Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zero Access,Internet Security 2013,root Kits,SysWOW64 file combo dds log attach


  • This topic is locked This topic is locked
31 replies to this topic

#16 seedy21

seedy21

  • SpywareHammer Trainee
  • 416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Halifax, UK
  • Local time:07:44 AM

Posted 26 January 2014 - 03:39 PM

Hi jillmarten

Please can you look and see if you can find the logs created when you run TDSSkiller. This should be on your computer in the following path C:\TDSSKiller.Version_Date_Time_log.txt.

I would also like to see the MSRT report:

In Windows 7:
 

  • Click the Start Button
  • Type or copy/paste the following into "Search Programs and Files" Box, then Hit Enter
  • c:\windows\debug\mrt.log
  • Post back the contents of the MRT log that opens in Notepad

Step 1

Download ADWCleaner to your desktop:
http://www.bleepingcomputer.com/download/adwcleaner/

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

scan-results.jpg

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Step 2

Perform an Online Antivirus Scan with ESET:


Note:ESET recommends disabling your resident antivirus's active protection component BEFORE scanning , how to do so can be read here. Use Internet Explorer to navigate to the scanner website because you must approve install an ActiveX add-on to complete the scan. If you are using Vista or Windows 7 or 8, launch Internet Explorer by right-clicking the Start Menu icon & selecting "Run as Administrator".

  • Please go here then click on Run ESET ONLINE SCANNER
  • Select the option YES, I accept the Terms of Use then click on START
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is checked.
  • Now click on Advanced Settings and select the following:

     
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on START
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.

Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When the scan is complete,

If no threats were found:

  • Check in "Uninstall application on close"
  • Close program

If threats were found:

  • Select "list of threats found"
  • Select "Export to Text File" & Save the Report to your Desktop as ESETScanLog"
  • Select Back
  • Place a checkmark in "Uninstall application on close"
  • Select Finish & Exit the program
  • Copy and paste ESETScanLog.txt in your next reply

Step 3
Download 51a612a8b27e2-Zoek.pngzoek.exe from here: http://hijackthis.nl/smeenk/ and save it to your Desktop.
 

  • Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe
    You can find instructions how to disable your security applications >>Here<< or >>Here<<
  • Unzip the folder (Right Click > Extract all > Next > Next > Make sure Show Extracted Files is tick and Click Finish ).
  • Double click zoek.exe to start the program.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar :!:

    autoruns;
    standardsearch;
    
    
  • Close any open browsers.
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive (normally C:\).
  • Please post the logfile for further review in your next reply

Edited by seedy21, 26 January 2014 - 03:44 PM.

It's only after we've lost everything that we're free to do anything.
― Chuck Palahniuk, Fight Club

BC AdBot (Login to Remove)

 


#17 jillmarten

jillmarten
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 27 January 2014 - 10:00 AM

HELLO, The tdskiller and Msrt report are gone from my report, now to the other logs. I have done what you asked but the zoek-results is so big and long it won't let me paste it all in one post so I am going to have to seperate it into 2 different posts. I can't attach it either because it is to big to attach..

 

adwcleaner[so] 

# AdwCleaner v3.017 - Report created 26/01/2014 at 15:51:19

# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : L645D-S4025 - L645D-S4025-PC
# Running from : C:\Users\L645D-S4025\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Partner
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Google Chrome v32.0.1700.76
 
[ File : C:\Users\L645D-S4025\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1110 octets] - [26/01/2014 15:50:10]
AdwCleaner[S0].txt - [1044 octets] - [26/01/2014 15:51:19]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1104 octets] ##########
 
ESETSCANLOG
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNR41TCC\j9e2k7szkws8wgkgkk08sk0sk4[1] HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNR41TCC\j9e2k7szkws8wgkgkk08sk0sk4[1] HTML/Iframe.B.Gen virus deleted - quarantined
 

Jill M***Butterfly Kisses


#18 jillmarten

jillmarten
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 27 January 2014 - 10:12 AM

Attached File  zoek-resultsPT1.log   171.09KB   0 downloadsI had to seperate the zoek results I have spent 15 minutes this am trying to get them posted. UGH!!!!!! I don't know why they won't post maybe because It's to big

 


Jill M***Butterfly Kisses


#19 jillmarten

jillmarten
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 27 January 2014 - 10:26 AM

So confused won't let me attach pt 2 and the it won't post the post with pt 2 copied and pasted in the post so I am gonna try this I have sepereted the pt2 of it and gonna try it in to different posts I know they won't let me attach it because It is 45kb and It says I can only have 36kb... what is going on? 

 

====== C:\windows\Tasks ======
====== C:\windows\Temp ======
======= C:\Program Files =====
2014-01-20 20:16:07 -------- d-----w- C:\Program Files\Windows Live
2014-01-20 19:42:13 -------- d-----w- C:\Program Files\Microsoft Silverlight
======= C:\PROGRA~2 =====
2014-01-26 22:06:09 -------- d-----w- C:\PROGRA~2\ESET
2014-01-20 19:42:13 -------- d-----w- C:\PROGRA~2\Microsoft Silverlight
2014-01-20 19:10:57 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype
2014-01-20 19:10:57 -------- d-----r- C:\PROGRA~2\Skype
2014-01-19 01:49:23 -------- d-----w- C:\PROGRA~2\VS Revo Group
======= C: =====
2014-01-19 01:03:34 32C5EE55EADFC071E57851E26AC98477 1402880 ----a-w- C:\Utilman.exe
====== C:\Users\L645D-S4025\AppData\Roaming ======
2014-01-26 02:58:02 -------- d-----w- C:\Users\test\AppData\Local\TOSHIBA_Corporation
2014-01-25 23:57:50 -------- d-----w- C:\Users\test\AppData\Roaming\Toshiba
2014-01-25 23:42:52 42A371D3EC1945BEE2EDD401C2FFE0B1 79608 ----a-w- C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-25 23:42:26 -------- d-----w- C:\Users\test\AppData\Roaming\Adobe
2014-01-25 23:42:19 -------- d-----r- C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-25 23:42:19 -------- d-----r- C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-25 23:41:56 -------- d-----w- C:\Users\test\AppData\Roaming\Identities
2014-01-25 23:41:44 -------- d-s---w- C:\Users\test\AppData\Locallow\Microsoft
2014-01-25 23:41:40 -------- d-----w- C:\Users\test\AppData\Local\VirtualStore
2014-01-25 23:41:29 -------- d-s---w- C:\Users\test\AppData\Roaming\Microsoft
2014-01-25 23:41:29 -------- d-----w- C:\Users\test\AppData\Roaming\Media Center Programs
2014-01-25 23:41:29 -------- d-----w- C:\Users\test\AppData\Local\temp
2014-01-25 23:41:29 -------- d-----w- C:\Users\test\AppData\Local\Microsoft
2014-01-25 23:41:29 -------- d-----r- C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-25 23:41:29 -------- d-----r- C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-22 14:52:59 -------- d-----w- C:\Users\Public\AppData\Local\temp
2014-01-22 14:52:59 -------- d-----w- C:\Users\Kiosk\AppData\Local\temp
2014-01-22 14:52:59 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-01-22 14:52:59 -------- d-----w- C:\Users\Default User\AppData\Local\temp
2014-01-21 04:10:51 -------- d-s---w- C:\windows\serviceprofiles\networkservice\AppData\Locallow\Microsoft
2014-01-21 01:18:21 -------- d-s---w- C:\windows\serviceprofiles\Localservice\AppData\Locallow\Microsoft
2014-01-20 19:55:49 -------- d-----w- C:\Users\L645D-S4025\AppData\Local\Windows Live
2014-01-20 19:16:06 -------- d-----w- C:\Users\L645D-S4025\AppData\Local\Microsoft Help
2014-01-19 16:49:57 -------- d-----w- C:\Users\L645D-S4025\AppData\Roaming\SUPERAntiSpyware.com
2014-01-19 01:54:11 -------- d-----w- C:\Users\L645D-S4025\AppData\Local\Programs
====== C:\Users\L645D-S4025 ======
2014-01-26 21:48:56 246FE58EFFD357B2078842708155E46C 1236282 ----a-w- C:\Users\L645D-S4025\Downloads\AdwCleaner.exe
2014-01-25 23:42:19 -------- d-----r- C:\Users\test\Searches
2014-01-25 23:41:44 -------- d-----r- C:\Users\test\Contacts
2014-01-25 23:41:31 6FC234AD3752E1267B34FB12BCD6718B 20 --sha-w- C:\Users\test\ntuser.ini
2014-01-25 23:41:29 -------- d--h--w- C:\Users\test\AppData
2014-01-25 23:41:29 -------- d-----r- C:\Users\test\Videos
2014-01-25 23:41:29 -------- d-----r- C:\Users\test\Saved Games
2014-01-25 23:41:29 -------- d-----r- C:\Users\test\Pictures
2014-01-25 23:41:29 -------- d-----r- C:\Users\test\Music
==== Startup Registry Enabled ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60"
"NortonOnlineBackupReminder"="C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe UNATTENDED"
"TWebCamera"=""C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe"
"TosVolRegulator"="C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe"
"SmartAudio"="C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
"TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE"
"HSON"="%ProgramFiles%\TOSHIBA\TBS\HSON.exe "
"SmoothView"="%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe "
"00TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe "
"TosWaitSrv"="%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe "
"Teco"=""%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r"
"SmartFaceVWatcher"="%ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe "
"TosSENotify"="C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe"
"TosNC"="%ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe "
"TosReelTimeMonitor"="%ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe "
 
==== Startup Registry Disabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Spotify"
"hkey"="HKCU"
"command"="\"C:\\Users\\L645D-S4025\\AppData\\Roaming\\Spotify\\Spotify.exe\" /uri spotify:autostart"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Spotify Web Helper"
"hkey"="HKCU"
"command"="\"C:\\Users\\L645D-S4025\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StartCCC"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun"
 
 
==== Task Scheduler Jobs ======================
 
C:\windows\tasks\Adobe Flash Player Updater.job --a------ C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [01/19/2014 06:33 PM]
C:\windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task]
C:\windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11/17/2011 07:57 PM]
 
==== Other Scheduled Tasks ======================
 
"C:\windows\SysNative\tasks\Adobe Flash Player Updater" [C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
 
==== Chrome Look ======================
 
Google Wallet - L645D-S4025\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
 
==== IE Start and Search Settings ======================
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{F8CC2F32-887A-4B90-B3E3-FE32C4370AB0}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{3AA443BC-CDE3-4903-9E85-30FBE64CEBA7} Unknown  Url="Not_Found"
{F8CC2F32-887A-4B90-B3E3-FE32C4370AB0} Unknown  Url="Not_Found"
 
==== HijackThis Entries ======================
 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Toshiba Laptop Checkup Application Launcher (Norton PC Checkup Application Launcher) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
==== Sysinternals Autoruns Log ======================
 
C:\Users\L645D-S4025\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
   Power Consumption Meter
     C:\Program Files\Windows Sidebar\Shared Gadgets\Power Consumption Meter Eco.gadget
     This gadget shows you the current status of the power consumption of your PC.
     TOSHIBA Corporation
     C:\Program Files\Windows Sidebar\Shared Gadgets\Power Consumption Meter Eco.gadget\Gadget.xml
     8/2/2009 3:51 AM
 
HKLM\System\CurrentControlSet\Services
   AdobeFlashPlayerUpdateSvc
     C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
     This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes.
     Adobe Systems Incorporated
     11.9.900.170
     c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
     12/1/2013 12:09 PM
   AMD External Events Utility
     %SystemRoot%\system32\atiesrxx.exe
     AMD External Events Service Module
     AMD
     6.14.11.1051
     c:\windows\system32\atiesrxx.exe
     3/15/2010 8:56 AM
   GameConsoleService
     "C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe"
     GameConsole management services
     WildTangent, Inc.
     3.0.4728.0
     c:\program files (x86)\toshiba games\toshiba game console\gameconsoleservice.exe
     12/3/2009 8:30 PM
   gupdate
     "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
     Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.
     Google Inc.
     1.2.183.21
     c:\program files (x86)\google\update\googleupdate.exe
     3/9/2010 12:10 AM
   gupdatem
     "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
     Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.
     Google Inc.
     1.2.183.21
     c:\program files (x86)\google\update\googleupdate.exe
     3/9/2010 12:10 AM
   gusvc
     "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
     Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work.
     Google
     2.4.1441.4352
     c:\program files (x86)\google\common\google updater\googleupdaterservice.exe
     12/12/2008 1:18 PM
   IDriverT
     "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
     Provides support for the Running Object Table for InstallShield Drivers
     Macrovision Corporation
     11.0.0.28844
     c:\program files (x86)\common files\installshield\driver\11\intel 32\idrivert.exe
     4/3/2005 11:41 PM
   Norton PC Checkup Application Launcher
     C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe /s
     Provides consolidated application launching facility
     Symantec Corporation
     1.0.0.137
     c:\program files (x86)\norton pc checkup\engine\2.0.3.198\symcpcculaunchsvc.exe
     1/28/2010 5:46 PM
   PCCUJobMgr
     "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll" /prefetch:1
     Job Manager service for common client services
     Symantec Corporation
     109.0.0.107
     c:\program files (x86)\norton pc checkup\engine\2.0.3.198\ccsvchst.exe
     8/24/2009 2:36 PM
   SkypeUpdate
     "C:\Program Files (x86)\Skype\Updater\Updater.exe"
     Enables the detection, download and installation of updates for Skype.
     Skype Technologies
     5.10.1.44067
     c:\program files (x86)\skype\updater\updater.exe
     7/13/2012 6:28 AM
   TMachInfo
     C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
     TOSHIBA Machine Information Service
     TOSHIBA Corporation
     2.1.0.5
     c:\program files (x86)\toshiba\toshiba service station\tmachinfo.exe
     10/5/2009 4:45 PM
   TODDSrv
     C:\Windows\system32\TODDSrv.exe
     TDCSrv Application
     TOSHIBA Corporation
     1.0.0.7
     c:\windows\system32\toddsrv.exe
     7/28/2009 12:36 AM
   TosCoSrv
     "C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"
     TOSHIBA Power Saver manages power saving settings supported by TOSHIBA. These settings will not work if the service has stopped.
     TOSHIBA Corporation
     1.0.0.4
     c:\program files\toshiba\power saver\toscosrv.exe
     11/5/2009 7:08 AM
   TOSHIBA eco Utility Service
     "C:\Program Files\TOSHIBA\TECO\TecoService.exe"
     TOSHIBA eco Utility Service
     TOSHIBA Corporation
     1.1.9.0
     c:\program files\toshiba\teco\tecoservice.exe
     4/5/2010 11:51 PM
   TOSHIBA HDD SSD Alert Service
     "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe"
     TOSHIBA HDD SSD Alert
     TOSHIBA Corporation
     1.1.0.8
     c:\program files\toshiba\toshiba hdd ssd alert\tossmartsrv.exe
     2/5/2010 2:43 AM
   TPCHSrv
     "C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe"
     TOSHIBA PC Health Monitor
     TOSHIBA Corporation
     1.0.0.17
     c:\program files\toshiba\tphm\tpchsrv.exe
     2/23/2010 3:00 AM
 
HKLM\System\CurrentControlSet\Services
   adp94xx
     \SystemRoot\system32\DRIVERS\adp94xx.sys
     Adaptec Windows SAS/SATA Storport Driver
     Adaptec, Inc.
     1.6.6.4
     c:\windows\system32\drivers\adp94xx.sys
     12/5/2008 5:54 PM
   adpahci
     \SystemRoot\system32\DRIVERS\adpahci.sys
     Adaptec Windows SATA Storport Driver
     Adaptec, Inc.
     1.6.6.1
     c:\windows\system32\drivers\adpahci.sys
     5/1/2007 11:30 AM
   adpu320
     \SystemRoot\system32\DRIVERS\adpu320.sys
     Adaptec StorPort Ultra320 SCSI Driver (X64)
     Adaptec, Inc.
     7.2.0.0
     c:\windows\system32\drivers\adpu320.sys
     2/27/2007 6:04 PM
   aliide
     \SystemRoot\system32\drivers\aliide.sys
     ALi mini IDE Driver
     Acer Laboratories Inc.
     1.2.0.0
     c:\windows\system32\drivers\aliide.sys
     7/13/2009 5:19 PM
   amdkmdag
     system32\DRIVERS\atipmdag.sys
     ATI Radeon Kernel Mode Driver
     ATI Technologies Inc.
     8.1.1.1010
     c:\windows\system32\drivers\atipmdag.sys
     3/15/2010 8:40 AM
   amdkmdap
     system32\DRIVERS\atikmpag.sys
     AMD multi-vendor Miniport Driver
     Advanced Micro Devices, Inc.
     8.14.1.6099
     c:\windows\system32\drivers\atikmpag.sys
     3/15/2010 8:00 AM
   amdsata
     \SystemRoot\system32\drivers\amdsata.sys
     AHCI 1.2 Device Driver
     Advanced Micro Devices
     1.1.2.5
     c:\windows\system32\drivers\amdsata.sys
     3/18/2010 6:45 PM
   amdsbs
     \SystemRoot\system32\DRIVERS\amdsbs.sys
     AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform
     AMD Technologies Inc.
     3.6.1540.127
     c:\windows\system32\drivers\amdsbs.sys
     3/20/2009 12:36 PM
   amdxata
     system32\drivers\amdxata.sys
     Storage Filter Driver
     Advanced Micro Devices
     1.1.2.5
     c:\windows\system32\drivers\amdxata.sys
     3/19/2010 10:18 AM
   arc
     \SystemRoot\system32\DRIVERS\arc.sys
     Adaptec RAID Storport Driver
     Adaptec, Inc.
     5.2.0.10384
     c:\windows\system32\drivers\arc.sys
     5/24/2007 3:27 PM
   arcsas
     \SystemRoot\system32\DRIVERS\arcsas.sys
     Adaptec SAS RAID WS03 Driver
     Adaptec, Inc.
     5.2.0.16119
     c:\windows\system32\drivers\arcsas.sys
     1/14/2009 1:27 PM
   AtiPcie
     system32\DRIVERS\AtiPcie.sys
     AMD PCIE Filter Driver for ATI PCIE chipset
     Advanced Micro Devices Inc.
     1.3.0.49
     c:\windows\system32\drivers\atipcie.sys
     5/5/2009 9:00 AM
   b06bdrv
     \SystemRoot\system32\DRIVERS\bxvbda.sys
     Broadcom NetXtreme II GigE VBD
     Broadcom Corporation
     4.8.2.0
     c:\windows\system32\drivers\bxvbda.sys
     2/13/2009 4:18 PM
   b57nd60a
     system32\DRIVERS\b57nd60a.sys
     Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver.
     Broadcom Corporation
     10.100.4.0
     c:\windows\system32\drivers\b57nd60a.sys
     4/26/2009 5:14 AM
   BrFiltLo
     \SystemRoot\system32\DRIVERS\BrFiltLo.sys
     Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver
     Brother Industries, Ltd.
     1.10.0.2
     c:\windows\system32\drivers\brfiltlo.sys
     8/6/2006 7:51 PM
   BrFiltUp
     \SystemRoot\system32\DRIVERS\BrFiltUp.sys
     Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver
     Brother Industries, Ltd.
     1.4.0.1
     c:\windows\system32\drivers\brfiltup.sys
     8/6/2006 7:51 PM
   Brserid
     \SystemRoot\System32\Drivers\Brserid.sys
     Brotehr Serial I/F Driver (WDM)
     Brother Industries Ltd.
     1.0.1.6
     c:\windows\system32\drivers\brserid.sys
     8/6/2006 7:51 PM
   BrSerWdm
     \SystemRoot\System32\Drivers\BrSerWdm.sys
     Brother Serial driver (WDM version)
     Brother Industries Ltd.
     1.0.0.20
     c:\windows\system32\drivers\brserwdm.sys
     8/6/2006 7:51 PM
   BrUsbMdm
     \SystemRoot\System32\Drivers\BrUsbMdm.sys
     Brother USB MDM Driver 
     Brother Industries Ltd.
     1.0.0.12
     c:\windows\system32\drivers\brusbmdm.sys
     8/6/2006 7:51 PM
   BrUsbSer
     \SystemRoot\System32\Drivers\BrUsbSer.sys
     Brother USB Serial Driver
     Brother Industries Ltd.
     1.0.1.3
     c:\windows\system32\drivers\brusbser.sys
     8/9/2006 6:11 AM
   catchme
     \??\C:\ComboFix\catchme.sys
     File not found: C:\ComboFix\catchme.sys
     
   cmdide
     \SystemRoot\system32\drivers\cmdide.sys
     CMD PCI IDE Bus Driver
     CMD Technology, Inc.
     2.0.7.0
     c:\windows\system32\drivers\cmdide.sys
     7/13/2009 5:19 PM
   CnxtHdAudService
     system32\drivers\CHDRT64.sys
     64-bit High Definition Audio Function Driver
     Conexant Systems Inc.
     4.119.0.0
     c:\windows\system32\drivers\chdrt64.sys
     3/31/2010 12:18 AM
   ebdrv
     \SystemRoot\system32\DRIVERS\evbda.sys
     Broadcom NetXtreme II 10 GigE VBD
     Broadcom Corporation
     4.8.13.0
     c:\windows\system32\drivers\evbda.sys
     12/31/2008 10:29 AM
   elxstor
     \SystemRoot\system32\DRIVERS\elxstor.sys
     Storport Miniport Driver for LightPulse HBAs
     Emulex
     7.2.10.211
     c:\windows\system32\drivers\elxstor.sys
     2/3/2009 4:52 PM
   hcw85cir
     \SystemRoot\system32\drivers\hcw85cir.sys
     Hauppauge WinTV 885 Consumer IR Driver for eHome
     Hauppauge Computer Works, Inc.
     1.31.27127.0
     c:\windows\system32\drivers\hcw85cir.sys
     5/11/2009 2:26 AM
   HpSAMD
     \SystemRoot\system32\drivers\HpSAMD.sys
     Smart Array SAS/SATA Controller Media Driver
     Hewlett-Packard Company
     6.12.6.64
     c:\windows\system32\drivers\hpsamd.sys
     4/20/2010 12:32 PM
   iaStorV
     \SystemRoot\system32\drivers\iaStorV.sys
     Intel Matrix Storage Manager driver - x64
     Intel Corporation
     8.6.2.1014
     c:\windows\system32\drivers\iastorv.sys
     6/10/2010 6:46 PM
   iirsp
     \SystemRoot\system32\DRIVERS\iirsp.sys
     Intel/ICP Raid Storport Driver
     Intel Corp./ICP vortex GmbH
     5.4.22.0
     c:\windows\system32\drivers\iirsp.sys
     12/13/2005 3:47 PM
   L1C
     system32\DRIVERS\L1C62x64.sys
     Atheros L1c PCI-E Gigabit Ethernet Controller
     Atheros Communications, Inc.
     1.0.0.35
     c:\windows\system32\drivers\l1c62x64.sys
     4/20/2011 3:24 AM
   LSI_FC
     \SystemRoot\system32\DRIVERS\lsi_fc.sys
     LSI Fusion-MPT FC Driver (StorPort)
     LSI Corporation
     1.28.3.52
     c:\windows\system32\drivers\lsi_fc.sys
     12/9/2008 4:46 PM
   LSI_SAS
     \SystemRoot\system32\DRIVERS\lsi_sas.sys
     LSI Fusion-MPT SAS Driver (StorPort)
     LSI Corporation
     1.28.3.52
     c:\windows\system32\drivers\lsi_sas.sys
     5/18/2009 6:20 PM
   LSI_SAS2
     \SystemRoot\system32\DRIVERS\lsi_sas2.sys
     LSI SAS Gen2 Driver (StorPort)
     LSI Corporation
     2.0.2.71
     c:\windows\system32\drivers\lsi_sas2.sys
     5/18/2009 6:31 PM
   LSI_SCSI
     \SystemRoot\system32\DRIVERS\lsi_scsi.sys
     LSI Fusion-MPT SCSI Driver (StorPort)
     LSI Corporation
     1.28.3.67
     c:\windows\system32\drivers\lsi_scsi.sys
     4/16/2009 4:13 PM
   megasas
     \SystemRoot\system32\DRIVERS\megasas.sys
     MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64
     LSI Corporation
     4.5.1.64
     c:\windows\system32\drivers\megasas.sys
     5/18/2009 7:09 PM
   MegaSR
     \SystemRoot\system32\DRIVERS\MegaSR.sys
     LSI MegaRAID Software RAID Driver
     LSI Corporation, Inc.
     13.5.409.2009
     c:\windows\system32\drivers\megasr.sys
     5/18/2009 7:25 PM
   nfrd960
     \SystemRoot\system32\DRIVERS\nfrd960.sys
     IBM ServeRAID Controller Driver
     IBM Corporation
     7.10.0.0
     c:\windows\system32\drivers\nfrd960.sys
     6/6/2006 3:11 PM
   nvraid
     \SystemRoot\system32\drivers\nvraid.sys
     NVIDIAr nForce™ RAID Driver
     NVIDIA Corporation
     10.6.0.18
     c:\windows\system32\drivers\nvraid.sys
     3/19/2010 2:59 PM
   nvstor
     \SystemRoot\system32\drivers\nvstor.sys
     NVIDIAr nForce™ Sata Performance Driver
     NVIDIA Corporation
     10.6.0.18
     c:\windows\system32\drivers\nvstor.sys
     3/19/2010 2:45 PM
   PGEffect
     system32\DRIVERS\pgeffect.sys
     TOSHIBA Universal Camera Filter Driver
     TOSHIBA Corporation
     1.0.13.64
     c:\windows\system32\drivers\pgeffect.sys
     6/22/2009 3:00 AM
   QIOMem
     system32\DRIVERS\QIOMem.sys
     Generic IO & Memory Access
     TOSHIBA
     2.1.0.0
     c:\windows\system32\drivers\qiomem.sys
     6/14/2009 11:58 PM
   ql2300
     \SystemRoot\system32\DRIVERS\ql2300.sys
     QLogic Fibre Channel Stor Miniport Driver
     QLogic Corporation
     9.1.8.6
     c:\windows\system32\drivers\ql2300.sys
     1/22/2009 5:05 PM
   ql40xx
     \SystemRoot\system32\DRIVERS\ql40xx.sys
     QLogic iSCSI Storport Miniport Driver
     QLogic Corporation
     2.1.3.20
     c:\windows\system32\drivers\ql40xx.sys
     5/18/2009 7:18 PM
   RSUSBSTOR
     System32\Drivers\RtsUStor.sys
     Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7
     Realtek Semiconductor Corp.
     6.1.7600.30113
     c:\windows\system32\drivers\rtsustor.sys
     2/8/2010 11:56 PM
   rtl8192se
     system32\DRIVERS\rtl8192se.sys
     Realtek RTL81892SE NDIS Driverr
     Realtek Semiconductor Corporation                           
     2020.4.620.2011
     c:\windows\system32\drivers\rtl8192se.sys
     6/20/2011 2:34 AM
   secdrv
     secdrv
     Macrovision SECURITY Driver
     Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
     4.3.86.0
     c:\windows\system32\drivers\secdrv.sys
     9/13/2006 7:18 AM
   Serial
     \SystemRoot\system32\DRIVERS\serial.sys
     Brotehr Serial I/F Driver (WDM)
     Brother Industries Ltd.
     6.1.7600.16385
     c:\windows\system32\drivers\serial.sys
     7/13/2009 6:00 PM
   SiSRaid2
     \SystemRoot\system32\DRIVERS\SiSRaid2.sys
     SiS RAID Stor Miniport Driver
     Silicon Integrated Systems Corp.
     5.1.1039.2600
     c:\windows\system32\drivers\sisraid2.sys
     9/24/2008 12:28 PM
   SiSRaid4
     \SystemRoot\system32\DRIVERS\sisraid4.sys
     SiS AHCI Stor-Miniport Driver
     Silicon Integrated Systems
     5.1.1039.3600
     c:\windows\system32\drivers\sisraid4.sys
     10/1/2008 3:56 PM
   SrvHsfHDA
     system32\DRIVERS\VSTAZL6.SYS
     HSF_HWAZL WDM driver
     Conexant Systems, Inc.
     7.80.2.0
     c:\windows\system32\drivers\vstazl6.sys
     10/15/2008 6:53 PM
   SrvHsfV92
     system32\DRIVERS\VSTDPV6.SYS
     HSF_DP driver
     Conexant Systems, Inc.
     7.80.2.0
     c:\windows\system32\drivers\vstdpv6.sys
     10/15/2008 6:57 PM
   SrvHsfWinac
     system32\DRIVERS\VSTCNXT6.SYS
     HSF_CNXT driver
     Conexant Systems, Inc.
     7.80.2.0
     c:\windows\system32\drivers\vstcnxt6.sys
     10/15/2008 6:52 PM
   stexstor
     \SystemRoot\system32\DRIVERS\stexstor.sys
     Promise  SuperTrak EX Series Driver for Windows 
     Promise Technology
     5.0.1.1
     c:\windows\system32\drivers\stexstor.sys
     2/17/2009 5:03 PM
   SynTP
     system32\DRIVERS\SynTP.sys
     Synaptics Touchpad Driver
     Synaptics Incorporated
     15.0.8.1
     c:\windows\system32\drivers\syntp.sys
     3/10/2010 8:02 PM
   tdcmdpst
     system32\DRIVERS\tdcmdpst.sys
     TOSHIBA ODD Writing Driver for x64.
     TOSHIBA Corporation.
     2.0.0.3
     c:\windows\system32\drivers\tdcmdpst.sys
     7/30/2009 2:39 AM
   TVALZ
     system32\DRIVERS\TVALZ_O.SYS
     TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver
     TOSHIBA Corporation
     2.0.0.3
     c:\windows\system32\drivers\tvalz_o.sys
     7/13/2009 8:19 PM
   TVALZFL
     system32\DRIVERS\TVALZFL.sys
     TOSHIBA TVALZ Filter Driver for x64
     TOSHIBA Corporation
     1.0.0.2
     c:\windows\system32\drivers\tvalzfl.sys
     6/19/2009 4:05 AM
   viaide
     \SystemRoot\system32\drivers\viaide.sys
     VIA Generic PCI IDE Bus Driver
     VIA Technologies, Inc.
     6.0.6000.170
     c:\windows\system32\drivers\viaide.sys
     7/13/2009 5:19 PM
   vsmraid
     \SystemRoot\system32\DRIVERS\vsmraid.sys
     VIA RAID DRIVER FOR AMD-X86-64
     VIA Technologies Inc.,Ltd
     6.0.6000.6210
     c:\windows\system32\drivers\vsmraid.sys
     1/30/2009 7:18 PM
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers
   SmartFaceVCP
     HKCR\CLSID\{B65F237C-AAFF-4df7-8872-91B65663E41F}
     SmartFaceVCP
     TOSHIBA Corporation
     3.1.3.0
     c:\program files\toshiba\smartfacev\smartfacevcp.dll
     10/19/2009 3:25 AM
 
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
   rdpclip
     rdpclip
     File not found: rdpclip
     
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   cAudioFilterAgent
     C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
     Conexant High Definition Audio Filter Agent
     Conexant Systems, Inc.
     1.7.13.0
     c:\program files\conexant\caudiofilteragent\caudiofilteragent64.exe
     1/29/2010 12:38 PM
   SynTPEnh
     %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
     Synaptics TouchPad Enhancements
     Synaptics Incorporated
     15.0.8.1
     c:\program files\synaptics\syntp\syntpenh.exe
     3/10/2010 8:27 PM
   TPwrMain
     %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
     TOSHIBA Power Saver
     TOSHIBA Corporation
     1.0.0.6
     c:\program files\toshiba\power saver\tpwrmain.exe
     11/5/2009 7:08 AM
   HSON
     %ProgramFiles%\TOSHIBA\TBS\HSON.exe
     HotStartOn
     TOSHIBA Corporation
     1.2.0.64
     c:\program files\toshiba\tbs\hson.exe
     3/7/2009 5:52 AM
   SmoothView
     %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
     SmoothView
     TOSHIBA Corporation
     3.0.13.64
     c:\program files\toshiba\smoothview\smoothview.exe
     7/27/2009 11:37 PM
   00TCrdMain
     %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
     TOSHIBA Flash Cards
     TOSHIBA Corporation
     2.0.2.6
     c:\program files\toshiba\flashcards\tcrdmain.exe
     3/2/2010 11:35 PM
   TosWaitSrv
     %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
     TOSHIBA Corporation
     1.0.0.2
     c:\program files\toshiba\tphm\toswaitsrv.exe
     2/23/2010 3:00 AM
   Teco
     "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
     TOSHIBA eco Utility
     TOSHIBA Corporation
     1.1.9.0
     c:\program files\toshiba\teco\teco.exe
     4/5/2010 11:52 PM
   SmartFaceVWatcher
     %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
     SmartFaceVWatcher
     TOSHIBA Corporation
     3.1.3.0
     c:\program files\toshiba\smartfacev\smartfacevwatcher.exe
     10/19/2009 3:24 AM
   TosVolRegulator
     C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
      Toshiba Volume Regulator
     TOSHIBA Corporation
     1.0.0.6
     c:\program files\toshiba\tosvolregulator\tosvolregulator.exe
     11/10/2009 11:35 PM
   TosSENotify
     C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
     TOSHIBA Corporation
     1.0.0.1
     c:\program files\toshiba\toshiba hdd ssd alert\toswaitsrv.exe
     2/5/2010 2:43 AM
   TosNC
     %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
     Message Center
     TOSHIBA Corporation
     1.6.0.64
     c:\program files\toshiba\bulletinboard\tosnccore.exe
     3/8/2010 11:28 PM
   TosReelTimeMonitor
     %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
     Monitor of TOSHIBA ReelTime
     TOSHIBA Corporation
     1.6.5.0
     c:\program files\toshiba\reeltime\tosreeltimemonitor.exe
     2/23/2010 3:41 AM
   SmartAudio
     C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
     SAIICpl MFC Application
     6.0.17.0
     c:\program files\conexant\saii\saiicpl.exe
     4/28/2010 12:28 PM
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
   ToshibaServiceStation
     "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
     TOSHIBA Service Station
     TOSHIBA Corporation
     2.1.0.13
     c:\program files (x86)\toshiba\toshiba service station\toshibaservicestation.exe
     10/5/2009 4:45 PM
   TWebCamera
     "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
     TOSHIBA CORPORATION.
     1.1.1.15
     c:\program files (x86)\toshiba\toshiba web camera application\twebcamera.exe
     2/23/2010 11:42 AM
   NortonOnlineBackupReminder
     "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
     Toshiba Online Backup Service
     Toshiba
     1.2.0.38
     c:\program files (x86)\toshiba\toshiba online backup\activation\tobuactivation.exe
     8/9/2009 11:30 PM
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components
   Internet Explorer
     C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
     File not found: C:\windows\system32\ie4uinit.exe
     
   Google Chrome
     "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
     Google Chrome
     Google Inc.
     32.0.1700.76
     c:\program files (x86)\google\chrome\application\32.0.1700.76\installer\chrmstp.exe
     1/11/2014 2:21 AM
 
Task Scheduler
   \Adobe Flash Player Updater
     "C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe" 
     Adober Flashr Player Update Service 11.9 r900
     Adobe Systems Incorporated
     11.9.900.170
     c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
     12/1/2013 12:09 PM
   \CCleanerSkipUAC
     "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
     CCleaner
     Piriform Ltd
     4.9.0.4471
     c:\program files\ccleaner\ccleaner.exe
     12/13/2013 9:35 AM
   \GoogleUpdateTaskMachineCore
     "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
     Google Installer
     Google Inc.
     1.2.183.21
     c:\program files (x86)\google\update\googleupdate.exe
     3/9/2010 12:10 AM
   \GoogleUpdateTaskMachineUA
     "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler
     Google Installer
     Google Inc.
     1.2.183.21
     c:\program files (x86)\google\update\googleupdate.exe
     3/9/2010 12:10 AM
   \Microsoft\Windows\NetTrace\GatherNetworkInfo
     "%windir%\system32\gatherNetworkInfo.vbs" 
     c:\windows\system32\gathernetworkinfo.vbs
     6/10/2009 2:36 PM
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
   Adobe PDF Link Helper
     HKCR\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
     Adobe PDF Helper for Internet Explorer
     Adobe Systems Incorporated
     9.3.0.148
     c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
     12/21/2009 8:27 PM
   Google Toolbar Helper
     HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}
     Google Toolbar
     Google Inc.
     6.2.1910.1554
     c:\program files (x86)\google\google toolbar\googletoolbar_32.dll
     7/10/2009 6:45 PM
   Google Toolbar Notifier BHO
     HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
     GoogleToolbarNotifier
     Google Inc.
     5.2.4204.1700
     c:\program files (x86)\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
     6/4/2009 6:04 PM
   Google Dictionary Compression sdch
     HKCR\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}
     Fast Search
     Google Inc.
     1.0.1801.150
     c:\program files (x86)\google\google toolbar\component\fastsearch_b7c5ac242193bb3e.dll
     6/2/2009 1:41 PM
   Java™ Plug-In 2 SSV Helper
     HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}
     Java™ Platform SE binary
     Sun Microsystems, Inc.
     6.0.170.4
     c:\program files (x86)\java\jre6\bin\jp2ssv.dll
     10/11/2009 6:17 AM
   TOSHIBA Media Controller Plug-in
     HKCR\CLSID\{F3C88694-EFFA-4d78-B409-54B7B2535B14}
     TOSHIBA Media Controller Plug-in 
     <TOSHIBA>
     1.0.4.9
     c:\program files (x86)\toshiba\toshiba media controller plug-in\toshibamediacontrollerie.dll
     3/2/2010 6:15 AM
 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
   Adobe PDF Link Helper
     HKCR\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
     Adobe PDF Helper for Internet Explorer
     Adobe Systems Incorporated
     9.3.0.148
     c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
     12/21/2009 8:27 PM
   Google Toolbar Helper
     HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}
     Google Toolbar
     Google Inc.
     6.2.1910.1554
     c:\program files (x86)\google\google toolbar\googletoolbar_32.dll
     7/10/2009 6:45 PM
   Google Toolbar Notifier BHO
     HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
     GoogleToolbarNotifier
     Google Inc.
     5.2.4204.1700
     c:\program files (x86)\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
     6/4/2009 6:04 PM
   Google Dictionary Compression sdch
     HKCR\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}
     Fast Search
     Google Inc.
     1.0.1801.150
     c:\program files (x86)\google\google toolbar\component\fastsearch_b7c5ac242193bb3e.dll
     6/2/2009 1:41 PM
   Java™ Plug-In 2 SSV Helper
     HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}
     Java™ Platform SE binary
     Sun Microsystems, Inc.
     6.0.170.4
     c:\program files (x86)\java\jre6\bin\jp2ssv.dll
     10/11/2009 6:17 AM
   TOSHIBA Media Controller Plug-in
     HKCR\CLSID\{F3C88694-EFFA-4d78-B409-54B7B2535B14}
     TOSHIBA Media Controller Plug-in 
     <TOSHIBA>
     1.0.4.9
     c:\program files (x86)\toshiba\toshiba media controller plug-in\toshibamediacontrollerie.dll
     3/2/2010 6:15 AM
 
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
   ACE
     HKCR\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
     AMD Desktop Control Panel
     Advanced Micro Devices, Inc.
     6.14.10.2001
     c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll
     3/15/2010 8:44 AM

Jill M***Butterfly Kisses


#20 jillmarten

jillmarten
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 27 January 2014 - 10:28 AM

Okay now you have seen i have attached Pt1 in the 1st post. copied and pasted pt2 of it in the second and now here is the 3rd and final pt of the ZOEK-results... I am sorry about this. I just don't get each time I try to copy and paste the whole thing it just goes to saving post or website times out....

 

3rd and final pt of ZOEK RESULTS

 

 
 
HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers
   PDF Shell Extension
     HKCR\CLSID\{F9DB5320-233E-11D1-9F84-707F02C10627}
     PDF Shell Extension
     Adobe Systems, Inc.
     9.3.0.148
     c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll
     12/21/2009 8:35 PM
 
HKLM\Software\Microsoft\Internet Explorer\Toolbar
   Google Toolbar
     HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}
     Google Toolbar
     Google Inc.
     6.2.1910.1554
     c:\program files (x86)\google\google toolbar\googletoolbar_64.dll
     7/10/2009 7:10 PM
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar
   Google Toolbar
     HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}
     Google Toolbar
     Google Inc.
     6.2.1910.1554
     c:\program files (x86)\google\google toolbar\googletoolbar_32.dll
     7/10/2009 6:45 PM
 
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
   msacm.l3acm
     C:\Windows\System32\l3codeca.acm
     MPEG Layer-3 Audio Codec for MSACM
     Fraunhofer Institut Integrierte Schaltungen IIS
     1.9.0.401
     c:\windows\system32\l3codeca.acm
     7/13/2009 7:28 PM
 
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32
   msacm.l3acm
     C:\Windows\SysWOW64\l3codeca.acm
     MPEG Layer-3 Audio Codec for MSACM
     Fraunhofer Institut Integrierte Schaltungen IIS
     1.9.0.401
     c:\windows\syswow64\l3codeca.acm
     7/13/2009 7:06 PM
   vidc.cvid
     iccvid.dll
     Cinepakr Codec
     Radius Inc.
     1.10.0.13
     c:\windows\syswow64\iccvid.dll
     11/20/2010 5:59 AM
 
HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance
   SFVCaptureFilter
     HKCR\CLSID\{AFF3FD47-AD22-4F1E-95FD-6FB78BB64F72}
     SmartFaceVCapt
     TOSHIBA Corporation
     3.1.3.0
     c:\program files\toshiba\smartfacev\smartfacevcapt.dll
     10/19/2009 3:24 AM
 
HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance
   ATI Ticker
     HKCR\CLSID\{10AD8B9D-222E-44D1-881B-0EA79E1B2D6E}
     c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\ticker.ax
     3/15/2010 8:42 AM
   MMACE ProcAmp
     HKCR\CLSID\{4A6E162C-6F51-4956-86D0-A72729178B9B}
     c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll
     3/15/2010 8:42 AM
   TOSHIBA Progress Monitor
     HKCR\CLSID\{76C6522B-124B-40CB-A0B9-831D946D202C}
     TOSHIBA Progress Monitor
     TOSHIBA Corporation
     1.0.1.209
     c:\program files (x86)\toshiba\toshiba disc creator\tprogmon.ax
     2/9/2006 2:34 AM
   TOSHIBA WAV Converter
     HKCR\CLSID\{777B3831-F9CF-4F26-A534-49B5812C29CA}
     TOSHIBA Wav Converter
     TOSHIBA Corporation
     1.0.0.315
     c:\program files (x86)\toshiba\toshiba disc creator\twavconv.ax
     3/15/2005 9:46 AM
   MMACE SoftEmu
     HKCR\CLSID\{854F4628-CE51-42C4-80E9-80DAE27FAAAE}
     c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll
     3/15/2010 8:42 AM
   Image Effects
     HKCR\CLSID\{8BFB6EE1-3B7E-4181-8F0E-715358CAC19B}
     TimeStam Dynamic Link Library
     1.1.1.15
     c:\program files (x86)\toshiba\toshiba web camera application\pgtimefilter.dll
     2/23/2010 11:41 AM
   MMACE Deinterlace
     HKCR\CLSID\{9E665ED7-958C-410C-9C56-05DA783E7933}
     c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll
     3/15/2010 8:42 AM
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=2 folders=4 16449 bytes)
 
==== EOF on Mon 01/27/2014 at  8:04:40.56 ======================
 
2014-01-25 23:41:29 -------- d-----r- C:\Users\test\Links
2014-01-25 23:41:29 -------- d-----r- C:\Users\test\Favorites
2014-01-25 23:41:29 -------- d-----r- C:\Users\test\Downloads
2014-01-25 23:41:29 -------- d-----r- C:\Users\test\Documents
2014-01-25 23:41:29 -------- d-----r- C:\Users\test\Desktop
2014-01-22 14:56:55 4588D8307D92CBB05E66735A9833D9C6 12582688 ----a-w- C:\Users\L645D-S4025\Desktop\mbar-1.07.0.1008.exe
2014-01-21 20:36:28 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\L645D-S4025\Desktop\dds.com
2014-01-20 19:43:26 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-01-20 19:10:57 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-01-20 02:31:06 -------- d-----w- C:\Users\Public\AppData
 
====== C: exe-files ==
2014-01-26 22:11:19 6D4ED8A5C071F29730A6F0B943FEEA3A 122584 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
2014-01-26 21:58:37 81EBC5DB32DA754CAE9E200B70F06DE2 469256 ----a-w- C:\Users\L645D-S4025\AppData\Local\Temp\MSNF4DB.exe
2014-01-26 21:48:56 246FE58EFFD357B2078842708155E46C 1236282 ----a-w- C:\Users\L645D-S4025\Downloads\AdwCleaner.exe
2014-01-26 02:58:48 78CCC9D9665DC2A4DDC31CD99ED374FC 482816 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-01-26 02:58:48 0E1D755673453108415F802C90704327 469504 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-01-26 02:58:47 0F753FDA08F495E515629210FF0DA59E 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-01-26 02:58:46 DACB9A752CEB29C1D931514EF73803E1 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-01-26 02:58:46 3A722B49408BE7FE8A375C3B8FD57BB1 218624 ----a-w- C:\Windows\System32\ie4uinit.exe
2014-01-23 09:06:05 2D01F001F8E45924E57B7BB77CF96BC2 28368 ----a-w- C:\Windows\System32\IEUDINIT.EXE
2014-01-23 09:04:08 344DA9D196C0D98A738289BB09CE4CF6 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-01-23 09:04:03 CC02FE4520CA886508069245D9A6962F 222720 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2014-01-23 09:04:03 C8A8321292A459B0A17FB39A782A5C74 806096 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-01-23 09:04:03 C1A6E565B2782C09BC40AD749B46D9ED 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-23 09:04:02 F8DE2F74CD4323BABBDACAADD9A39254 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2014-01-23 09:04:02 ABDFC692D9FE43E2BA8FE6CB5A8CB95A 13312 ----a-w- C:\Windows\SysWOW64\mshta.exe
2014-01-23 09:04:02 9A33FDDD687A836A1FD478B43C5A95FD 151552 ----a-w- C:\Windows\SysWOW64\iexpress.exe
2014-01-23 09:04:02 6A92CEC8532056791C6832B2725D170D 139264 ----a-w- C:\Windows\SysWOW64\wextract.exe
2014-01-23 09:04:02 53FC62C51CB18C9100A7DFAF2D2A6C47 12800 ----a-w- C:\Windows\SysWOW64\msfeedssync.exe
2014-01-23 09:04:01 887055A3C8DD6C87D200D11EAFDBD45B 74240 ----a-w- C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-01-23 09:04:01 7F7F391491C315A4A72EFCAC0D34FA93 25600 ----a-w- C:\Program Files (x86)\Internet Explorer\ExtExport.exe
2014-01-23 09:04:00 E4A6577D74B2439974C8018AB5F1BFEA 13312 ----a-w- C:\Windows\System32\msfeedssync.exe
2014-01-23 09:04:00 5141B67F14E2B6CBB6ADF851ABE364A5 90112 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe
2014-01-23 09:04:00 4399857346DD183683332921500046B1 86016 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2014-01-23 09:04:00 0685765C0CBE095BA0C6C8790BAE21EF 804560 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-01-23 09:03:59 D68007F924B9F387AA7C76F48D0A260A 223232 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe
2014-01-23 09:03:59 46FD16F9B1924A2EA8CD5C6716CC654F 167424 ----a-w- C:\Windows\System32\iexpress.exe
2014-01-23 09:03:59 41F922D6A794C0F8425C8436D7077C84 359632 ----a-w- C:\Program Files\Internet Explorer\iediagcmd.exe
2014-01-23 09:03:59 1EA6500C25A80E8BDB65099C509AF993 143872 ----a-w- C:\Windows\System32\wextract.exe
2014-01-23 09:03:58 95828D670CFD3B16EE188168E083C3C5 13824 ----a-w- C:\Windows\System32\mshta.exe
2014-01-22 14:57:08 6CB8527528BFA9F690CD158EB61285C5 1175352 ----a-w- C:\Users\L645D-S4025\Desktop\mbar\mbar.exe
2014-01-22 14:57:08 255411A7AC135FB4A1E90A2A6EA6C7C5 821560 ----a-w- C:\Users\L645D-S4025\Desktop\mbar\Plugins\fixdamage.exe
2014-01-22 14:56:55 4588D8307D92CBB05E66735A9833D9C6 12582688 ----a-w- C:\Users\L645D-S4025\Desktop\mbar-1.07.0.1008.exe
2014-01-22 11:46:51 8B88EBBB05A0E56B7DCC708498C02B3E 2616320 ----a-w- C:\Windows\SysWOW64\explorer.exe
2014-01-22 11:46:51 332FEAB1435662FC6C672E25BEB37BE3 2871808 ----a-w- C:\Windows\explorer.exe
2014-01-22 11:46:46 85DAA09A98C9286D4EA2BA8D0E644377 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2014-01-22 11:46:46 127AA81343A7C6F665C22CB1293B0A90 67072 ----a-w- C:\Windows\splwow64.exe
2014-01-22 11:03:29 D21DD7BFC81C8623DE48EBB17133D59C 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-01-22 11:03:29 9AED8E824CF5FAAB67957EDBC5512060 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-01-21 18:15:22 E948D1D42DC68923ABD75EEB5BCCD1D3 111448 ----a-w- C:\Windows\System32\consent.exe
2014-01-21 18:13:11 4D71227301DD8D09097B9E4CC6527E5A 30720 ----a-w- C:\Windows\System32\lsass.exe
2014-01-21 18:12:51 F0970A4BC8395659C22BF53D0FADF16F 112640 ----a-w- C:\Windows\System32\smss.exe
2014-01-21 18:12:51 BF95EA5809E3BBF55370F7CB309FEBD0 338432 ----a-w- C:\Windows\System32\conhost.exe
2014-01-21 18:08:38 4586B77B18FA9A8518AF76CA8FD247D9 1192448 ----a-w- C:\Windows\System32\certutil.exe
2014-01-21 18:08:38 0D52559AEF4AA5EAC82F530617032283 903168 ----a-w- C:\Windows\SysWOW64\certutil.exe
2014-01-21 18:07:44 5B9A6A310326D9C438F2C19FBBE97C97 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-01-21 18:07:43 482C8CD985C727C7C78A5E9B320947F0 3969472 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe
2014-01-21 18:07:42 813A7F5A2D6D366EB3FFB643B851BCE5 3914176 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe
2014-01-21 18:07:37 DA1340AC8B22D0719F47222C8D508393 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe
2014-01-21 18:07:37 8C3D064E7B7C0F3685A441A37A93C5D1 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe
2014-01-21 18:07:36 5244D544B022E70881794563D657B5EF 2048 ----a-w- C:\Windows\SysWOW64\user.exe
2014-01-21 18:07:30 639774C9ACD063F028F6084ABF5593AD 68608 ----a-w- C:\Windows\System32\taskhost.exe
2014-01-21 18:07:28 A236B1646E96AB06BE0F8D592B6D9A0D 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2014-01-21 18:06:26 ECB021CA3370582F0C7244B0CF06732C 156160 ----a-w- C:\Windows\System32\cscript.exe
2014-01-21 18:06:26 979D74799EA6C8B8167869A68DF5204A 141824 ----a-w- C:\Windows\SysWOW64\wscript.exe
2014-01-21 18:06:26 045451FA238A75305CC26AC982472367 168960 ----a-w- C:\Windows\System32\wscript.exe
2014-01-21 18:06:25 A3A35EE79C64A640152B3113E6E254E2 126976 ----a-w- C:\Windows\SysWOW64\cscript.exe
2014-01-21 04:05:32 704CD4CAC010E8E6D8DE9B778ED17773 301568 ----a-w- C:\Windows\System32\SPReview\spreview.exe
2014-01-21 00:21:35 EE5B3BA6C766DFECEDB0606A3A0C83A7 15697920 ----a-w- C:\Windows\ehome\CreateDisc\SBEServer.exe
2014-01-21 00:21:22 89F8615C9A46998F8808E3BD384FE3EE 362496 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2014-01-21 00:21:21 C8AAF0D10B1BC3844E51BFC19F48004B 359424 ----a-w- C:\Windows\System32\RMActivate.exe
2014-01-21 00:21:20 49E29F981428DA9FA5FC264E0A7C8935 327168 ----a-w- C:\Windows\SysWOW64\RMActivate_isv.exe
2014-01-21 00:21:19 23FBEA5DCE05E2A848483A9AB6256E9E 322048 ----a-w- C:\Windows\SysWOW64\RMActivate.exe
2014-01-21 00:21:13 715BFF236158F61C042928A53C0D5AA8 4583424 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2014-01-21 00:21:11 8A1846C0817513AD18BA48B4427771FC 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2014-01-21 00:21:11 704CD4CAC010E8E6D8DE9B778ED17773 301568 ----a-w- C:\Windows\System32\spreview.exe
2014-01-21 00:21:11 6A08F1C87BBF6197F5DAD95CF41E5175 295264 ----a-w- C:\Windows\SysWOW64\PresentationHost.exe
2014-01-21 00:21:11 29C1D5B330B802EFA1A8357373BC97FE 598016 ----a-w- C:\Windows\System32\spinstall.exe
2014-01-21 00:21:10 86CC31F0A3D05C1DBD587552FF2DADFF 3957760 ----a-w- C:\Windows\System32\WinSAT.exe
2014-01-21 00:21:07 B60BA0BC31B0CB414593E169F6F21CC2 1600512 ----a-w- C:\Windows\System32\VSSVC.exe
2014-01-21 00:21:05 A9F3BFC9345F49614D5859EC95B9E994 1525248 ----a-w- C:\Program Files\Windows Media Player\wmpnetwk.exe
2014-01-21 00:21:03 E3BF29CED96790CDAAFA981FFDDF53A3 1475584 ----a-w- C:\Program Files\Windows Sidebar\sidebar.exe
2014-01-21 00:21:03 619A67C9F617B7E69315BB28ECD5E1DF 372736 ----a-w- C:\Windows\System32\wbem\WmiPrvSE.exe
2014-01-21 00:21:03 50F739538EF014B2E7EC59431749D838 1116672 ----a-w- C:\Windows\System32\mstsc.exe
2014-01-21 00:21:01 B3DD214F23037E3D3C27D6C9447B40B5 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2014-01-21 00:21:01 78F4E7F5C56CB9716238EB57DA4B6A75 1504256 ----a-w- C:\Windows\System32\wbengine.exe
2014-01-21 00:21:00 65EA57712340C09B1B0C427B4848AE05 464384 ----a-w- C:\Windows\System32\taskeng.exe
2014-01-21 00:20:59 68B4A549D0B56A4DD9A488751037CF09 1049600 ----a-w- C:\Windows\SysWOW64\mstsc.exe
2014-01-21 00:20:58 DCCA4B04AF87E52EF9EAA2190E06CBAC 1174016 ----a-w- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
2014-01-21 00:20:55 C4002B6B41975F057D98C439030CEA07 696832 ----a-w- C:\Windows\ehome\ehrecvr.exe
2014-01-21 00:20:55 9662EE182644511439F1C53745DC1C88 343040 ----a-w- C:\Windows\System32\lsm.exe
2014-01-21 00:20:53 5746BD7E255DD6A8AFA06F7C42C1BA41 345088 ----a-w- C:\Windows\System32\cmd.exe
2014-01-21 00:20:53 50D28F3F8B7C17056520C80A29EFE17C 653312 ----a-w- C:\Windows\System32\lpksetup.exe
2014-01-21 00:20:50 8CA406EF4805B7097D3E5CED50540A50 272896 ----a-w- C:\Windows\System32\mcbuilder.exe
2014-01-21 00:20:47 97E0EC3D6D99E8CC2B17EF2D3760E8FC 285696 ----a-w- C:\Windows\System32\schtasks.exe
2014-01-21 00:20:47 5232D090B7540F90E9BF6DDC2EBB5CA2 220672 ----a-w- C:\Windows\SysWOW64\mcbuilder.exe
2014-01-21 00:20:45 DBEFD454F8318A0EF691FDD2EAAB44EB 689152 ----a-w- C:\Windows\System32\FXSSVC.exe
2014-01-21 00:20:45 AD7B9C14083B52BC532FBA5948342B98 302592 ----a-w- C:\Windows\SysWOW64\cmd.exe
2014-01-21 00:20:43 C07D5582F2107ACAB4564E1DAE977C64 295936 ----a-w- C:\Windows\ehome\ehprivjob.exe
2014-01-21 00:20:41 D291620D4C51C5F5FFA62CCDC52C5C13 378880 ----a-w- C:\Windows\System32\msinfo32.exe
2014-01-21 00:20:41 D291620D4C51C5F5FFA62CCDC52C5C13 378880 ----a-w- C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe
2014-01-21 00:20:40 DDB88D0BB116D468B2B3EFBB6E3D6D06 122880 ----a-w- C:\Windows\System32\aitagent.exe
2014-01-21 00:20:40 C15B3D813F4382ADE98F1892350F21C7 307200 ----a-w- C:\Windows\System32\wusa.exe
2014-01-21 00:20:40 8D6B481601D01A456E75C3210F1830BE 533504 ----a-w- C:\Windows\System32\vds.exe
2014-01-21 00:20:40 4F2659160AFCCA990305816946F69407 192000 ----a-w- C:\Windows\SysWOW64\taskeng.exe
2014-01-21 00:20:39 4E39FFB3BEB58A232429E44C60ED1264 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2014-01-21 00:20:39 02E20372D9D6D28E37BA9704EDC90B67 405504 ----a-w- C:\Windows\System32\wisptis.exe
2014-01-21 00:20:38 773212B2AAA24C1E31F10246B15B276C 194048 ----a-w- C:\Windows\servicing\TrustedInstaller.exe
2014-01-21 00:20:38 066DA0F1237E3AFD48792739EEEEC03D 186368 ----a-w- C:\Windows\System32\ocsetup.exe
2014-01-21 00:20:37 60B7C0FEAD45F2066E5B805A91F4F0FC 776192 ----a-w- C:\Windows\SysWOW64\calc.exe
2014-01-21 00:20:36 0A551CCDEF9D6F99A008B5B075354650 128000 ----a-w- C:\Windows\System32\Robocopy.exe
2014-01-21 00:20:33 2041012726EF7C95ED51C15C56545A7F 142336 ----a-w- C:\Windows\SysWOW64\net1.exe
2014-01-21 00:20:31 C3489639EC8E181044F6C6BFD3D01AC9 273920 ----a-w- C:\Windows\System32\SndVol.exe
2014-01-21 00:20:31 8DAACEBF0E55CFB82B01FC450576BE5A 141312 ----a-w- C:\Windows\System32\IME\IMEJP10\imjpuexc.exe
2014-01-21 00:20:29 C6B0B5AA20C8E51234A039472ABA75B2 88576 ----a-w- C:\Windows\System32\setupcl.exe
2014-01-21 00:20:29 90A914FE79249D6BD7F53EFF00FAECFD 248832 ----a-w- C:\Windows\System32\wksprt.exe
2014-01-21 00:20:29 631EA355665F28D4707448E442FBF5B8 485760 ----a-w- C:\Windows\Boot\PCAT\memtest.exe
2014-01-21 00:20:29 073C37CEFEB4D5CD86646171C5D999F2 198656 ----a-w- C:\Windows\ehome\mcupdate.exe
2014-01-21 00:20:27 E19D102BAF266F34592F7C742FBFA886 300032 ----a-w- C:\Windows\System32\msconfig.exe
2014-01-21 00:20:24 35E397D6CA8407B86D8A7972F0C90711 359936 ----a-w- C:\Windows\System32\eudcedit.exe
2014-01-21 00:20:23 F88A52EB62019D6A62FDD9E08034DBD8 668160 ----a-w- C:\Windows\SysWOW64\autochk.exe
2014-01-21 00:20:23 AFA10DB13B9A0537297AEEF2CD66352F 1077248 ----a-w- C:\Windows\System32\Narrator.exe
2014-01-21 00:20:23 A475B7BB0CCCFD848AA26075E81D7888 658944 ----a-w- C:\Windows\SysWOW64\autofmt.exe
2014-01-21 00:20:22 2E77BAB79F078654782F83F0A0AEFE31 28672 ----a-w- C:\Windows\SysWOW64\proquota.exe
2014-01-21 00:20:21 5F2122888583347C9B81724CF169EFC6 303104 ----a-w- C:\Windows\SysWOW64\msinfo32.exe
2014-01-21 00:20:21 5F2122888583347C9B81724CF169EFC6 303104 ----a-w- C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\msinfo32.exe
2014-01-21 00:20:21 3B536A8BEC3B4F23FFDFD78B11A2AB93 777728 ----a-w- C:\Windows\System32\autochk.exe
2014-01-21 00:20:21 09D786401F6CA6AEB16B2811B169F944 679424 ----a-w- C:\Windows\SysWOW64\autoconv.exe
2014-01-21 00:20:21 04FAFCAF36632E03B6BFC48275178349 763904 ----a-w- C:\Windows\System32\autofmt.exe
2014-01-21 00:20:20 D5CCA1453B98A5801E6D5FF0FF89DC6C 126464 ----a-w- C:\Windows\System32\audiodg.exe
2014-01-21 00:20:20 CDEBD55FFBDA3889AA2A8CE52B9DC097 1264640 ----a-w- C:\Windows\System32\sdclt.exe
2014-01-21 00:20:20 C3F3509C9127B1EFF9012CBC152ADF56 793088 ----a-w- C:\Windows\System32\autoconv.exe
2014-01-21 00:20:20 2003E9B15E1C502B146DAD2E383AC1E3 179712 ----a-w- C:\Windows\SysWOW64\schtasks.exe
2014-01-21 00:20:18 FA4C36B574BF387D9582ED2C54A347A8 957440 ----a-w- C:\Windows\System32\mblctr.exe
2014-01-21 00:20:17 39B9273CA01364E115B464416CFB729B 98816 ----a-w- C:\Windows\SysWOW64\Robocopy.exe
2014-01-21 00:20:16 E17E0188BB90FAE42D83E98707EFA59C 3524608 ----a-w- C:\Windows\System32\sppsvc.exe
2014-01-21 00:20:16 5E7C0B88923B4BBE4C21CB5ADE932DBA 983040 ----a-w- C:\Program Files (x86)\Windows Media Player\WMPDMC.exe
2014-01-21 00:20:15 81DC020E3EFF281F41FCC12A09329EB5 1212928 ----a-w- C:\Program Files\Windows Media Player\WMPDMC.exe
2014-01-21 00:20:15 6FC498EF39E925C25EAC3B6F8F45207F 2078208 ----a-w- C:\Program Files\Windows Media Player\setup_wm.exe
2014-01-21 00:20:15 61AC3EFDFACFDD3F0F11DD4FD4044223 26624 ----a-w- C:\Windows\SysWOW64\userinit.exe
2014-01-21 00:20:15 545BF7EAA24A9E062857D0742EC0B28A 227328 ----a-w- C:\Windows\SysWOW64\taskmgr.exe
2014-01-21 00:20:15 09F7401D56F2393C6CA534FF0241A590 257024 ----a-w- C:\Windows\System32\taskmgr.exe
2014-01-21 00:20:14 C6C83C0DF40E11FA1F06625E95E41DE7 31744 ----a-w- C:\Windows\System32\proquota.exe
2014-01-21 00:20:14 050A774CF85E04EE4387515994B8455D 288256 ----a-w- C:\Windows\SysWOW64\eudcedit.exe
2014-01-21 00:20:13 BAFE84E637BF7388C96EF48D4D3FDD53 30720 ----a-w- C:\Windows\System32\userinit.exe
2014-01-21 00:20:13 50DCD2C685D22348DA268F2AAB398230 2012672 ----a-w- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
2014-01-21 00:20:12 C5CE5CE799387E82B7698A0EE5544A6D 349696 ----a-w- C:\Windows\System32\slui.exe
2014-01-21 00:20:12 7B554081A0A80B14F1E5D06441DBAF58 1221632 ----a-w- C:\Program Files (x86)\Common Files\microsoft shared\ink\mip.exe
2014-01-21 00:20:11 98F1C94E108DF0811CC5EF098ECFB842 1547264 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe
2014-01-21 00:20:09 96FE583424174CF7926250ED16C4EA01 66048 ----a-w- C:\Windows\SysWOW64\w32tm.exe
2014-01-21 00:20:09 780836BB63852990382DF27DE7FEFD20 346112 ----a-w- C:\Windows\System32\bcdedit.exe
2014-01-21 00:20:09 2305BFF2966D73694972FD7531BC5BAA 314368 ----a-w- C:\Windows\SysWOW64\SndVol.exe
2014-01-21 00:20:08 F8051F06E1C4AA3F2EFE4402AF5919B1 91648 ----a-w- C:\Windows\System32\isoburn.exe
2014-01-21 00:20:08 29B19D564600319FD3746C48F888717C 58368 ----a-w- C:\Windows\System32\tzutil.exe
2014-01-21 00:20:07 F3B306179F1840C0813DC6771B018358 238080 ----a-w- C:\Windows\System32\recdisc.exe
2014-01-21 00:20:07 204E0114ECD8AD75A76BABEBB48237AE 266240 ----a-w- C:\Windows\System32\oobe\Setup.exe
2014-01-21 00:20:06 8CBD6FDACDCC0ED48BAF607226D6D0C9 314880 ----a-w- C:\Windows\SysWOW64\wusa.exe
2014-01-21 00:20:05 9996103F8A650BDB3586C9AAE1101912 42496 ----a-w- C:\Windows\SysWOW64\ftp.exe
2014-01-21 00:20:05 7AE299BC0A183A37A5A2F7FC7AFF083C 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
2014-01-21 00:20:05 3BCB70DA9B5A2011E01E35ED29A3F3F3 279040 ----a-w- C:\Windows\System32\sethc.exe
2014-01-21 00:20:03 A190DA6546501CB4146BBCC0B6A3F48B 128000 ----a-w- C:\Windows\System32\msiexec.exe
2014-01-21 00:20:03 891C5270AFE8A69366702C88F3E24768 109568 ----a-w- C:\Windows\System32\nslookup.exe
2014-01-21 00:20:03 10035E4C014522FE740172FF0B4FF43E 163328 ----a-w- C:\Windows\ehome\ehtray.exe
2014-01-21 00:20:02 8C545F6F1BA83C15B8B02EE4AA62FF11 270336 ----a-w- C:\Windows\SysWOW64\sethc.exe
2014-01-21 00:20:02 3A66846F45BE2E46F7EA16B2F7D2EF34 175616 ----a-w- C:\Windows\System32\bcdboot.exe
2014-01-21 00:20:02 21FEEE7FCD5A712E9BFBC4F6AFBC86ED 109568 ----a-w- C:\Windows\System32\oobe\windeploy.exe
2014-01-21 00:20:01 C7301A1D3DB09DE86528D9D916069859 606208 ----a-w- C:\Windows\System32\dfrgui.exe
2014-01-21 00:20:01 3FE9A20ECA67745948FD536F8A9E00D9 86528 ----a-w- C:\Windows\SysWOW64\isoburn.exe
2014-01-21 00:20:00 FB036244DBD2FADC225AD8650886B641 586752 ----a-w- C:\Windows\SysWOW64\dfrgui.exe
2014-01-21 00:20:00 C07CEEF7737E9101E06CD656192B4BCB 48128 ----a-w- C:\Windows\System32\ftp.exe
2014-01-21 00:20:00 8FAFCA21FE9B20C420CE9D4DC50A7169 293888 ----a-w- C:\Windows\System32\wsqmcons.exe
2014-01-21 00:20:00 8DDD47810EE260744BEAA82EFA2DB9BB 47616 ----a-w- C:\Windows\SysWOW64\tzutil.exe
2014-01-21 00:20:00 3B6928BC39E5530CEAD1E99269E7B1EE 152064 ----a-w- C:\Windows\System32\net1.exe
2014-01-21 00:20:00 1E4BAE926E846A6DC028ADE974B717F9 288256 ----a-w- C:\Windows\ehome\ehvid.exe
2014-01-21 00:20:00 0ED0754606DAB2D92F1E6EDC01CF86E4 406528 ----a-w- C:\Windows\System32\IME\IMEJP10\IMJPDCT.EXE
2014-01-21 00:19:59 C06A8EB439D3451DF15828FF1CB7D0F8 209920 ----a-w- C:\Windows\SysWOW64\PkgMgr.exe
2014-01-21 00:19:59 B4D3BDF863B81BF84658396666CF7200 197632 ----a-w- C:\Windows\SysWOW64\ocsetup.exe
2014-01-21 00:19:59 4E1073B674746EEA0B2EA0F4775EA6A4 8192 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2014-01-21 00:19:59 285DEA88F17836A6D5EE2C2116750982 26112 ----a-w- C:\Windows\System32\WerFaultSecure.exe
2014-01-21 00:19:58 824E84AC88AC9F82D772960657E094D1 113152 ----a-w- C:\Windows\SysWOW64\setupugc.exe
2014-01-21 00:19:58 2102EE1AC5A82401C93DDEE67B66EE67 363520 ----a-w- C:\Windows\System32\diskraid.exe
2014-01-21 00:19:57 BF1EAD0561F37CEA65F76DD276F90E04 276480 ----a-w- C:\Windows\SysWOW64\diskraid.exe
2014-01-21 00:19:57 6F3F29905F0EC4CE22C1FD8ACBF6C6DE 294912 ----a-w- C:\Windows\System32\WindowsAnytimeUpgradeResults.exe
2014-01-21 00:19:57 5E3830EE3282A53920E00784FEC44CFD 98304 ----a-w- C:\Windows\SysWOW64\nslookup.exe
2014-01-21 00:19:57 44B24B01A0CE12653D72E67BF43B834F 301568 ----a-w- C:\Windows\System32\IME\shared\IMEPADSV.EXE
2014-01-21 00:19:57 3EB98CFF1C242167DF5FDBC6441CE3C5 172544 ----a-w- C:\Windows\System32\perfmon.exe
2014-01-21 00:19:57 1E7509C70109EF997489C8E368B67223 263168 ----a-w- C:\Program Files\Windows Media Player\wmlaunch.exe
2014-01-21 00:19:56 F6FD7F8147A591317E57D9008C8C7541 327680 ----a-w- C:\Windows\SysWOW64\wimserv.exe
2014-01-21 00:19:56 DC661CF87F2501A8B8D9628C006AA3BD 157184 ----a-w- C:\Windows\SysWOW64\perfmon.exe
2014-01-21 00:19:56 317CD1CE327B6520BF4EE007BCD39E61 71168 ----a-w- C:\Windows\bfsvc.exe
2014-01-21 00:19:56 2470C12183D1C8F4A4E2B922D47D2419 307712 ----a-w- C:\Windows\System32\IME\shared\IMCCPHR.exe
2014-01-21 00:19:56 025E7DBDB98866ED3CB2D4DDA70B364D 56832 ----a-w- C:\Windows\System32\runonce.exe
2014-01-21 00:19:55 F30BC394A8BDF11E18D3D5526657B986 71168 ----a-w- C:\Windows\System32\oobe\msoobe.exe
2014-01-21 00:19:55 3EEC0FB1DDD317AA1E8933B912439736 146944 ----a-w- C:\Windows\System32\MdSched.exe
2014-01-21 00:19:54 DB12467899D29A784EE9EE550AE3D6BA 378368 ----a-w- C:\Windows\System32\IME\IMETC10\IMTCPROP.exe
2014-01-21 00:19:54 D44741F65A1D71F65814A12CF6E2400A 50688 ----a-w- C:\Windows\SysWOW64\runonce.exe
2014-01-21 00:19:53 EF162817C730DB9355F6C28F2445D206 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
2014-01-21 00:19:53 EEE470F2A771FC0B543BDEEF74FCECA0 73216 ----a-w- C:\Windows\SysWOW64\msiexec.exe
2014-01-21 00:19:53 DC81872E3E6BCA39B322A7FA1A044040 232448 ----a-w- C:\Windows\System32\bitsadmin.exe
2014-01-21 00:19:53 B23E4D796A3FEB91241A806EC18D5C32 395776 ----a-w- C:\Windows\System32\nltest.exe
2014-01-21 00:19:53 98E7911BEFE83F76777317CE6905666D 78848 ----a-w- C:\Windows\System32\tabcal.exe
2014-01-21 00:19:53 46691ECD93D1BA38DE8EB68AB281603E 228352 ----a-w- C:\Program Files (x86)\Windows Media Player\wmlaunch.exe
2014-01-21 00:19:53 0920B14AA67A8B04ACF48FFE7C6F0927 186368 ----a-w- C:\Windows\SysWOW64\bitsadmin.exe
2014-01-21 00:19:51 F848764F21653CB94037945A76A59171 62976 ----a-w- C:\Windows\System32\PnPUnattend.exe
2014-01-21 00:19:51 8007508CEF6A5B10C24F7971DAF00F09 51200 ----a-w- C:\Windows\SysWOW64\takeown.exe
2014-01-21 00:19:51 78C813A0F2D995E394C4764589D57A5B 111616 ----a-w- C:\Windows\System32\IME\IMESC5\IMSCPROP.exe
2014-01-21 00:19:51 53F4BCD594CC2A791E16246AED525B6D 63488 ----a-w- C:\Windows\System32\takeown.exe
2014-01-21 00:19:50 74C6DA5522F420C394AE34B2D3D677E3 92160 ----a-w- C:\Windows\System32\cmstp.exe
2014-01-21 00:19:50 3DA66EF520D45081DCFFDAECD3DE17C8 61440 ----a-w- C:\Windows\System32\djoin.exe
2014-01-21 00:19:49 7BD10646253ED4F6FD361279181362E7 70656 ----a-w- C:\Windows\SysWOW64\MuiUnattend.exe
2014-01-21 00:19:49 3DC7F21CF94CC930E7E8F63D4AEBA71A 51712 ----a-w- C:\Windows\System32\MultiDigiMon.exe
2014-01-21 00:19:49 00263CA2071DC9A6EE577EB356B0D1D9 84992 ----a-w- C:\Windows\SysWOW64\cmstp.exe
2014-01-21 00:19:48 FAEE5377E2B48FAAF3702E73DB8D6F58 166400 ----a-w- C:\Windows\System32\diskpart.exe
2014-01-21 00:19:48 D4496F4DC6B90F6915CEB1DB20B44C07 25600 ----a-w- C:\Windows\SysWOW64\netiougc.exe
2014-01-21 00:19:48 A5C09AA0017428B30BE3423CB84DEB61 152064 ----a-w- C:\Windows\System32\iscsicli.exe
2014-01-21 00:19:48 509E88FF7B257885775791FAF0965D6A 102400 ----a-w- C:\Windows\System32\mobsync.exe
2014-01-21 00:19:48 4542DED3177F52CF075565987885EB0D 144896 ----a-w- C:\Windows\SysWOW64\iscsicli.exe
2014-01-21 00:19:47 BD3E64A49311E558C08F4F04B53F82D8 36864 ----a-w- C:\Windows\System32\choice.exe
2014-01-21 00:19:47 B5BCBC935B89B4BB38F0FC7378A52F65 306688 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2014-01-21 00:19:47 A6DE0C14462B422D24FCB88AF4C3D67B 305152 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2014-01-21 00:19:47 6A2E9BBD516D064C925A9634A5632854 71168 ----a-w- C:\Windows\System32\findstr.exe
2014-01-21 00:19:47 4DAD175C07B982A1518FE64FDBB7071A 28672 ----a-w- C:\Windows\SysWOW64\WerFaultSecure.exe
2014-01-21 00:19:47 2C60338287CB0AEC009D0B48CEA864D2 133632 ----a-w- C:\Windows\SysWOW64\diskpart.exe
2014-01-21 00:19:47 2BF84985DE59544A0460BB33F804DA3A 22016 ----a-w- C:\Windows\SysWOW64\ReAgentc.exe
2014-01-21 00:19:47 25ECEE9FE6D1E638E3980F71E77DB32C 33792 ----a-w- C:\Windows\SysWOW64\wuapp.exe
2014-01-21 00:19:47 199D8ECB6748B2B866CBA52A8D092034 278016 ----a-w- C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-01-21 00:19:47 18F02C555FBC9885DF9DB77754D6BB9B 62976 ----a-w- C:\Windows\SysWOW64\findstr.exe
2014-01-21 00:19:47 02C25A63D58FC12DEA8FA4ECDB832CC0 24064 ----a-w- C:\Windows\SysWOW64\netbtugc.exe
2014-01-21 00:19:46 CCA67BD391CFC9F036323B2522887A6A 101376 ----a-w- C:\Windows\SysWOW64\mobsync.exe
2014-01-21 00:19:46 B2120B16B3E221B4D3342E87867A5163 280064 ----a-w- C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-01-21 00:19:46 5A1976E146C82EE36611AD47DF626B1E 51712 ----a-w- C:\Windows\System32\repair-bde.exe
2014-01-21 00:19:46 0B0A8CE57A798231C0B6E4F7ABBFE5D1 79872 ----a-w- C:\Windows\System32\manage-bde.exe
2014-01-21 00:19:45 859E2A5AB0CBD752F9C030D74F55D30C 17920 ----a-w- C:\Windows\System32\fixmapi.exe
2014-01-21 00:19:45 2C098921217204301D76BF3BD5D953BB 34304 ----a-w- C:\Windows\SysWOW64\unlodctr.exe
2014-01-21 00:19:44 7F404ED2BAD3365F1A6452DBE40024FD 143360 ----a-w- C:\Windows\ehome\ehexthost.exe
2014-01-21 00:19:43 3B1829281D9273D00AEEA7F749A688F9 18432 ----a-w- C:\Windows\System32\FXSUNATD.exe
2014-01-21 00:19:42 8AD91A4C6CECD1F5A4F858C4DE91DCAC 102400 ----a-w- C:\Program Files\Windows Media Player\wmpconfig.exe
2014-01-21 00:19:41 B3D2770AAFB694A4C2EF911BF36C40DB 101888 ----a-w- C:\Program Files (x86)\Windows Media Player\wmpconfig.exe
2014-01-21 00:19:41 62A3D8B5FE01F6A670A7242A752B0789 102912 ----a-w- C:\Program Files\Windows Media Player\wmpshare.exe
2014-01-21 00:19:39 0566DB6153DC8F7BDBEF9552A6852139 102400 ----a-w- C:\Program Files (x86)\Windows Media Player\wmpshare.exe
2014-01-20 23:54:54 B4834F08230A2EB7F498DE4E5B6AB814 74240 ----a-w- C:\Windows\SysWOW64\fsutil.exe
2014-01-20 23:54:54 6804A0B4AAF1F65277FB8A58DE40EABC 96768 ----a-w- C:\Windows\System32\fsutil.exe
2014-01-20 22:26:35 8ABFE00F213F2571498F1B8FD7939A98 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2014-01-20 21:56:15 3CEC96DE223E49EAAE3651FCF8FAEA6C 1255736 ----a-w- C:\Windows\System32\Wat\WatAdminSvc.exe
2014-01-20 21:56:15 05E9265E2228799B68DC0F58A94E1AB8 249656 ----a-w- C:\Windows\System32\Wat\WatUX.exe
2014-01-20 19:57:29 81EBC5DB32DA754CAE9E200B70F06DE2 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d83e50ad1cf16192e\InstallManager_WLE_WLE.exe
2014-01-20 19:57:08 A0EE8879A17B1D4B00B37D294AF106D0 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\cce8a3411cf161922\MeshBetaRemover.exe
2014-01-20 19:56:51 F5443547CAAC20AA334A88817579270F 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c24f028b1cf16191a\DXSETUP.exe
2014-01-20 19:56:49 F5443547CAAC20AA334A88817579270F 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c0f5db041cf161919\DXSETUP.exe
2014-01-20 19:04:07 DCA862F9796BBF621DB12768978DBBA6 86054176 ----a-w- C:\Windows\System32\MRT.exe
2014-01-20 16:18:54 F28D6538F76DC6ECFABF6176DBDD2664 142336 ----a-w- C:\Windows\System32\poqexec.exe
2014-01-20 16:18:53 20104EA66332D24D7C65BBB087C56737 123904 ----a-w- C:\Windows\SysWOW64\poqexec.exe
2014-01-20 16:18:48 F119D0BAB5777334F7CC6E2042175D73 49664 ----a-w- C:\Windows\servicing\GC64\tzupd.exe
2014-01-20 16:17:49 E0B340996A41C9A75DFA3B99BBA9C500 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2014-01-20 16:17:48 E1AC89F6C5252057E6062843E36A6701 164352 ----a-w- C:\Windows\SysWOW64\SearchProtocolHost.exe
2014-01-20 16:17:48 D9E21CBF9E6A87847AFFD39EA3FA28EE 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2014-01-20 16:17:48 236F286E103FD44BD85FDD93097FD5DD 427520 ----a-w- C:\Windows\SysWOW64\SearchIndexer.exe
2014-01-20 16:17:47 A6CD6B3F71E13E2E45B727FB8A47EA87 86528 ----a-w- C:\Windows\SysWOW64\SearchFilterHost.exe
2014-01-20 16:17:47 49A3AD5CE578CD77F445F3D244AEAB2D 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2014-01-20 16:16:19 9E5D9177660A76FC8DECDC37A91A5B0D 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2014-01-20 16:15:51 C7AC9A4D827774B19221D5FE068BF190 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2014-01-20 16:15:51 ACBC1FB1950AC0C41944A6C8917032EF 28672 ----a-w- C:\Windows\SysWOW64\dnscacheugc.exe
2014-01-20 16:12:47 78C918D3612FE5937D32E488F053F10A 605552 ----a-w- C:\Windows\System32\winload.exe
2014-01-20 16:12:47 78C918D3612FE5937D32E488F053F10A 605552 ----a-w- C:\Windows\System32\Boot\winload.exe
2014-01-20 16:12:47 5A76F4B8D9D5D9D4C1153DFF4972C196 518672 ----a-w- C:\Windows\System32\winresume.exe
2014-01-20 16:12:47 5A76F4B8D9D5D9D4C1153DFF4972C196 518672 ----a-w- C:\Windows\System32\Boot\winresume.exe
2014-01-20 16:11:57 B28BD86791468F427321458985F6A0E3 252928 ----a-w- C:\Windows\SysWOW64\drvinst.exe
2014-01-20 16:11:43 5FAC5F264D61D99EE8961480818B9DEF 31232 ----a-w- C:\Windows\System32\prevhost.exe
2014-01-20 16:11:43 5D1BFF0FCE80F9E2E539F436710D4A79 31232 ----a-w- C:\Windows\SysWOW64\prevhost.exe
2014-01-20 16:11:40 3DB5A1EACE7F3049ECC49FA64461E254 296960 ----a-w- C:\Windows\System32\rstrui.exe
2014-01-20 16:11:30 A943D670747778C7597987A4B5B9A679 974336 ----a-w- C:\Windows\System32\WFS.exe
2014-01-20 16:11:30 81A85BA8B536B70E035A9976F9D42873 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2014-01-20 16:11:13 1C09858449980D64577E377EB262C9D7 2164224 ----a-w- C:\Program Files\Windows Journal\Journal.exe
2014-01-20 15:46:30 C1C03EA437EDDA8A7D4D8786E5AE6751 57880 ----a-w- C:\Windows\System32\wuauclt.exe
2014-01-20 15:46:09 FF0729002E081668620A681182D63FE6 36864 ----a-w- C:\Windows\System32\wuapp.exe
=== C: other files ==
2014-01-21 20:36:28 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\L645D-S4025\Desktop\dds.com
2014-01-21 18:13:44 79059559E89D06E8B80CE2944BE20228 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-01-21 18:13:43 E0D3CD5841E5C7BE7B94BA946AF1E498 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2014-01-21 18:13:43 1E0B4CBBA91C6B041A14ECC2186F7E24 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2014-01-21 18:13:13 EBF28856F69CF094A902F884CF989706 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2014-01-21 18:13:12 8F489706472F7E9A06BAAA198703FA64 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-01-21 18:13:12 868A2CAAB12EFC7A021682BCA0EEC54C 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-01-21 18:13:01 FFA06EF43987ED0DD42AD59B260C0C78 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-21 18:13:01 DD253AFC3BC6CBA412342DE60C3647F3 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-01-21 18:13:01 DCA68B0943D6FA415F0C56C92158A83A 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-21 18:13:01 8D1196CFBB223621F2C67D45710F25BA 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-21 18:13:01 765A92D428A8DB88B960DA5A8D6089DC 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-21 18:13:01 18A85013A3E0F7E1755365D287443965 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-21 18:13:01 12FEB33791920678F8433701C822BCFD 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-21 18:12:44 E2C933EDBC389386EBE6D2BA953F43D8 785624 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2014-01-21 18:12:40 80B0F7D5CCF86CEB5D402EAAF61FEC31 100864 ----a-w- C:\Windows\System32\drivers\usbcir.sys
2014-01-21 18:12:40 1F775DA4CF1A3A1834207E975A72E9D7 185344 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2014-01-21 18:12:33 1B16D0BD9841794A6E0CDE0CEF744ABC 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2014-01-21 18:12:17 597C3699384E53CC59587ED50CCE5CA2 76800 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2014-01-21 18:12:16 856E76B3641746ABBC2946BED1372098 32896 ----a-w- C:\Windows\System32\drivers\hidparse.sys
2014-01-21 18:12:14 1A4F75E63C9FB84B85DFFC6B63FD5404 140800 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2014-01-21 18:12:09 4CE278FC9671BA81A138D70823FCAA09 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2014-01-21 18:11:01 F2BF71FCEAB8FB8A691408C478E2FF4C 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-21 18:10:59 40AF23633D197905F03AB5628C558C51 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-01-21 18:10:58 3555BA97171CD153118F73FDCCC8BFDE 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-01-21 18:07:17 760E38053BF56E501D562B70AD796B88 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2014-01-21 18:07:17 0E01641D96889BDEB22DE12D30575B08 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2014-01-21 18:07:12 059F00DEF82BF41E433B7ED465847726 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2014-01-21 18:06:21 88612F1CE3BF42256913BF6E61C70D52 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-01-21 18:06:20 1F04CFB79DD5FB7694468CE3FB3DCC31 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2014-01-21 00:21:32 D11C783E3EF9A3C52C0EBE83CC5000E9 59392 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2014-01-21 00:21:15 D931D7309DEB2317035B07C9F9E6B0BD 273792 ----a-w- C:\Windows\System32\drivers\msiscsi.sys
2014-01-21 00:21:06 0EA7DE1ACB728DD5A369FD742D6EEE28 753664 ----a-w- C:\Windows\System32\drivers\http.sys
2014-01-21 00:20:59 DDAD5A7AB24D8B65F8D724F5C20FD806 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-01-21 00:20:58 09594D1089C523423B32A4229263F068 261632 ----a-w- C:\Windows\System32\drivers\netbt.sys
2014-01-21 00:20:51 2CE2DF28C83AEAF30084E1B1EB253CBB 215936 ----a-w- C:\Windows\System32\drivers\vhdmp.sys
2014-01-21 00:20:47 759A9EEB0FA9ED79DA1FB7D4EF78866D 366976 ----a-w- C:\Windows\System32\drivers\msrpc.sys
2014-01-21 00:20:47 0D08D2F3B3FF84E433346669B5E0F639 295808 ----a-w- C:\Windows\System32\drivers\volsnap.sys
2014-01-21 00:20:46 A87D604AEA360176311474C87A63BB88 229888 ----a-w- C:\Windows\System32\drivers\1394ohci.sys
2014-01-21 00:20:46 77F665941019A1594D887A74F301FA2F 309248 ----a-w- C:\Windows\System32\drivers\rdbss.sys
2014-01-21 00:20:43 FF4232A1A64012BAA1FD97C7B67DF593 328192 ----a-w- C:\Windows\System32\drivers\udfs.sys
2014-01-21 00:20:42 DA6B67270FD9DB3697B20FCE94950741 289664 ----a-w- C:\Windows\System32\drivers\fltMgr.sys
2014-01-21 00:20:39 94575C0571D1462A0F70BDE6BD6EE6B3 184704 ----a-w- C:\Windows\System32\drivers\pci.sys
2014-01-21 00:20:39 471815800AE33E6F1C32FB1B97C490CA 129536 ----a-w- C:\Windows\System32\drivers\rasl2tp.sys
2014-01-21 00:20:37 D2AAFD421940F640B407AEFAAEBD91B0 71552 ----a-w- C:\Windows\System32\drivers\volmgr.sys
2014-01-21 00:20:36 DB801A638D011B9633829EB6F663C900 140672 ----a-w- C:\Windows\System32\drivers\msdsm.sys
2014-01-21 00:20:35 39D2ABCD392F3D8A6DCE7B60AE7B8EFC 78720 ----a-w- C:\Windows\System32\drivers\HpSAMD.sys
2014-01-21 00:20:34 C9F0E1BD74365A8771590E9008D22AB6 82944 ----a-w- C:\Windows\System32\drivers\ipfltdrv.sys
2014-01-21 00:20:34 ACFAD0B512226C7A83C7CB09FD55A9AD 179072 ----a-w- C:\Windows\System32\drivers\Classpnp.sys
2014-01-21 00:20:31 53F7305169863F0A2BDDC49E116C2E11 164352 ----a-w- C:\Windows\System32\drivers\ndiswan.sys
2014-01-21 00:20:30 561E7E1F06895D78DE991E01DD0FB6E5 63360 ----a-w- C:\Windows\System32\drivers\termdd.sys
2014-01-21 00:20:29 C25F0BAFA182CBCA2DD3C851C2E75796 31104 ----a-w- C:\Windows\System32\drivers\msahci.sys
2014-01-21 00:20:28 D81D9E70B8A6DD14D42D7B4EFA65D5F2 334208 ----a-w- C:\Windows\System32\drivers\acpi.sys
2014-01-21 00:20:27 F92A2C41117A11A00BE01CA01A7FCDE9 111104 ----a-w- C:\Windows\System32\drivers\raspptp.sys
2014-01-21 00:20:27 24FBF5CC5C04150073C315A7C83521EE 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2014-01-21 00:20:26 AC03AF3329579FFFB455AA2DAABBE22B 103808 ----a-w- C:\Windows\System32\drivers\sbp2port.sys
2014-01-21 00:20:19 FE88B288356E7B47B74B13372ADD906D 41984 ----a-w- C:\Windows\System32\drivers\winusb.sys
2014-01-21 00:20:19 A255814907C89BE58B79EF2F189B843B 363392 ----a-w- C:\Windows\System32\drivers\volmgrx.sys
2014-01-21 00:20:19 356AFD78A6ED4457169241AC3965230C 88576 ----a-w- C:\Windows\System32\drivers\wanarp.sys
2014-01-21 00:20:19 1B1E264203D4EF9D3DA1987AD70355AB 171392 ----a-w- C:\Windows\System32\drivers\scsiport.sys
2014-01-21 00:20:15 34ED295FA0121C241BFEF24764FC4520 213888 ----a-w- C:\Windows\System32\drivers\rdyboost.sys
2014-01-21 00:20:14 32E7A3D591D671A6DF2DB515A5CBE0FA 94592 ----a-w- C:\Windows\System32\drivers\mountmgr.sys
2014-01-21 00:20:09 A5462BD6884960C9DC85ED49D34FF392 14720 ----a-w- C:\Windows\System32\drivers\hwpolicy.sys
2014-01-21 00:20:07 A44B420D30BD56E145D6A2BC8768EC58 155008 ----a-w- C:\Windows\System32\drivers\mpio.sys
2014-01-21 00:20:05 015C0D8E0E0421B4CFD48CFFE2825879 57856 ----a-w- C:\Windows\System32\drivers\ndproxy.sys
2014-01-21 00:19:57 DC54A574663A895C8763AF0FA1FF7561 48640 ----a-w- C:\Windows\System32\drivers\umbus.sys
2014-01-21 00:19:53 CAF88D6573D21CD2AA27001DDBFDC74D 146432 ----a-w- C:\Windows\System32\drivers\rmcast.sys
2014-01-21 00:19:51 136185F9FB2CC61E573E676AA5402356 56832 ----a-w- C:\Windows\System32\drivers\ndisuio.sys
2014-01-21 00:19:49 0557CF5A2556BD58E26384169D72438D 131584 ----a-w- C:\Windows\System32\drivers\pacer.sys
2014-01-21 00:19:46 9BB2EF44EAA163B29C4A4587887A0FE4 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2014-01-21 00:19:46 3566A8DAAFA27AF944F5D705EAA64894 125440 ----a-w- C:\Windows\System32\drivers\tunnel.sys
2014-01-21 00:19:44 6F020A220388ECA0AB6062DC27BD16B6 26624 ----a-w- C:\Windows\System32\drivers\tdi.sys
2014-01-21 00:19:43 C3EC945DEC43C00E2AD4C98DDDD064C7 31744 ----a-w- C:\Windows\System32\drivers\usbrpm.sys
2014-01-21 00:19:43 99F8E788246D495CE3794D7E7821D2CA 12800 ----a-w- C:\Windows\System32\drivers\acpipmi.sys
2014-01-21 00:19:41 292A8E03B3FCE04E39B5BE9B14132030 32896 ----a-w- C:\Windows\System32\drivers\USBCAMD2.sys
2014-01-21 00:19:41 03EDB043586CCEBA243D689BDDA370A8 38912 ----a-w- C:\Windows\System32\drivers\CompositeBus.sys
2014-01-21 00:19:40 9592090A7E2B61CD582B612B6DF70536 30208 ----a-w- C:\Windows\System32\drivers\hidusb.sys
2014-01-21 00:19:40 89A69C3F2F319B43379399547526D952 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
2014-01-21 00:19:39 0705EFF5B42A9DB58548EEC3B26BB484 33280 ----a-w- C:\Windows\System32\drivers\kbdhid.sys
2014-01-21 00:19:38 F036CE71586E93D94DAB220D7BDF4416 147456 ----a-w- C:\Windows\System32\drivers\cdrom.sys
2014-01-21 00:19:38 97BFED39B6B79EB12CDDBFEED51F56BB 122368 ----a-w- C:\Windows\System32\drivers\hdaudbus.sys
2014-01-21 00:19:38 975761C778E33CD22498059B91E7373A 350208 ----a-w- C:\Windows\System32\drivers\HdAudio.sys
2014-01-21 00:19:38 0FC1AEA580957AA8817B8F305D18CA3A 78848 ----a-w- C:\Windows\System32\drivers\IPMIDrv.sys
2014-01-21 00:19:37 DD85B78243A19B59F0637DCF284DA63C 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2014-01-21 00:19:37 253F38D0D7074C02FF8DEB9836C97D2B 29696 ----a-w- C:\Windows\System32\drivers\scfilter.sys
2014-01-20 23:54:55 DAB0E87525C10052BF65F06152F37E4A 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2014-01-20 23:54:55 D4121AE6D0C0E7E13AA221AA57EF2D49 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2014-01-20 23:54:55 0A92CB65770442ED0DC44834632F66AD 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2014-01-20 23:54:54 FED648B01349A3C8395A5169DB5FB7D6 91648 ----a-w- C:\Windows\System32\drivers\USBSTOR.SYS
2014-01-20 23:54:54 AAAF44DB3BD0B9D1FB6969B23ECC8366 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2014-01-20 23:54:54 540DAF1CEA6094886D72126FD7C33048 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2014-01-20 23:54:54 19CB37AC38B802BE9C441D094521A29A 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2014-01-20 22:46:30 AEA0A67275CFBA0E463E00C6E9A1DDAE 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2014-01-20 22:26:36 DDA4CAF29D8C0A297F886BFE561E6659 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2014-01-20 22:26:36 AB886378EEB55C6C75B4F2D14B6C869F 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2014-01-20 22:20:59 6BD9295CC032DD3077C671FCCF579A7B 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2014-01-20 20:16:20 6C06701BF1DB05405804D7EB610991CE 48488 -c--a-w- C:\Windows\System32\DRVSTORE\fssfltr_A5FA3C925848FF31CD1FDE1A2696CEACA292B950\fssfltr.sys
2014-01-20 20:16:20 6C06701BF1DB05405804D7EB610991CE 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2014-01-20 16:17:37 D711B3C1D5F42C0C2415687BE09FC163 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2014-01-20 16:17:37 A5D9106A73DC88564C825D317CAC68AC 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2014-01-20 16:17:37 9423E9D355C8D303E76B8CFBD8A5C30C 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2014-01-20 16:17:09 B98F8C6E31CD07B2E6F71F7F648E38C0 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2014-01-20 16:16:22 92B3172E8C14C1444682F510843A9988 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2014-01-20 16:15:53 9BBD8B5855BC6578957F82341F9CDE5A 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2014-01-20 16:14:55 B4ADEBBF5E3677CCE9651E0F01F7CC28 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2014-01-20 16:14:55 441FBA48BFF01FDB9D5969EBC1838F0B 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2014-01-20 16:14:55 27E461F0BE5BFF5FC737328F749538C3 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2014-01-20 16:14:51 41C67E4205C606A103DEC8651D0B6FE6 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-01-20 16:14:13 E61608AA35E98999AF9AAEEEA6114B0A 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2014-01-20 16:13:56 E9766131EEADE40A27DC27D2D68FBA9C 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2014-01-20 16:11:42 8F6322049018354F45F05A2FD2D4E5E0 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2014-01-20 16:11:23 6C02A83164F5CC0A262F4199F0871CF5 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2014-01-20 15:53:14 51C5ECEB1CDEE2468A1748BE550CFBC8 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

Jill M***Butterfly Kisses


#21 seedy21

seedy21

  • SpywareHammer Trainee
  • 416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Halifax, UK
  • Local time:07:44 AM

Posted 27 January 2014 - 04:16 PM

Hi Jillmarten

As the Zoek log is broken up I would like you to copy and paste the results to Pastebin.com

After you have done that click the submit button. Then you will be taken to a page and the URL will look something like this http://pastebin.com/2F1paSFG

Copy and paste the URL you have and paste it in your next reply.

Thank you.


It's only after we've lost everything that we're free to do anything.
― Chuck Palahniuk, Fight Club

#22 jillmarten

jillmarten
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 27 January 2014 - 04:33 PM

Okay here it is... I wish I new the rules or how much you could paste or attach becaue that would of saved about 30min of my time this morning knowing about pastebin. Because trying to copy and paste that file this morning was just mind boggeling.... Thanks here is the Pastebin URL.....  http://pastebin.com/2C4Xsjd0 


Jill M***Butterfly Kisses


#23 seedy21

seedy21

  • SpywareHammer Trainee
  • 416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Halifax, UK
  • Local time:07:44 AM

Posted 27 January 2014 - 04:45 PM

Hi Jillmarten

 

Can you do it again please. I tried to go to your link and it says it has been removed.


It's only after we've lost everything that we're free to do anything.
― Chuck Palahniuk, Fight Club

#24 jillmarten

jillmarten
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 27 January 2014 - 04:50 PM

yes will do it now


Jill M***Butterfly Kisses


#25 jillmarten

jillmarten
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 27 January 2014 - 04:57 PM

here is the other one. I followed your directions. then when it was submitted I copy and pasted the link that comes up after submitting 

 

http://pastebin.com/tmvRQuWr


Jill M***Butterfly Kisses


#26 jillmarten

jillmarten
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 27 January 2014 - 11:22 PM

Hello, My friend is begging for her computer back, she wants it back tomorrow Tuesday. But wanted to let u know I was finally able to get rid of the 

C:\Windows\SysWOW64\\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5

 

There was about 10gb of temp files in there. deleted them all in safemode. It was hidden before because I had to uncheck the item Hide Protected Operating system files under folder options. Evidently come to find out Internet Explorer 8 and 9 had a glitch on them and it was storing all this crap and temp stuff in this folder and wouldn't delete. Which has now since been fixed with the updated versions. And since this computer didn't have ANY of the Latest updates. it was not good. But.. I am happy now. So awaiting your reply.Thanks... In all my help with people on computer I have never seen a computer like this with all the problems that is why I have asked for the help...


Jill M***Butterfly Kisses


#27 seedy21

seedy21

  • SpywareHammer Trainee
  • 416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Halifax, UK
  • Local time:07:44 AM

Posted 28 January 2014 - 02:05 AM

Hi Jillmarten

Can you run this before returning the machine ?



Step 1


We need to re-run Zoek

  • Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe
    You can find instructions how to disable your security applications >>Here<< or >>Here<<
  • Double click zoek.exe to start the program.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar :!:
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNR41TCC\;fs
    RD /S/Q "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNR41TCC";b 
    DIR /A/S "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNR41TCC";b
    autoclean;
    emptyalltemp;
    
  • Close any open browsers.
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive (normally C:\).
  • Please post the logfile for further review in your next reply
    Step 2

    Please re-run MSE on your machine and let me know how it runs this time.

Edited by seedy21, 28 January 2014 - 02:05 AM.

It's only after we've lost everything that we're free to do anything.
― Chuck Palahniuk, Fight Club

#28 jillmarten

jillmarten
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 28 January 2014 - 08:43 AM

Okay all that is done. What was that script for. I noticed it said something about the SysWOW64\.....Content.IE5\Temp\ folder. I told you I finally was able to delete all of those manually.YEAH!!!!! I ran the script here is the Log...

 

 
Zoek.exe v5.0.0.0 Updated 25-January-2014
Tool run by L645D-S4025 on Tue 01/28/2014 at  7:13:41.86.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\L645D-S4025\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== Older Logs ======================
 
C:\zoek-results2014-01-27-140440.log 265442 bytes
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNR41TCC\ not found
C:\ProgramData\Malwarebytes' Anti-Malware (portable) deleted
"C:\Users\L645D-S4025\AppData\Local\f8y7b4po4x44m05" deleted
"C:\ProgramData\-R4gheLJ7l5uvxu" deleted
"C:\ProgramData\-R4gheLJ7l5uvxur" deleted
"C:\ProgramData\f8y7b4po4x44m05" deleted
"C:\ProgramData\R4gheLJ7l5uvxu" deleted
"C:\ProgramData\648BBA562D2CE14C0000648B55D0E75C\648BBA562D2CE14C0000648B55D0E75C" deleted
"C:\ProgramData\648BBA562D2CE14C0000648B55D0E75C\648BBA562D2CE14C0000648B55D0E75C.ico" deleted
"C:\ProgramData\648BBA562D2CE14C0000648B55D0E75C" deleted
 
==== Chrome Look ======================
 
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{F8CC2F32-887A-4B90-B3E3-FE32C4370AB0}"
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{3AA443BC-CDE3-4903-9E85-30FBE64CEBA7} Unknown  Url="Not_Found"
{F8CC2F32-887A-4B90-B3E3-FE32C4370AB0} Unknown  Url="Not_Found"
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-2053550242-2687663662-3722822742-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3AA443BC-CDE3-4903-9E85-30FBE64CEBA7} deleted successfully
HKEY_USERS\S-1-5-21-2053550242-2687663662-3722822742-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F8CC2F32-887A-4B90-B3E3-FE32C4370AB0} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Empty IE Cache ======================
 
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Kiosk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\L645D-S4025\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\L645D-S4025\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\L645D-S4025\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache is not empty, a reboot is needed
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=4 folders=5 32679 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Kiosk\AppData\Local\Temp emptied successfully
C:\Users\Public\AppData\Local\Temp emptied successfully
C:\Users\test\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\L645D-S4025\AppData\Local\Temp  will be emptied at reboot
C:\windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\windows\Temp successfully emptied
C:\Users\L645D-~1\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\windows\sysWoW64\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\25L9VGY3\199.212.255.148"  not found
"C:\windows\sysWoW64\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\25L9VGY3\cdn.simpleyogalessons.com"  not found
"C:\windows\sysWoW64\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\25L9VGY3\tag.audiencetv.hiro.tv"  not found
"C:\windows\sysWoW64\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\25L9VGY3\video.mdadvice.com"  not found
"C:\windows\sysWoW64\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\25L9VGY3\www.familycircle.com"  not found
"C:\windows\sysWoW64\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\25L9VGY3\www.fitnessmagazine.com"  not found
 
==== EOF on Tue 01/28/2014 at  7:40:30.41 ======================
 

 

And then running MSE Came back fine and only took 2 1/2 hours for full scan this time instead of 13 1/2 hours like in my 1st post. So glad I was finally able to figure out how to delete those. Stupid glitch. And my friend needs to take better care of her computer. Anthing else that I need to do? I can't think of anything 


Jill M***Butterfly Kisses


#29 seedy21

seedy21

  • SpywareHammer Trainee
  • 416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Halifax, UK
  • Local time:07:44 AM

Posted 28 January 2014 - 03:45 PM

Hi jillmarten
 

What was that script for?


The scripted was to make sure that the Infected file's was deleted, Zoek also cleaned anything that wasn't needed and Emptied all the Cache on your machine.

If you have no further problems you can uninstall the tools we have used and follow this advice :-

Remove Tools Used :

Un-install Combofix
  • Click on Start, Run
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • CF-Uninstall.png

Clean up with Delfix

Download "Delfix by Xplode" and save it to your desktop.
  • Double Click to start the program
    If you are using Vista or higher, please right-click and choose run as administrator
    Make Sure the following items are checked:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click on " Run " and wait patiently until the tool have completed.

    The tool will create a log when it has completed. We don't need you to post this.


    Turn On Automatic Updates:

    Turn On Automatic Updates

    1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
    2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them


    Make your Internet Explorer more secure:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Under Security Level for this Zone make sure that you are set to Medium -High as seen in the image below:-

      IE10%20Rec%20Settings.jpg
    • Also verify that Enable Protected Mode is checked
    • Next press the Apply button and then the OK to exit the Internet Properties page.
    If you have any problems you know where we are :)

Edited by seedy21, 28 January 2014 - 03:46 PM.

It's only after we've lost everything that we're free to do anything.
― Chuck Palahniuk, Fight Club

#30 jillmarten

jillmarten
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 28 January 2014 - 04:23 PM

Hello, I had already uninstalled Combofix so that was done. That Delfix is neat program!!! Here is the Log. Everything is done. Computer seems to be running So good. thanks for the help.. I know a lot about pc's and help people locally but this one was CRAZY! just needed a little extra help. would love to learn some of the programs that you use. I am thinking about entering the training program I read about on here. Thanks for your help. This should end and be closed now right?

 

 # DelFix v10.6 - Logfile created 28/01/2014 at 15:13:25

# Updated 11/11/2013 by Xplode
# Username : L645D-S4025 - L645D-S4025-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
 
~ Activating UAC ... OK
 
~ Removing disinfection tools ...
 
Deleted : C:\Users\L645D-S4025\Downloads\AdwCleaner.exe
Deleted : C:\windows\grep.exe
Deleted : C:\windows\PEV.exe
Deleted : C:\windows\NIRCMD.exe
Deleted : C:\windows\MBR.exe
Deleted : C:\windows\SED.exe
Deleted : C:\windows\SWREG.exe
Deleted : C:\windows\SWSC.exe
Deleted : C:\windows\SWXCACLS.exe
Deleted : C:\windows\Zip.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #63 [Scheduled Checkpoint | 01/28/2014 06:48:35]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

Jill M***Butterfly Kisses





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users