Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible trojan? IE opens by itself to random sites. Firefox crashes.


  • This topic is locked This topic is locked
13 replies to this topic

#1 kamikazekang

kamikazekang

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:34 AM

Posted 11 August 2011 - 09:04 AM

A few days ago, Microsoft Security Essentials (MSE) noticed a threat to my computer. I went to remove/quarantine it, but before I could my computer started acting screwy. Desktop background was deleted. All program shortcuts on my desktop were deleted. IE kept opening by itself (I never use IE), taking me to google-themed websites. I decided to do a System Restore to a day prior to this incident. This seemed to clear up most of the issues, but a few still remain. IE continues to open on its own, and Firefox crashes at seemingly random moments. Any help would be appreciated! Thank you very much.

When I check the history logs of MSE, this is listed: Trojan:Win32/FakeSysdef -Action Taken: Allowed.


I run Win 7.
I use MSE for anti-virus.







.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Jack Package at 9:01:38 on 2011-08-11
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.1944 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Windows\vVX6000.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\WordWeb\wweb32.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\msdtc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbengine.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [WordWeb] "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [googletalk] C:\Users\Jack Package\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\JACKPA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
uPolicies-system: WallpaperStyle = 2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{B33DF60C-08D0-4161-9142-F535E8FCA61C} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{B33DF60C-08D0-4161-9142-F535E8FCA61C}\3516D6370284F6573756 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B33DF60C-08D0-4161-9142-F535E8FCA61C}\54447514254435E4544575F425B4 : DhcpNameServer = 192.168.2.1 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO-X64: HelloWorldBHO - No File
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [Conime] %windir%\system32\conime.exe
mRun-x64: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jack Package\AppData\Roaming\Mozilla\Firefox\Profiles\dhzf6ou9.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxps://ssl.scroogle.org/
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-12-8 89600]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-1-25 92216]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe [2009-8-5 284016]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-14 227896]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech Webcam 300(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VX6000;Microsoft LifeCam VX-6000;C:\Windows\system32\DRIVERS\VX6000Xp.sys --> C:\Windows\system32\DRIVERS\VX6000Xp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2011-08-11 04:38:04 -------- dc----w- C:\Users\Jack Package\AppData\Local\MigWiz
2011-08-10 20:17:32 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DEB76ED6-BC8C-4EAE-9F9D-3FF413EBA14F}\mpengine.dll
2011-08-10 02:54:21 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-08-10 02:53:56 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-08-10 02:51:50 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-08-10 02:51:50 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-08-10 02:51:47 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-08-04 02:22:38 98304 ----a-w- C:\Program Files (x86)\Zip64.SFX
2011-08-04 02:22:35 94720 ----a-w- C:\Program Files (x86)\WinCon64.SFX
2011-08-04 02:22:34 78848 ----a-w- C:\Program Files (x86)\Zip.SFX
2011-08-04 02:22:34 140288 ----a-w- C:\Program Files (x86)\RarExt32.dll
2011-08-04 02:22:34 128000 ----a-w- C:\Program Files (x86)\Default64.SFX
2011-08-04 02:22:33 98816 ----a-w- C:\Program Files (x86)\Default.SFX
2011-08-04 02:22:33 72704 ----a-w- C:\Program Files (x86)\WinCon.SFX
2011-08-04 02:22:33 164864 ----a-w- C:\Program Files (x86)\RarExt.dll
2011-08-04 02:22:32 417792 ----a-w- C:\Program Files (x86)\Rar.exe
2011-08-04 02:22:32 276992 ----a-w- C:\Program Files (x86)\UnRAR.exe
2011-08-04 02:22:32 132608 ----a-w- C:\Program Files (x86)\Uninstall.exe
2011-08-04 02:22:32 1163264 ----a-w- C:\Program Files (x86)\WinRAR.exe
2011-07-13 03:33:26 3134464 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2011-07-22 05:35:08 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 04:56:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:44:55 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-21 06:20:48 1197056 ----a-w- C:\Windows\System32\wininet.dll
2011-06-21 06:20:06 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-06-21 05:36:36 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-06-21 05:35:05 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-06-21 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec
2011-06-21 04:26:02 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-06-20 01:11:33 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-15 09:58:31 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 09:58:31 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 09:04:46 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 09:04:46 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 09:04:46 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 09:04:46 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-06-15 09:04:46 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2011-05-24 11:21:59 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:34:20 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:34:20 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:34:00 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32:46 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2009-08-20 08:13:26 9815040 ----a-w- C:\Program Files\openofficeorg31.msi
2009-03-26 10:36:32 451928 ----a-w- C:\Program Files\setup.exe
2002-03-11 09:06:30 1822520 ----a-w- C:\Program Files\instmsiw.exe
2002-03-11 08:45:04 1708856 ----a-w- C:\Program Files\instmsia.exe
.
============= FINISH: 9:10:37.24 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 kamikazekang

kamikazekang
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:34 AM

Posted 13 August 2011 - 07:00 AM

I just wanted to say that I'll be traveling to an area with limited internet connection over the next few days. I understand that the Malware Response Team can get backlogged with requests occasionally, but if you happen to respond soon, please be patient with me as I will try to reply as quickly as possible.

#3 kamikazekang

kamikazekang
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:34 AM

Posted 14 August 2011 - 08:15 AM

New information: The problem with my computer seems to be getting worse. IE continues to open on its own as before. Now I get Blue Screens at random moments, forcing me to restart my computer. Also, my computer is performing much slower than usual. Hopefully this helps in your diagnosis. I'm still in an area with limited internet connection. Thank again.

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:34 AM

Posted 15 August 2011 - 01:11 PM

Hello kamikazekang,

Welcome to Bleeping computer.

Please download MBRCheck by clicking here and save it to your desktop.
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
  • A window will open on your desktop.
  • If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter.
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.txt should appear on your desktop.
  • Please post the contents of that file in your next reply.


#5 kamikazekang

kamikazekang
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:34 AM

Posted 16 August 2011 - 04:28 PM

Hi farbar,

Thanks for your help. Here is the log:



MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G71 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 186):
0x02A11000 \SystemRoot\system32\ntoskrnl.exe
0x02FED000 \SystemRoot\system32\hal.dll
0x00BA7000 \SystemRoot\system32\kdcom.dll
0x00CC9000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D0D000 \SystemRoot\system32\PSHED.dll
0x00D21000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E2B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00ECF000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EDE000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F35000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F3E000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F48000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F7B000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F88000 \SystemRoot\system32\DRIVERS\isapnp.sys
0x00F91000 \SystemRoot\system32\DRIVERS\mpio.sys
0x00FBB000 \SystemRoot\System32\drivers\partmgr.sys
0x00FD0000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FD9000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FE5000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D7F000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E00000 \SystemRoot\system32\DRIVERS\intelide.sys
0x00E08000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00E18000 \SystemRoot\system32\DRIVERS\aliide.sys
0x00E1F000 \SystemRoot\system32\DRIVERS\amdide.sys
0x00DDB000 \SystemRoot\system32\DRIVERS\cmdide.sys
0x00DE3000 \SystemRoot\System32\drivers\mountmgr.sys
0x01079000 \SystemRoot\system32\DRIVERS\msdsm.sys
0x0109F000 \SystemRoot\system32\drivers\nvraid.sys
0x010C7000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x010F7000 \SystemRoot\system32\DRIVERS\pciide.sys
0x010FE000 \SystemRoot\system32\DRIVERS\viaide.sys
0x01248000 \SystemRoot\system32\drivers\iaStorV.sys
0x01366000 \SystemRoot\system32\DRIVERS\atapi.sys
0x0136F000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01399000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x01106000 \SystemRoot\system32\DRIVERS\storport.sys
0x013B6000 \SystemRoot\system32\DRIVERS\msahci.sys
0x013C1000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
0x01168000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x01000000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x01200000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x013D8000 \SystemRoot\system32\drivers\amdsata.sys
0x014C8000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x0150F000 \SystemRoot\system32\drivers\amdxata.sys
0x0151A000 \SystemRoot\system32\DRIVERS\arc.sys
0x01533000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x0154E000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x015D5000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x01400000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x0141F000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x01432000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x01451000 \SystemRoot\system32\DRIVERS\megasas.sys
0x01622000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x016C6000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x016D6000 \SystemRoot\system32\drivers\nvstor.sys
0x01810000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x01701000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x019B4000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x019C2000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x019DA000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x01760000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x0178A000 \SystemRoot\system32\drivers\fltmgr.sys
0x019E4000 \SystemRoot\system32\drivers\fileinfo.sys
0x01A40000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0145D000 \SystemRoot\System32\Drivers\msrpc.sys
0x01BE2000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01CCB000 \SystemRoot\System32\Drivers\cng.sys
0x01D3E000 \SystemRoot\System32\drivers\pcw.sys
0x01D4F000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01EDB000 \SystemRoot\system32\drivers\ndis.sys
0x01E00000 \SystemRoot\system32\drivers\NETIO.SYS
0x01E60000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x02000000 \SystemRoot\System32\drivers\tcpip.sys
0x01E8B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01FCD000 \SystemRoot\system32\DRIVERS\wd.sys
0x01D59000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01FD5000 \SystemRoot\System32\Drivers\spldr.sys
0x01FDD000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x01DA5000 \SystemRoot\System32\drivers\rdyboost.sys
0x01DDF000 \SystemRoot\System32\Drivers\mup.sys
0x01DF1000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01C00000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01C3A000 \SystemRoot\system32\DRIVERS\disk.sys
0x01C88000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01A00000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x01CB2000 \SystemRoot\System32\Drivers\Null.SYS
0x01CBB000 \SystemRoot\System32\Drivers\Beep.SYS
0x01A31000 \SystemRoot\System32\drivers\vga.sys
0x017D6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01800000 \SystemRoot\System32\drivers\watchdog.sys
0x01CC2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01600000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01609000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01612000 \SystemRoot\System32\Drivers\Msfs.SYS
0x015E6000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01056000 \SystemRoot\system32\DRIVERS\tdx.sys
0x014BB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x034BF000 \SystemRoot\system32\drivers\afd.sys
0x03548000 \SystemRoot\System32\DRIVERS\netbt.sys
0x0358D000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03596000 \SystemRoot\system32\DRIVERS\pacer.sys
0x035BC000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x035D2000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03400000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0341B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0342F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03480000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0348C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03497000 \SystemRoot\System32\drivers\discache.sys
0x035E1000 \SystemRoot\System32\Drivers\dfsc.sys
0x034A6000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03E10000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03E36000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03E4C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0422B000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x03E51000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04933000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04979000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04986000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x049DC000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04200000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04A03000 \SystemRoot\system32\DRIVERS\athrx.sys
0x04B8C000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04B99000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04BD2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x04BF0000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x049ED000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03F45000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x04BFC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x03F8E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03F9D000 \SystemRoot\SysWOW64\drivers\Afc.sys
0x03FA6000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x03FB3000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03FBC000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03FD2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03E00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04C87000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04CB6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04CD1000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04CF2000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04D0C000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04D0E000 \SystemRoot\system32\DRIVERS\ks.sys
0x04D51000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04D63000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04DBD000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04C00000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x05EB3000 \SystemRoot\system32\DRIVERS\portcls.sys
0x05EF0000 \SystemRoot\system32\DRIVERS\drmk.sys
0x05F12000 \SystemRoot\system32\drivers\ksthunk.sys
0x06085000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x061B6000 \SystemRoot\system32\drivers\modem.sys
0x061C5000 \SystemRoot\System32\Drivers\crashdmp.sys
0x061D3000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x061DF000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x061EA000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00050000 \SystemRoot\System32\win32k.sys
0x06000000 \SystemRoot\System32\drivers\Dxapi.sys
0x0600C000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00420000 \SystemRoot\System32\TSDDD.dll
0x00730000 \SystemRoot\System32\cdd.dll
0x00970000 \SystemRoot\System32\ATMFD.DLL
0x0601A000 \SystemRoot\system32\drivers\luafv.sys
0x0603D000 \SystemRoot\system32\drivers\WudfPf.sys
0x0605E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05F18000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x05F6B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x05F7E000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x06073000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x032FD000 \SystemRoot\system32\drivers\HTTP.sys
0x033C5000 \SystemRoot\system32\DRIVERS\bowser.sys
0x033E3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03200000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0322D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0327B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05E00000 \SystemRoot\system32\drivers\peauth.sys
0x0329E000 \SystemRoot\System32\Drivers\secdrv.SYS
0x032A9000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x032D6000 \SystemRoot\System32\drivers\tcpipreg.sys
0x05F96000 \SystemRoot\System32\DRIVERS\srv2.sys
0x05CE2000 \SystemRoot\System32\DRIVERS\srv.sys
0x05D77000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x776C0000 \Windows\System32\ntdll.dll
0x480D0000 \Windows\System32\smss.exe
0xFF9E0000 \Windows\System32\apisetschema.dll
0xFF400000 \Windows\System32\autochk.exe

Processes (total 78):
0 System Idle Process
4 System
276 C:\Windows\System32\smss.exe
380 csrss.exe
432 C:\Windows\System32\wininit.exe
444 csrss.exe
500 C:\Windows\System32\winlogon.exe
536 C:\Windows\System32\services.exe
544 C:\Windows\System32\lsass.exe
552 C:\Windows\System32\lsm.exe
660 C:\Windows\System32\svchost.exe
736 C:\Windows\System32\svchost.exe
776 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
884 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\svchost.exe
1012 C:\Program Files\IDT\WDM\stacsv64.exe
392 C:\Windows\System32\audiodg.exe
1132 C:\Windows\System32\svchost.exe
1216 C:\Windows\System32\svchost.exe
1324 C:\Windows\System32\wlanext.exe
1332 C:\Windows\System32\conhost.exe
1532 C:\Windows\System32\spoolsv.exe
1592 C:\Windows\System32\svchost.exe
1688 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1724 C:\Program Files\IDT\WDM\AESTSr64.exe
1752 C:\Program Files\LSI SoftModem\agr64svc.exe
1772 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1812 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1840 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
1900 C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
1944 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1988 C:\Program Files\Microsoft LifeCam\MSCamS64.exe
2024 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
1076 C:\Windows\System32\svchost.exe
2080 C:\Windows\System32\taskhost.exe
2276 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
2380 C:\Windows\System32\dwm.exe
2392 C:\Windows\explorer.exe
2452 C:\Windows\System32\svchost.exe
2692 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2700 C:\Windows\System32\igfxtray.exe
2744 C:\Windows\System32\hkcmd.exe
2784 C:\Windows\System32\igfxpers.exe
2800 C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
2872 C:\Windows\vVX6000.exe
2896 C:\Program Files\IDT\WDM\sttray64.exe
2904 C:\Program Files\Microsoft Security Client\msseces.exe
2928 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
2940 C:\Windows\System32\igfxsrvc.exe
3040 C:\Program Files (x86)\WordWeb\wweb32.exe
3052 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
1560 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
2716 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
1968 C:\Program Files (x86)\HP\QuickPlay\QPService.exe
2724 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
1872 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
2264 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
424 C:\Program Files (x86)\iTunes\iTunesHelper.exe
2020 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3212 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
3368 C:\Windows\System32\SearchIndexer.exe
3412 C:\Windows\System32\svchost.exe
3440 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
3540 WmiPrvSE.exe
3728 C:\Program Files\iPod\bin\iPodService.exe
3772 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
3928 C:\Windows\System32\svchost.exe
4004 C:\Windows\System32\SearchProtocolHost.exe
4024 C:\Windows\System32\SearchFilterHost.exe
400 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
1028 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
3768 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4420 C:\Program Files\Internet Explorer\iexplore.exe
4516 C:\Program Files\Internet Explorer\iexplore.exe
4924 C:\Users\Jack Package\Downloads\MBRCheck.exe
4932 C:\Windows\System32\conhost.exe
4948 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`7be00000 (NTFS)

PhysicalDrive0 Model Number: ST9320325AS, Rev: 0005HPM1

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36ED


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:34 AM

Posted 16 August 2011 - 05:08 PM

We need to do it step by step.

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


#7 kamikazekang

kamikazekang
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:34 AM

Posted 17 August 2011 - 04:31 PM

I ran TDSSKiller, and no infected objects were found. No reboot was needed. Here are the contents of the report:



2011/08/17 17:28:35.0335 5028 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/17 17:28:35.0788 5028 ================================================================================
2011/08/17 17:28:35.0788 5028 SystemInfo:
2011/08/17 17:28:35.0788 5028
2011/08/17 17:28:35.0788 5028 OS Version: 6.1.7600 ServicePack: 0.0
2011/08/17 17:28:35.0788 5028 Product type: Workstation
2011/08/17 17:28:35.0788 5028 ComputerName: SYRACUSE-PC
2011/08/17 17:28:35.0788 5028 UserName: Jack Package
2011/08/17 17:28:35.0788 5028 Windows directory: C:\Windows
2011/08/17 17:28:35.0788 5028 System windows directory: C:\Windows
2011/08/17 17:28:35.0788 5028 Running under WOW64
2011/08/17 17:28:35.0788 5028 Processor architecture: Intel x64
2011/08/17 17:28:35.0788 5028 Number of processors: 1
2011/08/17 17:28:35.0788 5028 Page size: 0x1000
2011/08/17 17:28:35.0788 5028 Boot type: Normal boot
2011/08/17 17:28:35.0788 5028 ================================================================================
2011/08/17 17:28:36.0693 5028 Initialize success
2011/08/17 17:28:43.0619 4536 ================================================================================
2011/08/17 17:28:43.0619 4536 Scan started
2011/08/17 17:28:43.0619 4536 Mode: Manual;
2011/08/17 17:28:43.0619 4536 ================================================================================
2011/08/17 17:28:44.0633 4536 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/08/17 17:28:44.0711 4536 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/08/17 17:28:44.0773 4536 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/08/17 17:28:44.0945 4536 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/17 17:28:45.0007 4536 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/17 17:28:45.0054 4536 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/17 17:28:45.0241 4536 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/08/17 17:28:45.0397 4536 AgereSoftModem (af4748ef93416159459769a24a0053af) C:\Windows\system32\DRIVERS\agrsm64.sys
2011/08/17 17:28:45.0475 4536 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/08/17 17:28:45.0585 4536 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/08/17 17:28:45.0631 4536 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/08/17 17:28:45.0678 4536 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/17 17:28:45.0725 4536 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/17 17:28:45.0819 4536 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/08/17 17:28:45.0897 4536 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/17 17:28:45.0943 4536 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/08/17 17:28:46.0037 4536 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/08/17 17:28:46.0209 4536 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/08/17 17:28:46.0240 4536 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/17 17:28:46.0302 4536 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/17 17:28:46.0365 4536 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/08/17 17:28:46.0505 4536 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys
2011/08/17 17:28:46.0661 4536 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/08/17 17:28:46.0723 4536 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/08/17 17:28:46.0786 4536 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/08/17 17:28:46.0926 4536 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/17 17:28:47.0067 4536 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/17 17:28:47.0129 4536 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/17 17:28:47.0191 4536 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/17 17:28:47.0269 4536 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/08/17 17:28:47.0301 4536 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/17 17:28:47.0394 4536 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/17 17:28:47.0441 4536 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/17 17:28:47.0503 4536 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/17 17:28:47.0581 4536 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/17 17:28:47.0659 4536 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/17 17:28:47.0784 4536 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/17 17:28:47.0831 4536 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/08/17 17:28:47.0987 4536 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/17 17:28:48.0018 4536 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/08/17 17:28:48.0081 4536 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/08/17 17:28:48.0221 4536 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/17 17:28:48.0283 4536 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/08/17 17:28:48.0377 4536 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/17 17:28:48.0549 4536 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
2011/08/17 17:28:48.0611 4536 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/08/17 17:28:48.0720 4536 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/08/17 17:28:48.0829 4536 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/08/17 17:28:48.0907 4536 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/17 17:28:49.0063 4536 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/08/17 17:28:49.0235 4536 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/17 17:28:49.0282 4536 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/08/17 17:28:49.0407 4536 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/08/17 17:28:49.0453 4536 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/08/17 17:28:49.0547 4536 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/17 17:28:49.0625 4536 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/08/17 17:28:49.0672 4536 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/08/17 17:28:49.0719 4536 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/17 17:28:49.0797 4536 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/08/17 17:28:49.0843 4536 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/08/17 17:28:49.0875 4536 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/17 17:28:49.0953 4536 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/17 17:28:50.0015 4536 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/17 17:28:50.0124 4536 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/17 17:28:50.0187 4536 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/17 17:28:50.0265 4536 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/08/17 17:28:50.0327 4536 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/17 17:28:50.0374 4536 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/17 17:28:50.0436 4536 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/17 17:28:50.0467 4536 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/17 17:28:50.0608 4536 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/17 17:28:50.0811 4536 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/08/17 17:28:50.0951 4536 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/08/17 17:28:51.0013 4536 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/08/17 17:28:51.0060 4536 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/17 17:28:51.0169 4536 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/17 17:28:51.0247 4536 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/08/17 17:28:51.0513 4536 igfx (3c3f27002abc69c5afe29cbe6cf7addf) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/08/17 17:28:51.0606 4536 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/17 17:28:51.0653 4536 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/08/17 17:28:51.0715 4536 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/17 17:28:51.0825 4536 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/17 17:28:51.0903 4536 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/08/17 17:28:51.0934 4536 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/08/17 17:28:52.0074 4536 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/08/17 17:28:52.0137 4536 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/08/17 17:28:52.0199 4536 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/17 17:28:52.0261 4536 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/17 17:28:52.0324 4536 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/17 17:28:52.0386 4536 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/17 17:28:52.0449 4536 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/17 17:28:52.0511 4536 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/08/17 17:28:52.0683 4536 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/17 17:28:52.0776 4536 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/17 17:28:52.0823 4536 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/17 17:28:52.0885 4536 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/17 17:28:52.0948 4536 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/17 17:28:53.0041 4536 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/08/17 17:28:53.0104 4536 lvpopf64 (a014e25d95f7091000b60ff8a1c2e988) C:\Windows\system32\DRIVERS\lvpopf64.sys
2011/08/17 17:28:53.0151 4536 LVRS64 (a43a6cbea073990a784603ef065a281b) C:\Windows\system32\DRIVERS\lvrs64.sys
2011/08/17 17:28:53.0369 4536 LVUVC64 (4350876ab0d0c77d0b40a1c85935c96b) C:\Windows\system32\DRIVERS\lvuvc64.sys
2011/08/17 17:28:53.0463 4536 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/17 17:28:53.0509 4536 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/17 17:28:53.0603 4536 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/08/17 17:28:53.0681 4536 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/17 17:28:53.0775 4536 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/17 17:28:53.0884 4536 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/17 17:28:53.0946 4536 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/08/17 17:28:54.0024 4536 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/08/17 17:28:54.0087 4536 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/08/17 17:28:54.0165 4536 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/08/17 17:28:54.0211 4536 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/17 17:28:54.0274 4536 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/17 17:28:54.0336 4536 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/17 17:28:54.0399 4536 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/17 17:28:54.0445 4536 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/17 17:28:54.0492 4536 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/08/17 17:28:54.0555 4536 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/08/17 17:28:54.0617 4536 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/08/17 17:28:54.0664 4536 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/17 17:28:54.0711 4536 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/08/17 17:28:54.0820 4536 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/17 17:28:54.0882 4536 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/17 17:28:54.0945 4536 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/08/17 17:28:55.0007 4536 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/08/17 17:28:55.0085 4536 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/17 17:28:55.0147 4536 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/08/17 17:28:55.0179 4536 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/17 17:28:55.0241 4536 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/08/17 17:28:55.0381 4536 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/17 17:28:55.0459 4536 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/08/17 17:28:55.0537 4536 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/17 17:28:55.0615 4536 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/17 17:28:55.0678 4536 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/17 17:28:55.0725 4536 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/17 17:28:55.0787 4536 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/08/17 17:28:55.0865 4536 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/17 17:28:55.0927 4536 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/17 17:28:56.0161 4536 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/08/17 17:28:56.0255 4536 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/17 17:28:56.0317 4536 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/08/17 17:28:56.0505 4536 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/08/17 17:28:56.0598 4536 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/17 17:28:56.0707 4536 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/08/17 17:28:56.0739 4536 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/08/17 17:28:56.0801 4536 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/08/17 17:28:56.0895 4536 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/08/17 17:28:56.0957 4536 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/08/17 17:28:57.0019 4536 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/17 17:28:57.0082 4536 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/08/17 17:28:57.0129 4536 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/08/17 17:28:57.0191 4536 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/08/17 17:28:57.0238 4536 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/08/17 17:28:57.0300 4536 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/17 17:28:57.0347 4536 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/08/17 17:28:57.0394 4536 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/08/17 17:28:57.0565 4536 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/17 17:28:57.0612 4536 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/08/17 17:28:57.0721 4536 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/17 17:28:57.0799 4536 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/17 17:28:57.0862 4536 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/17 17:28:57.0924 4536 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/17 17:28:57.0971 4536 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/17 17:28:58.0033 4536 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/17 17:28:58.0080 4536 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/17 17:28:58.0127 4536 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/17 17:28:58.0174 4536 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/17 17:28:58.0221 4536 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/17 17:28:58.0267 4536 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/17 17:28:58.0314 4536 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/17 17:28:58.0361 4536 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/17 17:28:58.0408 4536 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/17 17:28:58.0455 4536 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/08/17 17:28:58.0501 4536 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/08/17 17:28:58.0689 4536 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/17 17:28:58.0782 4536 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/08/17 17:28:58.0923 4536 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/08/17 17:28:58.0985 4536 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/17 17:28:59.0063 4536 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
2011/08/17 17:28:59.0110 4536 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/17 17:28:59.0188 4536 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/17 17:28:59.0235 4536 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/08/17 17:28:59.0297 4536 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/17 17:28:59.0406 4536 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/08/17 17:28:59.0453 4536 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/08/17 17:28:59.0484 4536 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/08/17 17:28:59.0547 4536 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/17 17:28:59.0609 4536 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/17 17:28:59.0656 4536 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/17 17:28:59.0749 4536 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/08/17 17:28:59.0874 4536 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/08/17 17:29:00.0015 4536 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
2011/08/17 17:29:00.0139 4536 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/17 17:29:00.0295 4536 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/08/17 17:29:00.0405 4536 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/08/17 17:29:00.0514 4536 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/08/17 17:29:00.0576 4536 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/17 17:29:00.0795 4536 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/17 17:29:01.0169 4536 STHDA (a3fb7ad8720d7e02aa0111a6b51c2744) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/08/17 17:29:01.0231 4536 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/17 17:29:01.0341 4536 SynTP (929c9fa0b18ad2ebc8340591c4bf00ff) C:\Windows\system32\DRIVERS\SynTP.sys
2011/08/17 17:29:01.0481 4536 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
2011/08/17 17:29:01.0575 4536 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/17 17:29:01.0637 4536 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/17 17:29:01.0699 4536 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/08/17 17:29:01.0731 4536 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/08/17 17:29:01.0777 4536 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/17 17:29:01.0840 4536 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/17 17:29:01.0933 4536 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/17 17:29:02.0074 4536 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/17 17:29:02.0136 4536 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/17 17:29:02.0183 4536 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/17 17:29:02.0261 4536 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/08/17 17:29:02.0355 4536 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/17 17:29:02.0417 4536 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/17 17:29:02.0511 4536 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
2011/08/17 17:29:02.0651 4536 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/08/17 17:29:02.0713 4536 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/17 17:29:02.0869 4536 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/08/17 17:29:02.0916 4536 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/17 17:29:03.0025 4536 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/17 17:29:03.0088 4536 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
2011/08/17 17:29:03.0150 4536 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/17 17:29:03.0213 4536 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/17 17:29:03.0291 4536 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/17 17:29:03.0353 4536 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/17 17:29:03.0431 4536 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/08/17 17:29:03.0462 4536 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/08/17 17:29:03.0525 4536 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/17 17:29:03.0571 4536 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/08/17 17:29:03.0634 4536 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/08/17 17:29:03.0696 4536 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/08/17 17:29:03.0759 4536 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/08/17 17:29:03.0837 4536 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/08/17 17:29:03.0915 4536 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/08/17 17:29:03.0993 4536 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/17 17:29:04.0055 4536 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/08/17 17:29:04.0117 4536 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/08/17 17:29:04.0195 4536 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/08/17 17:29:04.0336 4536 VX6000 (07e6731ff9399a3b72d64150d4c5f71a) C:\Windows\system32\DRIVERS\VX6000Xp.sys
2011/08/17 17:29:04.0398 4536 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/17 17:29:04.0461 4536 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/17 17:29:04.0507 4536 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/17 17:29:04.0663 4536 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/08/17 17:29:04.0710 4536 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/17 17:29:04.0897 4536 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/17 17:29:04.0929 4536 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/08/17 17:29:05.0163 4536 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/08/17 17:29:05.0241 4536 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/17 17:29:05.0428 4536 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/17 17:29:05.0490 4536 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/08/17 17:29:05.0599 4536 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/17 17:29:05.0693 4536 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/08/17 17:29:05.0755 4536 MBR (0x1B8) (ff0b97e12dc6abe947b4989c1bd62a37) \Device\Harddisk0\DR0
2011/08/17 17:29:05.0818 4536 Boot (0x1200) (3b842d6ef97f9d4b4db65370aa8aa871) \Device\Harddisk0\DR0\Partition0
2011/08/17 17:29:05.0849 4536 Boot (0x1200) (c98b0ba848156184924be67bdfe7ec7d) \Device\Harddisk0\DR0\Partition1
2011/08/17 17:29:05.0896 4536 Boot (0x1200) (6ae00ee7e53ddecf19c799709c5cbc0d) \Device\Harddisk0\DR0\Partition2
2011/08/17 17:29:05.0911 4536 ================================================================================
2011/08/17 17:29:05.0911 4536 Scan finished
2011/08/17 17:29:05.0911 4536 ================================================================================
2011/08/17 17:29:05.0943 3788 Detected object count: 0
2011/08/17 17:29:05.0943 3788 Actual detected object count: 0

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:34 AM

Posted 17 August 2011 - 04:41 PM

TDSS confirmed the infection even though it didn't detect anything. We need to resolve this by using another tool.

We will fix this the next round, I would like to see a log first. Yours is x64 version:

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#9 kamikazekang

kamikazekang
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:34 AM

Posted 18 August 2011 - 02:37 PM

Nice! Well I hope this log helps. Here it is:


Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.2.1
Ran by SYSTEM at 2011-08-18 15:30:09
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [165912 2010-02-05] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [387608 2010-02-05] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [365592 2010-02-05] (Intel Corporation)
HKLM\...\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2023936 2009-08-03] (Eastman Kodak Company)
HKLM\...\Run: [VX6000] C:\Windows\vVX6000.exe [764784 2010-05-20] (Microsoft Corporation
)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-12-08] (IDT, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436736 2011-06-15] (Microsoft Corporation)
HKLM-x32\...\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe" [468264 2009-06-23] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [581480 2009-05-12] (Symantec Corporation)
HKLM-x32\...\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Conime] %windir%\system32\conime.exe [x]
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2023936 2009-08-03] (Eastman Kodak Company)
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-06-07] (Apple Inc.)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-10-25] (Hewlett-Packard)
HKU\Default\...\Policies\system: [WallpaperStyle] 2
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-10-25] (Hewlett-Packard)
HKU\Default User\...\Policies\system: [WallpaperStyle] 2
HKU\Jack Package\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2010-01-22] (Hewlett-Packard Company)
HKU\Jack Package\...\Run: [WordWeb] "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup [65216 2009-11-08] (WordWeb Software)
HKU\Jack Package\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1668664 2009-10-25] (Hewlett-Packard)
HKU\Jack Package\...\Run: [googletalk] C:\Users\Jack Package\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google)
HKU\Jack Package\...\Policies\system: [WallpaperStyle] 2
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 132.236.56.250 128.253.180.2 192.35.82.50

==================== Services (Whitelisted) ======

2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2010-12-08] (Andrea Electronics Corporation)
3 Com4QLBEx; "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe" [227896 2010-01-12] (Hewlett-Packard Development Company, L.P.)
3 GameConsoleService; "C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe" [250616 2009-05-22] (WildTangent, Inc.)
2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [125496 2011-02-23] (Hewlett-Packard Company)
2 HPDrvMntSvc.exe; "C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe" [92216 2011-01-25] (Hewlett-Packard Company)
3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe" [791608 2011-01-25] (Hewlett-Packard Company)
2 Kodak AiO Network Discovery Service; C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe [284016 2009-08-05] (Eastman Kodak Company)
2 LightScribeService; "C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe" [73728 2010-01-22] (Hewlett-Packard Company)
2 MSCamSvc; "C:\Program Files\Microsoft LifeCam\MSCamS64.exe" [199536 2010-05-20] (Microsoft Corporation)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-01-21] ()
2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [253440 2010-12-08] (IDT, Inc.)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]
3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]

========================== Drivers (Whitelisted) =============

3 Afc; C:\Windows\SysWow64\drivers\Afc.sys [22784 2006-09-18] (Arcsoft, Inc.)
0 cmdide; C:\Windows\System32\DRIVERS\cmdide.sys [17488 2009-07-13] (CMD Technology, Inc.)
3 HpqKbFiltr; C:\Windows\System32\DRIVERS\HpqKbFiltr.sys [18432 2009-04-29] (Hewlett-Packard Development Company, L.P.)
0 HpSAMD; C:\Windows\System32\DRIVERS\HpSAMD.sys [77888 2009-07-13] (Hewlett-Packard Company)
0 isapnp; C:\Windows\System32\DRIVERS\isapnp.sys [20544 2009-07-13] (Microsoft Corporation)
3 lvpopf64; C:\Windows\System32\DRIVERS\lvpopf64.sys [271712 2010-05-14] (Logitech Inc.)
3 LVRS64; C:\Windows\System32\DRIVERS\lvrs64.sys [329952 2010-05-14] (Logitech Inc.)
3 LVUVC64; C:\Windows\System32\DRIVERS\lvuvc64.sys [6465760 2010-05-14] (Logitech Inc.)
0 mpio; C:\Windows\System32\DRIVERS\mpio.sys [155216 2009-07-13] (Microsoft Corporation)
0 msdsm; C:\Windows\System32\DRIVERS\msdsm.sys [140352 2009-07-13] (Microsoft Corporation)
0 nvraid; C:\Windows\System32\drivers\nvraid.sys [148352 2011-03-10] (NVIDIA Corporation)
0 nvstor; C:\Windows\System32\drivers\nvstor.sys [166272 2011-03-10] (NVIDIA Corporation)
3 VX6000; C:\Windows\System32\DRIVERS\VX6000Xp.sys [2143600 2010-05-20] (Microsoft Corporation
)
4 eabfiltr; [x]
3 NPF; C:\Windows\System32\drivers\npf.sys [x]
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

========================== NetSvcs ========================

============ One Month Created Files and Folders ==============

2011-08-18 11:16 - 2011-08-18 11:16 - 0179384 ____A C:\Users\Jack Package\Desktop\topic413895.html
2011-08-18 11:16 - 2011-08-18 11:16 - 0000000 ____D C:\Users\Jack Package\Desktop\topic413895_files
2011-08-17 13:28 - 2011-08-17 13:31 - 0066034 ____A C:\TDSSKiller.2.5.15.0_17.08.2011_17.28.35_log.txt
2011-08-17 13:26 - 2011-08-17 13:27 - 0066034 ____A C:\TDSSKiller.2.5.15.0_17.08.2011_17.26.54_log.txt
2011-08-17 13:26 - 2011-08-17 13:26 - 0000000 ____D C:\Users\Jack Package\Downloads\tdsskiller
2011-08-17 13:25 - 2011-08-17 13:25 - 1388507 ____A C:\Users\Jack Package\Downloads\tdsskiller.zip
2011-08-16 13:41 - 2011-08-18 11:19 - 1748978 ___AH C:\Users\Jack Package\AppData\Local\IconCache.db
2011-08-16 13:20 - 2011-08-16 13:21 - 0015011 ____A C:\Users\Jack Package\Desktop\MBRCheck_08.16.11_17.20.59.txt
2011-08-16 13:20 - 2011-08-16 13:20 - 0080384 ____A C:\Users\Jack Package\Desktop\MBRCheck.exe
2011-08-14 13:22 - 2011-08-14 13:22 - 0000056 ___AH C:\Windows\SysWOW64\ezsidmv.dat
2011-08-14 12:12 - 2011-08-14 16:36 - 0000000 ____D C:\Users\Jack Package\AppData\Local\ElevatedDiagnostics
2011-08-14 12:10 - 2011-08-14 12:10 - 0276400 ____A C:\Windows\Minidump\081411-23431-01.dmp
2011-08-13 17:41 - 2011-08-13 17:41 - 0276400 ____A C:\Windows\Minidump\081311-18907-01.dmp
2011-08-12 13:11 - 2011-08-12 13:11 - 0000112 ____A C:\Users\Jack Package\Desktop\eset detected virus.txt
2011-08-12 08:56 - 2011-08-12 08:56 - 2322184 ____A (ESET) C:\Users\Jack Package\Downloads\esetsmartinstaller_enu.exe
2011-08-11 06:54 - 2011-08-11 09:05 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2011-08-11 06:54 - 2011-08-11 09:05 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2011-08-11 06:52 - 2011-08-11 06:53 - 16409960 ____A (Safer Networking Limited ) C:\Users\Jack Package\Downloads\spybotsd162.exe
2011-08-11 05:49 - 2011-08-11 05:49 - 0000602 ____A C:\Users\Jack Package\Desktop\ark.txt
2011-08-11 05:13 - 2011-07-16 18:21 - 0302592 ____A C:\Users\Jack Package\Desktop\gmer.exe
2011-08-11 05:11 - 2011-08-11 05:11 - 0022009 ____A C:\Users\Jack Package\Desktop\DDS.txt
2011-08-11 05:11 - 2011-08-11 05:11 - 0014050 ____A C:\Users\Jack Package\Desktop\Attach.txt
2011-08-11 05:00 - 2011-08-11 05:00 - 0607017 ____R (Swearware) C:\Users\Jack Package\Downloads\dds.scr
2011-08-11 05:00 - 2011-08-11 05:00 - 0000000 ____A C:\Users\Jack Package\defogger_reenable
2011-08-11 04:59 - 2011-08-11 04:59 - 0050477 ____A C:\Users\Jack Package\Downloads\Defogger.exe
2011-08-10 20:41 - 2011-08-10 21:52 - 0001581 ____A C:\Windows\comsetup.log
2011-08-10 20:38 - 2011-08-11 04:40 - 0000000 ___DC C:\Users\Jack Package\AppData\Local\MigWiz
2011-08-10 16:52 - 2011-08-10 16:52 - 0388608 ____A (Trend Micro Inc.) C:\Users\Jack Package\Downloads\HijackThis.exe
2011-08-10 11:56 - 2011-08-14 17:54 - 1005394 ____A C:\Windows\ntbtlog.txt
2011-08-10 11:56 - 2011-08-14 12:10 - 340543708 ____A C:\Windows\MEMORY.DMP
2011-08-10 11:56 - 2011-08-14 12:10 - 0000000 ____D C:\Windows\Minidump
2011-08-10 11:56 - 2011-08-10 11:56 - 0276448 ____A C:\Windows\Minidump\081011-30654-01.dmp
2011-08-09 18:55 - 2011-07-08 18:44 - 0287744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2011-08-09 18:55 - 2011-06-15 21:31 - 0199680 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2011-08-09 18:55 - 2011-06-15 20:35 - 0180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2011-08-09 18:55 - 2011-06-15 01:58 - 0212992 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll
2011-08-09 18:55 - 2011-06-15 01:58 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll
2011-08-09 18:55 - 2011-06-15 01:58 - 0106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll
2011-08-09 18:55 - 2011-06-15 01:58 - 0106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll
2011-08-09 18:55 - 2011-06-15 01:04 - 0319488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2011-08-09 18:55 - 2011-06-15 01:04 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2011-08-09 18:55 - 2011-06-15 01:04 - 0122880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2011-08-09 18:55 - 2011-06-15 01:04 - 0086016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2011-08-09 18:55 - 2011-06-15 01:04 - 0081920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2011-08-09 18:54 - 2011-07-15 21:26 - 0362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2011-08-09 18:54 - 2011-07-15 21:26 - 0243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2011-08-09 18:54 - 2011-07-15 21:26 - 0214528 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2011-08-09 18:54 - 2011-07-15 21:26 - 0013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2011-08-09 18:54 - 2011-07-15 21:24 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2011-08-09 18:54 - 2011-07-15 21:21 - 1162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2011-08-09 18:54 - 2011-07-15 21:21 - 0422400 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2011-08-09 18:54 - 2011-07-15 21:17 - 0338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2011-08-09 18:54 - 2011-07-15 21:04 - 0006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 21:04 - 0005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 21:04 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 21:04 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 21:04 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 21:04 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 21:04 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 21:04 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 21:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 21:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 21:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 21:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 21:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 21:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 21:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 20:36 - 0014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2011-08-09 18:54 - 2011-07-15 20:31 - 0025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2011-08-09 18:54 - 2011-07-15 20:30 - 1048576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2011-08-09 18:54 - 2011-07-15 20:30 - 0272384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2011-08-09 18:54 - 2011-07-15 20:30 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2011-08-09 18:54 - 2011-07-15 20:19 - 0005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 20:19 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 20:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 20:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 20:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 20:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 20:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 20:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 20:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 20:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 20:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 20:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 20:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 18:26 - 0007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2011-08-09 18:54 - 2011-07-15 18:26 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2011-08-09 18:54 - 2011-07-15 18:21 - 0006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 18:21 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 18:21 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-08-09 18:54 - 2011-07-15 18:21 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2011-08-09 18:53 - 2011-06-20 22:27 - 1896832 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2011-08-09 18:52 - 2011-07-21 23:34 - 9322496 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-08-09 18:52 - 2011-07-21 22:38 - 5989376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-08-09 18:52 - 2011-07-21 21:35 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-08-09 18:52 - 2011-07-21 20:56 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-08-09 18:52 - 2011-06-20 22:20 - 1499648 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-08-09 18:52 - 2011-06-20 22:20 - 1197056 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-08-09 18:52 - 2011-06-20 22:20 - 1026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2011-08-09 18:52 - 2011-06-20 22:20 - 0703488 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-08-09 18:52 - 2011-06-20 22:20 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-08-09 18:52 - 2011-06-20 22:20 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-08-09 18:52 - 2011-06-20 22:20 - 0082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-08-09 18:52 - 2011-06-20 22:20 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-08-09 18:52 - 2011-06-20 22:19 - 2458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-08-09 18:52 - 2011-06-20 22:19 - 12371456 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-08-09 18:52 - 2011-06-20 22:19 - 0445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-08-09 18:52 - 2011-06-20 22:19 - 0256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-08-09 18:52 - 2011-06-20 22:19 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-08-09 18:52 - 2011-06-20 22:19 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-08-09 18:52 - 2011-06-20 22:17 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-08-09 18:52 - 2011-06-20 21:36 - 1230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-08-09 18:52 - 2011-06-20 21:36 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-08-09 18:52 - 2011-06-20 21:36 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-08-09 18:52 - 2011-06-20 21:35 - 0606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2011-08-09 18:52 - 2011-06-20 21:35 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-08-09 18:52 - 2011-06-20 21:35 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-08-09 18:52 - 2011-06-20 21:35 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2011-08-09 18:52 - 2011-06-20 21:35 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2011-08-09 18:52 - 2011-06-20 21:34 - 2072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-08-09 18:52 - 2011-06-20 21:34 - 10989568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-08-09 18:52 - 2011-06-20 21:34 - 0381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2011-08-09 18:52 - 2011-06-20 21:34 - 0185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2011-08-09 18:52 - 2011-06-20 21:34 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-08-09 18:52 - 2011-06-20 21:34 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-08-09 18:52 - 2011-06-20 21:32 - 0012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2011-08-09 18:52 - 2011-06-20 21:05 - 0482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-08-09 18:52 - 2011-06-20 20:26 - 0386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2011-08-09 18:51 - 2011-06-22 21:29 - 5507968 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2011-08-09 18:51 - 2011-06-22 20:38 - 3957120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2011-08-09 18:51 - 2011-06-22 20:38 - 3902336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2011-08-03 18:22 - 2011-08-03 18:22 - 0000022 ____A C:\Program Files (x86)\zipnew.dat
2011-08-03 18:22 - 2011-08-03 18:22 - 0000020 ____A C:\Program Files (x86)\rarnew.dat
2011-08-03 18:22 - 2011-05-28 18:05 - 0266230 ____A C:\Program Files (x86)\WinRAR.chm
2011-08-03 18:22 - 2011-05-28 18:05 - 0164864 ____A C:\Program Files (x86)\RarExt.dll
2011-08-03 18:22 - 2011-05-28 18:05 - 0132608 ____A C:\Program Files (x86)\Uninstall.exe
2011-08-03 18:22 - 2011-05-28 18:05 - 0000700 ____A C:\Program Files (x86)\Uninstall.lst
2011-08-03 18:22 - 2011-05-28 18:04 - 0140288 ____A C:\Program Files (x86)\RarExt32.dll
2011-08-03 18:22 - 2011-05-28 18:04 - 0128000 ____A C:\Program Files (x86)\Default64.SFX
2011-08-03 18:22 - 2011-05-28 18:04 - 0098816 ____A C:\Program Files (x86)\Default.SFX
2011-08-03 18:22 - 2011-05-28 18:04 - 0098304 ____A C:\Program Files (x86)\Zip64.SFX
2011-08-03 18:22 - 2011-05-28 18:04 - 0078848 ____A C:\Program Files (x86)\Zip.SFX
2011-08-03 18:22 - 2011-05-28 18:03 - 1163264 ____A C:\Program Files (x86)\WinRAR.exe
2011-08-03 18:22 - 2011-05-28 18:03 - 0417792 ____A C:\Program Files (x86)\Rar.exe
2011-08-03 18:22 - 2011-05-28 18:03 - 0276992 ____A C:\Program Files (x86)\UnRAR.exe
2011-08-03 18:22 - 2011-05-28 18:03 - 0094720 ____A C:\Program Files (x86)\WinCon64.SFX
2011-08-03 18:22 - 2011-05-28 18:03 - 0072704 ____A C:\Program Files (x86)\WinCon.SFX
2011-08-03 18:22 - 2011-05-28 18:02 - 0023970 ____A C:\Program Files (x86)\WhatsNew.txt
2011-08-03 18:22 - 2011-05-28 18:02 - 0000496 ____A C:\Program Files (x86)\File_Id.diz
2011-08-03 18:22 - 2011-05-10 13:28 - 0078667 ____A C:\Program Files (x86)\Rar.txt
2011-08-03 18:22 - 2011-05-10 13:28 - 0009234 ____A C:\Program Files (x86)\TechNote.txt
2011-08-03 18:22 - 2011-01-23 11:41 - 0001411 ____A C:\Program Files (x86)\ReadMe.txt
2011-08-03 18:22 - 2010-11-26 15:23 - 0001233 ____A C:\Program Files (x86)\RarFiles.lst
2011-08-03 18:22 - 2010-11-25 10:15 - 0003266 ____A C:\Program Files (x86)\Order.htm
2011-08-03 18:22 - 2010-09-28 08:23 - 0007019 ____A C:\Program Files (x86)\License.txt
2011-08-03 18:22 - 2006-09-18 17:13 - 0001063 ____A C:\Program Files (x86)\Descript.ion
2011-08-03 18:22 - 2005-05-12 14:02 - 0000090 ____A C:\Program Files (x86)\UnrarSrc.txt
2011-08-02 09:15 - 2011-08-02 09:16 - 0000000 ____D C:\Users\Jack Package\Documents\My Records


============ 3 Months Modified Files and Folders =============

2011-08-18 15:30 - 2011-08-18 15:30 - 0000000 ____D C:\FRST
2011-08-18 11:27 - 2009-08-24 00:56 - 1180049 ____A C:\Windows\WindowsUpdate.log
2011-08-18 11:27 - 2009-07-13 20:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-08-18 11:27 - 2009-07-13 20:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-08-18 11:21 - 2009-08-24 01:14 - 0000290 ____A C:\Users\All Users\hpqp.ini
2011-08-18 11:21 - 2009-08-24 01:14 - 0000290 ____A C:\ProgramData\hpqp.ini
2011-08-18 11:20 - 2010-02-11 21:15 - 0000000 ____D C:\Users\All Users\Kodak
2011-08-18 11:20 - 2010-02-11 21:15 - 0000000 ____D C:\ProgramData\Kodak
2011-08-18 11:20 - 2009-12-27 19:23 - 0000190 ____A C:\Users\All Users\HPWALog.txt
2011-08-18 11:20 - 2009-12-27 19:23 - 0000190 ____A C:\ProgramData\HPWALog.txt
2011-08-18 11:20 - 2009-08-24 00:44 - 3144888320 __ASH C:\hiberfil.sys
2011-08-18 11:20 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-08-18 11:20 - 2009-07-13 20:51 - 0052733 ____A C:\Windows\setupact.log
2011-08-18 11:19 - 2011-08-16 13:41 - 1748978 ___AH C:\Users\Jack Package\AppData\Local\IconCache.db
2011-08-18 11:16 - 2011-08-18 11:16 - 0179384 ____A C:\Users\Jack Package\Desktop\topic413895.html
2011-08-18 11:16 - 2011-08-18 11:16 - 0000000 ____D C:\Users\Jack Package\Desktop\topic413895_files
2011-08-18 11:14 - 2009-07-13 21:13 - 0729688 ____A C:\Windows\System32\PerfStringBackup.INI
2011-08-17 17:22 - 2010-06-07 16:14 - 0000000 ____D C:\Users\Jack Package\AppData\Roaming\Skype
2011-08-17 17:18 - 2010-06-07 16:17 - 0000000 ____D C:\Users\Jack Package\AppData\Roaming\skypePM
2011-08-17 13:31 - 2011-08-17 13:28 - 0066034 ____A C:\TDSSKiller.2.5.15.0_17.08.2011_17.28.35_log.txt
2011-08-17 13:27 - 2011-08-17 13:26 - 0066034 ____A C:\TDSSKiller.2.5.15.0_17.08.2011_17.26.54_log.txt
2011-08-17 13:26 - 2011-08-17 13:26 - 0000000 ____D C:\Users\Jack Package\Downloads\tdsskiller
2011-08-17 13:25 - 2011-08-17 13:25 - 1388507 ____A C:\Users\Jack Package\Downloads\tdsskiller.zip
2011-08-16 13:42 - 2011-06-29 10:11 - 0524288 __ASH C:\Windows\System32\config\components{22156760-a27b-11e0-9c42-00269e22a78a}.TMContainer00000000000000000001.regtrans-ms
2011-08-16 13:42 - 2011-06-29 10:11 - 0065536 __ASH C:\Windows\System32\config\components{22156760-a27b-11e0-9c42-00269e22a78a}.TM.blf
2011-08-16 13:21 - 2011-08-16 13:20 - 0015011 ____A C:\Users\Jack Package\Desktop\MBRCheck_08.16.11_17.20.59.txt
2011-08-16 13:20 - 2011-08-16 13:20 - 0080384 ____A C:\Users\Jack Package\Desktop\MBRCheck.exe
2011-08-14 17:54 - 2011-08-10 11:56 - 1005394 ____A C:\Windows\ntbtlog.txt
2011-08-14 16:36 - 2011-08-14 12:12 - 0000000 ____D C:\Users\Jack Package\AppData\Local\ElevatedDiagnostics
2011-08-14 16:33 - 2009-12-27 19:16 - 0000000 ____D C:\users\Jack Package
2011-08-14 14:14 - 2010-01-12 12:32 - 0000000 ____D C:\Program Files (x86)\StarCraft
2011-08-14 13:22 - 2011-08-14 13:22 - 0000056 ___AH C:\Windows\SysWOW64\ezsidmv.dat
2011-08-14 12:10 - 2011-08-14 12:10 - 0276400 ____A C:\Windows\Minidump\081411-23431-01.dmp
2011-08-14 12:10 - 2011-08-10 11:56 - 340543708 ____A C:\Windows\MEMORY.DMP
2011-08-14 12:10 - 2011-08-10 11:56 - 0000000 ____D C:\Windows\Minidump
2011-08-13 17:41 - 2011-08-13 17:41 - 0276400 ____A C:\Windows\Minidump\081311-18907-01.dmp
2011-08-13 04:21 - 2010-10-19 12:30 - 0000000 ____D C:\Program Files (x86)\Info Select
2011-08-12 13:11 - 2011-08-12 13:11 - 0000112 ____A C:\Users\Jack Package\Desktop\eset detected virus.txt
2011-08-12 08:56 - 2011-08-12 08:56 - 2322184 ____A (ESET) C:\Users\Jack Package\Downloads\esetsmartinstaller_enu.exe
2011-08-12 08:52 - 2010-01-22 17:50 - 0000052 ____A C:\Windows\SysWOW64\DOErrors.log
2011-08-11 09:05 - 2011-08-11 06:54 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2011-08-11 09:05 - 2011-08-11 06:54 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2011-08-11 06:53 - 2011-08-11 06:52 - 16409960 ____A (Safer Networking Limited ) C:\Users\Jack Package\Downloads\spybotsd162.exe
2011-08-11 05:49 - 2011-08-11 05:49 - 0000602 ____A C:\Users\Jack Package\Desktop\ark.txt
2011-08-11 05:11 - 2011-08-11 05:11 - 0022009 ____A C:\Users\Jack Package\Desktop\DDS.txt
2011-08-11 05:11 - 2011-08-11 05:11 - 0014050 ____A C:\Users\Jack Package\Desktop\Attach.txt
2011-08-11 05:00 - 2011-08-11 05:00 - 0607017 ____R (Swearware) C:\Users\Jack Package\Downloads\dds.scr
2011-08-11 05:00 - 2011-08-11 05:00 - 0000000 ____A C:\Users\Jack Package\defogger_reenable
2011-08-11 05:00 - 2009-12-27 19:35 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2011-08-11 04:59 - 2011-08-11 04:59 - 0050477 ____A C:\Users\Jack Package\Downloads\Defogger.exe
2011-08-11 04:40 - 2011-08-10 20:38 - 0000000 ___DC C:\Users\Jack Package\AppData\Local\MigWiz
2011-08-10 21:52 - 2011-08-10 20:41 - 0001581 ____A C:\Windows\comsetup.log
2011-08-10 20:41 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2011-08-10 19:37 - 2009-08-14 14:14 - 0000000 ____D C:\Program Files (x86)\Java
2011-08-10 17:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2011-08-10 16:52 - 2011-08-10 16:52 - 0388608 ____A (Trend Micro Inc.) C:\Users\Jack Package\Downloads\HijackThis.exe
2011-08-10 11:56 - 2011-08-10 11:56 - 0276448 ____A C:\Windows\Minidump\081011-30654-01.dmp
2011-08-09 18:36 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2011-08-09 18:31 - 2011-05-27 14:35 - 0000360 ____A C:\Windows\Tasks\HPCeeScheduleForJack Package.job
2011-08-09 18:29 - 2010-04-25 16:02 - 0000000 ____D C:\Users\Jack Package\AppData\Local\QuickPlay
2011-08-09 18:29 - 2010-02-12 14:40 - 0000000 ____D C:\Users\Jack Package\AppData\Local\Eastman_Kodak_Company
2011-08-09 18:29 - 2009-12-31 13:14 - 0000000 ____D C:\Users\Jack Package\AppData\Local\Downloaded Installations
2011-08-09 18:29 - 2009-12-27 19:22 - 0000000 ____D C:\Users\Jack Package\AppData\Local\Hewlett-Packard_Company
2011-08-09 18:29 - 2009-12-27 19:22 - 0000000 ____D C:\Users\Jack Package\AppData\Local\Hewlett-Packard
2011-08-09 18:29 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2011-08-03 18:22 - 2011-08-03 18:22 - 0000022 ____A C:\Program Files (x86)\zipnew.dat
2011-08-03 18:22 - 2011-08-03 18:22 - 0000020 ____A C:\Program Files (x86)\rarnew.dat
2011-08-03 10:53 - 2010-02-07 12:53 - 0000000 ____D C:\Users\Jack Package\Documents\Cornell 2010
2011-08-02 19:21 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\FxsTmp
2011-08-02 09:16 - 2011-08-02 09:15 - 0000000 ____D C:\Users\Jack Package\Documents\My Records
2011-07-21 23:34 - 2011-08-09 18:52 - 9322496 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-07-21 22:38 - 2011-08-09 18:52 - 5989376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-07-21 21:35 - 2011-08-09 18:52 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-07-21 20:56 - 2011-08-09 18:52 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-07-19 07:32 - 2011-07-13 09:23 - 0018878 ____A C:\Users\Jack Package\Desktop\window dimensions worksheet.ods
2011-07-16 18:21 - 2011-08-11 05:13 - 0302592 ____A C:\Users\Jack Package\Desktop\gmer.exe
2011-07-15 21:26 - 2011-08-09 18:54 - 0362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2011-07-15 21:26 - 2011-08-09 18:54 - 0243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2011-07-15 21:26 - 2011-08-09 18:54 - 0214528 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2011-07-15 21:26 - 2011-08-09 18:54 - 0013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2011-07-15 21:24 - 2011-08-09 18:54 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2011-07-15 21:21 - 2011-08-09 18:54 - 1162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2011-07-15 21:21 - 2011-08-09 18:54 - 0422400 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2011-07-15 21:17 - 2011-08-09 18:54 - 0338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2011-07-15 21:04 - 2011-08-09 18:54 - 0006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 18:54 - 0005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 18:54 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 18:54 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 18:54 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 18:54 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 18:54 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 18:54 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 18:54 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 18:54 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 18:54 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 18:54 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 18:54 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 18:54 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 18:54 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 18:54 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 18:54 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 18:54 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 18:54 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 18:54 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 18:54 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 18:54 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 18:54 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 18:54 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 18:54 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 18:54 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 18:54 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-15 21:04 - 2011-08-09 18:54 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2011-07-15 20:36 - 2011-08-09 18:54 - 0014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2011-07-15 20:31 - 2011-08-09 18:54 - 0025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2011-07-15 20:30 - 2011-08-09 18:54 - 1048576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2011-07-15 20:30 - 2011-08-09 18:54 - 0272384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2011-07-15 20:30 - 2011-08-09 18:54 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2011-07-15 20:19 - 2011-08-09 18:54 - 0005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 18:54 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 18:54 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 18:54 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 18:54 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 18:54 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 18:54 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 18:54 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 18:54 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 18:54 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 18:54 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 18:54 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 18:54 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 18:54 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 18:54 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 18:54 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 18:54 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 18:54 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 18:54 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 18:54 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 18:54 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 18:54 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 18:54 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-15 20:19 - 2011-08-09 18:54 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2011-07-15 18:26 - 2011-08-09 18:54 - 0007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2011-07-15 18:26 - 2011-08-09 18:54 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2011-07-15 18:21 - 2011-08-09 18:54 - 0006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2011-07-15 18:21 - 2011-08-09 18:54 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-15 18:21 - 2011-08-09 18:54 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-15 18:21 - 2011-08-09 18:54 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2011-07-14 09:18 - 2009-07-13 20:45 - 0346736 ____A C:\Windows\System32\FNTCACHE.DAT
2011-07-13 08:09 - 2011-07-13 08:09 - 0020917 ____A C:\Users\Jack Package\Desktop\Window Dimensions.ods
2011-07-08 18:44 - 2011-08-09 18:55 - 0287744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2011-07-07 17:21 - 2011-07-07 08:12 - 0045455 ____A C:\Users\Jack Package\Desktop\Recipe worksheet.ods
2011-07-07 08:33 - 2010-02-06 07:33 - 0000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2011-07-05 13:00 - 2011-07-05 08:56 - 0000640 ____A C:\Users\Jack Package\Desktop\required amino acid amnts USDA.txt
2011-07-01 14:15 - 2011-07-01 14:15 - 0001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2011-07-01 14:15 - 2011-07-01 14:15 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2011-07-01 14:15 - 2011-07-01 14:14 - 0000000 ____D C:\Program Files\iTunes
2011-07-01 14:15 - 2011-07-01 14:14 - 0000000 ____D C:\Program Files (x86)\iTunes
2011-07-01 14:14 - 2011-07-01 14:14 - 0000000 ____D C:\Program Files\iPod
2011-07-01 14:12 - 2011-07-01 14:12 - 0000000 ____D C:\Program Files (x86)\QuickTime
2011-07-01 14:11 - 2011-07-01 14:10 - 0000000 ____D C:\Program Files\Bonjour
2011-07-01 14:11 - 2011-07-01 14:10 - 0000000 ____D C:\Program Files (x86)\Bonjour
2011-06-29 10:26 - 2011-06-29 10:11 - 0524288 __ASH C:\Windows\System32\config\components{22156760-a27b-11e0-9c42-00269e22a78a}.TMContainer00000000000000000002.regtrans-ms
2011-06-29 10:11 - 2009-08-24 01:10 - 0336070 ____A C:\Windows\PFRO.log
2011-06-29 10:10 - 2010-12-17 14:11 - 0524288 __ASH C:\Windows\System32\config\components{5c1b5bab-096e-11e0-94df-0a6076097552}.TMContainer00000000000000000002.regtrans-ms
2011-06-29 10:10 - 2010-12-17 14:11 - 0524288 __ASH C:\Windows\System32\config\components{5c1b5bab-096e-11e0-94df-0a6076097552}.TMContainer00000000000000000001.regtrans-ms
2011-06-29 10:10 - 2010-12-17 14:11 - 0065536 __ASH C:\Windows\System32\config\components{5c1b5bab-096e-11e0-94df-0a6076097552}.TM.blf
2011-06-29 08:56 - 2009-08-14 13:12 - 0000000 ____D C:\Users\All Users\Adobe
2011-06-29 08:56 - 2009-08-14 13:12 - 0000000 ____D C:\ProgramData\Adobe
2011-06-29 08:55 - 2009-12-27 19:33 - 0000000 ____D C:\Users\Jack Package\AppData\Roaming\Adobe
2011-06-28 10:51 - 2011-06-28 10:51 - 0002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2011-06-28 10:50 - 2009-08-14 13:12 - 0000000 ____D C:\Program Files (x86)\Adobe
2011-06-28 10:49 - 2009-12-31 08:56 - 0000000 ____D C:\Users\Jack Package\AppData\Local\Adobe
2011-06-28 10:46 - 2011-06-28 10:46 - 39697816 ____A (Adobe Systems Incorporated) C:\Users\Jack Package\Downloads\AdbeRdr1010_en_US.exe
2011-06-27 22:07 - 2009-08-14 11:51 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2011-06-27 22:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Help
2011-06-27 22:03 - 2011-06-27 22:03 - 0002179 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk
2011-06-27 22:02 - 2009-08-14 11:49 - 0000000 ____D C:\Program Files (x86)\Hewlett-Packard
2011-06-27 22:00 - 2011-06-27 22:00 - 0000000 ____D C:\Users\All Users\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}
2011-06-27 22:00 - 2011-06-27 22:00 - 0000000 ____D C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}
2011-06-27 21:59 - 2009-07-16 15:15 - 0000000 ____D C:\SwSetup
2011-06-27 15:15 - 2011-06-27 15:15 - 0002154 ____A C:\Windows\epplauncher.mif
2011-06-27 15:14 - 2011-06-27 15:14 - 0743534 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2011-06-27 15:14 - 2011-06-27 15:14 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2011-06-27 15:14 - 2011-06-27 15:13 - 0000000 ____D C:\Program Files\Microsoft Security Client
2011-06-27 15:11 - 2011-06-27 15:10 - 10165440 ____A (Microsoft Corporation) C:\Users\Jack Package\Downloads\mseinstall.exe
2011-06-27 13:06 - 2011-06-23 07:29 - 0000000 ____D C:\Users\Jack Package\AppData\Roaming\vlc
2011-06-27 13:03 - 2011-06-27 13:00 - 0000000 ____D C:\Users\Jack Package\AppData\Roaming\WinRAR
2011-06-27 13:02 - 2011-06-27 13:01 - 0000000 ____D C:\Program Files (x86)\WinRAR
2011-06-27 12:59 - 2011-06-27 12:59 - 1569316 ____A C:\Users\Jack Package\Downloads\winrar-x64-401.exe
2011-06-23 17:58 - 2010-04-25 16:02 - 0000021 ____A C:\Users\All Users\hpqp.txt
2011-06-23 17:58 - 2010-04-25 16:02 - 0000021 ____A C:\ProgramData\hpqp.txt
2011-06-23 07:28 - 2011-06-23 07:24 - 0000000 ____D C:\Program Files (x86)\VLC
2011-06-22 21:29 - 2011-08-09 18:51 - 5507968 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2011-06-22 20:38 - 2011-08-09 18:51 - 3957120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2011-06-22 20:38 - 2011-08-09 18:51 - 3902336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2011-06-20 22:27 - 2011-08-09 18:53 - 1896832 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2011-06-20 22:20 - 2011-08-09 18:52 - 1499648 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-06-20 22:20 - 2011-08-09 18:52 - 1197056 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-06-20 22:20 - 2011-08-09 18:52 - 1026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2011-06-20 22:20 - 2011-08-09 18:52 - 0703488 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-06-20 22:20 - 2011-08-09 18:52 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-06-20 22:20 - 2011-08-09 18:52 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-06-20 22:20 - 2011-08-09 18:52 - 0082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-06-20 22:20 - 2011-08-09 18:52 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-06-20 22:19 - 2011-08-09 18:52 - 2458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-06-20 22:19 - 2011-08-09 18:52 - 12371456 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-06-20 22:19 - 2011-08-09 18:52 - 0445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-06-20 22:19 - 2011-08-09 18:52 - 0256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-06-20 22:19 - 2011-08-09 18:52 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-06-20 22:19 - 2011-08-09 18:52 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-06-20 22:17 - 2011-08-09 18:52 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-06-20 21:36 - 2011-08-09 18:52 - 1230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-06-20 21:36 - 2011-08-09 18:52 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-06-20 21:36 - 2011-08-09 18:52 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-06-20 21:35 - 2011-08-09 18:52 - 0606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2011-06-20 21:35 - 2011-08-09 18:52 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-06-20 21:35 - 2011-08-09 18:52 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-06-20 21:35 - 2011-08-09 18:52 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2011-06-20 21:35 - 2011-08-09 18:52 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2011-06-20 21:34 - 2011-08-09 18:52 - 2072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-06-20 21:34 - 2011-08-09 18:52 - 10989568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-06-20 21:34 - 2011-08-09 18:52 - 0381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2011-06-20 21:34 - 2011-08-09 18:52 - 0185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2011-06-20 21:34 - 2011-08-09 18:52 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-06-20 21:34 - 2011-08-09 18:52 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-06-20 21:32 - 2011-08-09 18:52 - 0012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2011-06-20 21:05 - 2011-08-09 18:52 - 0482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-06-20 20:26 - 2011-08-09 18:52 - 0386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2011-06-19 17:11 - 2011-06-19 17:11 - 0404640 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-06-19 17:09 - 2009-08-14 11:54 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-06-19 10:01 - 2010-07-26 07:22 - 0000000 ____D C:\Users\Jack Package\AppData\Roaming\.anki
2011-06-17 19:51 - 2010-07-26 07:22 - 0000000 ____D C:\Users\Jack Package\Documents\Anki
2011-06-15 21:31 - 2011-08-09 18:55 - 0199680 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2011-06-15 20:35 - 2011-08-09 18:55 - 0180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2011-06-15 01:58 - 2011-08-09 18:55 - 0212992 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll
2011-06-15 01:58 - 2011-08-09 18:55 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll
2011-06-15 01:58 - 2011-08-09 18:55 - 0106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll
2011-06-15 01:58 - 2011-08-09 18:55 - 0106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll
2011-06-15 01:04 - 2011-08-09 18:55 - 0319488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2011-06-15 01:04 - 2011-08-09 18:55 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2011-06-15 01:04 - 2011-08-09 18:55 - 0122880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2011-06-15 01:04 - 2011-08-09 18:55 - 0086016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2011-06-15 01:04 - 2011-08-09 18:55 - 0081920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2011-06-10 18:56 - 2011-07-12 19:33 - 3134464 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-05-31 18:12 - 2010-07-08 18:05 - 0230424 ____A C:\DC6810xp-001.raw
2011-05-31 17:53 - 2010-07-09 17:15 - 0000000 ____D C:\Users\Jack Package\Tracing
2011-05-28 18:05 - 2011-08-03 18:22 - 0266230 ____A C:\Program Files (x86)\WinRAR.chm
2011-05-28 18:05 - 2011-08-03 18:22 - 0164864 ____A C:\Program Files (x86)\RarExt.dll
2011-05-28 18:05 - 2011-08-03 18:22 - 0132608 ____A C:\Program Files (x86)\Uninstall.exe
2011-05-28 18:05 - 2011-08-03 18:22 - 0000700 ____A C:\Program Files (x86)\Uninstall.lst
2011-05-28 18:04 - 2011-08-03 18:22 - 0140288 ____A C:\Program Files (x86)\RarExt32.dll
2011-05-28 18:04 - 2011-08-03 18:22 - 0128000 ____A C:\Program Files (x86)\Default64.SFX
2011-05-28 18:04 - 2011-08-03 18:22 - 0098816 ____A C:\Program Files (x86)\Default.SFX
2011-05-28 18:04 - 2011-08-03 18:22 - 0098304 ____A C:\Program Files (x86)\Zip64.SFX
2011-05-28 18:04 - 2011-08-03 18:22 - 0078848 ____A C:\Program Files (x86)\Zip.SFX
2011-05-28 18:03 - 2011-08-03 18:22 - 1163264 ____A C:\Program Files (x86)\WinRAR.exe
2011-05-28 18:03 - 2011-08-03 18:22 - 0417792 ____A C:\Program Files (x86)\Rar.exe
2011-05-28 18:03 - 2011-08-03 18:22 - 0276992 ____A C:\Program Files (x86)\UnRAR.exe
2011-05-28 18:03 - 2011-08-03 18:22 - 0094720 ____A C:\Program Files (x86)\WinCon64.SFX
2011-05-28 18:03 - 2011-08-03 18:22 - 0072704 ____A C:\Program Files (x86)\WinCon.SFX
2011-05-28 18:02 - 2011-08-03 18:22 - 0023970 ____A C:\Program Files (x86)\WhatsNew.txt
2011-05-28 18:02 - 2011-08-03 18:22 - 0000496 ____A C:\Program Files (x86)\File_Id.diz
2011-05-26 07:11 - 2011-05-26 07:11 - 0019199 ____A C:\Users\Jack Package\Documents\Correspondance with 107 mary ln.odt
2011-05-24 03:21 - 2011-06-29 08:48 - 0404992 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
2011-05-24 02:34 - 2011-06-29 08:48 - 0145920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2011-05-24 02:34 - 2011-06-29 08:48 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2011-05-24 02:34 - 2011-06-29 08:48 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2011-05-24 02:32 - 2011-06-29 08:48 - 0252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2011-05-21 04:55 - 2011-05-21 04:55 - 0000000 ____D C:\Users\All Users\Sun
2011-05-21 04:55 - 2011-05-21 04:55 - 0000000 ____D C:\ProgramData\Sun
2011-05-21 04:54 - 2011-05-21 04:53 - 0006308 ____A C:\Windows\SysWOW64\jupdate-1.6.0_22-b04.log

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 3998.93 MB
Available physical RAM: 3299.42 MB
Total Pagefile: 3997.08 MB
Available Pagefile: 3287.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:285.74 GB) (Free:224.78 GB) NTFS
2 Drive e: (RECOVERY) (Fixed) (Total:12.15 GB) (Free:2.04 GB) NTFS
4 Drive g: (LEXAR MEDIA) (Removable) (Total:0.97 GB) (Free:0.95 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS

==========================================================

Last Boot: 2011-08-10 15:33

======================= End Of Log ==========================

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:34 AM

Posted 18 August 2011 - 03:06 PM

Well done.

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    start
    cmd: bootrec /FixMbr
    Control:
    end
    

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
  • Please download Malwarebytes' Anti-Malware from one of these locations:
    malwarebytes.org
    majorgeeks.com
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the MBAM log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#11 kamikazekang

kamikazekang
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:34 AM

Posted 18 August 2011 - 05:09 PM

Okay. The computer seems to be doing better this time around. IE has not opened up on me anymore and, so far, I have not had a blue screen yet.

Here is the FRST fixlog and Malwarebyte log (in that order):



Fix result of Farbars's Recovery Tool (FRST written by farbar version 2.2.1)
Ran by SYSTEM at 2011-08-18 17:50:49 R:1
Running from G:\

==============================================


========= bootrec /FixMbr =========

’žT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


=========== Control: ===========

The operation completed successfully.

==== End of Control: ====

==== End of Fixlog ====
















Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7502

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/18/2011 5:59:52 PM
mbam-log-2011-08-18 (17-59-52).txt

Scan type: Quick scan
Objects scanned: 170027
Time elapsed: 4 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:34 AM

Posted 19 August 2011 - 10:55 AM

It looks good and you are good to go. :thumbup2:

  • Please delete FRST tool as we don't need it any more. Also go to C:\FRST and delete the entire FRST folder.
  • You may delete any tool or log we used from your computer.
  • Remove the old restore points and create a new restore point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Setting a new restore point AFTER cleaning your system will enable your computer to "roll-back" to a clean working state if needed. :
  • Go to Start => Right-click "Computer" and select "Properties".
  • In the left pane select "System Protection".
  • Press "Configure".
  • Select "Delete". Then press "Continue" close and "OK".
  • Select your drive (drive C) and press "Create".
    Fill in a name for the restore point and press "Create".
    After finished press "Close".
Recommendations:
  • I recommend using Site Advisor for safe surfing. It is a free extension both for Internet Explorer and Firefox. When you search a site it gives you an indication of how safe a site is.
  • I recommend installing this small application for safe surfing: Javacools© SpywareBlaster
    SpywareBlaster will add a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
  • Download and install it.
  • Update it manually by clicking on Updates in the left pane and then Check for Updates.
  • Then enable all the protections by clicking on Protection Status on the left pane. Then click on Enable All Protection.
  • The free version doesn't have an automatic update. Update it once in two or three weeks and enable all protection again.
Happy Surfing kamikazekang.:)

#13 kamikazekang

kamikazekang
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:34 AM

Posted 20 August 2011 - 11:12 AM

Thank you very much sir.

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:34 AM

Posted 20 August 2011 - 06:12 PM

You are most welcome. :)

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a Private Message and I will reopen it for you. If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users