Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Gen.2; Trojan.Gen; Trojan.Zeroaccess.C; Trojan.Zeroaccess.B; Trojan.Zeroaccess


  • This topic is locked This topic is locked
21 replies to this topic

#1 JimDaniels

JimDaniels

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 17 August 2012 - 09:04 AM

I just read another posting on this forum with the exact symptoms that I am having with my PC. About 3 days ago, my Symantec Endpoint Protection started alerting me of a virus. Short story, it turns out to be this nasty Trojan Zero Access C. I have read several forums and tried different solutions including ComboFix, TDDSkiller, RogueKiller, Malwarebytes, etc. I thought I had the problem solved yesterday, but when I came into the office today. My computer had rebooted itself and now it cannot find the boot drive. I was able to boot my PC with a Comodo rescue CD and I am now copying my files on to an external drive.

My questions are: 1) Can I recover from this boot error? and 2) If I can recover, is there any cure for this Trojan, which from my reading seems to replace code within system files like services.exe, or should I just try using the recovery partion of my PC and just start from scratch?

I am running Windows 7 64 bit OS on a Dell T3500. I will gladly provide any additional information. Thank you in advance for any advice and/or assistance you can provide.

Jim Daniels

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:21 AM

Posted 19 August 2012 - 02:02 AM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flash-drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 JimDaniels

JimDaniels
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 20 August 2012 - 08:51 AM

Good morning Gringo and thank you for your assistance. The current state of my PC is as follows, I ran a Repair from the original Windows Reinstallation DVD that came with my computer which allowed me to log back into my PC. Although, I am getting a lot of "Side by Side" errors when I try to run applications. In any event, I ran a full scan with MS Essentials over the weekend and it detected and removed 2 piece of malware. I also backed my files from the PC to external drive just in case.

I am currently running a chkdsk /r which has repaired several files, but it is taking a long time to complete. As soon as it is complete, I will run the Farbar tool and send you the text of the results in another reply.

Thank you again for your assistance.

#4 JimDaniels

JimDaniels
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 20 August 2012 - 10:08 AM

Hello Gringo,

Okay, below is the text from the two files generated by the Farbar Recovery Tool:

FRST.txt

Scan result of Farbar Recovery Scan Tool Version: 19-08-2012
Ran by SYSTEM at 20-08-2012 10:57:54
Running from G:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [ATIModeChange] Ati2mdxx.exe [x]
HKLM\...\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232 2010-06-22] (Broadcom Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [x]
HKLM\...\Run: [PocketCloud Location] "C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe" [883104 2012-05-11] (Wyse Technology Inc.)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-04-23] (Analog Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [x]
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [41944 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640480 2012-07-30] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM-x32\...\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" [115624 2012-02-25] (Symantec Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\administrator\...\Run: [Google Update] "C:\Users\administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-12-14] (Google Inc.)
HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\jholley.BROFFICE\...\Run: [AdobeBridge] [x]
HKU\jholley.BROFFICE\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\jholley.BROFFICE\...\Run: [Google Update] "C:\Users\jholley.BROFFICE\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-11-21] (Google Inc.)
HKU\jholley.BROFFICE\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [26624 2010-11-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.3 192.168.1.5
Lsa: [Authentication Packages] msv1_0
wvauth
Startup: C:\Users\jholley.BROFFICE\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Users\jholley.BROFFICE\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ======

3 AppIDSvc; C:\Windows\System32\appidsvc.dll [32256 2009-07-13] ()
2 atashost; "C:\Windows\SysWOW64\atashost.exe" [134968 2012-04-28] (Cisco WebEx LLC)
2 ccEvtMgr; "C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108456 2012-02-25] (Symantec Corporation)
2 ccSetMgr; "C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108456 2012-02-25] (Symantec Corporation)
3 LiveUpdate; "C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE" [3093944 2011-05-26] (Symantec Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
2 MSSQL$MAPS; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MAPS\MSSQL\Binn\sqlservr.exe" -sMAPS [61913952 2010-04-03] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 NLS; "C:\Program Files (x86)\Common Files\Nuance\Licensing\NuanceLS.exe" [864640 2011-08-22] (Nuance)
3 RpcLocator; C:\Windows\System32\locator.exe [10240 2009-07-13] ()
2 SmcService; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe" [3262240 2012-02-25] (Symantec Corporation)
4 SNAC; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE" [428976 2012-02-25] (Symantec Corporation)
2 SonicWALL SSO Agent; "C:\Program Files (x86)\SonicWALL\DCON\CIAService.exe" [135168 2011-10-31] (SonicWALL Inc.)
4 SQLAgent$MAPS; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MAPS\MSSQL\Binn\SQLAGENT.EXE" -i MAPS [428384 2010-04-03] (Microsoft Corporation)
3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [74392 2009-01-16] (MicroVision Development, Inc.)
2 SWGVCSvc; "C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe" -regserver [284696 2009-03-05] (SonicWALL, Inc.)
2 Symantec AntiVirus; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe" [1851224 2012-02-25] (Symantec Corporation)
2 tcsd_win32.exe; "C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe" [1273856 2008-11-12] ()
3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-13] ()
2 WysePocketCloud; "C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe" [177056 2012-05-11] ()
2 M4-Service; C:\Users\jholley.BROFFICE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGZ34AIF\M4-Service.exe [x]

========================== Drivers (Whitelisted) =============

3 ADIHdAudAddService; C:\Windows\System32\drivers\ADIHdAud.sys [497152 2009-04-23] (Analog Devices, Inc.)
3 Blfp; C:\Windows\System32\DRIVERS\basp.sys [103424 2010-02-10] (Broadcom Corporation)
3 DNE; C:\Windows\System32\DRIVERS\dne64x.sys [157968 2008-11-16] (Deterministic Networks, Inc.)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation)
3 lmimirr; C:\Windows\System32\Drivers\lmimirr.sys [11552 2010-09-17] (LogMeIn, Inc.)
2 LMIRfsDriver; C:\Windows\System32\Drivers\LMIRfsDriver.sys [72216 2010-09-17] (LogMeIn, Inc.)
3 mshidkmdf; C:\Windows\System32\Drivers\mshidkmdf.sys [8192 2009-07-13] ()
3 NAVENG; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120815.002\ENG64.SYS [120440 2012-06-25] (Symantec Corporation)
3 NAVEX15; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120815.002\EX64.SYS [2068600 2012-06-25] (Symantec Corporation)
3 PSSDK42; C:\Windows\System32\Drivers\PSSDK42.sys [53312 2011-03-09] (microOLAP Technologies LTD)
4 RsFx0150; C:\Windows\System32\Drivers\RsFx0150.sys [313696 2010-04-03] (Microsoft Corporation)
1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [453240 2012-02-25] (Symantec Corporation)
3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [482424 2012-02-25] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32376 2012-02-25] (Symantec Corporation)
1 SWIPsec; C:\Windows\System32\Drivers\SWIPsec.sys [99352 2009-03-05] (SonicWALL, Inc.)
3 SWVNIC; C:\Windows\System32\Drivers\SWVNIC.sys [24600 2009-03-04] (SonicWALL, Inc.)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-08-15] (Symantec Corporation)
1 Teefer3; C:\Windows\System32\Drivers\Teefer3.sys [53880 2012-02-27] (Symantec Corporation)
1 WPS; \??\C:\Windows\system32\drivers\wpsdrvnt.sys [54392 2012-02-27] (Symantec Corporation)
3 WpsHelper; C:\Windows\System32\Drivers\WpsHelper.sys [225328 2012-08-15] (Symantec Corporation)
2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]
2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [x]
4 LMIRfsClientNP; [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-20 06:44 - 2012-08-20 06:44 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{B5D04751-7ACC-4C99-A9F2-A94CCA9EC2B0}
2012-08-20 06:38 - 2012-08-20 06:38 - 00003544 ____N C:\bootsqm.dat
2012-08-17 10:50 - 2012-08-17 10:50 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{B0C1DE8A-F42E-47E1-B567-120BB143DBB1}
2012-08-17 01:14 - 2012-08-17 01:15 - 00000000 ___AD C:\cce_linux
2012-08-16 10:35 - 2009-08-19 20:50 - 00024416 ___RA (Adobe Systems Inc.) C:\Windows\System32\AdobePDFUI.dll
2012-08-16 10:28 - 2012-08-16 10:28 - 00001461 ____A C:\Users\jholley.BROFFICE\Desktop\RKreport[12].txt
2012-08-16 07:17 - 2012-08-16 13:20 - 528745472 ____A C:\Users\jholley.BROFFICE\Desktop\Outlook.pst
2012-08-16 07:01 - 2012-08-16 07:01 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-08-16 07:01 - 2012-08-16 07:01 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2012-08-16 07:00 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-16 07:00 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-16 07:00 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-16 07:00 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-16 07:00 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-16 07:00 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-16 07:00 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-16 07:00 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-16 07:00 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-16 07:00 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-16 07:00 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-16 07:00 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-16 07:00 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-16 07:00 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-16 07:00 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-16 07:00 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-16 07:00 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-16 07:00 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-16 07:00 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-16 07:00 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-16 07:00 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-16 07:00 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-16 07:00 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-16 07:00 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-16 07:00 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-16 07:00 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-16 07:00 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-16 07:00 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-16 06:55 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-16 06:55 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-16 06:55 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-16 06:55 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-16 06:55 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-08-16 06:55 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-08-16 06:55 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-08-16 06:55 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-08-16 06:55 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-08-16 06:55 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-08-16 06:55 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-08-16 06:55 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-08-16 06:55 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-08-16 06:55 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-08-16 06:55 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-08-16 06:55 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-08-16 06:55 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-08-16 06:55 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-08-16 06:55 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-08-16 06:55 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-08-16 06:55 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-08-16 06:55 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-16 06:55 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-16 06:55 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-08-16 06:55 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-16 06:55 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-08-16 06:55 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-08-16 06:55 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2012-08-16 06:55 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-08-16 06:55 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-08-16 06:53 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-08-16 06:53 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-08-16 06:39 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-08-16 06:39 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-08-16 06:39 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-08-16 06:39 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-08-16 06:39 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-08-16 06:39 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-08-16 06:39 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-08-16 06:39 - 2012-06-02 11:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-08-16 06:39 - 2012-06-02 11:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-08-16 06:36 - 2012-08-16 06:36 - 00001421 ____A C:\Users\jholley.BROFFICE\Desktop\RKreport[11].txt
2012-08-16 06:34 - 2012-08-16 06:34 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{9DAC80B2-BF06-4BFB-8429-C9D7817F5B05}
2012-08-16 06:34 - 2012-08-16 06:34 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{39B3E720-8A53-4D4D-9B52-D59B578A2D58}
2012-08-16 06:13 - 2012-08-16 06:13 - 00000000 ____D C:\FRST
2012-08-16 06:09 - 2012-08-16 06:09 - 00001525 ____A C:\Users\jholley.BROFFICE\Desktop\RKreport[9].txt
2012-08-16 06:09 - 2012-08-16 06:09 - 00001298 ____A C:\Users\jholley.BROFFICE\Desktop\RKreport[10].txt
2012-08-16 06:06 - 2012-08-16 06:06 - 00001235 ____A C:\Users\jholley.BROFFICE\Desktop\RKreport[5].txt
2012-08-16 06:06 - 2012-08-16 06:06 - 00000715 ____A C:\Users\jholley.BROFFICE\Desktop\RKreport[6].txt
2012-08-16 06:06 - 2012-08-16 06:06 - 00000648 ____A C:\Users\jholley.BROFFICE\Desktop\RKreport[8].txt
2012-08-16 06:06 - 2012-08-16 06:06 - 00000632 ____A C:\Users\jholley.BROFFICE\Desktop\RKreport[7].txt
2012-08-16 05:54 - 2012-08-16 05:54 - 00001561 ____A C:\Users\jholley.BROFFICE\Desktop\RKreport[4].txt
2012-08-16 05:52 - 2012-08-16 05:52 - 00001543 ____A C:\Users\jholley.BROFFICE\Desktop\RKreport[3].txt
2012-08-16 05:51 - 2012-08-16 05:51 - 00001777 ____A C:\Users\jholley.BROFFICE\Desktop\RKreport[2].txt
2012-08-16 05:44 - 2012-08-16 05:44 - 00001736 ____A C:\Users\jholley.BROFFICE\Desktop\RKreport[1].txt
2012-08-16 05:43 - 2012-08-16 10:28 - 00000000 ____D C:\Users\jholley.BROFFICE\Desktop\RK_Quarantine
2012-08-16 05:42 - 2012-08-16 05:41 - 01558528 ____A C:\Users\jholley.BROFFICE\Desktop\RogueKiller.exe
2012-08-16 05:17 - 2012-08-16 05:17 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{769BAE20-9556-4DFF-973B-8EEAB17B442D}
2012-08-15 13:15 - 2012-08-15 13:15 - 00000821 ____A C:\Windows\System32\Drivers\etc\hosts.ccebak
2012-08-15 12:57 - 2012-08-15 17:31 - 00225328 ____A (Symantec Corporation) C:\Windows\System32\Drivers\wpshelper.sys
2012-08-15 12:45 - 2012-08-15 12:45 - 00000000 ____D C:\Users\jholley.BROFFICE\Downloads\cce_2.5.242177.201_x64
2012-08-15 11:05 - 2012-08-15 11:05 - 08656400 ____A (Trend Micro Inc.) C:\Users\jholley.BROFFICE\Downloads\RootkitBuster_v5_1061.exe
2012-08-15 10:55 - 2012-08-15 10:55 - 05678424 ____A (Symantec Corporation) C:\Users\jholley.BROFFICE\Downloads\Sep_SupportTool.exe
2012-08-15 10:50 - 2012-08-15 10:50 - 53389312 ____A C:\Users\jholley.BROFFICE\Downloads\comodo_rescue_disk_1.1.232326.14.iso
2012-08-15 10:43 - 2012-08-15 10:43 - 25543261 ____A C:\Users\jholley.BROFFICE\Downloads\cce_2.5.242177.201_x64.zip
2012-08-15 10:25 - 2012-08-15 10:25 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{CFD05636-5CA8-4F80-897A-3EB394CC1E2A}
2012-08-15 10:25 - 2012-08-15 10:25 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{04656C42-D075-410E-8CD4-ACB3C575EBCE}
2012-08-15 08:42 - 2012-08-15 08:42 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Roaming\Malwarebytes
2012-08-15 08:41 - 2012-08-15 14:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-15 08:41 - 2012-08-15 08:41 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-15 08:28 - 2012-08-15 08:28 - 00026878 ____A C:\Users\jholley.BROFFICE\Documents\HitmanPro_20120815_1228.log
2012-08-15 07:57 - 2012-08-15 07:58 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-08-15 07:51 - 2012-08-15 07:51 - 00024657 ____A C:\ComboFix.txt
2012-08-15 06:11 - 2012-08-15 07:51 - 00000000 ____D C:\Qoobox
2012-08-15 06:10 - 2012-08-15 14:20 - 00000000 ____D C:\Windows\erdnt
2012-08-15 06:04 - 2012-08-15 06:04 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2012-08-15 05:48 - 2012-08-15 05:48 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Roaming\TestApp
2012-08-15 05:48 - 2012-08-15 05:48 - 00000000 ____D C:\Users\All Users\PC Tools
2012-08-15 05:08 - 2012-08-15 05:08 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{EF8E524E-8C9B-47E3-97B5-C1330884DCCE}
2012-08-15 05:07 - 2012-08-15 05:08 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{DEF959BC-0D32-4A77-9E4D-71C595F5B93D}
2012-08-14 05:10 - 2012-08-14 05:10 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{E2CCA8EB-3BC6-479C-B67D-5649AB631367}
2012-08-14 05:09 - 2012-08-14 05:10 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{74FD24F3-1320-40FE-B4D2-FA5781411CC0}
2012-08-13 11:36 - 2012-08-13 11:36 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-08-13 11:10 - 2012-08-13 11:10 - 01805736 ____A (Symantec Corporation) C:\Users\jholley.BROFFICE\Downloads\FixZeroAccess.exe
2012-08-13 11:06 - 2012-08-13 11:06 - 02406064 ____A (Trend Micro Inc.) C:\Users\jholley.BROFFICE\Downloads\HousecallLauncher64.exe
2012-08-13 10:12 - 2012-06-04 23:37 - 00256904 ____A (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys
2012-08-13 10:08 - 2012-08-13 10:10 - 02002944 ____A (Trend Micro Inc.) C:\Users\jholley.BROFFICE\Downloads\HousecallLauncher.exe
2012-08-13 09:47 - 2012-08-13 09:47 - 12235056 ____A (Simply Super Software ) C:\Users\jholley.BROFFICE\Downloads\trjsetup684.exe
2012-08-13 09:45 - 2012-08-15 12:38 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Roaming\Simply Super Software
2012-08-13 09:45 - 2012-08-13 09:45 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{A17A71E1-9B29-4D04-B883-7B38EC156F82}
2012-08-13 09:45 - 2012-08-13 09:45 - 00000000 ____D C:\Users\All Users\Simply Super Software
2012-08-13 09:45 - 2003-02-02 16:06 - 00153088 ____A C:\Windows\SysWOW64\unrar3.dll
2012-08-13 09:45 - 2002-03-05 21:00 - 00075264 ____A C:\Windows\SysWOW64\unacev2.dll
2012-08-13 09:44 - 2012-08-13 09:44 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{D99C7173-BD60-44E5-8CCB-5BF32634AFC4}
2012-08-13 07:23 - 2012-08-13 07:23 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-08-13 05:08 - 2012-08-13 05:09 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{66AA1DA9-EAF9-46F5-9816-C6884FEAFCA4}
2012-08-13 05:08 - 2012-08-13 05:08 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{E27E7AC0-DDD5-4FFE-8F12-6226849261B3}
2012-08-11 12:36 - 2012-08-11 12:36 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{F125B3A9-B22F-409D-AB99-7E39F64CEFF6}
2012-08-11 12:36 - 2012-08-11 12:36 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{244F509D-7686-4FA6-BCD9-D1A5BE1D7994}
2012-08-08 07:51 - 2012-08-08 07:51 - 03028656 ____A (TeamViewer) C:\Users\jholley.BROFFICE\Downloads\TeamViewerQS_en-ckj.exe
2012-08-08 07:18 - 2012-08-08 07:17 - 00001402 ____A C:\Users\jholley.BROFFICE\Desktop\wmplayer.rdp
2012-08-08 05:14 - 2012-08-08 05:14 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{9532DF20-23B5-46D1-9C2A-8A67BB68FC78}
2012-08-08 05:14 - 2012-08-08 05:14 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{702DB514-1200-4F1F-8739-BB9BD6F9C890}
2012-08-07 05:14 - 2012-08-07 05:14 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{971FC61F-86CA-46E7-B5F5-F10F771652A7}
2012-08-07 05:13 - 2012-08-07 05:14 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{4B0FF147-2328-479F-B794-92F2AA3D6B9F}
2012-08-06 04:46 - 2012-08-06 04:46 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{597793B3-E1C3-47A8-B9BE-E8B9C44C9AF4}
2012-08-06 04:46 - 2012-08-06 04:46 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{16D86951-7277-43DD-B6CD-A1E478440ED1}
2012-08-03 09:24 - 2012-08-03 09:24 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{FAD7EF67-E1CA-4720-94A2-CC7B250F5096}
2012-08-03 09:24 - 2012-08-03 09:24 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{D43A83A6-7F37-43CD-A030-94FF329ED192}
2012-08-02 09:34 - 2012-08-02 09:34 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{8A154959-51CA-47CE-94A1-BA8439C82967}
2012-08-02 09:33 - 2012-08-02 09:34 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{AA8FC775-4153-4733-95F2-AAE76F431209}
2012-08-01 16:23 - 2012-08-01 16:23 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{D761E530-5A2E-441E-8CB7-5BD1A31EBBD1}
2012-08-01 16:22 - 2012-08-01 16:23 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{DDCB5803-95BA-4022-AC80-8CC8B2B8CB80}
2012-08-01 10:00 - 2012-08-08 10:13 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Roaming\TeamViewer
2012-07-30 05:09 - 2012-07-30 05:09 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{E33D5221-CD3D-42AB-9109-1DD6662FC3FF}
2012-07-30 05:09 - 2012-07-30 05:09 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{E1360720-AD39-4416-91C9-CF39A9295DEA}
2012-07-29 07:26 - 2012-07-29 07:26 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{8DB328AA-19ED-48B0-92AC-5AEECC391634}
2012-07-29 07:26 - 2012-07-29 07:26 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{4F309372-11A1-4D14-926E-157A7B9B27A3}
2012-07-27 11:35 - 2012-07-27 11:35 - 00679770 ____A C:\Users\jholley.BROFFICE\Downloads\sonicwall-NSA_3500-5_8_1_7-4o.exp
2012-07-27 10:07 - 2012-07-27 10:07 - 00000000 ____D C:\Users\jholley.BROFFICE\Documents\DDC
2012-07-27 08:32 - 2012-07-30 11:23 - 00000000 ____D C:\Program Files (x86)\DScaler5
2012-07-27 08:31 - 2012-07-27 08:31 - 00693528 ____A ( ) C:\Users\jholley.BROFFICE\Downloads\DScaler5008.exe
2012-07-27 07:58 - 2012-07-27 07:58 - 00002072 ____A C:\Users\jholley.BROFFICE\Desktop\Avaya IP Manager.RDP
2012-07-27 06:52 - 2012-07-27 06:52 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{BFADDE31-50A1-4036-A241-7A045AE876C8}
2012-07-27 06:52 - 2012-07-27 06:52 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{65C698D5-59AB-4F6C-8D8F-B8B3AAFEFC48}
2012-07-27 06:35 - 2012-07-27 06:35 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-27 06:35 - 2012-07-27 06:35 - 00000000 ____D C:\Program Files\iTunes
2012-07-27 06:35 - 2012-07-27 06:35 - 00000000 ____D C:\Program Files\iPod
2012-07-27 06:35 - 2012-07-27 06:35 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-07-27 06:33 - 2012-07-27 06:33 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-07-26 18:35 - 2012-07-26 18:35 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{D863158F-3DDE-447B-B45C-AC227A715DE3}
2012-07-26 18:35 - 2012-07-26 18:35 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{2DAFC146-EF28-4600-9659-15B9128E09DC}
2012-07-26 13:43 - 2012-07-26 13:43 - 01109103 ____A C:\Users\jholley.BROFFICE\Desktop\85151.xml
2012-07-26 05:12 - 2012-07-26 05:12 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{9644062B-5CD4-4521-9143-B227FA799057}
2012-07-26 05:11 - 2012-07-26 05:12 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{5BC3BAF9-E66B-40EC-898C-A341D7D99B88}
2012-07-25 05:11 - 2012-07-25 05:11 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{5E12587A-6A1B-44B7-9489-BB1EE11D22DE}
2012-07-25 05:10 - 2012-07-25 05:11 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{FF5823FA-5417-4190-A894-D0CD6773300C}
2012-07-24 12:32 - 2012-07-24 12:32 - 08615251 ____A C:\Users\jholley.BROFFICE\Downloads\R147084.zip
2012-07-24 07:22 - 2012-07-24 07:22 - 19415471 ____N C:\Users\jholley.BROFFICE\Desktop\BRU080_031_New.rar
2012-07-24 05:55 - 2012-07-24 06:02 - 00001132 ____A C:\UsbRecovery.log
2012-07-24 05:55 - 2012-07-24 05:55 - 06770400 ____A (Hewlett-Parkard ) C:\Users\jholley.BROFFICE\Downloads\sp45774.exe
2012-07-24 05:09 - 2012-07-24 05:09 - 00000000 ____D C:\Program Files (x86)\EASEUS
2012-07-24 05:08 - 2012-07-24 05:08 - 08785352 ____A (EASEUS ) C:\Users\jholley.BROFFICE\Downloads\partition_recovery.exe
2012-07-24 05:08 - 2012-07-24 05:08 - 00463080 ____A (CNET Download.com) C:\Users\jholley.BROFFICE\Downloads\cnet2_partition_recovery_exe.exe
2012-07-24 05:01 - 2012-07-24 05:01 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{350D162B-AA9F-4217-B4E2-CB7DC8B9758B}
2012-07-24 05:00 - 2012-07-24 05:01 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{B0A1B337-7D39-4B7E-A8D0-984261E4D468}
2012-07-23 13:57 - 2012-07-09 07:32 - 00089920 ____A C:\Users\jholley.BROFFICE\Documents\New Matter Intake Form_old.dotm
2012-07-23 13:49 - 2012-07-23 13:50 - 102189400 ____A (CHENGDU YIWO Tech Development Co., Ltd ) C:\Users\jholley.BROFFICE\Downloads\tbw_trial.exe
2012-07-23 13:46 - 2012-07-23 13:46 - 06730024 ____A C:\Users\jholley.BROFFICE\Downloads\Advanced_NTFS_Recovery.exe
2012-07-23 07:47 - 2012-07-23 07:49 - 00089878 ____A C:\Users\jholley.BROFFICE\Documents\New Matter Intake Form.dotm
2012-07-23 05:04 - 2012-07-23 05:05 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{99664844-8EE9-4C7B-A98A-AF0EBD0EFCA4}
2012-07-23 05:04 - 2012-07-23 05:04 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{4453B8A8-7CB0-4BBC-A7DF-3EB6F127DE6A}
2012-07-21 06:18 - 2012-07-21 06:18 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{76576A16-9E50-4E9C-9AAA-A2F440E39E7E}
2012-07-21 06:17 - 2012-07-21 06:18 - 00000000 ____D C:\Users\jholley.BROFFICE\AppData\Local\{371E3AE9-FE46-45A7-91E0-0FC2DDA4F980}

============ 3 Months Modified Files ========================

2012-08-20 06:50 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-20 06:50 - 2009-07-13 20:51 - 00136788 ____A C:\Windows\setupact.log
2012-08-20 06:45 - 2009-07-13 21:10 - 01483864 ____A C:\Windows\WindowsUpdate.log
2012-08-20 06:45 - 2009-07-13 20:45 - 00025424 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-20 06:45 - 2009-07-13 20:45 - 00025424 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-20 06:38 - 2012-08-20 06:38 - 00003544 ____N C:\bootsqm.dat
2012-08-20 04:24 - 2011-11-21 13:28 - 00000934 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3761347169-1448434444-1512412204-1422UA.job
2012-08-20 04:13 - 2012-03-30 19:31 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-20 04:09 - 2010-12-14 08:29 - 00000940 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3761347169-1448434444-1512412204-500UA.job
2012-08-19 20:24 - 2011-11-21 13:28 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3761347169-1448434444-1512412204-1422Core.job
2012-08-19 15:09 - 2010-12-14 08:29 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3761347169-1448434444-1512412204-500Core.job
2012-08-17 10:30 - 2009-07-13 21:13 - 00923878 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-17 10:25 - 2009-07-13 20:45 - 04990728 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-16 13:20 - 2012-08-16 07:17 - 528745472 ____A C:\Users\jholley.BROFFICE\Desktop\Outlook.pst
2012-08-16 13:20 - 2010-12-22 13:02 - 00002066 ____A C:\Users\jholley.BROFFICE\Documents\Default.rdp
2012-08-16 10:51 - 2012-05-04 08:27 - 00000334 ____A C:\Users\jholley.BROFFICE\address.ser
2012-08-16 10:28 - 2012-08-16 10:28 - 00001461 ____A C:\Users\jholley.BROFFICE\Desktop\RKreport[12].txt
2012-08-16 07:04 - 2010-12-20 05:25 - 00000039 ____A C:\Windows\vbaddin.ini
2012-08-16 06:36 - 2012-08-16 06:36 - 00001421 ____A C:\Users\jholley.BROFFICE\Desktop\RKreport[11].txt
2012-08-16 06:09 - 2012-08-16 06:09 - 00001525 ____A C:\Users\jholley.BROFFICE\Desktop\RKreport[9].txt
2012-08-16 06:09 - 2012-08-16 06:09 - 00001298 ____A C:\Users\jholley.BROFFICE\Desktop\RKreport[10].txt
2012-08-16 06:06 - 2012-08-16 06:06 - 00001235 ____A C:\Users\jholley.BROFFICE\Desktop\RKreport[5].txt
2012-08-16 06:06 - 2012-08-16 06:06 - 00000715 ____A C:\Users\jholley.BROFFICE\Desktop\RKreport[6].txt
2012-08-16 06:06 - 2012-08-16 06:06 - 00000648 ____A C:\Users\jholley.BROFFICE\Desktop\RKreport[8].txt
2012-08-16 06:06 - 2012-08-16 06:06 - 00000632 ____A C:\Users\jholley.BROFFICE\Desktop\RKreport[7].txt
2012-08-16 05:54 - 2012-08-16 05:54 - 00001561 ____A C:\Users\jholley.BROFFICE\Desktop\RKreport[4].txt
2012-08-16 05:52 - 2012-08-16 05:52 - 00001543 ____A C:\Users\jholley.BROFFICE\Desktop\RKreport[3].txt
2012-08-16 05:51 - 2012-08-16 05:51 - 00001777 ____A C:\Users\jholley.BROFFICE\Desktop\RKreport[2].txt
2012-08-16 05:44 - 2012-08-16 05:44 - 00001736 ____A C:\Users\jholley.BROFFICE\Desktop\RKreport[1].txt
2012-08-16 05:41 - 2012-08-16 05:42 - 01558528 ____A C:\Users\jholley.BROFFICE\Desktop\RogueKiller.exe
2012-08-15 17:31 - 2012-08-15 12:57 - 00225328 ____A (Symantec Corporation) C:\Windows\System32\Drivers\wpshelper.sys
2012-08-15 15:35 - 2011-11-21 13:29 - 00002518 ____A C:\Users\jholley.BROFFICE\Desktop\Google Chrome.lnk
2012-08-15 13:16 - 2010-11-30 02:13 - 00173146 ____A C:\Windows\PFRO.log
2012-08-15 13:15 - 2012-08-15 13:15 - 00000821 ____A C:\Windows\System32\Drivers\etc\hosts.ccebak
2012-08-15 13:15 - 2012-03-30 19:31 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-15 13:15 - 2011-05-20 08:24 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-15 12:56 - 2011-05-09 08:01 - 00174200 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-08-15 12:56 - 2011-05-09 08:01 - 00007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-08-15 11:05 - 2012-08-15 11:05 - 08656400 ____A (Trend Micro Inc.) C:\Users\jholley.BROFFICE\Downloads\RootkitBuster_v5_1061.exe
2012-08-15 10:55 - 2012-08-15 10:55 - 05678424 ____A (Symantec Corporation) C:\Users\jholley.BROFFICE\Downloads\Sep_SupportTool.exe
2012-08-15 10:50 - 2012-08-15 10:50 - 53389312 ____A C:\Users\jholley.BROFFICE\Downloads\comodo_rescue_disk_1.1.232326.14.iso
2012-08-15 10:43 - 2012-08-15 10:43 - 25543261 ____A C:\Users\jholley.BROFFICE\Downloads\cce_2.5.242177.201_x64.zip
2012-08-15 08:28 - 2012-08-15 08:28 - 00026878 ____A C:\Users\jholley.BROFFICE\Documents\HitmanPro_20120815_1228.log
2012-08-15 07:51 - 2012-08-15 07:51 - 00024657 ____A C:\ComboFix.txt
2012-08-15 06:44 - 2009-07-13 18:34 - 25165824 ____A C:\Windows\System32\config\system.bak
2012-08-15 06:44 - 2009-07-13 18:34 - 100401152 ____A C:\Windows\System32\config\software.bak
2012-08-15 06:44 - 2009-07-13 18:34 - 00786432 ____A C:\Windows\System32\config\default.bak
2012-08-15 06:44 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\security.bak
2012-08-15 05:43 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\sam.bak
2012-08-13 11:36 - 2012-08-13 11:36 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-08-13 11:10 - 2012-08-13 11:10 - 01805736 ____A (Symantec Corporation) C:\Users\jholley.BROFFICE\Downloads\FixZeroAccess.exe
2012-08-13 11:06 - 2012-08-13 11:06 - 02406064 ____A (Trend Micro Inc.) C:\Users\jholley.BROFFICE\Downloads\HousecallLauncher64.exe
2012-08-13 10:10 - 2012-08-13 10:08 - 02002944 ____A (Trend Micro Inc.) C:\Users\jholley.BROFFICE\Downloads\HousecallLauncher.exe
2012-08-13 09:47 - 2012-08-13 09:47 - 12235056 ____A (Simply Super Software ) C:\Users\jholley.BROFFICE\Downloads\trjsetup684.exe
2012-08-13 09:43 - 2010-12-20 05:49 - 00003014 __RAS C:\Users\jholley.BROFFICE\ntuser.pol
2012-08-13 06:53 - 2010-12-09 08:07 - 00000128 ____A C:\Windows\System32\config\netlogon.ftl
2012-08-08 07:51 - 2012-08-08 07:51 - 03028656 ____A (TeamViewer) C:\Users\jholley.BROFFICE\Downloads\TeamViewerQS_en-ckj.exe
2012-08-08 07:17 - 2012-08-08 07:18 - 00001402 ____A C:\Users\jholley.BROFFICE\Desktop\wmplayer.rdp
2012-08-07 07:43 - 2011-02-23 09:42 - 00001456 ____A C:\Users\jholley.BROFFICE\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-08-06 09:38 - 2011-02-15 12:57 - 00019968 ____A C:\Users\jholley.BROFFICE\Documents\Administrative Logins.xlsx
2012-08-03 09:24 - 2010-12-09 12:47 - 00000158 ____A C:\Windows\System32\ricdb.ini
2012-08-03 00:27 - 2010-12-20 05:31 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-27 11:35 - 2012-07-27 11:35 - 00679770 ____A C:\Users\jholley.BROFFICE\Downloads\sonicwall-NSA_3500-5_8_1_7-4o.exp
2012-07-27 08:31 - 2012-07-27 08:31 - 00693528 ____A ( ) C:\Users\jholley.BROFFICE\Downloads\DScaler5008.exe
2012-07-27 07:58 - 2012-07-27 07:58 - 00002072 ____A C:\Users\jholley.BROFFICE\Desktop\Avaya IP Manager.RDP
2012-07-27 06:35 - 2012-07-27 06:35 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-26 13:55 - 2011-02-16 14:57 - 00000132 ____A C:\Users\jholley.BROFFICE\AppData\Roaming\Adobe GIF Format CS5 Prefs
2012-07-26 13:43 - 2012-07-26 13:43 - 01109103 ____A C:\Users\jholley.BROFFICE\Desktop\85151.xml
2012-07-24 12:32 - 2012-07-24 12:32 - 08615251 ____A C:\Users\jholley.BROFFICE\Downloads\R147084.zip
2012-07-24 07:22 - 2012-07-24 07:22 - 19415471 ____N C:\Users\jholley.BROFFICE\Desktop\BRU080_031_New.rar
2012-07-24 06:02 - 2012-07-24 05:55 - 00001132 ____A C:\UsbRecovery.log
2012-07-24 05:55 - 2012-07-24 05:55 - 06770400 ____A (Hewlett-Parkard ) C:\Users\jholley.BROFFICE\Downloads\sp45774.exe
2012-07-24 05:08 - 2012-07-24 05:08 - 08785352 ____A (EASEUS ) C:\Users\jholley.BROFFICE\Downloads\partition_recovery.exe
2012-07-24 05:08 - 2012-07-24 05:08 - 00463080 ____A (CNET Download.com) C:\Users\jholley.BROFFICE\Downloads\cnet2_partition_recovery_exe.exe
2012-07-23 13:50 - 2012-07-23 13:49 - 102189400 ____A (CHENGDU YIWO Tech Development Co., Ltd ) C:\Users\jholley.BROFFICE\Downloads\tbw_trial.exe
2012-07-23 13:46 - 2012-07-23 13:46 - 06730024 ____A C:\Users\jholley.BROFFICE\Downloads\Advanced_NTFS_Recovery.exe
2012-07-23 07:49 - 2012-07-23 07:47 - 00089878 ____A C:\Users\jholley.BROFFICE\Documents\New Matter Intake Form.dotm
2012-07-23 07:48 - 2012-04-30 12:28 - 00004096 ____A C:\Users\jholley.BROFFICE\AppData\Local\keyfile3.drm
2012-07-18 10:15 - 2012-08-16 06:55 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-12 22:58 - 2012-07-12 22:58 - 00002181 ____A C:\Users\Public\Desktop\Training Mode - Time Matters® 11.1.lnk
2012-07-12 22:58 - 2012-07-12 22:58 - 00001109 ____A C:\Users\Public\Desktop\Time Matters® 11.1.lnk
2012-07-12 22:58 - 2012-03-08 06:15 - 00001325 ____A C:\Users\Public\Desktop\Time Matters® 11.1 Desktop Extensions.lnk
2012-07-11 09:17 - 2012-07-09 09:57 - 00026950 ____A C:\Users\jholley.BROFFICE\Documents\LE_Blast_Bounced.xlsx
2012-07-10 06:04 - 2012-07-10 06:03 - 00015412 ____A C:\Users\jholley.BROFFICE\Documents\Article_Clicks.xlsx
2012-07-10 05:57 - 2012-07-10 05:57 - 00025723 ____A C:\Users\jholley.BROFFICE\Documents\LE_Blast_Bounced.csv
2012-07-09 11:34 - 2012-07-09 08:33 - 00241152 ____A C:\Users\jholley.BROFFICE\Documents\LE_Blast_rev1.xls
2012-07-09 08:26 - 2012-07-09 08:24 - 00245760 ____A C:\Users\jholley.BROFFICE\Documents\LE_Blast_rev.xls
2012-07-09 08:17 - 2012-07-06 10:40 - 01151488 ____A C:\Users\jholley.BROFFICE\Documents\LE_Blast.xls
2012-07-09 08:17 - 2012-06-26 06:36 - 00000028 ____A C:\Windows\ODBC.INI
2012-07-09 08:13 - 2012-06-26 06:36 - 00038488 ____A C:\Users\jholley.BROFFICE\AppData\Roaming\Microsoft Excel 97-2003.ADR
2012-07-09 08:09 - 2012-07-09 08:09 - 259020800 ____A C:\Users\jholley.BROFFICE\Downloads\avira_rescue_system.iso
2012-07-09 07:32 - 2012-07-23 13:57 - 00089920 ____A C:\Users\jholley.BROFFICE\Documents\New Matter Intake Form_old.dotm
2012-07-09 07:15 - 2012-07-09 07:15 - 00001168 ____A C:\Users\Public\Desktop\TeamViewer 7.lnk
2012-07-09 07:07 - 2012-07-09 07:07 - 03611216 ____A (TeamViewer GmbH) C:\Users\jholley.BROFFICE\Downloads\TeamViewer_Setup_en-ckj.exe
2012-07-04 14:16 - 2012-08-16 06:55 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-08-16 06:55 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-08-16 06:55 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-08-16 06:55 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-08-16 06:55 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-06-29 11:09 - 2012-06-29 11:09 - 00892928 ____A C:\Users\jholley.BROFFICE\Documents\Untitled-1.indd
2012-06-28 20:55 - 2012-08-16 07:00 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 20:09 - 2012-08-16 07:00 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 19:56 - 2012-08-16 07:00 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 19:49 - 2012-08-16 07:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 19:49 - 2012-08-16 07:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 19:48 - 2012-08-16 07:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 19:47 - 2012-08-16 07:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 19:45 - 2012-08-16 07:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 19:44 - 2012-08-16 07:00 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 19:43 - 2012-08-16 07:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 19:42 - 2012-08-16 07:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 19:40 - 2012-08-16 07:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 19:39 - 2012-08-16 07:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 19:35 - 2012-08-16 07:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 16:52 - 2012-08-16 07:00 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 16:27 - 2012-08-16 07:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 16:16 - 2012-08-16 07:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 16:09 - 2012-08-16 07:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 16:09 - 2012-08-16 07:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 16:08 - 2012-08-16 07:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 16:07 - 2012-08-16 07:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 16:06 - 2012-08-16 07:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 16:04 - 2012-08-16 07:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 16:04 - 2012-08-16 07:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 16:01 - 2012-08-16 07:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 16:01 - 2012-08-16 07:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 16:00 - 2012-08-16 07:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 15:57 - 2012-08-16 07:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-28 09:08 - 2012-06-28 09:08 - 00189532 ___AH C:\Windows\SysWOW64\mlfcache.dat
2012-06-27 10:04 - 2012-06-04 06:20 - 00001779 ____A C:\Users\jholley.BROFFICE\Desktop\BROFFICE.local - Shortcut.lnk
2012-06-27 07:18 - 2012-06-27 07:18 - 03545201 ____A C:\Users\jholley.BROFFICE\Desktop\97584.pptx
2012-06-26 09:29 - 2012-06-26 09:29 - 00022669 ____A C:\Users\jholley.BROFFICE\AppData\Roaming\Comma Separated Values (Windows).ADR
2012-06-26 09:28 - 2012-06-26 09:27 - 00023164 ____A C:\Users\jholley.BROFFICE\Documents\nbeattieblast1.csv
2012-06-26 09:26 - 2012-06-26 09:25 - 00022839 ____A C:\Users\jholley.BROFFICE\AppData\Roaming\Tab Separated Values (Windows).ADR
2012-06-26 09:23 - 2012-06-26 09:23 - 00068608 ____A C:\Users\jholley.BROFFICE\Documents\nbeattieblast1.xls
2012-06-26 09:02 - 2012-06-26 09:02 - 00027648 ____A C:\Users\jholley.BROFFICE\Documents\V. Stapp Contacts to Add to Master Contact List.msg
2012-06-26 08:58 - 2012-06-26 08:58 - 00022975 ____A C:\Users\jholley.BROFFICE\Documents\nbeattieblast1.txt
2012-06-26 08:51 - 2012-06-26 08:48 - 00024451 ____A C:\Users\jholley.BROFFICE\Documents\nbeattieblast.txt
2012-06-26 06:37 - 2012-06-26 06:36 - 00236032 ____A C:\Users\jholley.BROFFICE\Documents\blasttest.xls
2012-06-22 11:00 - 2011-10-04 11:06 - 00000133 ____A C:\Windows\pnxtrvu.ini
2012-06-22 08:27 - 2012-06-22 08:27 - 00536175 ____A C:\Users\jholley.BROFFICE\Downloads\184-000239-01_Rev_A_NetExtender.MacOSX.5.5.707.dmg
2012-06-21 10:06 - 2012-06-21 10:06 - 00005502 ____N C:\Users\jholley.BROFFICE\Desktop\remote_bruneandrichard_com.zip
2012-06-21 07:48 - 2012-06-21 07:48 - 00015721 ____N C:\Users\jholley.BROFFICE\Desktop\Fw_ Forde_Greaney Annuity Fund Issues(Carl Wagner).DXL
2012-06-20 09:11 - 2011-02-01 12:16 - 00001629 ____A C:\Users\Public\Desktop\Launcher 8.6.lnk
2012-06-19 08:50 - 2012-06-19 08:50 - 11694592 ____A C:\Users\jholley.BROFFICE\Downloads\RSASecurIDTokenAuto411.msi
2012-06-19 08:47 - 2012-06-19 08:46 - 12518912 ____A C:\Users\jholley.BROFFICE\Downloads\RSASecurIDToken411.msi
2012-06-19 08:35 - 2012-06-19 08:35 - 00752741 ____A C:\Users\jholley.BROFFICE\Downloads\bb351_utils.zip
2012-06-19 07:08 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-06-19 06:50 - 2011-05-09 07:23 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-19 06:50 - 2010-12-20 05:47 - 00937536 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-18 10:01 - 2012-06-18 09:59 - 15021664 ____A (Microsoft Corporation) C:\Users\jholley.BROFFICE\Downloads\GVCSetup64.exe
2012-06-15 10:06 - 2011-02-15 12:57 - 00004937 ____A C:\Users\jholley.BROFFICE\Documents\bbsignatures121710.txt
2012-06-15 10:02 - 2012-06-04 07:30 - 00029052 ____A C:\Users\jholley.BROFFICE\Documents\loginscriptreport2.xlsx
2012-06-15 05:37 - 2012-06-15 05:37 - 00057744 ____A C:\Users\jholley.BROFFICE\Desktop\alinares.zip
2012-06-13 10:10 - 2012-06-13 09:54 - 00001915 ____A C:\Users\jholley.BROFFICE\Documents\singlepost.txt
2012-06-13 06:20 - 2012-06-13 06:20 - 00001280 ____A C:\Users\jholley.BROFFICE\Documents\branalyticscode.txt
2012-06-11 06:53 - 2012-06-11 06:53 - 00057746 ____A C:\Users\jholley.BROFFICE\Downloads\Software_Tokens (1).zip
2012-06-08 21:43 - 2012-08-16 06:55 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-08-16 06:55 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-08 10:02 - 2012-06-08 10:02 - 00502409 ____A C:\Users\jholley.BROFFICE\Desktop\contacts.pptx
2012-06-08 09:53 - 2012-06-08 09:53 - 00336425 ____A C:\Users\jholley.BROFFICE\Desktop\97167.pptx
2012-06-06 04:49 - 2012-06-06 04:49 - 01070152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2012-06-05 22:06 - 2012-08-16 06:55 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-08-16 06:55 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-08-16 06:53 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-08-16 06:55 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-08-16 06:55 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-08-16 06:53 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-04 23:37 - 2012-08-13 10:12 - 00256904 ____A (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys
2012-06-04 13:07 - 2011-11-30 07:10 - 00000462 ____A C:\Users\jholley.BROFFICE\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-06-04 13:07 - 2011-02-24 08:00 - 00003766 ____A C:\Users\jholley.BROFFICE\AppData\Roaming\Rim.Desktop.Exception.log
2012-06-04 10:26 - 2011-11-30 07:11 - 00032256 ____A C:\Users\jholley.BROFFICE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-04 10:08 - 2012-06-04 10:08 - 03869577 ____A C:\Users\jholley.BROFFICE\Downloads\bb352 (1).zip
2012-06-04 06:33 - 2012-06-04 06:33 - 00483096 ____A C:\Users\jholley.BROFFICE\Downloads\AdFind.zip
2012-06-02 14:19 - 2012-08-16 06:39 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-08-16 06:39 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-08-16 06:39 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-08-16 06:39 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-08-16 06:39 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-08-16 06:39 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-08-16 06:39 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-08-16 06:39 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-08-16 06:39 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 21:50 - 2012-08-16 06:55 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-08-16 06:55 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-08-16 06:55 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-08-16 06:55 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-08-16 06:55 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-08-16 06:55 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-08-16 06:55 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-08-16 06:55 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-08-16 06:55 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-29 13:04 - 2012-05-29 06:12 - 00011998 ____A C:\Users\jholley.BROFFICE\Documents\BR_IP_LIST.xlsx
2012-05-29 08:22 - 2012-05-29 07:37 - 00040892 ____A C:\Users\jholley.BROFFICE\Documents\IPScanner1.csv
2012-05-29 07:40 - 2012-05-29 07:40 - 00022578 ____A C:\Users\jholley.BROFFICE\advanced_ip_scanner_MAC.bin
2012-05-29 07:16 - 2012-05-29 07:16 - 00000998 ____A C:\Users\Public\Desktop\Advanced IP Scanner.lnk
2012-05-29 07:15 - 2012-05-29 07:16 - 06980992 ____A (Famatech Corp.) C:\Users\jholley.BROFFICE\Downloads\ipscan22.exe
2012-05-29 07:15 - 2012-05-29 07:15 - 00463080 ____A (CNET Download.com) C:\Users\jholley.BROFFICE\Downloads\cnet2_ipscan22_exe.exe
2012-05-23 13:02 - 2012-05-23 13:02 - 00001210 ____A C:\Users\jholley.BROFFICE\Downloads\RelationshipSummary_2012523.csv

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 12285.55 MB
Available physical RAM: 11064.27 MB
Total Pagefile: 12283.7 MB
Available Pagefile: 11068.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:278.66 GB) (Free:149.19 GB) NTFS
2 Drive e: (WIN_7_PROFESSIONAL) (CDROM) (Total:5.75 GB) (Free:0 GB) UDF
4 Drive g: () (Removable) (Total:3.65 GB) (Free:3.57 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
10 Drive y: (RECOVERY) (Fixed) (Total:0.73 GB) (Free:0.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 279 GB 0 B
Disk 1 Online 3745 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 70 MB 31 KB
Partition 2 Primary 750 MB 71 MB
Partition 3 Primary 278 GB 821 MB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 FAT Partition 70 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y RECOVERY NTFS Partition 750 MB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C OS NTFS Partition 278 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3741 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 3741 MB Healthy

==================================================================================

Last Boot: 2012-08-17 15:56

======================= End Of Log ==========================



Farbar Recovery Scan Tool Version: 19-08-2012
Ran by SYSTEM at 2012-08-20 10:59:25
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:21 AM

Posted 20 August 2012 - 10:57 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 JimDaniels

JimDaniels
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 20 August 2012 - 03:39 PM

Hello Gringo:

Below is the text from the ComboFix log. ComboFix ran without any errors. I do get some Windows pop ups when I log in related to applications. Such as, iTunesHelper was not installed correctly. Please reinstall iTunes, and a CS5ServiceManager.exe - Application Error. And I get side-by-side application errors if I try to open some applcations like Adobe Acrobat. The pop-up reads: "The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail."

JimDaniels



ComboFix 12-08-20.02 - jholley 08/20/2012 16:14:25.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12286.10545 [GMT -4:00]
Running from: c:\users\jholley.BROFFICE\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\jholley.BROFFICE\AppData\Local\assembly\tmp
c:\users\jholley.BROFFICE\g2ax_customer_downloadhelper_win32_x86.exe
c:\users\jholley.BROFFICE\g2mdlhlpx.exe
c:\users\jholley.BROFFICE\GoToAssistDownloadHelper.exe
c:\windows\Downloaded Program Files\x64
c:\windows\Downloaded Program Files\x64\racodec.ax
c:\windows\Downloaded Program Files\x86
c:\windows\Downloaded Program Files\x86\racodec.ax
c:\windows\SysWow64\regobj.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-20 to 2012-08-20 )))))))))))))))))))))))))))))))
.
.
2012-08-20 20:19 . 2012-08-20 20:19 -------- d-----w- c:\users\jholley\AppData\Local\temp
2012-08-20 20:19 . 2012-08-20 20:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-20 20:19 . 2012-08-20 20:19 -------- d-----w- c:\users\administrator\AppData\Local\temp
2012-08-17 09:14 . 2012-08-17 09:15 -------- d---a-w- C:\cce_linux
2012-08-16 18:35 . 2009-08-20 04:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-08-16 15:01 . 2012-08-16 15:01 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-08-16 14:55 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-08-16 14:53 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-08-16 14:53 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-08-16 14:53 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-08-16 14:53 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-08-16 14:53 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-08-16 14:53 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-08-16 14:53 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-08-16 14:53 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-08-16 14:53 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-08-16 14:53 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-08-16 14:53 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-08-16 14:53 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-08-16 14:53 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-08-16 14:39 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-08-16 14:39 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-08-16 14:39 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-08-16 14:39 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-08-16 14:39 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-08-16 14:39 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-08-16 14:39 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-08-16 14:39 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-08-16 14:39 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-08-16 14:37 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{562C2A7D-B616-4DD7-9FB1-E567DCCDD207}\mpengine.dll
2012-08-16 14:13 . 2012-08-16 14:13 -------- d-----w- C:\FRST
2012-08-15 20:57 . 2012-08-16 01:31 225328 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2012-08-15 20:53 . 2012-08-15 20:52 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{616CBE46-EA93-4882-8C6E-E20555022A7C}\gapaengine.dll
2012-08-15 20:52 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-15 16:42 . 2012-08-15 16:42 -------- d-----w- c:\users\jholley.BROFFICE\AppData\Roaming\Malwarebytes
2012-08-15 16:41 . 2012-08-15 16:41 -------- d-----w- c:\programdata\Malwarebytes
2012-08-15 16:41 . 2012-08-15 22:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-15 15:57 . 2012-08-15 15:58 -------- d-----w- c:\programdata\HitmanPro
2012-08-15 13:48 . 2012-08-15 13:48 -------- d-----w- c:\users\jholley.BROFFICE\AppData\Roaming\TestApp
2012-08-15 13:48 . 2012-08-15 13:48 -------- d-----w- c:\programdata\PC Tools
2012-08-13 19:36 . 2012-08-13 19:36 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-08-13 18:12 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-08-13 17:45 . 2003-02-03 00:06 153088 ----a-w- c:\windows\SysWow64\unrar3.dll
2012-08-13 17:45 . 2002-03-06 05:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll
2012-08-13 17:45 . 2012-08-15 20:38 -------- d-----w- c:\users\jholley.BROFFICE\AppData\Roaming\Simply Super Software
2012-08-13 17:45 . 2012-08-13 17:45 -------- d-----w- c:\programdata\Simply Super Software
2012-08-13 15:23 . 2012-08-13 15:23 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-01 18:00 . 2012-08-08 18:13 -------- d-----w- c:\users\jholley.BROFFICE\AppData\Roaming\TeamViewer
2012-07-27 16:32 . 2012-07-30 19:23 -------- d-----w- c:\program files (x86)\DScaler5
2012-07-27 14:35 . 2012-07-27 14:35 -------- d-----w- c:\program files\iTunes
2012-07-27 14:35 . 2012-07-27 14:35 -------- d-----w- c:\program files (x86)\iTunes
2012-07-27 14:35 . 2012-07-27 14:35 -------- d-----w- c:\program files\iPod
2012-07-27 14:33 . 2012-07-27 14:33 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-07-27 14:33 . 2012-07-27 14:33 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-07-27 14:33 . 2012-07-27 14:33 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-07-27 14:33 . 2012-07-27 14:33 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-07-27 14:33 . 2012-07-27 14:33 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-07-27 14:33 . 2012-07-27 14:33 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-07-27 14:33 . 2012-07-27 14:33 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-07-27 14:33 . 2012-07-27 14:33 -------- d-----w- c:\program files (x86)\QuickTime
2012-07-24 13:09 . 2012-07-24 13:09 -------- d-----w- c:\program files (x86)\EASEUS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 21:15 . 2012-03-31 03:31 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 21:15 . 2011-05-20 16:24 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 20:56 . 2011-05-09 16:01 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-08-03 08:27 . 2010-12-20 13:31 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-06-06 12:49 . 2012-06-06 12:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-05-29 15:40 . 2012-05-29 15:40 22578 ----a-w- c:\users\jholley.BROFFICE\advanced_ip_scanner_MAC.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"="" [BU]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-04-23 1314816]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [BU]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-07-31 41944]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-07-30 640480]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2012-02-25 115624]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\jholley.BROFFICE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-7-5 576000]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\Drivers\SWIPsec.sys [2009-03-06 99352]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R2 M4-Service;M4-Service;c:\users\jholley.BROFFICE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGZ34AIF\M4-Service.exe [x]
R2 SonicWALL SSO Agent;SonicWALL SSO Agent;c:\program files (x86)\SonicWALL\DCON\CIAService.exe [2011-10-31 135168]
R2 WysePocketCloud;Wyse PocketCloud;c:\program files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [2012-05-11 177056]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2011-03-09 53312]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\DRIVERS\swvnic.sys [2009-03-04 24600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-20 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696]
R4 SQLAgent$MAPS;SQL Server Agent (MAPS);c:\program files\Microsoft SQL Server\MSSQL10_50.MAPS\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 Teefer3;Symantec Endpoint Protection Firewall;c:\windows\system32\DRIVERS\Teefer3.sys [2012-02-27 53880]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-08 203264]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2012-04-28 134968]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2010-08-24 517488]
S2 MSSQL$MAPS;SQL Server (MAPS);c:\program files\Microsoft SQL Server\MSSQL10_50.MAPS\MSSQL\Binn\sqlservr.exe [2010-04-03 61913952]
S2 NLS;Nuance Licensing Service;c:\program files (x86)\Common Files\Nuance\Licensing\NuanceLS.exe [2011-08-22 864640]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2006-11-16 11576]
S2 SWGVCSvc;SonicWALL Global VPN Client Service;c:\program files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [2009-03-06 284696]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-08 7767552]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-08 279040]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 21:15]
.
2012-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3761347169-1448434444-1512412204-1422Core.job
- c:\users\jholley.BROFFICE\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-21 21:28]
.
2012-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3761347169-1448434444-1512412204-1422UA.job
- c:\users\jholley.BROFFICE\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-21 21:28]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3761347169-1448434444-1512412204-500Core.job
- c:\users\administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-14 16:29]
.
2012-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3761347169-1448434444-1512412204-500UA.job
- c:\users\administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-14 16:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 19:00 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 19:00 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [BU]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [BU]
"PocketCloud Location"="c:\program files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe" [2012-05-11 883104]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"combofix"="c:\combofix\CF20423.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Send To CaseMap - c:\windows\system32\lnToCM.htm
Trusted Zone: broffice.local\nyrsa
Trusted Zone: dtiglobal.com\clearwell6
Trusted Zone: edelmanfinancial.com\www
TCP: DhcpNameServer = 192.168.1.3 192.168.1.5
DPF: {0F7A9297-7268-11D1-B81A-00A076C01B0A} - hxxp://www.cartesianinc.com/Exec/CpcViewAX/CpcViewAX.cab
DPF: {18350088-453C-4407-87ED-361E70FD3285} - hxxps://relativity.consultscarab.com/Relativity/ActiveX/webclientmanager.cab
DPF: {26BFFB87-5B07-4611-82BB-AF3947013FDD} - hxxps://www.lexis.com/dl/iedap_x86.cab
DPF: {320B04E4-B55B-11D2-A9BA-444553540001} - hxxp://www.seamlessweb.com/components/SeamlessPrinting.CAB
DPF: {89A32C64-6176-4D10-BCA3-10B0079818FA} - hxxps://nybb.broffice.local:3443/webconsole/RIMWebComponents.cab
DPF: {B25AB9F1-B8A2-4072-8964-00C7EDF99750} - hxxps://prod.ftp.merrillcorp.com/COM/MOVEitUploadWizard7.0.0.ocx
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\users\JHOLLE~1.BRO\AppData\Local\Temp\ExSync.exe
.
**************************************************************************
.
Completion time: 2012-08-20 16:26:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-20 20:26
ComboFix2.txt 2012-08-15 15:51
.
Pre-Run: 160,065,490,944 bytes free
Post-Run: 159,828,467,712 bytes free
.
- - End Of File - - 6E03C45FF92F0D59BB722FCBB46DE7E0

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:21 AM

Posted 21 August 2012 - 07:11 AM

Greetings

The programs that are giving problems I want you to reinstall them

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 JimDaniels

JimDaniels
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 21 August 2012 - 09:07 AM

Gringo, here are the reports from TDSSKiller and aswMBR:

09:20:51.0963 3228 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
09:20:53.0963 3228 ============================================================
09:20:53.0963 3228 Current date / time: 2012/08/21 09:20:53.0963
09:20:53.0963 3228 SystemInfo:
09:20:53.0963 3228
09:20:53.0963 3228 OS Version: 6.1.7601 ServicePack: 1.0
09:20:53.0963 3228 Product type: Workstation
09:20:53.0963 3228 ComputerName: BRNYC_LITSUPWS
09:20:53.0963 3228 UserName: jholley
09:20:53.0963 3228 Windows directory: C:\Windows
09:20:53.0963 3228 System windows directory: C:\Windows
09:20:53.0963 3228 Running under WOW64
09:20:53.0963 3228 Processor architecture: Intel x64
09:20:53.0963 3228 Number of processors: 2
09:20:53.0963 3228 Page size: 0x1000
09:20:53.0963 3228 Boot type: Normal boot
09:20:53.0963 3228 ============================================================
09:20:54.0507 3228 Drive \Device\Harddisk0\DR0 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:20:54.0527 3228 Drive \Device\Harddisk5\DR5 - Size: 0xEA108000 (3.66 Gb), SectorSize: 0x200, Cylinders: 0x1DD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:20:54.0527 3228 ============================================================
09:20:54.0527 3228 \Device\Harddisk0\DR0:
09:20:54.0537 3228 MBR partitions:
09:20:54.0537 3228 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23800, BlocksNum 0x177000
09:20:54.0537 3228 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x19A800, BlocksNum 0x22D51000
09:20:54.0537 3228 \Device\Harddisk5\DR5:
09:20:54.0537 3228 MBR partitions:
09:20:54.0537 3228 \Device\Harddisk5\DR5\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x74E8C0
09:20:54.0537 3228 ============================================================
09:20:54.0557 3228 C: <-> \Device\Harddisk0\DR0\Partition2
09:20:54.0557 3228 ============================================================
09:20:54.0557 3228 Initialize success
09:20:54.0557 3228 ============================================================
09:21:34.0477 3660 ============================================================
09:21:34.0477 3660 Scan started
09:21:34.0477 3660 Mode: Manual;
09:21:34.0477 3660 ============================================================
09:21:34.0617 3660 ================ Scan services =============================
09:21:34.0697 3660 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:21:34.0707 3660 1394ohci - ok
09:21:34.0747 3660 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:21:34.0747 3660 ACPI - ok
09:21:34.0777 3660 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:21:34.0777 3660 AcpiPmi - ok
09:21:34.0827 3660 [ 52ae4ebd1056d598b9a51990b6d829f0 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
09:21:34.0827 3660 ADIHdAudAddService - ok
09:21:34.0897 3660 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:21:34.0897 3660 AdobeFlashPlayerUpdateSvc - ok
09:21:34.0917 3660 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:21:34.0917 3660 adp94xx - ok
09:21:34.0937 3660 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:21:34.0937 3660 adpahci - ok
09:21:34.0957 3660 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:21:34.0957 3660 adpu320 - ok
09:21:34.0977 3660 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:21:34.0977 3660 AeLookupSvc - ok
09:21:35.0027 3660 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys
09:21:35.0027 3660 AFD - ok
09:21:35.0047 3660 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:21:35.0047 3660 agp440 - ok
09:21:35.0067 3660 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
09:21:35.0067 3660 ALG - ok
09:21:35.0077 3660 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys
09:21:35.0077 3660 aliide - ok
09:21:35.0097 3660 [ c6f7a4e77158af1b937f872392ff1b13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
09:21:35.0107 3660 AMD External Events Utility - ok
09:21:35.0107 3660 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys
09:21:35.0107 3660 amdide - ok
09:21:35.0117 3660 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:21:35.0127 3660 AmdK8 - ok
09:21:35.0237 3660 [ 21d749e3c8140b16c40a8273fd747899 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
09:21:35.0337 3660 amdkmdag - ok
09:21:35.0367 3660 [ 1aa6f50a8e7f8413377c979cef5218a5 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
09:21:35.0377 3660 amdkmdap - ok
09:21:35.0397 3660 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:21:35.0397 3660 AmdPPM - ok
09:21:35.0417 3660 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:21:35.0417 3660 amdsata - ok
09:21:35.0437 3660 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:21:35.0437 3660 amdsbs - ok
09:21:35.0437 3660 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:21:35.0437 3660 amdxata - ok
09:21:35.0457 3660 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys
09:21:35.0457 3660 AppID - ok
09:21:35.0477 3660 [ 016f5234ca7985c83cfe1f7eed2b911e ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:21:35.0477 3660 AppIDSvc - ok
09:21:35.0497 3660 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll
09:21:35.0497 3660 Appinfo - ok
09:21:35.0577 3660 [ f401929ee0cc92bfe7f15161ca535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:21:35.0577 3660 Apple Mobile Device - ok
09:21:35.0597 3660 [ 4aba3e75a76195a3e38ed2766c962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
09:21:35.0597 3660 AppMgmt - ok
09:21:35.0617 3660 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys
09:21:35.0617 3660 arc - ok
09:21:35.0617 3660 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:21:35.0617 3660 arcsas - ok
09:21:35.0677 3660 [ 9217d874131ae6ff8f642f124f00a555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:21:35.0677 3660 aspnet_state - ok
09:21:35.0687 3660 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:21:35.0687 3660 AsyncMac - ok
09:21:35.0707 3660 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys
09:21:35.0707 3660 atapi - ok
09:21:35.0747 3660 [ f020b43eee9b69413ffb7512cf1ffca7 ] atashost C:\Windows\SysWOW64\atashost.exe
09:21:35.0747 3660 atashost - ok
09:21:35.0857 3660 [ 21d749e3c8140b16c40a8273fd747899 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
09:21:35.0897 3660 atikmdag - ok
09:21:35.0917 3660 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:21:35.0927 3660 AudioEndpointBuilder - ok
09:21:35.0937 3660 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:21:35.0937 3660 AudioSrv - ok
09:21:35.0947 3660 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:21:35.0957 3660 AxInstSV - ok
09:21:35.0967 3660 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
09:21:35.0977 3660 b06bdrv - ok
09:21:35.0997 3660 [ 57cf39f0754e8afe8a7d4470b8c87d3b ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:21:36.0007 3660 b57nd60a - ok
09:21:36.0027 3660 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
09:21:36.0027 3660 BDESVC - ok
09:21:36.0037 3660 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
09:21:36.0037 3660 Beep - ok
09:21:36.0057 3660 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll
09:21:36.0067 3660 BFE - ok
09:21:36.0097 3660 [ 1ea7969e3271cbc59e1730697dc74682 ] BITS C:\Windows\system32\qmgr.dll
09:21:36.0117 3660 BITS - ok
09:21:36.0147 3660 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:21:36.0147 3660 blbdrive - ok
09:21:36.0157 3660 [ 994648a3ffe85a0f858dd6c83b0af45c ] Blfp C:\Windows\system32\DRIVERS\basp.sys
09:21:36.0157 3660 Blfp - ok
09:21:36.0237 3660 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:21:36.0237 3660 Bonjour Service - ok
09:21:36.0257 3660 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:21:36.0257 3660 bowser - ok
09:21:36.0267 3660 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:21:36.0267 3660 BrFiltLo - ok
09:21:36.0277 3660 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:21:36.0277 3660 BrFiltUp - ok
09:21:36.0297 3660 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
09:21:36.0297 3660 BridgeMP - ok
09:21:36.0327 3660 [ 05f5a0d14a2ee1d8255c2aa0e9e8e694 ] Browser C:\Windows\System32\browser.dll
09:21:36.0327 3660 Browser - ok
09:21:36.0337 3660 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:21:36.0337 3660 Brserid - ok
09:21:36.0347 3660 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:21:36.0347 3660 BrSerWdm - ok
09:21:36.0357 3660 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:21:36.0697 3660 BrUsbMdm - ok
09:21:36.0817 3660 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:21:36.0827 3660 BrUsbSer - ok
09:21:36.0837 3660 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:21:36.0837 3660 BTHMODEM - ok
09:21:36.0847 3660 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
09:21:36.0847 3660 bthserv - ok
09:21:36.0897 3660 catchme - ok
09:21:36.0967 3660 [ bda4e1060947fb60585e6cec32b18353 ] ccEvtMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
09:21:36.0967 3660 ccEvtMgr - ok
09:21:36.0977 3660 [ bda4e1060947fb60585e6cec32b18353 ] ccSetMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
09:21:36.0977 3660 ccSetMgr - ok
09:21:36.0987 3660 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:21:36.0997 3660 cdfs - ok
09:21:37.0007 3660 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:21:37.0017 3660 cdrom - ok
09:21:37.0037 3660 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll
09:21:37.0037 3660 CertPropSvc - ok
09:21:37.0047 3660 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:21:37.0047 3660 circlass - ok
09:21:37.0057 3660 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
09:21:37.0067 3660 CLFS - ok
09:21:37.0087 3660 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:21:37.0097 3660 clr_optimization_v2.0.50727_32 - ok
09:21:37.0107 3660 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:21:37.0117 3660 clr_optimization_v2.0.50727_64 - ok
09:21:37.0157 3660 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:21:37.0167 3660 clr_optimization_v4.0.30319_32 - ok
09:21:37.0177 3660 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:21:37.0177 3660 clr_optimization_v4.0.30319_64 - ok
09:21:37.0187 3660 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:21:37.0187 3660 CmBatt - ok
09:21:37.0197 3660 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:21:37.0207 3660 cmdide - ok
09:21:37.0237 3660 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys
09:21:37.0237 3660 CNG - ok
09:21:37.0237 3660 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:21:37.0237 3660 Compbatt - ok
09:21:37.0257 3660 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:21:37.0257 3660 CompositeBus - ok
09:21:37.0257 3660 COMSysApp - ok
09:21:37.0267 3660 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:21:37.0267 3660 crcdisk - ok
09:21:37.0287 3660 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:21:37.0287 3660 CryptSvc - ok
09:21:37.0307 3660 [ 54da3dfd29ed9f1619b6f53f3ce55e49 ] CSC C:\Windows\system32\drivers\csc.sys
09:21:37.0317 3660 CSC - ok
09:21:37.0347 3660 [ 3ab183ab4d2c79dcf459cd2c1266b043 ] CscService C:\Windows\System32\cscsvc.dll
09:21:37.0347 3660 CscService - ok
09:21:37.0377 3660 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:21:37.0387 3660 DcomLaunch - ok
09:21:37.0427 3660 [ 230bfb96a86ab29da6deb234f8985d34 ] dcpsysmgrsvc c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
09:21:37.0437 3660 dcpsysmgrsvc - ok
09:21:37.0457 3660 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
09:21:37.0457 3660 defragsvc - ok
09:21:37.0477 3660 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:21:37.0477 3660 DfsC - ok
09:21:37.0477 3660 DgiVecp - ok
09:21:37.0497 3660 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll
09:21:37.0497 3660 Dhcp - ok
09:21:37.0507 3660 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
09:21:37.0507 3660 discache - ok
09:21:37.0527 3660 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:21:37.0527 3660 Disk - ok
09:21:37.0557 3660 [ 05cb5910b3ca6019fc3cca815ee06ffb ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
09:21:37.0557 3660 DNE - ok
09:21:37.0577 3660 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:21:37.0587 3660 Dnscache - ok
09:21:37.0597 3660 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:21:37.0607 3660 dot3svc - ok
09:21:37.0627 3660 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll
09:21:37.0627 3660 DPS - ok
09:21:37.0647 3660 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:21:37.0647 3660 drmkaud - ok
09:21:37.0677 3660 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:21:37.0687 3660 DXGKrnl - ok
09:21:37.0697 3660 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
09:21:37.0697 3660 EapHost - ok
09:21:37.0757 3660 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
09:21:37.0797 3660 ebdrv - ok
09:21:37.0837 3660 [ 4353ff94d47a0a9d52b89eccf0cdb013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
09:21:37.0847 3660 eeCtrl - ok
09:21:37.0857 3660 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe
09:21:37.0857 3660 EFS - ok
09:21:37.0897 3660 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:21:37.0907 3660 ehRecvr - ok
09:21:37.0927 3660 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
09:21:37.0927 3660 ehSched - ok
09:21:37.0947 3660 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:21:37.0947 3660 elxstor - ok
09:21:37.0967 3660 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:21:37.0967 3660 ErrDev - ok
09:21:37.0997 3660 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
09:21:37.0997 3660 EventSystem - ok
09:21:38.0017 3660 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
09:21:38.0017 3660 exfat - ok
09:21:38.0047 3660 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:21:38.0047 3660 fastfat - ok
09:21:38.0077 3660 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe
09:21:38.0087 3660 Fax - ok
09:21:38.0097 3660 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:21:38.0097 3660 fdc - ok
09:21:38.0107 3660 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
09:21:38.0107 3660 fdPHost - ok
09:21:38.0117 3660 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
09:21:38.0117 3660 FDResPub - ok
09:21:38.0137 3660 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:21:38.0137 3660 FileInfo - ok
09:21:38.0137 3660 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:21:38.0137 3660 Filetrace - ok
09:21:38.0187 3660 [ f76d04f7413b07daa029f6520b64b4e8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:21:38.0277 3660 FLEXnet Licensing Service - ok
09:21:38.0287 3660 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:21:38.0287 3660 flpydisk - ok
09:21:38.0307 3660 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:21:38.0307 3660 FltMgr - ok
09:21:38.0347 3660 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll
09:21:38.0367 3660 FontCache - ok
09:21:38.0397 3660 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:21:38.0397 3660 FontCache3.0.0.0 - ok
09:21:38.0407 3660 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:21:38.0417 3660 FsDepends - ok
09:21:38.0447 3660 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:21:38.0447 3660 Fs_Rec - ok
09:21:38.0467 3660 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:21:38.0477 3660 fvevol - ok
09:21:38.0487 3660 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:21:38.0487 3660 gagp30kx - ok
09:21:38.0507 3660 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:21:38.0507 3660 GEARAspiWDM - ok
09:21:38.0537 3660 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll
09:21:38.0557 3660 gpsvc - ok
09:21:38.0567 3660 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:21:38.0567 3660 hcw85cir - ok
09:21:38.0587 3660 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:21:38.0587 3660 HDAudBus - ok
09:21:38.0597 3660 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:21:38.0597 3660 HidBatt - ok
09:21:38.0607 3660 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:21:38.0607 3660 HidBth - ok
09:21:38.0627 3660 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:21:38.0627 3660 HidIr - ok
09:21:38.0637 3660 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\System32\hidserv.dll
09:21:38.0637 3660 hidserv - ok
09:21:38.0647 3660 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:21:38.0647 3660 HidUsb - ok
09:21:38.0657 3660 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:21:38.0667 3660 hkmsvc - ok
09:21:38.0687 3660 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:21:38.0697 3660 HomeGroupListener - ok
09:21:38.0707 3660 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:21:38.0707 3660 HomeGroupProvider - ok
09:21:38.0717 3660 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:21:38.0717 3660 HpSAMD - ok
09:21:38.0757 3660 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:21:38.0757 3660 HTTP - ok
09:21:38.0787 3660 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:21:38.0787 3660 hwpolicy - ok
09:21:38.0807 3660 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:21:38.0807 3660 i8042prt - ok
09:21:38.0837 3660 [ abbf174cb394f5c437410a788b7e404a ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
09:21:38.0837 3660 iaStor - ok
09:21:38.0857 3660 [ 31a0e93cdf29007d6c6fffb632f375ed ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
09:21:38.0857 3660 IAStorDataMgrSvc - ok
09:21:38.0887 3660 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:21:38.0887 3660 iaStorV - ok
09:21:38.0917 3660 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:21:38.0937 3660 idsvc - ok
09:21:38.0957 3660 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:21:38.0957 3660 iirsp - ok
09:21:38.0997 3660 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll
09:21:39.0007 3660 IKEEXT - ok
09:21:39.0017 3660 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys
09:21:39.0017 3660 intelide - ok
09:21:39.0027 3660 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:21:39.0037 3660 intelppm - ok
09:21:39.0047 3660 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:21:39.0057 3660 IPBusEnum - ok
09:21:39.0077 3660 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:21:39.0077 3660 IpFilterDriver - ok
09:21:39.0097 3660 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:21:39.0107 3660 iphlpsvc - ok
09:21:39.0127 3660 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:21:39.0127 3660 IPMIDRV - ok
09:21:39.0127 3660 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:21:39.0127 3660 IPNAT - ok
09:21:39.0167 3660 [ a9ab99ee7d39725eafec82732d2b3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:21:39.0187 3660 iPod Service - ok
09:21:39.0207 3660 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:21:39.0207 3660 IRENUM - ok
09:21:39.0207 3660 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:21:39.0217 3660 isapnp - ok
09:21:39.0237 3660 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:21:39.0237 3660 iScsiPrt - ok
09:21:39.0257 3660 [ bd5bf20ec242e003a2f570b8754a56d1 ] ivusb C:\Windows\system32\DRIVERS\ivusb.sys
09:21:39.0257 3660 ivusb - ok
09:21:39.0277 3660 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:21:39.0277 3660 kbdclass - ok
09:21:39.0287 3660 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:21:39.0297 3660 kbdhid - ok
09:21:39.0307 3660 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe
09:21:39.0307 3660 KeyIso - ok
09:21:39.0337 3660 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:21:39.0337 3660 KSecDD - ok
09:21:39.0357 3660 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:21:39.0357 3660 KSecPkg - ok
09:21:39.0367 3660 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:21:39.0377 3660 ksthunk - ok
09:21:39.0387 3660 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
09:21:39.0387 3660 KtmRm - ok
09:21:39.0417 3660 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\System32\srvsvc.dll
09:21:39.0417 3660 LanmanServer - ok
09:21:39.0437 3660 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:21:39.0437 3660 LanmanWorkstation - ok
09:21:39.0517 3660 [ 9e25ffba1ee26abfe7b9319f8ef3f771 ] LiveUpdate C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
09:21:39.0537 3660 LiveUpdate - ok
09:21:39.0547 3660 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:21:39.0547 3660 lltdio - ok
09:21:39.0567 3660 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:21:39.0577 3660 lltdsvc - ok
09:21:39.0577 3660 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:21:39.0587 3660 lmhosts - ok
09:21:39.0607 3660 LMIInfo - ok
09:21:39.0637 3660 [ 413ecdcfad9a82804d3674c8d7eec24e ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
09:21:39.0637 3660 lmimirr - ok
09:21:39.0647 3660 LMIRfsClientNP - ok
09:21:39.0657 3660 [ c57d3faa50e6f395759ffb7c709bd944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
09:21:39.0657 3660 LMIRfsDriver - ok
09:21:39.0677 3660 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:21:39.0677 3660 LSI_FC - ok
09:21:39.0687 3660 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:21:39.0687 3660 LSI_SAS - ok
09:21:39.0687 3660 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:21:39.0697 3660 LSI_SAS2 - ok
09:21:39.0697 3660 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:21:39.0697 3660 LSI_SCSI - ok
09:21:39.0717 3660 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
09:21:39.0717 3660 luafv - ok
09:21:39.0797 3660 M4-Service - ok
09:21:39.0827 3660 [ 79d51e7f5926e8ce1b3ebecebae28cff ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
09:21:39.0847 3660 mcdbus - ok
09:21:39.0867 3660 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:21:39.0867 3660 Mcx2Svc - ok
09:21:39.0877 3660 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:21:39.0877 3660 megasas - ok
09:21:39.0887 3660 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:21:39.0897 3660 MegaSR - ok
09:21:39.0897 3660 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
09:21:39.0907 3660 MMCSS - ok
09:21:39.0917 3660 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
09:21:39.0917 3660 Modem - ok
09:21:39.0947 3660 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:21:39.0947 3660 monitor - ok
09:21:39.0957 3660 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:21:39.0957 3660 mouclass - ok
09:21:39.0967 3660 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:21:39.0967 3660 mouhid - ok
09:21:39.0987 3660 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:21:39.0987 3660 mountmgr - ok
09:21:40.0017 3660 [ 94c66ededcdb6a126880472f9a704d8e ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
09:21:40.0017 3660 MpFilter - ok
09:21:40.0027 3660 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys
09:21:40.0027 3660 mpio - ok
09:21:40.0057 3660 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:21:40.0057 3660 mpsdrv - ok
09:21:40.0087 3660 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:21:40.0107 3660 MpsSvc - ok
09:21:40.0127 3660 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:21:40.0137 3660 MRxDAV - ok
09:21:40.0147 3660 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:21:40.0157 3660 mrxsmb - ok
09:21:40.0177 3660 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:21:40.0187 3660 mrxsmb10 - ok
09:21:40.0197 3660 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:21:40.0197 3660 mrxsmb20 - ok
09:21:40.0217 3660 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys
09:21:40.0217 3660 msahci - ok
09:21:40.0237 3660 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:21:40.0237 3660 msdsm - ok
09:21:40.0257 3660 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
09:21:40.0257 3660 MSDTC - ok
09:21:40.0287 3660 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:21:40.0287 3660 Msfs - ok
09:21:40.0297 3660 [ 3c6204c901cf10926c239459dc7e0354 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:21:40.0297 3660 mshidkmdf - ok
09:21:40.0307 3660 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:21:40.0307 3660 msisadrv - ok
09:21:40.0327 3660 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:21:40.0327 3660 MSiSCSI - ok
09:21:40.0327 3660 msiserver - ok
09:21:40.0347 3660 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:21:40.0347 3660 MSKSSRV - ok
09:21:40.0367 3660 [ 59faaf2c83c8169ea20f9e335e418907 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
09:21:40.0367 3660 MsMpSvc - ok
09:21:40.0377 3660 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:21:40.0377 3660 MSPCLOCK - ok
09:21:40.0387 3660 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:21:40.0387 3660 MSPQM - ok
09:21:40.0417 3660 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:21:40.0417 3660 MsRPC - ok
09:21:40.0447 3660 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:21:40.0447 3660 mssmbios - ok
09:21:40.0497 3660 MSSQL$MAPS - ok
09:21:40.0547 3660 [ 04ef36eaf5c4dbce424d81b76f1e9231 ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
09:21:40.0547 3660 MSSQLServerADHelper100 - ok
09:21:40.0557 3660 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:21:40.0557 3660 MSTEE - ok
09:21:40.0567 3660 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:21:40.0567 3660 MTConfig - ok
09:21:40.0587 3660 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
09:21:40.0587 3660 Mup - ok
09:21:40.0617 3660 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll
09:21:40.0617 3660 napagent - ok
09:21:40.0637 3660 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:21:40.0637 3660 NativeWifiP - ok
09:21:40.0707 3660 [ 8043d41f881d6ace40b854ad6e32217f ] NAVENG C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120815.002\ENG64.SYS
09:21:40.0707 3660 NAVENG - ok
09:21:40.0747 3660 [ 9a9ab2fc45d701daed465d14980f1305 ] NAVEX15 C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120815.002\EX64.SYS
09:21:40.0757 3660 NAVEX15 - ok
09:21:40.0787 3660 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\Windows\system32\drivers\ndis.sys
09:21:40.0807 3660 NDIS - ok
09:21:40.0817 3660 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:21:40.0827 3660 NdisCap - ok
09:21:40.0837 3660 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:21:40.0837 3660 NdisTapi - ok
09:21:40.0857 3660 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:21:40.0857 3660 Ndisuio - ok
09:21:40.0877 3660 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:21:40.0877 3660 NdisWan - ok
09:21:40.0897 3660 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:21:40.0897 3660 NDProxy - ok
09:21:40.0907 3660 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:21:40.0907 3660 NetBIOS - ok
09:21:40.0937 3660 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:21:40.0937 3660 NetBT - ok
09:21:40.0937 3660 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe
09:21:40.0947 3660 Netlogon - ok
09:21:40.0957 3660 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
09:21:40.0957 3660 Netman - ok
09:21:40.0997 3660 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:21:41.0007 3660 NetMsmqActivator - ok
09:21:41.0007 3660 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:21:41.0007 3660 NetPipeActivator - ok
09:21:41.0027 3660 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
09:21:41.0037 3660 netprofm - ok
09:21:41.0037 3660 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:21:41.0047 3660 NetTcpActivator - ok
09:21:41.0047 3660 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:21:41.0047 3660 NetTcpPortSharing - ok
09:21:41.0057 3660 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:21:41.0057 3660 nfrd960 - ok
09:21:41.0077 3660 [ 91b4e0273d2f6c24ef845f2b41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:21:41.0077 3660 NisDrv - ok
09:21:41.0097 3660 [ 10a43829a9e606af3eef25a1c1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
09:21:41.0107 3660 NisSrv - ok
09:21:41.0127 3660 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:21:41.0137 3660 NlaSvc - ok
09:21:41.0177 3660 [ 235a4b8a3e9a0058564235c82879574f ] NLS C:\Program Files (x86)\Common Files\Nuance\Licensing\NuanceLS.exe
09:21:41.0187 3660 NLS - ok
09:21:41.0207 3660 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:21:41.0207 3660 Npfs - ok
09:21:41.0227 3660 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
09:21:41.0227 3660 nsi - ok
09:21:41.0227 3660 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:21:41.0227 3660 nsiproxy - ok
09:21:41.0277 3660 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:21:41.0307 3660 Ntfs - ok
09:21:41.0317 3660 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
09:21:41.0317 3660 Null - ok
09:21:41.0337 3660 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:21:41.0337 3660 nvraid - ok
09:21:41.0357 3660 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:21:41.0357 3660 nvstor - ok
09:21:41.0377 3660 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:21:41.0377 3660 nv_agp - ok
09:21:41.0387 3660 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:21:41.0397 3660 ohci1394 - ok
09:21:41.0427 3660 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:21:41.0437 3660 ose - ok
09:21:41.0537 3660 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:21:41.0607 3660 osppsvc - ok
09:21:41.0627 3660 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:21:41.0627 3660 p2pimsvc - ok
09:21:41.0637 3660 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
09:21:41.0647 3660 p2psvc - ok
09:21:41.0657 3660 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:21:41.0657 3660 Parport - ok
09:21:41.0677 3660 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:21:41.0677 3660 partmgr - ok
09:21:41.0697 3660 [ 363b3f857abee85767e01e3044c539cd ] PBADRV C:\Windows\system32\DRIVERS\PBADRV.sys
09:21:41.0697 3660 PBADRV - ok
09:21:41.0707 3660 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:21:41.0717 3660 PcaSvc - ok
09:21:41.0727 3660 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys
09:21:41.0737 3660 pci - ok
09:21:41.0737 3660 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys
09:21:41.0737 3660 pciide - ok
09:21:41.0757 3660 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:21:41.0757 3660 pcmcia - ok
09:21:41.0777 3660 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
09:21:41.0777 3660 pcw - ok
09:21:41.0797 3660 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:21:41.0807 3660 PEAUTH - ok
09:21:41.0847 3660 [ b9b0a4299dd2d76a4243f75fd54dc680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
09:21:41.0867 3660 PeerDistSvc - ok
09:21:41.0907 3660 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:21:41.0917 3660 PerfHost - ok
09:21:41.0957 3660 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll
09:21:41.0977 3660 pla - ok
09:21:42.0007 3660 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:21:42.0017 3660 PlugPlay - ok
09:21:42.0027 3660 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:21:42.0027 3660 PNRPAutoReg - ok
09:21:42.0037 3660 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:21:42.0037 3660 PNRPsvc - ok
09:21:42.0057 3660 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:21:42.0067 3660 PolicyAgent - ok
09:21:42.0077 3660 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
09:21:42.0087 3660 Power - ok
09:21:42.0107 3660 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:21:42.0107 3660 PptpMiniport - ok
09:21:42.0107 3660 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:21:42.0117 3660 Processor - ok
09:21:42.0127 3660 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll
09:21:42.0137 3660 ProfSvc - ok
09:21:42.0137 3660 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:21:42.0147 3660 ProtectedStorage - ok
09:21:42.0167 3660 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:21:42.0167 3660 Psched - ok
09:21:42.0197 3660 [ cd33cb6fecf65520466f95ab89cc4af5 ] PSSDK42 C:\Windows\system32\Drivers\pssdk42.sys
09:21:42.0207 3660 PSSDK42 - ok
09:21:42.0227 3660 [ 4712cc14e720ecccc0aa16949d18aaf1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
09:21:42.0227 3660 PxHlpa64 - ok
09:21:42.0257 3660 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:21:42.0297 3660 ql2300 - ok
09:21:42.0307 3660 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:21:42.0307 3660 ql40xx - ok
09:21:42.0327 3660 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
09:21:42.0327 3660 QWAVE - ok
09:21:42.0337 3660 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:21:42.0337 3660 QWAVEdrv - ok
09:21:42.0347 3660 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:21:42.0347 3660 RasAcd - ok
09:21:42.0357 3660 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:21:42.0357 3660 RasAgileVpn - ok
09:21:42.0377 3660 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
09:21:42.0377 3660 RasAuto - ok
09:21:42.0397 3660 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:21:42.0397 3660 Rasl2tp - ok
09:21:42.0427 3660 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll
09:21:42.0427 3660 RasMan - ok
09:21:42.0437 3660 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:21:42.0437 3660 RasPppoe - ok
09:21:42.0457 3660 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:21:42.0457 3660 RasSstp - ok
09:21:42.0477 3660 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:21:42.0477 3660 rdbss - ok
09:21:42.0477 3660 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:21:42.0487 3660 rdpbus - ok
09:21:42.0497 3660 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:21:42.0507 3660 RDPCDD - ok
09:21:42.0527 3660 [ 1b6163c503398b23ff8b939c67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
09:21:42.0527 3660 RDPDR - ok
09:21:42.0537 3660 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:21:42.0537 3660 RDPENCDD - ok
09:21:42.0547 3660 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:21:42.0547 3660 RDPREFMP - ok
09:21:42.0567 3660 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:21:42.0567 3660 RDPWD - ok
09:21:42.0587 3660 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:21:42.0587 3660 rdyboost - ok
09:21:42.0607 3660 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:21:42.0617 3660 RemoteAccess - ok
09:21:42.0617 3660 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:21:42.0617 3660 RemoteRegistry - ok
09:21:42.0637 3660 [ 71b48ddaf5e9c2b40e64de5c405f5aac ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
09:21:42.0647 3660 RimUsb - ok
09:21:42.0667 3660 [ c903d49655b4aae46673f0aaa6be0f58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
09:21:42.0667 3660 RimVSerPort - ok
09:21:42.0677 3660 [ 388d3dd1a6457280f3badba9f3acd6b1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
09:21:42.0677 3660 ROOTMODEM - ok
09:21:42.0687 3660 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:21:42.0687 3660 RpcEptMapper - ok
09:21:42.0707 3660 [ f50b6ffdeddbdd89d5dea63aac575173 ] RpcLocator C:\Windows\system32\locator.exe
09:21:42.0707 3660 RpcLocator - ok
09:21:42.0727 3660 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll
09:21:42.0727 3660 RpcSs - ok
09:21:42.0757 3660 [ eb1c539e621a35a49f7692b0eb565ab9 ] RsFx0150 C:\Windows\system32\DRIVERS\RsFx0150.sys
09:21:42.0767 3660 RsFx0150 - ok
09:21:42.0777 3660 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:21:42.0777 3660 rspndr - ok
09:21:42.0797 3660 [ e60c0a09f997826c7627b244195ab581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
09:21:42.0797 3660 s3cap - ok
09:21:42.0807 3660 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe
09:21:42.0807 3660 SamSs - ok
09:21:42.0827 3660 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:21:42.0827 3660 sbp2port - ok
09:21:42.0847 3660 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:21:42.0847 3660 SCardSvr - ok
09:21:42.0867 3660 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:21:42.0867 3660 scfilter - ok
09:21:42.0897 3660 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll
09:21:42.0927 3660 Schedule - ok
09:21:42.0947 3660 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll
09:21:42.0947 3660 SCPolicySvc - ok
09:21:42.0967 3660 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:21:42.0967 3660 SDRSVC - ok
09:21:43.0007 3660 [ 16a252022535b680046f6e34e136d378 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
09:21:43.0017 3660 SeaPort - ok
09:21:43.0027 3660 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:21:43.0027 3660 secdrv - ok
09:21:43.0047 3660 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll
09:21:43.0057 3660 seclogon - ok
09:21:43.0107 3660 [ 38a40e111abdf0862b72bb37a8bd5e62 ] SecureStorageService C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
09:21:43.0267 3660 SecureStorageService - ok
09:21:43.0277 3660 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\system32\sens.dll
09:21:43.0287 3660 SENS - ok
09:21:43.0287 3660 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:21:43.0287 3660 SensrSvc - ok
09:21:43.0307 3660 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:21:43.0307 3660 Serenum - ok
09:21:43.0317 3660 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:21:43.0317 3660 Serial - ok
09:21:43.0337 3660 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:21:43.0337 3660 sermouse - ok
09:21:43.0367 3660 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll
09:21:43.0367 3660 SessionEnv - ok
09:21:43.0387 3660 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:21:43.0387 3660 sffdisk - ok
09:21:43.0387 3660 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:21:43.0397 3660 sffp_mmc - ok
09:21:43.0397 3660 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:21:43.0397 3660 sffp_sd - ok
09:21:43.0417 3660 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:21:43.0417 3660 sfloppy - ok
09:21:43.0447 3660 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:21:43.0447 3660 SharedAccess - ok
09:21:43.0477 3660 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:21:43.0487 3660 ShellHWDetection - ok
09:21:43.0497 3660 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:21:43.0497 3660 SiSRaid2 - ok
09:21:43.0507 3660 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:21:43.0507 3660 SiSRaid4 - ok
09:21:43.0517 3660 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:21:43.0517 3660 Smb - ok
09:21:44.0027 3660 [ 0ee26bc07c4dfb9fe24646a75ceadb99 ] SmcService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
09:21:44.0067 3660 SmcService - ok
09:21:44.0107 3660 [ 9d9ce74f9741cc1964647ce29b4d8e9c ] SNAC C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
09:21:44.0107 3660 SNAC - ok
09:21:44.0127 3660 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:21:44.0127 3660 SNMPTRAP - ok
09:21:44.0167 3660 [ aa0ded4161b0db6b363bf125e7fc5279 ] SonicWALL SSO Agent C:\Program Files (x86)\SonicWALL\DCON\CIAService.exe
09:21:44.0167 3660 SonicWALL SSO Agent - ok
09:21:44.0177 3660 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
09:21:44.0177 3660 spldr - ok
09:21:44.0197 3660 [ 85daa09a98c9286d4ea2ba8d0e644377 ] Spooler C:\Windows\System32\spoolsv.exe
09:21:44.0207 3660 Spooler - ok
09:21:44.0267 3660 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe
09:21:44.0327 3660 sppsvc - ok
09:21:44.0337 3660 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:21:44.0347 3660 sppuinotify - ok
09:21:44.0387 3660 [ bea7fea5bb31eb58d78971f821ae6844 ] SQLAgent$MAPS c:\Program Files\Microsoft SQL Server\MSSQL10_50.MAPS\MSSQL\Binn\SQLAGENT.EXE
09:21:44.0397 3660 SQLAgent$MAPS - ok
09:21:44.0417 3660 [ 7d67c07c63796775cc5492bcfeaff125 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
09:21:44.0417 3660 SQLBrowser - ok
09:21:44.0447 3660 [ f98ddfbfe0ee66d4c4b00693512b9527 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
09:21:44.0447 3660 SQLWriter - ok
09:21:44.0467 3660 [ fc3bedf38ecbf2deeaa84c49cf974f9b ] SRTSP C:\Windows\system32\Drivers\SRTSP64.SYS
09:21:44.0467 3660 SRTSP - ok
09:21:44.0487 3660 [ a09cbe44f24f1297000bf0b08d169752 ] SRTSPL C:\Windows\system32\Drivers\SRTSPL64.SYS
09:21:44.0497 3660 SRTSPL - ok
09:21:44.0507 3660 [ b9ba096dbb3045798b0b51591a6cf248 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX64.SYS
09:21:44.0507 3660 SRTSPX - ok
09:21:44.0537 3660 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys
09:21:44.0547 3660 srv - ok
09:21:44.0577 3660 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:21:44.0577 3660 srv2 - ok
09:21:44.0607 3660 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:21:44.0607 3660 srvnet - ok
09:21:44.0627 3660 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:21:44.0627 3660 SSDPSRV - ok
09:21:44.0647 3660 [ 0211ab46b73a2623b86c1cfcb30579ab ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
09:21:44.0647 3660 SSPORT - ok
09:21:44.0657 3660 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:21:44.0657 3660 SstpSvc - ok
09:21:44.0677 3660 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:21:44.0677 3660 stexstor - ok
09:21:44.0717 3660 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll
09:21:44.0727 3660 stisvc - ok
09:21:44.0747 3660 [ e476c66713c842f58e61a95826ed1d57 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
09:21:44.0767 3660 stllssvr - ok
09:21:44.0787 3660 [ 7785dc213270d2fc066538daf94087e7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
09:21:44.0787 3660 storflt - ok
09:21:44.0807 3660 [ c40841817ef57d491f22eb103da587cc ] StorSvc C:\Windows\system32\storsvc.dll
09:21:44.0807 3660 StorSvc - ok
09:21:44.0817 3660 [ d34e4943d5ac096c8edeebfd80d76e23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
09:21:44.0827 3660 storvsc - ok
09:21:44.0837 3660 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys
09:21:44.0837 3660 swenum - ok
09:21:44.0897 3660 [ ba41a448446fdf839a32e27a8dcb7c9d ] SWGVCSvc C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
09:21:44.0897 3660 SWGVCSvc - ok
09:21:44.0927 3660 [ 1e036f98e6c780dd7669f516e8be0cea ] SWIPsec C:\Windows\system32\Drivers\SWIPsec.sys
09:21:44.0947 3660 SWIPsec - ok
09:21:45.0007 3660 [ f577910a133a592234ebaad3f3afa258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
09:21:45.0007 3660 SwitchBoard - ok
09:21:45.0027 3660 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
09:21:45.0037 3660 swprv - ok
09:21:45.0057 3660 [ dcf11e08a8524b19ec47515c22be492e ] SWVNIC C:\Windows\system32\DRIVERS\swvnic.sys
09:21:45.0057 3660 SWVNIC - ok
09:21:45.0097 3660 [ dc358448cd60f6739c58361a0a5fda0b ] Symantec AntiVirus C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
09:21:45.0107 3660 Symantec AntiVirus - ok
09:21:45.0127 3660 [ 21a1c2d694c3cf962d31f5e873ab3d6f ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
09:21:45.0127 3660 SymEvent - ok
09:21:45.0167 3660 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll
09:21:45.0197 3660 SysMain - ok
09:21:45.0217 3660 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:21:45.0217 3660 TabletInputService - ok
09:21:45.0237 3660 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:21:45.0247 3660 TapiSrv - ok
09:21:45.0247 3660 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
09:21:45.0257 3660 TBS - ok
09:21:45.0297 3660 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:21:45.0327 3660 Tcpip - ok
09:21:45.0347 3660 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:21:45.0357 3660 TCPIP6 - ok
09:21:45.0377 3660 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:21:45.0377 3660 tcpipreg - ok
09:21:45.0427 3660 [ 69f1a38a6dbfe682491cb61a596662e3 ] tcsd_win32.exe C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
09:21:45.0517 3660 tcsd_win32.exe - ok
09:21:45.0567 3660 [ 8c6740f641a1c3d56a1a396aeb0158e7 ] TdmService C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
09:21:45.0577 3660 TdmService - ok
09:21:45.0597 3660 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:21:45.0607 3660 TDPIPE - ok
09:21:45.0617 3660 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:21:45.0617 3660 TDTCP - ok
09:21:45.0647 3660 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:21:45.0647 3660 tdx - ok
09:21:45.0737 3660 [ 2bbb318ea9f34fdc508cea4aab98d770 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
09:21:45.0747 3660 TeamViewer7 - ok
09:21:45.0767 3660 [ dc5476215dce4dde72819840130ddf41 ] Teefer3 C:\Windows\system32\DRIVERS\Teefer3.sys
09:21:45.0777 3660 Teefer3 - ok
09:21:45.0797 3660 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:21:45.0797 3660 TermDD - ok
09:21:45.0827 3660 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll
09:21:45.0837 3660 TermService - ok
09:21:45.0847 3660 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
09:21:45.0847 3660 Themes - ok
09:21:45.0867 3660 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
09:21:45.0867 3660 THREADORDER - ok
09:21:45.0877 3660 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
09:21:45.0877 3660 TrkWks - ok
09:21:45.0907 3660 [ 370a6907ddf79532a39319492b1fa38a ] truecrypt C:\Windows\system32\drivers\truecrypt.sys
09:21:45.0907 3660 truecrypt - ok
09:21:45.0937 3660 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:21:45.0937 3660 TrustedInstaller - ok
09:21:45.0957 3660 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:21:45.0957 3660 tssecsrv - ok
09:21:45.0987 3660 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:21:45.0997 3660 TsUsbFlt - ok
09:21:46.0017 3660 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:21:46.0017 3660 tunnel - ok
09:21:46.0027 3660 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:21:46.0027 3660 uagp35 - ok
09:21:46.0057 3660 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:21:46.0057 3660 udfs - ok
09:21:46.0067 3660 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:21:46.0067 3660 UI0Detect - ok
09:21:46.0077 3660 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:21:46.0077 3660 uliagpkx - ok
09:21:46.0097 3660 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:21:46.0097 3660 umbus - ok
09:21:46.0107 3660 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:21:46.0107 3660 UmPass - ok
09:21:46.0127 3660 [ a293dcd756d04d8492a750d03b9a297c ] UmRdpService C:\Windows\System32\umrdp.dll
09:21:46.0137 3660 UmRdpService - ok
09:21:46.0147 3660 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
09:21:46.0147 3660 upnphost - ok
09:21:46.0167 3660 [ aa33fc47ed58c34e6e9261e4f850b7eb ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
09:21:46.0167 3660 USBAAPL64 - ok
09:21:46.0197 3660 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:21:46.0197 3660 usbccgp - ok
09:21:46.0217 3660 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:21:46.0217 3660 usbcir - ok
09:21:46.0247 3660 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:21:46.0247 3660 usbehci - ok
09:21:46.0277 3660 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:21:46.0287 3660 usbhub - ok
09:21:46.0297 3660 [ 58e546bbaf87664fc57e0f6081e4f609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
09:21:46.0297 3660 usbohci - ok
09:21:46.0307 3660 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:21:46.0307 3660 usbprint - ok
09:21:46.0337 3660 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:21:46.0337 3660 USBSTOR - ok
09:21:46.0357 3660 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
09:21:46.0357 3660 usbuhci - ok
09:21:46.0367 3660 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
09:21:46.0377 3660 UxSms - ok
09:21:46.0377 3660 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe
09:21:46.0377 3660 VaultSvc - ok
09:21:46.0397 3660 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:21:46.0397 3660 vdrvroot - ok
09:21:46.0427 3660 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe
09:21:46.0427 3660 vds - ok
09:21:46.0447 3660 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:21:46.0447 3660 vga - ok
09:21:46.0457 3660 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
09:21:46.0467 3660 VgaSave - ok
09:21:46.0477 3660 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:21:46.0477 3660 vhdmp - ok
09:21:46.0487 3660 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys
09:21:46.0487 3660 viaide - ok
09:21:46.0517 3660 [ 86ea3e79ae350fea5331a1303054005f ] vmbus C:\Windows\system32\drivers\vmbus.sys
09:21:46.0517 3660 vmbus - ok
09:21:46.0527 3660 [ 7de90b48f210d29649380545db45a187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
09:21:46.0527 3660 VMBusHID - ok
09:21:46.0537 3660 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:21:46.0537 3660 volmgr - ok
09:21:46.0557 3660 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:21:46.0557 3660 volmgrx - ok
09:21:46.0567 3660 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:21:46.0577 3660 volsnap - ok
09:21:46.0587 3660 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:21:46.0587 3660 vsmraid - ok
09:21:46.0627 3660 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe
09:21:46.0657 3660 VSS - ok
09:21:46.0667 3660 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
09:21:46.0667 3660 vwifibus - ok
09:21:46.0677 3660 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
09:21:46.0687 3660 W32Time - ok
09:21:46.0707 3660 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:21:46.0707 3660 WacomPen - ok
09:21:46.0717 3660 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:21:46.0717 3660 WANARP - ok
09:21:46.0727 3660 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:21:46.0727 3660 Wanarpv6 - ok
09:21:46.0757 3660 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:21:46.0777 3660 WatAdminSvc - ok
09:21:46.0817 3660 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe
09:21:46.0847 3660 wbengine - ok
09:21:47.0287 3660 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:21:47.0297 3660 WbioSrvc - ok
09:21:47.0317 3660 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:21:47.0317 3660 wcncsvc - ok
09:21:47.0327 3660 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:21:47.0327 3660 WcsPlugInService - ok
09:21:47.0347 3660 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:21:47.0347 3660 Wd - ok
09:21:47.0357 3660 [ a3d04ebf5227886029b4532f20d026f7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
09:21:47.0357 3660 WDC_SAM - ok
09:21:47.0377 3660 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:21:47.0387 3660 Wdf01000 - ok
09:21:47.0397 3660 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:21:47.0397 3660 WdiServiceHost - ok
09:21:47.0397 3660 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:21:47.0397 3660 WdiSystemHost - ok
09:21:47.0427 3660 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll
09:21:47.0427 3660 WebClient - ok
09:21:47.0437 3660 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:21:47.0447 3660 Wecsvc - ok
09:21:47.0447 3660 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:21:47.0457 3660 wercplsupport - ok
09:21:47.0467 3660 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
09:21:47.0467 3660 WerSvc - ok
09:21:47.0487 3660 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:21:47.0487 3660 WfpLwf - ok
09:21:47.0497 3660 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:21:47.0497 3660 WIMMount - ok
09:21:47.0497 3660 WinDefend - ok
09:21:47.0507 3660 WinHttpAutoProxySvc - ok
09:21:47.0547 3660 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:21:47.0547 3660 Winmgmt - ok
09:21:47.0597 3660 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll
09:21:47.0627 3660 WinRM - ok
09:21:47.0647 3660 [ fe88b288356e7b47b74b13372add906d ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:21:47.0647 3660 WinUsb - ok
09:21:47.0677 3660 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
09:21:47.0697 3660 Wlansvc - ok
09:21:47.0777 3660 [ 2bacd71123f42cea603f4e205e1ae337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:21:47.0817 3660 wlidsvc - ok
09:21:47.0827 3660 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:21:47.0827 3660 WmiAcpi - ok
09:21:47.0847 3660 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:21:47.0847 3660 wmiApSrv - ok
09:21:47.0857 3660 WMPNetworkSvc - ok
09:21:47.0867 3660 [ 35d55f6f7115f5bb35cc7b50f5474cce ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:21:47.0867 3660 WPCSvc - ok
09:21:47.0877 3660 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:21:47.0887 3660 WPDBusEnum - ok
09:21:47.0917 3660 [ 5be84568d91521dc2225072698e14956 ] WPS C:\Windows\system32\drivers\wpsdrvnt.sys
09:21:47.0917 3660 WPS - ok
09:21:47.0937 3660 [ d9b5a13804b7d97770c42da484a9d86e ] WpsHelper C:\Windows\system32\drivers\WpsHelper.sys
09:21:47.0947 3660 WpsHelper - ok
09:21:47.0957 3660 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:21:47.0957 3660 ws2ifsl - ok
09:21:47.0977 3660 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\system32\wscsvc.dll
09:21:47.0977 3660 wscsvc - ok
09:21:48.0007 3660 [ 8d918b1db190a4d9b1753a66fa8c96e8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
09:21:48.0007 3660 WSDPrintDevice - ok
09:21:48.0027 3660 [ 4a2a5c50dd1a63577d3aca94269fbc7f ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
09:21:48.0027 3660 WSDScan - ok
09:21:48.0037 3660 WSearch - ok
09:21:48.0097 3660 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
09:21:48.0127 3660 wuauserv - ok
09:21:48.0147 3660 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:21:48.0157 3660 WudfPf - ok
09:21:48.0167 3660 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:21:48.0177 3660 WUDFRd - ok
09:21:48.0187 3660 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:21:48.0197 3660 wudfsvc - ok
09:21:48.0207 3660 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
09:21:48.0207 3660 WwanSvc - ok
09:21:48.0247 3660 [ 3d47152cfbe400b1d2b9945164e0255d ] WysePocketCloud C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
09:21:48.0247 3660 WysePocketCloud - ok
09:21:48.0257 3660 ================ Scan global ===============================
09:21:48.0287 3660 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
09:21:48.0307 3660 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
09:21:48.0317 3660 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
09:21:48.0337 3660 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
09:21:48.0347 3660 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
09:21:48.0357 3660 [Global] - ok
09:21:48.0357 3660 ================ Scan MBR ==================================
09:21:48.0357 3660 MBR (0x1B8) (4c54042f5b2569c9ddcf173120d730f9) \Device\Harddisk0\DR0
09:21:48.0387 3660 \Device\Harddisk0\DR0 - ok
09:21:48.0387 3660 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR5
09:21:50.0577 3660 \Device\Harddisk5\DR5 - ok
09:21:50.0577 3660 ================ Scan VBR ==================================
09:21:50.0577 3660 Boot (0x1200) (0161d1db9a693c92abd00d04ed31fb6a) \Device\Harddisk0\DR0\Partition1
09:21:50.0577 3660 \Device\Harddisk0\DR0\Partition1 - ok
09:21:50.0587 3660 Boot (0x1200) (fc2c2b9cfa885f10a99751eb98b73527) \Device\Harddisk0\DR0\Partition2
09:21:50.0587 3660 \Device\Harddisk0\DR0\Partition2 - ok
09:21:50.0587 3660 Boot (0x1200) (ca80d5860253d4f94be7fe134cbbe74d) \Device\Harddisk5\DR5\Partition1
09:21:50.0587 3660 \Device\Harddisk5\DR5\Partition1 - ok
09:21:50.0587 3660 ============================================================
09:21:50.0587 3660 Scan finished
09:21:50.0587 3660 ============================================================
09:21:50.0597 2420 Detected object count: 0
09:21:50.0597 2420 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-21 09:23:21
-----------------------------
09:23:21.515 OS Version: Windows x64 6.1.7601 Service Pack 1
09:23:21.515 Number of processors: 2 586 0x1A05
09:23:21.515 ComputerName: BRNYC_LITSUPWS UserName: jholley
09:23:21.915 Initialize success
09:24:01.897 AVAST engine defs: 12082100
09:25:12.747 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
09:25:12.747 Disk 0 Vendor: WDC_WD30 04.0 Size: 286168MB BusType: 8
09:25:12.767 Disk 0 MBR read successfully
09:25:12.767 Disk 0 MBR scan
09:25:12.767 Disk 0 unknown MBR code
09:25:12.767 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 70 MB offset 63
09:25:12.787 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 750 MB offset 145408
09:25:12.817 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 285346 MB offset 1681408
09:25:12.877 Disk 0 scanning C:\Windows\system32\drivers
09:25:24.619 Service scanning
09:25:58.535 Modules scanning
09:25:58.535 Disk 0 trace - called modules:
09:25:58.545 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
09:25:58.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800c580060]
09:25:58.875 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa800a159050]
09:25:59.495 AVAST engine scan C:\Windows
09:26:03.815 AVAST engine scan C:\Windows\system32
09:31:15.554 AVAST engine scan C:\Windows\system32\drivers
09:31:29.148 AVAST engine scan C:\Users\jholley.BROFFICE
09:46:39.330 AVAST engine scan C:\ProgramData
09:49:43.538 Scan finished successfully
10:02:28.353 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
10:02:28.433 The log file has been saved successfully to "F:\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:21 AM

Posted 21 August 2012 - 04:45 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 JimDaniels

JimDaniels
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 23 August 2012 - 09:22 AM

Hello Gringo:

Before I ran this latest scan, I was receiving some pop up error messages when I logged in that referred to missing windows system files. Because I felt these files where either missing or corrupted, I ran an upgrade from a Windows 7 SP1 installation disc to replace/repair these files. Because of this, the ComboFix report turned into a huge text file that I fear may be too large to paste into this message. Should I send it as an attached file?

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:21 AM

Posted 23 August 2012 - 10:19 AM

upload it here and send me the link


http://www.2shared.com/



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 JimDaniels

JimDaniels
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 23 August 2012 - 03:26 PM

Here is the link:

http://www.2shared.com/document/PIQQIqji/ComboFix.html

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:21 AM

Posted 24 August 2012 - 12:10 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 JimDaniels

JimDaniels
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 24 August 2012 - 08:29 AM

Good morning Gringo, here is the extraCombofix report text:


Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.5.2 - CPSID_83708
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Design Standard
Adobe Flash Player 11 ActiveX
Adobe Media Player
Advanced IP Scanner
Aid4Mail2 (Remove only)
Apple Application Support
Apple Software Update
Audacity 1.3.13 (Unicode)
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 6.1
BlackBerry Device Communication Components
BlackBerry Device Software Updater
BlackBerry Device Software v5.0.0 for the BlackBerry 9300 smartphone
Brava! Desktop 7.0
CamStudio OSS Desktop Recorder
CaseViewNet
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco Network Assistant
Cisco WebEx Meetings
Concordance 10
Concordance Native Viewer
Core FTP LE
CPC View ax 6.5.10
D3DX10
DBF Viewer 2000 4.45
DbView 5.0
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell ControlPoint Security Manager
Dell Driver Download Manager
Dell Security Device Driver Pack
EMBASSY Security Center Lite
EMBASSY Security Setup
ESC Home Page Plugin
EsquireView
File Renamer - Basic
FileZilla Client 3.5.3
Google Chrome
GoToMeeting 5.1.0.880
ImageSlicer
Intel® Control Center
Intel® Rapid Storage Technology
IPRO Tech WS 8.6
Java Auto Updater
Java™ 6 Update 34
JGoodies JDiskReport 1.3.2
JujuEdit 1.44
Junk Mail filter update
LAME v3.98.3 for Audacity
LexisNexis CaseMap 10
LexisNexis CaseMap 8
LexisNexis CaseMap 9
LexisNexis NoteMap 2
LexisNexis TextMap 6
LexisNexis Time Matters 11
LexisNexis TimeMap 5
LexisNexis® Time Matters / LNTPA 10.0
ListRenamer
LiveNote 10
LiveUpdate 3.3 (Symantec Corporation)
MagicDisc 2.7.106
Microsoft Access 2010
Microsoft Expression Design 4
Microsoft Expression Encoder 4
Microsoft Expression Encoder 4 Screen Capture Codec
Microsoft Expression Web 3
Microsoft Expression Web 3 SP2
Microsoft Expression Web 4
Microsoft Expression Web 4 Service Pack 2
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Standard 2010
Microsoft Office Visio 2010
Microsoft Office Visio MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft RichCopy 4.0
Microsoft Robocopy GUI
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Browser
Microsoft Store Download Manager
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Professional 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MultiRenamer
Network Scanner version 3.2.0.145
Nuance PDF Converter for Lexis® for Microsoft® Office
PDF Settings CS5
pdfDocs
pdfDocs compareDocs
pdfDocs formFiller
PocketCloud Windows Companion
PowerDVD DX
PrintMaestro3
PSTViewer Pro
QuickTime
Relativity Web Client 6.6
Relativity Web Client Manager 6.6
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
RSA SecurID Software Token
SecureWallet
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Expression Design 4 (KB2667730)
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio 2010 (KB2597171) 32-Bit Edition
SEO Tools v5.6 for Expression Web 4
SolidWorks eDrawings 2012
SyncFolder
SyncToy 2.1 (x86)
SysTools BKF Recovery v5.3
TeamViewer 7
TextPad 5
TiffTeller
Total PDF Printer
TotalImageConverter
TotalPDFConverterOCR
TrueCrypt
Unisphere CLI 1.5.2.10002
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Visionary Viewer
VisualRenamer
Wave Support Software
WinDirStat 1.1.2
Windows 7 USB/DVD Download Tool
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
XY Chart Labeler 7.1

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:21 AM

Posted 24 August 2012 - 01:09 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Java™ 6 Update 34
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users