012-06-12 23:54 -------- d-----w- C:\FRST
2012-06-12 18:12 . 2012-02-09 20:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-12 18:12 . 2012-02-09 20:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{195F20A6-D69D-41B6-8C04-0B5AFF343F85}\gapaengine.dll
2012-06-12 18:11 . 2012-05-15 08:43 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5E9422AE-6F23-4A72-8CAA-86A43B151EB0}\mpengine.dll
2012-06-12 18:11 . 2012-05-15 08:43 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-07 21:38 . 2012-06-07 21:38 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-07 21:38 . 2012-06-07 21:38 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-07 21:38 . 2012-06-07 21:38 -------- d-----w- c:\windows\system32\Macromed
2012-06-01 14:19 . 2012-06-01 20:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-01 13:21 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2012-06-01 13:21 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-05-31 14:31 . 2011-03-25 02:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-05-31 14:12 . 2012-05-31 14:12 -------- d-----w- c:\program files\Microsoft.NET
2012-05-31 14:08 . 2012-05-31 14:09 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-31 13:48 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-31 13:48 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-05-31 13:48 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-31 13:48 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-31 13:47 . 2012-05-31 13:47 -------- d-----w- c:\program files\Intel
2012-05-31 13:47 . 2012-05-31 13:47 -------- d-----w- C:\Intel
2012-05-31 13:21 . 2012-05-31 13:21 -------- d-----w- c:\windows\system32\Wat
2012-05-30 22:34 . 2012-05-30 22:03 -------- d-----w- c:\windows\Panther
2012-05-30 22:31 . 2012-05-30 22:31 -------- d-----w- c:\program files\Synaptics
2012-05-30 22:27 . 2011-01-17 05:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-30 22:25 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-05-30 22:20 . 2012-05-30 22:22 -------- d-----w- c:\program files\Defraggler
2012-05-30 22:16 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-05-30 22:15 . 2012-06-13 00:21 -------- d-sh--w- c:\windows\Installer
2012-05-30 22:15 . 2012-05-30 22:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-30 22:15 . 2012-05-30 22:15 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-30 22:15 . 2012-05-30 22:21 -------- d-----w- c:\program files\Google
2012-05-30 22:11 . 2012-05-30 22:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-30 22:11 . 2012-05-30 22:11 -------- d-----w- c:\programdata\Malwarebytes
2012-05-30 22:11 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-30 22:06 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-05-30 22:06 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-30 22:06 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-05-30 22:06 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-30 22:06 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-30 22:06 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-05-30 22:03 . 2012-06-07 21:32 -------- d-----w- c:\users\AngelicaV
2012-05-30 13:04 . 2012-05-30 22:03 -------- d-----w- C:\Recovery
2012-05-29 22:40 . 2012-05-29 22:40 -------- d-----w- C:\Windows.old
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-02 19:17 . 2012-04-02 19:17 25248 ----a-w- c:\windows\system32\lmimirr.dll
2012-04-02 19:17 . 2012-04-02 19:17 11552 ----a-w- c:\windows\system32\lmimirr2.dll
2012-04-02 19:17 . 2012-04-02 19:17 10144 ----a-w- c:\windows\system32\drivers\lmimirr.sys
2012-03-21 03:44 . 2012-03-21 03:44 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44 . 2012-03-21 03:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2012-04-02 63048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ehshell.exe]
"Debugger"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" -MceShellRedirect
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-05-30 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-05-30 136176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 74112]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 214952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-31 1343400]
S1 MpKsl8ad45c6e;MpKsl8ad45c6e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5E9422AE-6F23-4A72-8CAA-86A43B151EB0}\MpKsl8ad45c6e.sys [2012-06-13 29904]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2012-05-11 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2012-04-02 12856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 379904]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-30 22:15]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-30 22:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 192.168.192.11
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\windows\system32\taskhost.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-06-12 20:18:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-13 03:18
.
Pre-Run: 213,731,553,280 bytes free
Post-Run: 213,371,891,712 bytes free
.
- - End Of File - - 1E8329082C2657C3E25CA20B33A5EB05



Seems to be working fine.

Do you know of a program that can gather up all my software keys so I can reinstall the software?

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:13 AM

Posted 12 June 2012 - 10:39 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users