Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ci.dll corrupt on two acer pc's


  • This topic is locked This topic is locked
24 replies to this topic

#1 dburress

dburress

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 11 August 2011 - 02:15 PM

i have two Acer pc's that won't boot due to ci.dll corruption. on one of them, i did a factory restore and less than 1/2 a day later, the ci.dll issue has returned. i read about frst.exe and am in the process of gathering logs for both machines.

BC AdBot (Login to Remove)

 


#2 dburress

dburress
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 11 August 2011 - 03:49 PM

here is my frst report on one of the machines. strangely, the other one that i did the factory restore is booting fine now.

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:13 PM

Posted 12 August 2011 - 01:29 AM

Hello, can you please post me the contents of this file: C:\TDSSKiller.2.5.14.0_10.08.2011_23.48.16_log.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 dburress

dburress
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 14 August 2011 - 02:22 PM

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.2.1
Ran by SYSTEM at 2011-08-11 15:48:44
Running from M:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16333856 2009-07-14] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436224 2010-11-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [190808 2011-03-01] (Logitech Inc.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-07-19] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKU\Guest\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-11-24] (Google Inc.)
HKU\Guest\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3883856 2009-07-26] (Microsoft Corporation)
HKU\Home\...\Run: [EPSON NX100 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEDA.EXE /FU "C:\Windows\TEMP\E_S8375.tmp" /EF "HKCU" [114 2010-05-12] ()
HKU\Home\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3883856 2009-07-26] (Microsoft Corporation)
HKU\Home\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [16949128 2011-03-01] (Skype Technologies S.A.)
HKU\Home\...\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid\Vid.exe" -bootmode [6061400 2010-05-11] (Logitech Inc.)
HKU\Home\...\Run: [Logitech Vid HD] "C:\Program Files (x86)\Logitech\Vid\vid.exe" -bootmode [6061400 2010-05-11] (Logitech Inc.)
HKU\Home\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-11-24] (Google Inc.)
HKU\Home\...\Policies\system: [LogonHoursAction] 2
HKU\Home\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Jay\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-11-24] (Google Inc.)
HKU\Jay\...\Policies\system: [LogonHoursAction] 2
HKU\Jay\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Little People\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-11-24] (Google Inc.)
HKU\Little People\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3883856 2009-07-26] (Microsoft Corporation)
HKU\Little People\...\Run: [Google Update] "C:\Users\Little People\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-04-28] (Google Inc.)
HKU\Little People\...\Policies\system: [LogonHoursAction] 2
HKU\Little People\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\MMMMBB\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-11-24] (Google Inc.)
HKU\MMMMBB\...\Policies\system: [LogonHoursAction] 2
HKU\MMMMBB\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll

==================== Services (Whitelisted) ======

2 Bandoo Coordinator; "C:\PROGRA~2\Bandoo\Bandoo.exe" [1937344 2010-06-08] (Discordia Limited)
3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] ()
3 GameConsoleService; "C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe" [246520 2010-09-30] (WildTangent, Inc.)
2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
3 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [935208 2009-08-25] (Nero AG)
2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] ()
2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [240160 2009-07-03] (Acer)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============

3 athur; C:\Windows\System32\DRIVERS\athurx.sys [1849856 2010-03-09] (Atheros Communications, Inc.)
3 lvpopf64; C:\Windows\System32\DRIVERS\lvpopf64.sys [271712 2010-05-14] (Logitech Inc.)
3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
3 LVRS64; C:\Windows\System32\DRIVERS\lvrs64.sys [329952 2010-05-14] (Logitech Inc.)
3 LVUVC64; C:\Windows\System32\DRIVERS\lvuvc64.sys [6465760 2010-05-14] (Logitech Inc.)
3 netr7364; C:\Windows\System32\DRIVERS\netr7364.sys [707072 2009-06-10] (Ralink Technology, Corp.)
3 NVENETFD; C:\Windows\System32\DRIVERS\nvm62x64.sys [408960 2009-06-10] (NVIDIA Corporation)
3 NVNET; C:\Windows\System32\DRIVERS\nvmf6264.sys [339360 2009-04-29] (NVIDIA Corporation)
0 nvstor64; C:\Windows\System32\DRIVERS\nvstor64.sys [239136 2009-04-29] (NVIDIA Corporation)
3 11102190; [x]

========================== NetSvcs ========================

============ One Month Created Files and Folders ==============

2011-08-11 15:48 - 2011-08-11 15:48 - 0000000 ____D C:\FRST
2011-08-11 00:54 - 2011-08-11 00:56 - 0000000 ____A C:\Recovery.txt
2011-08-10 20:05 - 2011-08-10 20:05 - 0291952 ____A C:\Windows\Minidump\081111-23337-01.dmp
2011-08-10 19:48 - 2011-08-10 19:49 - 0064958 ____A C:\TDSSKiller.2.5.14.0_10.08.2011_23.48.16_log.txt
2011-08-10 18:14 - 2011-08-11 01:40 - 0000000 ___AD C:\Kaspersky Rescue Disk 10.0
2011-08-10 11:19 - 2011-08-10 11:20 - 0296624 ____A C:\Windows\msxml4-KB973688-enu.LOG
2011-08-10 11:17 - 2011-08-10 11:17 - 0296902 ____A C:\Windows\msxml4-KB954430-enu.LOG
2011-08-10 11:17 - 2011-08-10 11:17 - 0000000 ____D C:\Program Files (x86)\MSXML 4.0
2011-08-10 11:16 - 2011-08-10 11:16 - 0000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2011-08-10 11:14 - 2009-11-25 08:47 - 1942856 ____A (Microsoft Corporation) C:\Windows\System32\dfshim.dll
2011-08-10 11:14 - 2009-11-25 08:47 - 1130824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2011-08-10 11:14 - 2009-11-25 08:47 - 0444752 ____A (Microsoft Corporation) C:\Windows\System32\mscoree.dll
2011-08-10 11:14 - 2009-11-25 08:47 - 0320352 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
2011-08-10 11:14 - 2009-11-25 08:47 - 0297808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2011-08-10 11:14 - 2009-11-25 08:47 - 0295264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2011-08-10 11:14 - 2009-11-25 08:47 - 0109912 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHostProxy.dll
2011-08-10 11:14 - 2009-11-25 08:47 - 0099176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2011-08-10 11:14 - 2009-11-25 08:47 - 0049472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2011-08-10 11:14 - 2009-11-25 08:47 - 0048960 ____A (Microsoft Corporation) C:\Windows\System32\netfxperf.dll
2011-08-10 11:10 - 2011-08-10 11:10 - 0000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2011-08-10 11:10 - 2011-08-10 11:10 - 0000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2011-08-10 11:09 - 2011-08-10 11:09 - 0001144 ____A C:\Users\Public\Desktop\Microsoft Works.lnk
2011-08-09 05:49 - 2011-05-04 00:52 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2011-08-09 05:49 - 2011-05-04 00:52 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2011-08-09 05:49 - 2011-05-04 00:52 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2011-08-09 05:48 - 2011-08-09 05:49 - 0006151 ____A C:\Windows\SysWOW64\jupdate-1.6.0_26-b03.log
2011-08-08 23:11 - 2011-04-26 18:57 - 0102400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys
2011-08-08 23:11 - 2011-04-08 22:58 - 0142336 ____A (Microsoft Corporation) C:\Windows\System32\poqexec.exe
2011-08-08 23:11 - 2011-04-08 21:56 - 0123904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2011-08-08 23:11 - 2010-12-22 22:07 - 1118720 ____A (Microsoft Corporation) C:\Windows\System32\sbe.dll
2011-08-08 23:11 - 2010-12-22 22:07 - 0961024 ____A (Microsoft Corporation) C:\Windows\System32\CPFilters.dll
2011-08-08 23:11 - 2010-12-22 22:07 - 0723968 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2011-08-08 23:11 - 2010-12-22 22:02 - 0259072 ____A (Microsoft Corporation) C:\Windows\System32\mpg2splt.ax
2011-08-08 23:11 - 2010-12-22 21:28 - 0850432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2011-08-08 23:11 - 2010-12-22 21:28 - 0642048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2011-08-08 23:11 - 2010-12-22 21:28 - 0534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2011-08-08 23:11 - 2010-12-22 21:24 - 0199680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2011-08-08 23:11 - 2010-12-17 22:11 - 0714752 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2011-08-08 23:11 - 2010-12-17 21:29 - 0541184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2011-08-08 23:11 - 2010-10-26 21:06 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2011-08-08 23:11 - 2010-10-26 20:32 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2011-08-08 23:11 - 2010-03-04 23:52 - 0084992 ____A (Microsoft Corporation) C:\Windows\System32\asycfilt.dll
2011-08-08 23:11 - 2010-03-04 23:42 - 0067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2011-08-08 23:10 - 2011-04-24 21:32 - 1896832 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2011-08-08 23:10 - 2011-04-24 18:44 - 0499712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2011-08-08 23:10 - 2011-02-17 22:37 - 0612352 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2011-08-08 23:10 - 2011-02-17 22:36 - 0852480 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-08-08 23:10 - 2011-02-17 21:36 - 0428032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2011-08-08 23:10 - 2011-02-17 21:35 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-08-08 23:10 - 2010-11-01 21:18 - 0524288 ____A (Microsoft Corporation) C:\Windows\System32\wmicmiplugin.dll
2011-08-08 23:10 - 2010-11-01 21:17 - 1169408 ____A (Microsoft Corporation) C:\Windows\System32\taskschd.dll
2011-08-08 23:10 - 2010-11-01 21:17 - 0473600 ____A (Microsoft Corporation) C:\Windows\System32\taskcomp.dll
2011-08-08 23:10 - 2010-11-01 21:16 - 1114624 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
2011-08-08 23:10 - 2010-11-01 21:10 - 0464384 ____A (Microsoft Corporation) C:\Windows\System32\taskeng.exe
2011-08-08 23:10 - 2010-11-01 21:10 - 0285696 ____A (Microsoft Corporation) C:\Windows\System32\schtasks.exe
2011-08-08 23:10 - 2010-11-01 20:40 - 0496128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2011-08-08 23:10 - 2010-11-01 20:40 - 0305152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2011-08-08 23:10 - 2010-11-01 20:34 - 0192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2011-08-08 23:10 - 2010-11-01 20:34 - 0179712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2011-08-08 23:10 - 2010-08-25 21:27 - 0148992 ____A (Microsoft Corporation) C:\Windows\System32\t2embed.dll
2011-08-08 23:10 - 2010-08-25 20:39 - 0109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2011-08-08 23:10 - 2010-08-20 22:36 - 0340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2011-08-08 23:10 - 2010-08-20 22:31 - 0633856 ____A (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2011-08-08 23:10 - 2010-08-20 21:36 - 0224256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2011-08-08 23:10 - 2010-08-20 21:33 - 0530432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2011-08-08 23:10 - 2010-07-27 06:59 - 14162944 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2011-08-08 23:10 - 2010-07-27 06:03 - 12867584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2011-08-08 23:10 - 2010-06-28 21:39 - 2085376 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll
2011-08-08 23:10 - 2010-06-28 21:02 - 1413632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2011-08-08 23:10 - 2010-05-04 23:37 - 0483840 ____A (Microsoft Corporation) C:\Windows\System32\StructuredQuery.dll
2011-08-08 23:10 - 2010-05-04 22:46 - 0363520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2011-08-08 23:10 - 2009-10-30 22:34 - 2870272 ____A (Microsoft Corporation) C:\Windows\explorer.exe
2011-08-08 23:10 - 2009-10-30 21:45 - 2614272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2011-08-08 23:10 - 2009-10-27 22:24 - 0389632 ____A (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2011-08-08 23:09 - 2011-04-28 19:13 - 0461312 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2011-08-08 23:09 - 2011-04-28 19:12 - 0399872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2011-08-08 23:09 - 2011-04-28 19:12 - 0161792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2011-08-08 23:09 - 2011-03-10 22:19 - 1395712 ____A (Microsoft Corporation) C:\Windows\System32\mfc42.dll
2011-08-08 23:09 - 2011-03-10 22:19 - 1359872 ____A (Microsoft Corporation) C:\Windows\System32\mfc42u.dll
2011-08-08 23:09 - 2011-03-10 21:40 - 1164288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2011-08-08 23:09 - 2011-03-10 21:40 - 1137664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2011-08-08 23:09 - 2011-03-02 22:17 - 0356352 ____A (Microsoft Corporation) C:\Windows\System32\dnsapi.dll
2011-08-08 23:09 - 2011-03-02 22:17 - 0182272 ____A (Microsoft Corporation) C:\Windows\System32\dnsrslvr.dll
2011-08-08 23:09 - 2011-03-02 22:14 - 0030208 ____A (Microsoft Corporation) C:\Windows\System32\dnscacheugc.exe
2011-08-08 23:09 - 2011-03-02 21:29 - 0269824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2011-08-08 23:09 - 2011-03-02 21:27 - 0028672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2011-08-08 23:09 - 2011-02-18 22:36 - 0046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2011-08-08 23:09 - 2011-02-18 21:32 - 0034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2011-08-08 23:09 - 2011-02-18 20:13 - 0367104 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2011-08-08 23:09 - 2011-02-18 19:37 - 0294912 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2011-08-08 23:09 - 2010-10-26 21:18 - 5510528 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2011-08-08 23:09 - 2010-10-26 21:16 - 1739176 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2011-08-08 23:09 - 2010-10-26 20:43 - 3957120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2011-08-08 23:09 - 2010-10-26 20:43 - 3901824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2011-08-08 23:09 - 2010-10-26 20:40 - 1293120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2011-08-08 23:09 - 2010-10-15 21:19 - 0395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2011-08-08 23:09 - 2010-10-15 20:36 - 0314368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2011-08-08 23:09 - 2010-08-20 22:38 - 1024512 ____A (Microsoft Corporation) C:\Windows\System32\wmpmde.dll
2011-08-08 23:09 - 2010-08-20 22:29 - 0558592 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2011-08-08 23:09 - 2010-08-20 21:36 - 0738816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2011-08-08 23:09 - 2010-07-28 22:30 - 0082944 ____A (Radius Inc.) C:\Windows\SysWOW64\iccvid.dll
2011-08-08 23:09 - 2010-06-18 22:53 - 0052224 ____A (Microsoft Corporation) C:\Windows\System32\rtutils.dll
2011-08-08 23:09 - 2010-06-18 22:23 - 0037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rtutils.dll
2011-08-08 23:09 - 2010-06-07 22:02 - 1233920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2011-08-08 23:09 - 2010-06-07 21:36 - 1877504 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2011-08-08 23:09 - 2010-05-19 11:48 - 0144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2011-08-08 23:09 - 2009-12-19 01:50 - 0014848 ____A (Microsoft Corporation) C:\Windows\System32\tsbyuv.dll
2011-08-08 23:09 - 2009-12-19 01:49 - 1572352 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2011-08-08 23:09 - 2009-12-19 01:47 - 0038912 ____A (Microsoft Corporation) C:\Windows\System32\msvidc32.dll
2011-08-08 23:09 - 2009-12-19 01:47 - 0025088 ____A (Microsoft Corporation) C:\Windows\System32\msyuv.dll
2011-08-08 23:09 - 2009-12-19 01:47 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\msrle32.dll
2011-08-08 23:09 - 2009-12-19 01:46 - 0054272 ____A (Microsoft Corporation) C:\Windows\System32\iyuv_32.dll
2011-08-08 23:09 - 2009-12-19 01:02 - 1328640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2011-08-08 23:09 - 2009-12-19 01:02 - 0091648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\avifil32.dll
2011-08-08 23:09 - 2009-12-19 01:02 - 0084480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mciavi32.dll
2011-08-08 23:09 - 2009-12-19 01:02 - 0050176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iyuv_32.dll
2011-08-08 23:09 - 2009-12-19 01:02 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvidc32.dll
2011-08-08 23:09 - 2009-12-19 01:02 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msyuv.dll
2011-08-08 23:09 - 2009-12-19 01:02 - 0013312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrle32.dll
2011-08-08 23:09 - 2009-12-19 01:02 - 0012288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsbyuv.dll
2011-08-08 23:09 - 2009-12-11 02:29 - 0153160 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2011-08-08 23:09 - 2009-12-11 01:24 - 1446912 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2011-08-08 23:09 - 2009-12-10 23:39 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2011-08-08 23:09 - 2009-12-10 23:36 - 0096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2011-08-08 23:09 - 2009-10-19 06:46 - 0100864 ____A (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2011-08-08 23:09 - 2009-10-19 06:10 - 0070656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2011-08-08 23:08 - 2011-06-10 18:56 - 3134464 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-08-08 23:08 - 2011-05-24 03:21 - 0404992 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
2011-08-08 23:08 - 2011-05-24 02:34 - 0145920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2011-08-08 23:08 - 2011-05-24 02:34 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2011-08-08 23:08 - 2011-05-24 02:34 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2011-08-08 23:08 - 2011-05-24 02:32 - 0252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2011-08-08 23:08 - 2011-05-02 21:21 - 0976896 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2011-08-08 23:08 - 2011-05-02 20:50 - 0740864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2011-08-08 23:08 - 2011-02-22 21:15 - 0286720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2011-08-08 23:08 - 2011-02-22 21:15 - 0157696 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2011-08-08 23:08 - 2011-02-22 21:15 - 0126464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2011-08-08 23:08 - 2011-02-22 21:15 - 0090624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
2011-08-08 23:08 - 2011-02-11 22:14 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\FXSCOVER.exe
2011-08-08 23:08 - 2011-02-05 04:41 - 0640896 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
2011-08-08 23:08 - 2011-02-05 04:41 - 0556928 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
2011-08-08 23:08 - 2011-02-05 04:41 - 0020352 ____A (Microsoft Corporation) C:\Windows\System32\kdusb.dll
2011-08-08 23:08 - 2011-02-05 04:41 - 0019328 ____A (Microsoft Corporation) C:\Windows\System32\kd1394.dll
2011-08-08 23:08 - 2011-02-05 04:41 - 0017792 ____A (Microsoft Corporation) C:\Windows\System32\kdcom.dll
2011-08-08 23:08 - 2011-02-05 04:39 - 0603976 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2011-08-08 23:08 - 2011-02-05 04:39 - 0518160 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2011-08-08 23:08 - 2010-12-17 22:13 - 0861184 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2011-08-08 23:08 - 2010-12-17 22:12 - 3138048 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2011-08-08 23:08 - 2010-12-17 22:08 - 1097216 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2011-08-08 23:08 - 2010-12-17 21:31 - 0571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2011-08-08 23:08 - 2010-12-17 21:30 - 2690560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2011-08-08 23:08 - 2010-12-17 21:26 - 1034240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2011-08-08 23:08 - 2010-10-15 21:23 - 0112000 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2011-08-08 23:08 - 2010-10-15 21:17 - 0720896 ____A (Microsoft Corporation) C:\Windows\System32\odbc32.dll
2011-08-08 23:08 - 2010-10-15 20:34 - 0573440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbc32.dll
2011-08-08 23:08 - 2010-08-31 21:21 - 14627840 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll
2011-08-08 23:08 - 2010-08-31 21:12 - 12625920 ____A (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2011-08-08 23:08 - 2010-08-31 20:29 - 11406848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2011-08-08 23:08 - 2010-08-31 20:23 - 12625408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2011-08-08 23:08 - 2010-08-30 20:32 - 0954752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc40.dll
2011-08-08 23:08 - 2010-08-30 20:32 - 0954288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc40u.dll
2011-08-08 23:04 - 2010-08-26 22:14 - 0236032 ____A (Microsoft Corporation) C:\Windows\System32\srvsvc.dll
2011-08-08 23:04 - 2010-08-26 21:46 - 0009728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2011-08-08 21:05 - 2011-08-08 21:05 - 0004716 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2011-08-08 21:05 - 2011-08-08 21:05 - 0001945 ____A C:\Windows\epplauncher.mif
2011-08-08 21:05 - 2011-08-08 21:05 - 0000000 ____D C:\Program Files\Microsoft Security Client
2011-08-08 21:05 - 2011-08-08 21:05 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2011-08-08 21:04 - 2010-04-09 03:06 - 0374664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2011-08-08 20:56 - 2011-08-08 20:56 - 0000000 ____D C:\Program Files (x86)\Help
2011-08-08 20:56 - 2011-08-08 20:56 - 0000000 ____D C:\Program Files (x86)\GetMore
2011-08-08 19:52 - 2010-01-08 23:19 - 0139264 ____A (Microsoft Corporation) C:\Windows\System32\cabview.dll
2011-08-08 19:52 - 2010-01-08 22:52 - 0132608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cabview.dll
2011-08-08 19:52 - 2009-12-29 00:03 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2011-08-08 19:52 - 2009-12-28 22:55 - 0172032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2011-08-08 19:29 - 2010-09-26 14:29 - 7537912 ____A (Microsoft Corporation) C:\Users\Home\Desktop\mssefullinstall-amd64fre-en-us-vista-win7.exe
2011-08-08 19:24 - 2011-08-08 19:24 - 0000831 ____A C:\Users\Public\Desktop\CCleaner.lnk
2011-08-08 19:24 - 2011-08-08 19:24 - 0000000 ____D C:\Program Files\CCleaner
2011-08-08 19:23 - 2011-07-29 10:27 - 3447576 ____A (Piriform Ltd) C:\Users\Home\Desktop\ccsetup309.exe
2011-08-08 18:22 - 2011-08-08 18:22 - 0003326 ____A C:\Windows\SysWOW64\jupdate-1.6.0_20-b02.log
2011-08-08 18:22 - 2011-05-04 00:52 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2011-08-07 23:33 - 2011-08-07 23:33 - 0404640 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-08-07 23:16 - 2011-08-07 23:16 - 0001118 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2011-08-07 23:16 - 2011-08-07 23:16 - 0000000 ____D C:\Users\Home\AppData\Roaming\Malwarebytes
2011-08-07 23:16 - 2011-07-06 15:52 - 0041272 ____A (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys
2011-08-07 23:14 - 2011-08-09 05:57 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-08-07 23:14 - 2011-08-07 23:14 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-08-07 23:14 - 2011-08-07 23:14 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-08-07 23:14 - 2011-07-06 15:52 - 0025912 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-08-01 11:47 - 2011-08-01 11:47 - 0000000 ____D C:\Users\All Users\3764
2011-08-01 11:47 - 2011-08-01 11:47 - 0000000 ____D C:\ProgramData\3764
2011-07-31 21:03 - 2011-07-31 21:12 - 3955404 ____A C:\Users\Little People\Downloads\Wale ft Marsha Ambrosious - Diary.mp3
2011-07-29 10:53 - 2011-07-29 10:53 - 0000000 ____D C:\Users\MMMMBB\AppData\Roaming\ooVoo Details
2011-07-27 08:36 - 2011-07-27 08:36 - 0292064 ____A C:\Windows\Minidump\072711-19297-01.dmp
2011-07-24 08:14 - 2011-07-24 08:14 - 3164401 ____A C:\Users\Little People\Downloads\Big Sean - Dance Ass.mp3
2011-07-21 20:13 - 2011-07-21 20:13 - 0001792 ____A C:\Users\Public\Desktop\iTunes.lnk
2011-07-21 20:13 - 2011-07-21 20:13 - 0000000 ____D C:\Program Files\iTunes
2011-07-21 20:13 - 2011-07-21 20:13 - 0000000 ____D C:\Program Files\iPod
2011-07-21 20:13 - 2011-07-21 20:13 - 0000000 ____D C:\Program Files (x86)\iTunes
2011-07-21 20:11 - 2011-07-21 20:11 - 0000000 ____D C:\Program Files\Bonjour
2011-07-21 20:11 - 2011-07-21 20:11 - 0000000 ____D C:\Program Files (x86)\Bonjour
2011-07-21 20:06 - 2011-07-21 20:09 - 82398576 ____A (Apple Inc.) C:\Users\MMMMBB\Downloads\iTunes64Setup.exe
2011-07-21 20:02 - 2011-07-21 20:05 - 81496432 ____A (Apple Inc.) C:\Users\MMMMBB\Downloads\iTunesSetup.exe
2011-07-21 16:54 - 2011-07-21 16:54 - 0001854 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2011-07-21 16:54 - 2011-07-21 16:54 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2011-07-21 16:51 - 2011-07-21 16:51 - 0000000 ____D C:\Users\MMMMBB\AppData\Local\Apple
2011-07-19 17:32 - 2011-07-19 17:32 - 0292064 ____A C:\Windows\Minidump\071911-18782-01.dmp
2011-07-15 15:09 - 2011-07-15 15:09 - 0000000 ____D C:\Users\All Users\HipSoft
2011-07-15 15:09 - 2011-07-15 15:09 - 0000000 ____D C:\ProgramData\HipSoft
2011-07-15 07:20 - 2011-07-15 07:20 - 0000000 ____D C:\Users\MMMMBB\AppData\Roaming\WildTangent
2011-07-12 07:34 - 2011-07-12 07:34 - 0096104 ____A (Apple Inc.) C:\Windows\System32\dns-sd.exe
2011-07-12 07:34 - 2011-07-12 07:34 - 0085864 ____A (Apple Inc.) C:\Windows\System32\dnssd.dll
2011-07-12 07:20 - 2011-07-12 07:20 - 0083816 ____A (Apple Inc.) C:\Windows\SysWOW64\dns-sd.exe
2011-07-12 07:20 - 2011-07-12 07:20 - 0073064 ____A (Apple Inc.) C:\Windows\SysWOW64\dnssd.dll
2011-07-11 12:43 - 2011-07-11 12:43 - 0000000 ____D C:\Users\MMMMBB\AppData\Local\Apple Computer
2011-07-11 10:04 - 2011-07-29 13:01 - 0000000 ____D C:\Users\MMMMBB\AppData\Roaming\skypePM
2011-07-11 10:03 - 2011-07-29 13:12 - 0000000 ____D C:\Users\MMMMBB\AppData\Roaming\Skype

============ 3 Months Modified Files and Folders =============

2011-08-11 15:48 - 2011-08-11 15:48 - 0000000 ____D C:\FRST
2011-08-11 01:40 - 2011-08-10 18:14 - 0000000 ___AD C:\Kaspersky Rescue Disk 10.0
2011-08-11 00:56 - 2011-08-11 00:54 - 0000000 ____A C:\Recovery.txt
2011-08-11 00:54 - 2010-04-13 14:43 - 0000000 __SHD C:\Recovery
2011-08-10 20:15 - 2010-04-13 14:46 - 3656734 ___AH C:\Users\Home\AppData\Local\IconCache.db
2011-08-10 20:15 - 2010-02-21 01:18 - 2014491 ___AH C:\Windows\WindowsUpdate.log
2011-08-10 20:15 - 2009-07-13 20:54 - 0524288 __ASH C:\Windows\System32\config\COMPONENTS{016888b9-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
2011-08-10 20:15 - 2009-07-13 20:54 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{016888b9-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
2011-08-10 20:13 - 2009-07-13 20:45 - 0009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-08-10 20:13 - 2009-07-13 20:45 - 0009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-08-10 20:11 - 2011-05-18 12:01 - 0000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4018462919-1449955360-217053430-1006UA.job
2011-08-10 20:11 - 2009-07-13 21:13 - 0004750 ____A C:\Windows\System32\PerfStringBackup.INI
2011-08-10 20:06 - 2010-07-12 09:13 - 0000000 ____D C:\Users\Home\Tracing
2011-08-10 20:06 - 2010-04-19 17:24 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-08-10 20:05 - 2011-08-10 20:05 - 0291952 ____A C:\Windows\Minidump\081111-23337-01.dmp
2011-08-10 20:05 - 2010-08-18 14:53 - 434101490 ____A C:\Windows\MEMORY.DMP
2011-08-10 20:05 - 2010-08-18 14:53 - 0000000 ____D C:\Windows\Minidump
2011-08-10 20:05 - 2010-02-21 01:15 - 3019399168 __ASH C:\hiberfil.sys
2011-08-10 20:05 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-08-10 20:05 - 2009-07-13 20:51 - 0072929 ____A C:\Windows\setupact.log
2011-08-10 19:49 - 2011-08-10 19:48 - 0064958 ____A C:\TDSSKiller.2.5.14.0_10.08.2011_23.48.16_log.txt
2011-08-10 19:43 - 2011-05-14 18:38 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4018462919-1449955360-217053430-1005UA.job
2011-08-10 19:43 - 2010-04-13 14:45 - 0000174 ___SH C:\Users\Home\Start Menu\Programs\Startup\desktop.ini
2011-08-10 19:43 - 2010-04-13 14:45 - 0000174 ___SH C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-08-10 19:41 - 2009-07-13 20:45 - 4922136 ____A C:\Windows\System32\FNTCACHE.DAT
2011-08-10 11:32 - 2009-11-24 09:13 - 0270358 ____A C:\Windows\PFRO.log
2011-08-10 11:31 - 2009-07-13 20:54 - 0524288 __ASH C:\Windows\System32\config\COMPONENTS{016888b9-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
2011-08-10 11:28 - 2009-11-24 09:26 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-08-10 11:28 - 2009-11-24 09:26 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-08-10 11:20 - 2011-08-10 11:19 - 0296624 ____A C:\Windows\msxml4-KB973688-enu.LOG
2011-08-10 11:19 - 2009-11-24 09:31 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-08-10 11:17 - 2011-08-10 11:17 - 0296902 ____A C:\Windows\msxml4-KB954430-enu.LOG
2011-08-10 11:17 - 2011-08-10 11:17 - 0000000 ____D C:\Program Files (x86)\MSXML 4.0
2011-08-10 11:17 - 2010-04-19 17:24 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2011-08-10 11:16 - 2011-08-10 11:16 - 0000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2011-08-10 11:10 - 2011-08-10 11:10 - 0000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2011-08-10 11:10 - 2011-08-10 11:10 - 0000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2011-08-10 11:09 - 2011-08-10 11:09 - 0001144 ____A C:\Users\Public\Desktop\Microsoft Works.lnk
2011-08-10 11:09 - 2009-11-24 09:27 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
2011-08-10 11:04 - 2010-07-26 21:11 - 0000000 ____D C:\Program Files (x86)\Image-Line
2011-08-10 10:50 - 2011-05-24 13:50 - 0000940 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4018462919-1449955360-217053430-1002UA.job
2011-08-10 09:11 - 2011-05-18 12:01 - 0000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4018462919-1449955360-217053430-1006Core.job
2011-08-10 08:50 - 2011-05-24 13:50 - 0000888 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4018462919-1449955360-217053430-1002Core.job
2011-08-09 19:45 - 2010-07-26 21:13 - 0000000 ____D C:\Program Files (x86)\VstPlugins
2011-08-09 19:43 - 2009-11-24 09:10 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2011-08-09 19:41 - 2011-03-22 08:51 - 0000000 ____D C:\Program Files (x86)\ilivid
2011-08-09 18:43 - 2011-05-14 18:38 - 0000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4018462919-1449955360-217053430-1005Core.job
2011-08-09 15:18 - 2011-03-18 19:17 - 0002349 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2011-08-09 05:58 - 2010-08-03 07:26 - 0000000 ____D C:\Program Files (x86)\Shop to Win 2
2011-08-09 05:57 - 2011-08-07 23:14 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-08-09 05:49 - 2011-08-09 05:48 - 0006151 ____A C:\Windows\SysWOW64\jupdate-1.6.0_26-b03.log
2011-08-09 05:49 - 2010-04-19 16:30 - 0000000 ____D C:\Program Files (x86)\Java
2011-08-08 21:05 - 2011-08-08 21:05 - 0004716 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2011-08-08 21:05 - 2011-08-08 21:05 - 0001945 ____A C:\Windows\epplauncher.mif
2011-08-08 21:05 - 2011-08-08 21:05 - 0000000 ____D C:\Program Files\Microsoft Security Client
2011-08-08 21:05 - 2011-08-08 21:05 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2011-08-08 20:56 - 2011-08-08 20:56 - 0000000 ____D C:\Program Files (x86)\Help
2011-08-08 20:56 - 2011-08-08 20:56 - 0000000 ____D C:\Program Files (x86)\GetMore
2011-08-08 20:56 - 2011-04-16 10:30 - 0008667 ____A C:\Windows\System32\lvcoinst.log
2011-08-08 20:56 - 2011-04-16 10:30 - 0007813 ___AH C:\Windows\LDPINST.LOG
2011-08-08 20:55 - 2011-04-16 10:29 - 0001633 ____A C:\Users\Public\Desktop\Logitech Webcam Software .lnk
2011-08-08 20:43 - 2011-04-16 10:30 - 0000000 ____D C:\Windows\SysWOW64\logishrd
2011-08-08 20:43 - 2011-04-16 10:30 - 0000000 ____D C:\Windows\System32\logishrd
2011-08-08 19:24 - 2011-08-08 19:24 - 0000831 ____A C:\Users\Public\Desktop\CCleaner.lnk
2011-08-08 19:24 - 2011-08-08 19:24 - 0000000 ____D C:\Program Files\CCleaner
2011-08-08 18:22 - 2011-08-08 18:22 - 0003326 ____A C:\Windows\SysWOW64\jupdate-1.6.0_20-b02.log
2011-08-08 18:07 - 2010-12-14 13:15 - 0000000 ____D C:\Program Files (x86)\Search Toolbar
2011-08-08 04:50 - 2009-11-24 09:43 - 0000000 ___HD C:\Users\All Users\Norton
2011-08-08 04:50 - 2009-11-24 09:43 - 0000000 ___HD C:\ProgramData\Norton
2011-08-08 04:48 - 2009-11-24 09:45 - 0000000 ___HD C:\Users\All Users\Symantec
2011-08-08 04:48 - 2009-11-24 09:45 - 0000000 ___HD C:\ProgramData\Symantec
2011-08-08 04:23 - 2009-07-13 21:08 - 0032606 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-08-07 23:35 - 2010-04-13 14:43 - 0000000 ____D C:\Users\Home\AppData\LocalLow
2011-08-07 23:34 - 2010-04-19 16:31 - 0000000 ____D C:\Program Files (x86)\Ask.com
2011-08-07 23:33 - 2011-08-07 23:33 - 0404640 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-08-07 23:27 - 2010-08-21 08:35 - 0000000 ____D C:\Users\Home\AppData\Local\casvmmfei
2011-08-07 23:16 - 2011-08-07 23:16 - 0001118 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2011-08-07 23:16 - 2011-08-07 23:16 - 0000000 ____D C:\Users\Home\AppData\Roaming\Malwarebytes
2011-08-07 23:14 - 2011-08-07 23:14 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-08-07 23:14 - 2011-08-07 23:14 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-08-07 23:11 - 2011-03-18 19:08 - 0000000 ____D C:\Users\Home\AppData\Roaming\Skype
2011-08-07 20:46 - 2010-08-03 07:29 - 0000000 ____D C:\Users\Home\AppData\Local\WeatherBug
2011-08-07 20:44 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2011-08-07 20:38 - 2011-06-24 14:31 - 1867010 ___AH C:\Users\MMMMBB\AppData\Local\IconCache.db
2011-08-02 12:55 - 2010-06-30 11:00 - 0000000 ____D C:\Users\Little People\AppData\Roaming\LimeWire
2011-08-02 12:55 - 2010-04-27 13:14 - 0000000 ____D C:\Users\Little People\Tracing
2011-08-01 11:59 - 2011-05-24 13:48 - 0000000 ____D C:\Users\Little People\AppData\Local\iMesh
2011-08-01 11:47 - 2011-08-01 11:47 - 0000000 ____D C:\Users\All Users\3764
2011-08-01 11:47 - 2011-08-01 11:47 - 0000000 ____D C:\ProgramData\3764
2011-07-31 21:12 - 2011-07-31 21:03 - 3955404 ____A C:\Users\Little People\Downloads\Wale ft Marsha Ambrosious - Diary.mp3
2011-07-31 17:07 - 2011-04-16 10:31 - 0000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2011-07-29 13:12 - 2011-07-11 10:03 - 0000000 ____D C:\Users\MMMMBB\AppData\Roaming\Skype
2011-07-29 13:01 - 2011-07-11 10:04 - 0000000 ____D C:\Users\MMMMBB\AppData\Roaming\skypePM
2011-07-29 10:53 - 2011-07-29 10:53 - 0000000 ____D C:\Users\MMMMBB\AppData\Roaming\ooVoo Details
2011-07-29 10:27 - 2011-08-08 19:23 - 3447576 ____A (Piriform Ltd) C:\Users\Home\Desktop\ccsetup309.exe
2011-07-29 06:56 - 2010-04-20 14:52 - 2548116 ___AH C:\Users\Little People\AppData\Local\IconCache.db
2011-07-27 08:36 - 2011-07-27 08:36 - 0292064 ____A C:\Windows\Minidump\072711-19297-01.dmp
2011-07-26 18:19 - 2011-03-18 19:08 - 0000000 ____D C:\Users\Little People\AppData\Roaming\Skype
2011-07-26 12:45 - 2011-06-01 18:11 - 0000000 ____D C:\Users\Little People\AppData\Roaming\skypePM
2011-07-24 08:14 - 2011-07-24 08:14 - 3164401 ____A C:\Users\Little People\Downloads\Big Sean - Dance Ass.mp3
2011-07-22 11:51 - 2010-04-13 14:43 - 0000000 ____D C:\users\Home
2011-07-21 20:17 - 2011-06-19 17:06 - 0000000 ____D C:\Users\MMMMBB\AppData\Roaming\Apple Computer
2011-07-21 20:13 - 2011-07-21 20:13 - 0001792 ____A C:\Users\Public\Desktop\iTunes.lnk
2011-07-21 20:13 - 2011-07-21 20:13 - 0000000 ____D C:\Program Files\iTunes
2011-07-21 20:13 - 2011-07-21 20:13 - 0000000 ____D C:\Program Files\iPod
2011-07-21 20:13 - 2011-07-21 20:13 - 0000000 ____D C:\Program Files (x86)\iTunes
2011-07-21 20:11 - 2011-07-21 20:11 - 0000000 ____D C:\Program Files\Bonjour
2011-07-21 20:11 - 2011-07-21 20:11 - 0000000 ____D C:\Program Files (x86)\Bonjour
2011-07-21 20:09 - 2011-07-21 20:06 - 82398576 ____A (Apple Inc.) C:\Users\MMMMBB\Downloads\iTunes64Setup.exe
2011-07-21 20:05 - 2011-07-21 20:02 - 81496432 ____A (Apple Inc.) C:\Users\MMMMBB\Downloads\iTunesSetup.exe
2011-07-21 16:54 - 2011-07-21 16:54 - 0001854 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2011-07-21 16:54 - 2011-07-21 16:54 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2011-07-21 16:54 - 2010-04-19 17:57 - 0000000 ____D C:\Program Files (x86)\QuickTime
2011-07-21 16:51 - 2011-07-21 16:51 - 0000000 ____D C:\Users\MMMMBB\AppData\Local\Apple
2011-07-19 17:32 - 2011-07-19 17:32 - 0292064 ____A C:\Windows\Minidump\071911-18782-01.dmp
2011-07-15 15:09 - 2011-07-15 15:09 - 0000000 ____D C:\Users\All Users\HipSoft
2011-07-15 15:09 - 2011-07-15 15:09 - 0000000 ____D C:\ProgramData\HipSoft
2011-07-15 15:09 - 2009-11-24 09:20 - 0000000 ___HD C:\Users\All Users\WildTangent
2011-07-15 15:09 - 2009-11-24 09:20 - 0000000 ___HD C:\ProgramData\WildTangent
2011-07-15 15:07 - 2011-06-24 15:35 - 0000000 ____D C:\Users\MMMMBB\AppData\Local\Google
2011-07-15 07:20 - 2011-07-15 07:20 - 0000000 ____D C:\Users\MMMMBB\AppData\Roaming\WildTangent
2011-07-12 16:49 - 2010-06-06 18:17 - 0000000 ____D C:\Users\Little People\AppData\Roaming\Mozilla
2011-07-12 07:34 - 2011-07-12 07:34 - 0096104 ____A (Apple Inc.) C:\Windows\System32\dns-sd.exe
2011-07-12 07:34 - 2011-07-12 07:34 - 0085864 ____A (Apple Inc.) C:\Windows\System32\dnssd.dll
2011-07-12 07:20 - 2011-07-12 07:20 - 0083816 ____A (Apple Inc.) C:\Windows\SysWOW64\dns-sd.exe
2011-07-12 07:20 - 2011-07-12 07:20 - 0073064 ____A (Apple Inc.) C:\Windows\SysWOW64\dnssd.dll
2011-07-11 12:43 - 2011-07-11 12:43 - 0000000 ____D C:\Users\MMMMBB\AppData\Local\Apple Computer
2011-07-11 10:10 - 2011-06-19 17:06 - 0000000 ____D C:\Users\MMMMBB\AppData\Local\Adobe
2011-07-11 10:03 - 2011-03-18 19:08 - 0002515 ____A C:\Users\Public\Desktop\Skype.lnk
2011-07-10 22:22 - 2011-07-10 22:22 - 5884700 ____A C:\Users\MMMMBB\Downloads\Young Jeezy ft Lil Wayne - Ballin.mp3
2011-07-10 22:12 - 2011-07-10 22:12 - 8407357 ____A C:\Users\MMMMBB\Downloads\Snapbacks Back Tyga ft Chris Brown.mp3
2011-07-10 10:26 - 2011-06-19 17:06 - 0000000 ____D C:\Users\MMMMBB\AppData\Roaming\Adobe
2011-07-09 22:55 - 2011-07-09 22:55 - 0292064 ____A C:\Windows\Minidump\071011-20108-01.dmp
2011-07-08 05:28 - 2011-07-08 05:28 - 0000000 ___RD C:\Users\MMMMBB\Documents\Scanned Documents
2011-07-08 05:28 - 2011-07-08 05:28 - 0000000 ____D C:\Users\MMMMBB\Documents\Fax
2011-07-07 20:20 - 2011-07-07 20:20 - 5307089 ____A C:\Users\MMMMBB\Downloads\lupetreysongz-outofheadcdq.mp3
2011-07-07 16:21 - 2010-12-17 09:36 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2011-07-06 15:52 - 2011-08-07 23:16 - 0041272 ____A (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys
2011-07-06 15:52 - 2011-08-07 23:14 - 0025912 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-07-05 13:37 - 2011-07-04 12:48 - 10761513 ____A C:\Users\MMMMBB\Downloads\Mezmorized- Wiz Khalifa.mp3
2011-07-04 13:31 - 2011-07-04 13:31 - 0013394 ___SH C:\Users\MMMMBB\Downloads\Folder.jpg
2011-07-04 13:31 - 2011-07-04 13:31 - 0013394 ___SH C:\Users\MMMMBB\Downloads\AlbumArt_{4D7DB849-A662-4B5E-B6FB-EB986FFBCBF7}_Large.jpg
2011-07-04 13:31 - 2011-07-04 13:31 - 0003262 ___SH C:\Users\MMMMBB\Downloads\AlbumArtSmall.jpg
2011-07-04 13:31 - 2011-07-04 13:31 - 0003262 ___SH C:\Users\MMMMBB\Downloads\AlbumArt_{4D7DB849-A662-4B5E-B6FB-EB986FFBCBF7}_Small.jpg
2011-07-04 13:31 - 2011-07-04 13:09 - 4152992 ____A C:\Users\MMMMBB\Downloads\Wiz Khalifa-Up.mp3
2011-07-04 12:41 - 2011-07-04 12:41 - 0093280 ____A C:\Users\MMMMBB\AppData\Local\GDIPFONTCACHEV1.DAT
2011-07-01 16:39 - 2011-06-24 15:35 - 0000000 ____D C:\Users\MMMMBB\AppData\Roaming\Google
2011-07-01 07:04 - 2011-07-01 07:04 - 0292064 ____A C:\Windows\Minidump\070111-18018-01.dmp
2011-06-29 18:12 - 2011-06-09 20:40 - 1269474 ___AH C:\Users\Jay\AppData\Local\IconCache.db
2011-06-24 15:35 - 2011-06-19 17:05 - 0000000 ____D C:\Users\MMMMBB\AppData\LocalLow
2011-06-24 04:03 - 2011-06-24 04:03 - 5633793 ____A C:\Users\Little People\Downloads\03___drake_trust_issues.mp3
2011-06-20 20:29 - 2010-06-15 12:44 - 0000000 ____D C:\Users\Little People\AppData\Local\Microsoft Games
2011-06-19 17:06 - 2011-06-19 17:06 - 0000000 ____D C:\Users\MMMMBB\AppData\Roaming\Mozilla
2011-06-19 17:06 - 2011-06-19 17:06 - 0000000 ____D C:\Users\MMMMBB\AppData\Local\Mozilla
2011-06-19 17:06 - 2011-06-19 17:05 - 0000174 ___SH C:\Users\MMMMBB\Start Menu\Programs\Startup\desktop.ini
2011-06-19 17:06 - 2011-06-19 17:05 - 0000174 ___SH C:\Users\MMMMBB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-06-19 17:06 - 2011-06-19 17:05 - 0000000 ____D C:\Users\MMMMBB\AppData\Local\VirtualStore
2011-06-19 17:05 - 2011-06-19 17:05 - 0000632 _RASH C:\Users\MMMMBB\ntuser.pol
2011-06-19 17:05 - 2011-06-19 17:05 - 0000020 ___SH C:\Users\MMMMBB\ntuser.ini
2011-06-19 17:05 - 2011-06-19 17:05 - 0000000 __SHD C:\Users\MMMMBB\Templates
2011-06-19 17:05 - 2011-06-19 17:05 - 0000000 __SHD C:\Users\MMMMBB\Start Menu
2011-06-19 17:05 - 2011-06-19 17:05 - 0000000 __SHD C:\Users\MMMMBB\PrintHood
2011-06-19 17:05 - 2011-06-19 17:05 - 0000000 __SHD C:\Users\MMMMBB\NetHood
2011-06-19 17:05 - 2011-06-19 17:05 - 0000000 __SHD C:\Users\MMMMBB\My Documents
2011-06-19 17:05 - 2011-06-19 17:05 - 0000000 __SHD C:\Users\MMMMBB\Documents\My Videos
2011-06-19 17:05 - 2011-06-19 17:05 - 0000000 __SHD C:\Users\MMMMBB\Documents\My Pictures
2011-06-19 17:05 - 2011-06-19 17:05 - 0000000 __SHD C:\Users\MMMMBB\Documents\My Music
2011-06-19 17:05 - 2011-06-19 17:05 - 0000000 __SHD C:\Users\MMMMBB\AppData\Local\Temporary Internet Files
2011-06-19 17:05 - 2011-06-19 17:05 - 0000000 __SHD C:\Users\MMMMBB\AppData\Local\History
2011-06-19 17:05 - 2011-06-19 17:05 - 0000000 ____D C:\users\MMMMBB
2011-06-19 17:05 - 2009-07-13 19:18 - 0000000 __SHD C:\$Recycle.Bin
2011-06-18 16:45 - 2011-06-18 16:40 - 0000000 ____D C:\Users\Jay\AppData\Local\Microsoft Games
2011-06-18 16:09 - 2011-06-18 16:09 - 0291952 ____A C:\Windows\Minidump\061811-20623-01.dmp
2011-06-16 19:20 - 2011-06-16 19:20 - 0000000 ____D C:\Users\Jay\Documents\My Received Files
2011-06-16 19:20 - 2011-06-16 19:20 - 0000000 ____D C:\Users\Jay\Documents\iMesh
2011-06-16 19:20 - 2011-06-16 19:20 - 0000000 ____D C:\Users\Jay\AppData\Local\iMesh
2011-06-16 19:20 - 2011-06-16 19:20 - 0000000 ____D C:\Users\All Users\AE7
2011-06-16 19:20 - 2011-06-16 19:20 - 0000000 ____D C:\ProgramData\AE7
2011-06-14 05:14 - 2011-06-14 05:14 - 0291952 ____A C:\Windows\Minidump\061411-19780-01.dmp
2011-06-11 13:13 - 2011-06-11 13:13 - 0000000 ____D C:\Users\Jay\AppData\Local\Apple
2011-06-11 13:13 - 2011-06-07 21:30 - 0000000 ____D C:\Users\Jay\AppData\Roaming\Apple Computer
2011-06-10 21:31 - 2011-06-10 21:31 - 0000000 ____D C:\Users\Jay\AppData\Local\Apple Computer
2011-06-10 21:28 - 2011-06-10 21:27 - 3954648 ____A C:\Users\Jay\Downloads\No Sleep- Wiz Khalifa.mp3
2011-06-10 20:59 - 2011-06-10 20:59 - 0093280 ____A C:\Users\Jay\AppData\Local\GDIPFONTCACHEV1.DAT
2011-06-10 20:38 - 2011-06-10 20:38 - 0000000 ____D C:\Users\Jay\AppData\Roaming\ooVoo Details
2011-06-10 18:56 - 2011-08-08 23:08 - 3134464 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-06-09 09:56 - 2011-06-09 09:55 - 6951791 ____A C:\Users\Little People\Downloads\Marvins Room.mp3
2011-06-07 21:35 - 2011-06-07 21:29 - 0000000 ____D C:\Users\Jay\AppData\LocalLow
2011-06-07 21:32 - 2011-06-07 21:32 - 0000000 ____D C:\Users\Jay\AppData\Roaming\Google
2011-06-07 21:32 - 2011-06-07 21:31 - 0000000 ____D C:\Users\Jay\AppData\Local\Google
2011-06-07 21:32 - 2011-06-07 21:30 - 0000000 ____D C:\Users\Jay\AppData\Roaming\Adobe
2011-06-07 21:31 - 2011-06-07 21:31 - 0000000 ____D C:\Users\Jay\AppData\Roaming\Mozilla
2011-06-07 21:31 - 2011-06-07 21:31 - 0000000 ____D C:\Users\Jay\AppData\Local\Mozilla
2011-06-07 21:30 - 2011-06-07 21:30 - 0000174 ___SH C:\Users\Jay\Start Menu\Programs\Startup\desktop.ini
2011-06-07 21:30 - 2011-06-07 21:30 - 0000174 ___SH C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-06-07 21:30 - 2011-06-07 21:30 - 0000000 ____D C:\Users\Jay\AppData\Local\VirtualStore
2011-06-07 21:30 - 2011-06-07 21:30 - 0000000 ____D C:\Users\Jay\AppData\Local\Adobe
2011-06-07 21:30 - 2011-06-07 21:29 - 0000000 ____D C:\users\Jay
2011-06-07 21:29 - 2011-06-07 21:29 - 0291952 ____A C:\Windows\Minidump\060811-33477-01.dmp
2011-06-07 21:29 - 2011-06-07 21:29 - 0000632 _RASH C:\Users\Jay\ntuser.pol
2011-06-07 21:29 - 2011-06-07 21:29 - 0000020 ___SH C:\Users\Jay\ntuser.ini
2011-06-07 21:29 - 2011-06-07 21:29 - 0000000 __SHD C:\Users\Jay\Templates
2011-06-07 21:29 - 2011-06-07 21:29 - 0000000 __SHD C:\Users\Jay\Start Menu
2011-06-07 21:29 - 2011-06-07 21:29 - 0000000 __SHD C:\Users\Jay\PrintHood
2011-06-07 21:29 - 2011-06-07 21:29 - 0000000 __SHD C:\Users\Jay\NetHood
2011-06-07 21:29 - 2011-06-07 21:29 - 0000000 __SHD C:\Users\Jay\My Documents
2011-06-07 21:29 - 2011-06-07 21:29 - 0000000 __SHD C:\Users\Jay\Documents\My Videos
2011-06-07 21:29 - 2011-06-07 21:29 - 0000000 __SHD C:\Users\Jay\Documents\My Pictures
2011-06-07 21:29 - 2011-06-07 21:29 - 0000000 __SHD C:\Users\Jay\Documents\My Music
2011-06-07 21:29 - 2011-06-07 21:29 - 0000000 __SHD C:\Users\Jay\AppData\Local\Temporary Internet Files
2011-06-07 21:29 - 2011-06-07 21:29 - 0000000 __SHD C:\Users\Jay\AppData\Local\History
2011-06-07 13:05 - 2011-06-30 16:56 - 0048489 ____A C:\Users\Little People\Desktop\ggsxB3.htm
2011-06-06 07:56 - 2011-06-06 07:56 - 0053166 ____A C:\Users\Little People\Documents\assignmnt.pdf
2011-05-24 13:50 - 2010-04-20 12:43 - 0000000 ____D C:\Users\Little People\AppData\Local\Google
2011-05-24 13:48 - 2011-05-24 13:48 - 0000000 ____D C:\Users\Little People\Documents\My Received Files
2011-05-24 13:48 - 2011-05-24 13:48 - 0000000 ____D C:\Users\Little People\Documents\iMesh
2011-05-24 11:33 - 2011-05-24 11:33 - 0000000 ____D C:\Users\All Users\3812F
2011-05-24 11:33 - 2011-05-24 11:33 - 0000000 ____D C:\ProgramData\3812F
2011-05-24 03:21 - 2011-08-08 23:08 - 0404992 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
2011-05-24 02:34 - 2011-08-08 23:08 - 0145920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2011-05-24 02:34 - 2011-08-08 23:08 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2011-05-24 02:34 - 2011-08-08 23:08 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2011-05-24 02:32 - 2011-08-08 23:08 - 0252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2011-05-23 17:58 - 2010-04-13 14:43 - 0000000 ____D C:\Users\Home\AppData\Local\VirtualStore
2011-05-23 17:13 - 2010-04-20 12:42 - 0000000 ____D C:\Users\Little People\AppData\LocalLow
2011-05-23 16:13 - 2010-04-13 14:43 - 0093280 ____A C:\Users\Home\AppData\Local\GDIPFONTCACHEV1.DAT
2011-05-23 16:11 - 2010-04-22 17:36 - 0093280 ____A C:\Users\Little People\AppData\Local\GDIPFONTCACHEV1.DAT
2011-05-18 11:50 - 2010-04-29 05:15 - 0000000 ____D C:\Users\Home\AppData\Local\Adobe
2011-05-18 11:43 - 2010-04-20 13:56 - 0000000 ____D C:\Users\Little People\AppData\Local\Adobe
2011-05-18 11:43 - 2010-04-20 12:43 - 0000000 ____D C:\Users\Little People\AppData\Roaming\Adobe
2011-05-18 11:40 - 2011-05-18 11:40 - 0000144 ____A C:\Users\All Users\~34660088r
2011-05-18 11:40 - 2011-05-18 11:40 - 0000144 ____A C:\ProgramData\~34660088r
2011-05-18 11:40 - 2011-05-18 11:40 - 0000120 ____A C:\Users\All Users\~34660088
2011-05-18 11:40 - 2011-05-18 11:40 - 0000120 ____A C:\ProgramData\~34660088
2011-05-18 11:39 - 2011-05-18 11:39 - 0000336 ____A C:\Users\All Users\34660088
2011-05-18 11:39 - 2011-05-18 11:39 - 0000336 ____A C:\ProgramData\34660088
2011-05-17 22:23 - 2009-11-24 09:42 - 0000000 ___HD C:\Users\All Users\Adobe
2011-05-17 22:23 - 2009-11-24 09:42 - 0000000 ___HD C:\ProgramData\Adobe
2011-05-17 17:34 - 2011-05-17 17:34 - 0000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2011-05-17 17:34 - 2011-05-17 17:34 - 0000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2011-05-17 17:34 - 2010-04-15 15:24 - 0000000 ____D C:\Users\Home\AppData\Roaming\Adobe
2011-05-17 17:33 - 2009-11-24 09:41 - 0000000 ____D C:\Program Files (x86)\Adobe
2011-05-17 17:32 - 2011-05-17 17:32 - 0000000 ____D C:\Program Files (x86)\Adobe Media Player
2011-05-17 16:42 - 2011-06-19 17:05 - 0000000 ____D C:\Users\MMMMBB\AppData\Roaming\Macromedia
2011-05-17 16:42 - 2011-06-07 21:29 - 0000000 ____D C:\Users\Jay\AppData\Roaming\Macromedia
2011-05-17 16:42 - 2011-05-17 16:42 - 0001040 ____A C:\Users\Public\Desktop\Adobe Download Assistant.lnk
2011-05-17 16:42 - 2011-05-17 16:42 - 0000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2011-05-17 16:42 - 2011-05-17 16:42 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2011-05-17 16:42 - 2011-05-17 16:42 - 0000000 ____D C:\Program Files (x86)\Adobe Download Assistant
2011-05-16 19:46 - 2011-05-16 19:46 - 0000000 ____D C:\Users\All Users\3425B
2011-05-16 19:46 - 2011-05-16 19:46 - 0000000 ____D C:\ProgramData\3425B
2011-05-16 19:45 - 2011-05-16 19:45 - 0000000 ____D C:\Users\Home\AppData\Local\PackageAware
2011-05-13 19:33 - 2011-05-13 19:29 - 0007588 __ASH C:\Users\All Users\aq06lfw1y077fsv3ebwjd5
2011-05-13 19:33 - 2011-05-13 19:29 - 0007588 __ASH C:\ProgramData\aq06lfw1y077fsv3ebwjd5
2011-05-12 20:14 - 2011-05-12 20:14 - 0000344 ___AH C:\Users\All Users\41475832
2011-05-12 20:14 - 2011-05-12 20:14 - 0000344 ___AH C:\ProgramData\41475832
2011-05-12 20:14 - 2011-05-12 20:14 - 0000168 ___AH C:\Users\All Users\~41475832
2011-05-12 20:14 - 2011-05-12 20:14 - 0000168 ___AH C:\ProgramData\~41475832
2011-05-12 20:14 - 2011-05-12 20:14 - 0000136 ___AH C:\Users\All Users\~41475832r
2011-05-12 20:14 - 2011-05-12 20:14 - 0000136 ___AH C:\ProgramData\~41475832r

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 3839.37 MB
Available physical RAM: 3171.64 MB
Total Pagefile: 3837.52 MB
Available Pagefile: 3158.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

======================= Partitions =========================

1 Drive c: (eMachines) (Fixed) (Total:686.54 GB) (Free:641.28 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:12 GB) (Free:2.92 GB) NTFS
3 Drive f: (HBCD 13.0) (CDROM) (Total:0.68 GB) (Free:0 GB) CDFS
9 Drive l: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
10 Drive m: (Cruzer) (Removable) (Total:3.74 GB) (Free:2.22 GB) FAT32
11 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
12 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==========================================================

Last Boot: 2011-08-08 00:48

======================= End Of Log ==========================

#5 dburress

dburress
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 14 August 2011 - 02:56 PM

2011/08/10 23:48:16.0318 2196 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29
2011/08/10 23:48:16.0789 2196 ================================================================================
2011/08/10 23:48:16.0789 2196 SystemInfo:
2011/08/10 23:48:16.0789 2196
2011/08/10 23:48:16.0789 2196 OS Version: 6.1.7600 ServicePack: 0.0
2011/08/10 23:48:16.0789 2196 Product type: Workstation
2011/08/10 23:48:16.0789 2196 ComputerName: HOME-PC
2011/08/10 23:48:16.0790 2196 UserName: Home
2011/08/10 23:48:16.0790 2196 Windows directory: C:\Windows
2011/08/10 23:48:16.0790 2196 System windows directory: C:\Windows
2011/08/10 23:48:16.0790 2196 Running under WOW64
2011/08/10 23:48:16.0790 2196 Processor architecture: Intel x64
2011/08/10 23:48:16.0790 2196 Number of processors: 2
2011/08/10 23:48:16.0790 2196 Page size: 0x1000
2011/08/10 23:48:16.0790 2196 Boot type: Normal boot
2011/08/10 23:48:16.0790 2196 ================================================================================
2011/08/10 23:48:18.0041 2196 Initialize success
2011/08/10 23:48:21.0965 3376 ================================================================================
2011/08/10 23:48:21.0966 3376 Scan started
2011/08/10 23:48:21.0966 3376 Mode: Manual;
2011/08/10 23:48:21.0966 3376 ================================================================================
2011/08/10 23:48:24.0814 3376 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/08/10 23:48:24.0863 3376 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/08/10 23:48:24.0919 3376 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/08/10 23:48:24.0986 3376 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/10 23:48:25.0027 3376 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/10 23:48:25.0168 3376 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/10 23:48:25.0250 3376 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/08/10 23:48:25.0295 3376 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/08/10 23:48:25.0346 3376 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/08/10 23:48:25.0382 3376 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/08/10 23:48:25.0426 3376 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/10 23:48:25.0484 3376 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/10 23:48:25.0537 3376 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/08/10 23:48:25.0668 3376 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/10 23:48:25.0713 3376 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/08/10 23:48:25.0756 3376 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/08/10 23:48:25.0840 3376 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/08/10 23:48:25.0880 3376 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/10 23:48:25.0964 3376 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/10 23:48:26.0004 3376 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/08/10 23:48:26.0100 3376 athur (a42a4052a7dc86e3a01dfae97ffe2ed1) C:\Windows\system32\DRIVERS\athurx.sys
2011/08/10 23:48:26.0220 3376 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/08/10 23:48:26.0274 3376 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/08/10 23:48:26.0430 3376 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/08/10 23:48:26.0519 3376 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/10 23:48:26.0607 3376 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/10 23:48:26.0699 3376 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/10 23:48:26.0765 3376 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/10 23:48:26.0836 3376 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/08/10 23:48:26.0898 3376 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/10 23:48:27.0036 3376 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/10 23:48:27.0095 3376 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/10 23:48:27.0276 3376 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/10 23:48:27.0342 3376 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/10 23:48:27.0408 3376 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/10 23:48:27.0491 3376 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/10 23:48:27.0549 3376 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/08/10 23:48:27.0606 3376 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/10 23:48:27.0656 3376 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/08/10 23:48:27.0867 3376 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/08/10 23:48:27.0922 3376 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/10 23:48:28.0352 3376 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/08/10 23:48:28.0505 3376 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/10 23:48:28.0861 3376 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
2011/08/10 23:48:28.0935 3376 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/08/10 23:48:28.0983 3376 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/08/10 23:48:29.0073 3376 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/08/10 23:48:29.0156 3376 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/10 23:48:29.0324 3376 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/08/10 23:48:29.0705 3376 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/10 23:48:29.0865 3376 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/08/10 23:48:29.0948 3376 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/08/10 23:48:30.0005 3376 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/08/10 23:48:30.0085 3376 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/10 23:48:30.0153 3376 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/08/10 23:48:30.0229 3376 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/08/10 23:48:30.0311 3376 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/10 23:48:30.0363 3376 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/08/10 23:48:30.0462 3376 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/08/10 23:48:30.0524 3376 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/10 23:48:30.0570 3376 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/10 23:48:30.0615 3376 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/10 23:48:30.0719 3376 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/10 23:48:30.0855 3376 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/10 23:48:30.0942 3376 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/08/10 23:48:31.0013 3376 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/10 23:48:31.0060 3376 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/10 23:48:31.0132 3376 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/10 23:48:31.0203 3376 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/10 23:48:31.0313 3376 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/10 23:48:31.0418 3376 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/08/10 23:48:31.0503 3376 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/08/10 23:48:31.0547 3376 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/10 23:48:31.0586 3376 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/10 23:48:31.0663 3376 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/08/10 23:48:31.0720 3376 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/10 23:48:32.0129 3376 IntcAzAudAddService (bc64b75e8e0a0b8982ab773483164e72) C:\Windows\system32\drivers\RTKVHD64.sys
2011/08/10 23:48:32.0373 3376 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/08/10 23:48:32.0477 3376 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/10 23:48:32.0615 3376 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/10 23:48:32.0731 3376 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/08/10 23:48:32.0793 3376 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/08/10 23:48:32.0979 3376 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/08/10 23:48:33.0120 3376 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/08/10 23:48:33.0203 3376 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/10 23:48:33.0284 3376 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/10 23:48:33.0475 3376 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/10 23:48:33.0584 3376 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/10 23:48:33.0704 3376 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/10 23:48:33.0827 3376 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/08/10 23:48:33.0918 3376 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/10 23:48:33.0993 3376 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/10 23:48:34.0055 3376 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/10 23:48:34.0105 3376 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/10 23:48:34.0155 3376 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/10 23:48:34.0204 3376 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/08/10 23:48:34.0317 3376 lvpopf64 (a014e25d95f7091000b60ff8a1c2e988) C:\Windows\system32\DRIVERS\lvpopf64.sys
2011/08/10 23:48:34.0366 3376 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
2011/08/10 23:48:34.0429 3376 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
2011/08/10 23:48:34.0684 3376 LVRS64 (a43a6cbea073990a784603ef065a281b) C:\Windows\system32\DRIVERS\lvrs64.sys
2011/08/10 23:48:35.0070 3376 LVUVC64 (4350876ab0d0c77d0b40a1c85935c96b) C:\Windows\system32\DRIVERS\lvuvc64.sys
2011/08/10 23:48:35.0309 3376 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/10 23:48:35.0363 3376 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/10 23:48:35.0508 3376 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/08/10 23:48:35.0607 3376 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/10 23:48:35.0666 3376 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/10 23:48:35.0719 3376 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/10 23:48:35.0784 3376 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/08/10 23:48:35.0887 3376 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/08/10 23:48:35.0935 3376 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/08/10 23:48:36.0004 3376 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/08/10 23:48:36.0075 3376 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/10 23:48:36.0147 3376 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/10 23:48:36.0539 3376 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/10 23:48:36.0783 3376 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/10 23:48:36.0972 3376 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/10 23:48:37.0108 3376 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/08/10 23:48:37.0166 3376 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/08/10 23:48:37.0233 3376 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/08/10 23:48:37.0278 3376 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/10 23:48:37.0334 3376 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/08/10 23:48:37.0396 3376 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/10 23:48:37.0468 3376 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/10 23:48:37.0502 3376 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/08/10 23:48:37.0582 3376 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/08/10 23:48:37.0647 3376 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/10 23:48:37.0694 3376 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/08/10 23:48:37.0746 3376 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/10 23:48:37.0794 3376 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/08/10 23:48:37.0865 3376 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/10 23:48:38.0016 3376 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/08/10 23:48:38.0270 3376 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/10 23:48:38.0399 3376 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/10 23:48:38.0445 3376 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/10 23:48:38.0487 3376 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/10 23:48:38.0551 3376 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/08/10 23:48:38.0623 3376 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/10 23:48:38.0687 3376 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/10 23:48:38.0784 3376 netr7364 (81b8d0c1ce44a7fdbd596b693783950c) C:\Windows\system32\DRIVERS\netr7364.sys
2011/08/10 23:48:38.0889 3376 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/10 23:48:38.0985 3376 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/08/10 23:48:39.0117 3376 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/08/10 23:48:39.0164 3376 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/10 23:48:39.0280 3376 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/08/10 23:48:39.0361 3376 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/08/10 23:48:39.0450 3376 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
2011/08/10 23:48:39.0778 3376 nvlddmkm (d7a2cd1d76e6cc996a0852d566af2f73) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/08/10 23:48:39.0962 3376 NVNET (956a1f47826514c1ea0c295fe13c7377) C:\Windows\system32\DRIVERS\nvmf6264.sys
2011/08/10 23:48:40.0049 3376 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/08/10 23:48:40.0127 3376 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/08/10 23:48:40.0224 3376 nvstor64 (7c7eef51979658ce15bbc04f96a77d56) C:\Windows\system32\DRIVERS\nvstor64.sys
2011/08/10 23:48:40.0289 3376 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/08/10 23:48:40.0373 3376 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/10 23:48:40.0465 3376 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/08/10 23:48:40.0917 3376 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/08/10 23:48:41.0038 3376 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/08/10 23:48:41.0095 3376 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/08/10 23:48:41.0248 3376 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/10 23:48:41.0349 3376 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/08/10 23:48:41.0440 3376 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/08/10 23:48:41.0660 3376 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/10 23:48:41.0883 3376 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/08/10 23:48:42.0385 3376 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/10 23:48:42.0616 3376 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/10 23:48:42.0682 3376 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/10 23:48:42.0757 3376 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/10 23:48:42.0803 3376 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/10 23:48:42.0856 3376 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/10 23:48:42.0916 3376 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/10 23:48:42.0993 3376 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/10 23:48:43.0039 3376 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/10 23:48:43.0099 3376 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/10 23:48:43.0144 3376 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/10 23:48:43.0195 3376 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/10 23:48:43.0259 3376 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/10 23:48:43.0328 3376 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/10 23:48:43.0372 3376 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/08/10 23:48:43.0410 3376 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/08/10 23:48:43.0495 3376 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/10 23:48:43.0571 3376 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/08/10 23:48:43.0621 3376 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/10 23:48:43.0683 3376 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/10 23:48:43.0759 3376 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/10 23:48:43.0845 3376 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/08/10 23:48:43.0895 3376 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/10 23:48:44.0010 3376 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/08/10 23:48:44.0432 3376 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/08/10 23:48:44.0524 3376 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/08/10 23:48:44.0603 3376 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/10 23:48:44.0706 3376 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/10 23:48:44.0796 3376 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/10 23:48:44.0876 3376 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/08/10 23:48:44.0991 3376 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/08/10 23:48:45.0116 3376 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
2011/08/10 23:48:45.0211 3376 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/10 23:48:45.0322 3376 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/10 23:48:45.0471 3376 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/10 23:48:45.0561 3376 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/10 23:48:45.0805 3376 Tcpip (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\drivers\tcpip.sys
2011/08/10 23:48:45.0945 3376 TCPIP6 (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/10 23:48:46.0027 3376 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/10 23:48:46.0229 3376 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/08/10 23:48:46.0318 3376 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/08/10 23:48:46.0391 3376 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/10 23:48:46.0440 3376 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/10 23:48:46.0548 3376 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/10 23:48:46.0694 3376 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/10 23:48:46.0769 3376 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/10 23:48:46.0831 3376 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/10 23:48:46.0919 3376 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/08/10 23:48:46.0988 3376 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/10 23:48:47.0096 3376 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/10 23:48:47.0214 3376 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
2011/08/10 23:48:47.0300 3376 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/08/10 23:48:47.0402 3376 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/10 23:48:47.0490 3376 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/08/10 23:48:47.0548 3376 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/10 23:48:47.0598 3376 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/10 23:48:47.0686 3376 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/10 23:48:47.0746 3376 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/10 23:48:47.0851 3376 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/10 23:48:47.0921 3376 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/10 23:48:48.0057 3376 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/10 23:48:48.0177 3376 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
2011/08/10 23:48:48.0248 3376 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/08/10 23:48:48.0317 3376 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/10 23:48:48.0368 3376 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/08/10 23:48:48.0417 3376 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/08/10 23:48:48.0480 3376 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/08/10 23:48:48.0541 3376 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/08/10 23:48:49.0018 3376 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/08/10 23:48:49.0075 3376 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/08/10 23:48:49.0272 3376 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/10 23:48:49.0450 3376 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/08/10 23:48:49.0511 3376 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/08/10 23:48:49.0594 3376 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/10 23:48:49.0635 3376 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/10 23:48:49.0668 3376 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/10 23:48:49.0776 3376 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/08/10 23:48:49.0839 3376 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/10 23:48:49.0968 3376 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/10 23:48:50.0024 3376 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/08/10 23:48:50.0164 3376 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/08/10 23:48:50.0220 3376 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/10 23:48:50.0318 3376 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/10 23:48:50.0409 3376 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/08/10 23:48:50.0458 3376 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/10 23:48:50.0546 3376 MBR (0x1B8) (a342baa6228641917e6958e5b073cb2d) \Device\Harddisk0\DR0
2011/08/10 23:48:50.0555 3376 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/08/10 23:48:50.0585 3376 Boot (0x1200) (0feb5d9f5febd723dedc8a80fb5375a7) \Device\Harddisk0\DR0\Partition0
2011/08/10 23:48:50.0616 3376 Boot (0x1200) (2ee552dff804291268a0b85d2aba629a) \Device\Harddisk0\DR0\Partition1
2011/08/10 23:48:50.0647 3376 ================================================================================
2011/08/10 23:48:50.0647 3376 Scan finished
2011/08/10 23:48:50.0647 3376 ================================================================================
2011/08/10 23:48:50.0667 2140 Detected object count: 1
2011/08/10 23:48:50.0667 2140 Actual detected object count: 1
2011/08/10 23:49:03.0091 2140 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/08/10 23:49:03.0092 2140 \Device\Harddisk0\DR0 - ok
2011/08/10 23:49:03.0093 2140 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:13 PM

Posted 14 August 2011 - 03:07 PM

Hello again,

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:

    dd if=/dev/sda of=mbr.bin bs=512 count=1

  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 dburress

dburress
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 16 August 2011 - 11:05 AM

upon creating the file mbr.bin on the usb drive, i can see it on the sick system, but i can't find that file when i put the usb drive in my clean 64bit machine.

Edited by dburress, 16 August 2011 - 11:05 AM.


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:13 PM

Posted 16 August 2011 - 11:19 AM

Keep the USB drive into the sick computer and shut down xpud, only then remove the USB drive. You should now see the file.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 dburress

dburress
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 16 August 2011 - 11:19 AM

here's the zip. i found it.

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:13 PM

Posted 16 August 2011 - 11:25 AM

The MBR is clean. Can you please explain in detail how far your computer boots when no CD is put in? When exactly do you get the error?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 dburress

dburress
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 16 August 2011 - 11:55 AM

--starting windows splash
--system reboots to "launch startup repair"(recommended)
--loading files
--startup repair can't fix problem
--startup repair offline
--when i view diags, it says unspecified system configuration might have caused the problem

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:13 PM

Posted 16 August 2011 - 01:38 PM

What happens if you do not choose startup repair but instead try to start windows normally?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 dburress

dburress
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 19 August 2011 - 11:17 AM

it boots back to startup repair. i can't get to safe mode or normal.

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:13 PM

Posted 19 August 2011 - 11:47 AM

Try this please.

We Need to Diagnose Your BlueScreen
  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select "Disable Automatic Restart on System Failure", as shown here:
    Posted Image
  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:
    Posted Image
Please post me the error(s).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 dburress

dburress
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 19 August 2011 - 01:31 PM

there is nothing between:
a problem has been detected...
and
if this is the first time...

technical info is as follows:

stop: 0x0000007B (0xFFFFF880009A9928, 0xFFFFFFFC000000D, 0x0000000000000000, 0x0000000000000000)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users