Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Persistent Malware


  • This topic is locked This topic is locked
22 replies to this topic

#1 Brian209

Brian209

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 15 October 2011 - 06:51 PM

I have a Windows 7 HP Laptop that has become infected and I cannot seem to fully clean it using the usual tools.

Ran Malwarebytes and Spybot Search & Destroy and have AVG running. The initial symptoms were Google Redirect, Ping.exe was using 80% of the CPU.

Once cleaned, everything scanned fine, but then while the machine sits idle, AVG will pop up "Multiple threats detection" with the description "Exploit Blackhole Exploit Kit (type 1889)" two times and one "Exploit Phoenix Exploit Kit (type 1450)". AVG reports these healed, but they will pop up within an hour or two.

Here are the Log Files:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by owner at 20:35:09 on 2011-10-15
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.2381 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://www.uconnhuskies.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-system: WallpaperStyle = 2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{46535002-6082-475C-83EF-15429D3D357B} : DhcpNameServer = 192.168.11.1
TCP: Interfaces\{46535002-6082-475C-83EF-15429D3D357B}\C696E6B6379737 : DhcpNameServer = 68.87.71.230 68.87.73.246 68.87.71.230 68.87.73.246
TCP: Interfaces\{46535002-6082-475C-83EF-15429D3D357B}\D4F62746F627 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{46535002-6082-475C-83EF-15429D3D357B}\E4544574541425 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{46535002-6082-475C-83EF-15429D3D357B}\E456479376561627 : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{ED3B826A-19B6-446C-B8DB-A00C9F83C938} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO-X64: HelloWorldBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-9-12 5265248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-10-14 1153368]
R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-10-8 246600]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-24 227896]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-24 136176]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-24 136176]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2011-10-15 23:42:26 388096 ----a-r- C:\Users\owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-15 23:42:26 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-10-15 13:11:55 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2011-10-15 13:11:55 109056 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2011-10-15 13:09:42 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-15 13:09:42 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
2011-10-15 13:09:42 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2011-10-15 13:09:42 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-15 13:09:42 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2011-10-15 13:09:42 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-15 13:09:42 288256 ----a-w- C:\Windows\System32\MSNP.ax
2011-10-15 13:09:42 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2011-10-15 13:09:42 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-15 13:09:42 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2011-10-14 22:55:37 3134976 ----a-w- C:\Windows\System32\win32k.sys
2011-10-14 22:53:31 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-14 22:53:30 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-14 22:53:27 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-14 22:53:26 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-14 22:37:49 -------- d-----w- C:\703A5225A39DDCAEEB
2011-10-14 22:12:01 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-14 22:12:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-14 22:12:00 174368 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2011-10-14 22:12:00 141088 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2011-10-14 02:11:51 -------- d-----w- C:\Windows\System32\MpEngineStore
2011-10-14 01:32:54 -------- d-----w- C:\B291C2EFD1E6CE11ECC633
2011-10-13 01:32:11 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-10-13 01:32:11 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-10-10 04:25:59 546816 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2011-10-10 04:25:59 455680 ----a-w- C:\Program Files\Internet Explorer\networkinspection.dll
2011-10-10 04:25:59 30720 ----a-w- C:\Windows\System32\licmgr10.dll
2011-10-10 04:25:59 1492992 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-10-10 04:25:58 66048 ----a-w- C:\Program Files\Internet Explorer\JSProfilerCore.dll
2011-10-10 04:25:58 603648 ----a-w- C:\Windows\System32\vbscript.dll
2011-10-10 04:25:58 165888 ----a-w- C:\Windows\System32\iexpress.exe
2011-10-10 04:25:58 160256 ----a-w- C:\Windows\System32\wextract.exe
2011-10-10 03:37:41 -------- d-----w- C:\Windows\System32\SPReview
2011-10-10 03:36:10 -------- d-----w- C:\Windows\System32\EventProviders
2011-10-10 03:16:29 -------- d-----w- C:\Program Files\CCleaner
2011-10-10 02:17:31 -------- d-----w- C:\Users\owner\AppData\Roaming\Malwarebytes
2011-10-10 02:17:14 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-10 02:17:11 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-10-10 02:17:11 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2011-10-10 02:17:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-08 14:34:35 -------- d-----w- C:\Users\owner\AppData\Local\ElevatedDiagnostics
2011-10-08 14:01:34 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2011-10-08 14:01:33 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2011-10-08 13:59:13 -------- d-----w- C:\Users\owner\AppData\Roaming\AVG2012
2011-10-08 13:58:21 -------- d-----w- C:\ProgramData\AVG2012
2011-10-06 15:24:32 -------- d-----we C:\Windows\system64
2011-09-16 13:32:06 -------- d-----w- C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
.
==================== Find3M ====================
.
2011-10-07 14:41:00 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-13 10:30:08 37456 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-08-08 10:08:58 46672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2011-07-19 09:05:24 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 20:36:12.51 ===============




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:49:37 PM, on 10/15/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uconnhuskies.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: HelloWorldBHO - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15145 bytes

Edited by Brian209, 16 October 2011 - 12:57 PM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:01 PM

Posted 18 October 2011 - 08:20 AM

Hello Brian209,

Welcome to Bleeping computer.

Please update me on the current condition of your computer.

Also please please run DDS, copy and paste DDS.txt and attach Attach.txt without zipping.

#3 Brian209

Brian209
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 18 October 2011 - 10:28 AM

Thank you for taking on this case! Current state is that the Google redirect has returned and AVG is periodically "blocking" various numbered black hole rootkits. Ping.exe is running and cannot be ended. Spybot S&D runs and periodically detects tracking cookies, Malwarebytes runs and usually does not detect anything.

Gmer runs but does not let me check a lot of the options that are in the instructions on this site. I will rerun and post the requested logs when I get home from work, or maybe sneak out early to try and get them posted as soon as possible.

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:01 PM

Posted 18 October 2011 - 01:24 PM

Thanks for the feedback. So I know the system is still infected. When I need those logs later on I'll ask for it. For now please give me this log instead as the type of infection requires special treatment.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command type e:\frst64 and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#5 Brian209

Brian209
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 20 October 2011 - 12:25 AM

I am having trouble getting the computer into the "System Recovery Options" and then running the Farbar utility from a command prompt.

When I press F8 on this laptop it runs through a long process of looking to see if there is something that needs repairing or restoring and then ends up in the "HP Recovery Manager". Once there I have the following options:

"I need help immediately" which offers "Microsoft System Restore" or "System Recovery"

or

"I'd like to identify any problems" which offers "Run Computer Checkup"

or

"I'd like to take precautions" which offers "File Backup Program"

I have tried both of the choices from the first list, but "System Recovery" is looking to restore the laptop back to the factory state, and the "Microsoft System Restore" is looking to allow me to back up to a previous restore point.

#6 Brian209

Brian209
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 20 October 2011 - 12:47 AM

Ok, Google was my friend and I was able to get the HP software to give me a command prompt. One other note, my desktop was on the fritz so I was trying to find the solution using the infected laptop which was adding to the time required to search as well as adding to the frustration. Desktop is running now, which has improved things.

Here is the log file from the flash drive:

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.2.6
Ran by SYSTEM at 2011-10-20 01:40:42
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [318464 2009-05-14] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [610872 2009-07-21] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2009-08-24] (Sun Microsystems, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [165912 2009-12-28] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [387608 2009-12-28] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [365592 2009-12-28] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM-x32\...\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [581480 2009-05-12] (Symantec Corporation)
HKLM-x32\...\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-05-20] (Hewlett-Packard Company)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2404704 2011-09-23] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-08-18] (Apple Inc.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [218440 2011-10-08] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Cobian Backup 10 Interface] "C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe" -service [3154432 2010-09-23] (Luis Cobian, CobianSoft)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-10-25] (Hewlett-Packard)
HKU\Default\...\Policies\system: [WallpaperStyle] 2
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-10-25] (Hewlett-Packard)
HKU\Default User\...\Policies\system: [WallpaperStyle] 2
HKU\owner\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1668664 2009-10-25] (Hewlett-Packard)
HKU\owner\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-06-16] (Hewlett-Packard Company)
HKU\owner\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation)
HKU\owner\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-02-23] (Google Inc.)
HKU\owner\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\owner\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5500800 2011-10-17] (SUPERAntiSpyware.com)
HKU\owner\...\Policies\system: [WallpaperStyle] 2
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5265248 2011-09-12] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [192776 2011-08-02] (AVG Technologies CZ, s.r.o.)
2 BBUpdate; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [249648 2011-06-15] (Microsoft Corporation)
2 cbVSCService; C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe [67584 2010-09-23] (CobianSoft, Luis Cobian)
2 CobianBackup10; C:\Program Files (x86)\Cobian Backup 10\cbService.exe [1125376 2010-09-23] (Luis Cobian, CobianSoft)
3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [206072 2010-10-12] (WildTangent, Inc.)
2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [85560 2011-06-21] (Hewlett-Packard Company)
2 hpsrv; C:\Windows\System32\Hpservice.exe [30520 2011-05-13] (Hewlett-Packard Company)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-01-21] ()
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
2 vToolbarUpdater; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [246600 2011-10-08] ()

========================== Drivers (Whitelisted) =============

3 Accelerometer; C:\Windows\System32\DRIVERS\Accelerometer.sys [43320 2011-05-13] (Hewlett-Packard Company)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [120400 2011-07-10] (AVG Technologies CZ, s.r.o. )
0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-07-10] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29776 2011-07-10] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [282704 2011-07-10] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [46672 2011-08-08] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-09-13] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [375376 2011-07-10] (AVG Technologies CZ, s.r.o.)
3 enecir; C:\Windows\System32\DRIVERS\enecir.sys [70656 2009-05-20] (ENE TECHNOLOGY INC.)
0 hpdskflt; C:\Windows\System32\DRIVERS\hpdskflt.sys [30008 2011-05-13] (Hewlett-Packard Company)
3 JMCR; C:\Windows\System32\DRIVERS\jmcr.sys [140712 2009-07-22] (JMicron Technology Corporation)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
4 eabfiltr; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-10-18 21:05 - 2011-10-18 21:05 - 1206567 ____A C:\Users\owner\Downloads\FRST64.exe
2011-10-17 21:14 - 2011-10-17 21:14 - 0014337 ____A C:\Windows\SysWOW64\hs_err_pid8148.log
2011-10-17 18:17 - 2011-10-17 18:19 - 0000000 ____D C:\Users\owner\Documents\ContactsBackup
2011-10-17 18:12 - 2011-10-17 18:14 - 0000000 ____D C:\Users\owner\Documents\MailBackup
2011-10-17 16:36 - 2011-10-17 16:37 - 0000000 ____D C:\Program Files (x86)\Cobian Backup 10
2011-10-17 16:23 - 2011-10-17 16:28 - 15492608 ____N (Luis Cobian, CobianSoft) C:\Users\owner\Downloads\cbSetup.exe
2011-10-16 12:46 - 2011-10-16 12:46 - 0000472 ____N C:\Users\owner\Downloads\defogger_disable.log
2011-10-16 12:46 - 2011-10-16 12:46 - 0000000 ____N C:\Users\owner\defogger_reenable
2011-10-16 12:45 - 2011-10-16 12:45 - 0050477 ____N C:\Users\owner\Downloads\Defogger.exe
2011-10-16 12:36 - 2011-10-16 12:36 - 0000000 ____D C:\Users\owner\AppData\Roaming\SUPERAntiSpyware.com
2011-10-16 12:35 - 2011-10-17 16:11 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2011-10-16 12:35 - 2011-10-16 12:35 - 0001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2011-10-16 12:35 - 2011-10-16 12:35 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2011-10-16 12:35 - 2011-10-16 12:35 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2011-10-16 12:32 - 2011-10-16 12:34 - 12827960 ____N (SUPERAntiSpyware.com) C:\Users\owner\Downloads\SUPERAntiSpyware.exe
2011-10-16 10:39 - 2011-10-16 10:39 - 0869194 ____N C:\Users\owner\Downloads\SecurityCheck.exe
2011-10-16 05:11 - 2011-10-16 05:11 - 0000000 ____D C:\Users\Default\AppData\Roaming\Apple Computer
2011-10-16 05:11 - 2011-10-16 05:11 - 0000000 ____D C:\Users\Default\AppData\Local\Apple Computer
2011-10-16 05:11 - 2011-10-16 05:11 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Apple Computer
2011-10-16 05:11 - 2011-10-16 05:11 - 0000000 ____D C:\Users\Default User\AppData\Local\Apple Computer
2011-10-15 16:42 - 2011-10-15 16:42 - 0000000 ____D C:\Users\owner\Downloads\gmer (1)
2011-10-15 16:41 - 2011-10-15 16:41 - 0294216 ____N C:\Users\owner\Downloads\gmer (1).zip
2011-10-15 16:40 - 2011-10-15 16:40 - 0294216 ____N C:\Users\owner\Downloads\gmer.zip
2011-10-15 16:38 - 2011-10-15 16:38 - 0302592 ____N C:\Users\owner\Downloads\ewxw61vx.exe
2011-10-15 16:34 - 2011-10-15 16:35 - 0607260 ____R (Swearware) C:\Users\owner\Downloads\dds.scr
2011-10-15 15:42 - 2011-10-15 15:42 - 0002975 ____N C:\Users\owner\Desktop\HiJackThis.lnk
2011-10-15 15:42 - 2011-10-15 15:42 - 0000000 ____D C:\Program Files (x86)\Trend Micro
2011-10-15 15:41 - 2011-10-15 15:41 - 1402880 ____N C:\Users\owner\Downloads\HiJackThis (1).msi
2011-10-15 13:46 - 2011-10-15 13:46 - 0013934 ____A C:\Windows\SysWOW64\hs_err_pid6628.log
2011-10-15 09:59 - 2011-07-19 01:05 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2011-10-15 09:59 - 2011-07-19 01:05 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2011-10-15 09:59 - 2011-07-19 01:05 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2011-10-15 09:58 - 2011-10-15 09:59 - 0004380 ____A C:\Windows\SysWOW64\jupdate-1.6.0_27-b07.log
2011-10-15 09:57 - 2011-10-15 09:57 - 0909600 ____N (Sun Microsystems, Inc.) C:\Users\owner\Downloads\chromeinstall-6u27.exe
2011-10-15 05:11 - 2009-10-09 19:17 - 0014336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sffp_sd.sys
2011-10-15 05:11 - 2009-10-09 18:41 - 0109056 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sdbus.sys
2011-10-15 05:09 - 2011-08-16 21:32 - 0613888 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2011-10-15 05:09 - 2011-08-16 21:27 - 0288256 ____A (Microsoft Corporation) C:\Windows\System32\MSNP.ax
2011-10-15 05:09 - 2011-08-16 21:27 - 0108032 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2011-10-15 05:09 - 2011-08-16 21:27 - 0104960 ____A (Microsoft Corporation) C:\Windows\System32\Mpeg2Data.ax
2011-10-15 05:09 - 2011-08-16 21:27 - 0075776 ____A (Microsoft Corporation) C:\Windows\System32\MSDvbNP.ax
2011-10-15 05:09 - 2011-08-16 20:26 - 0465408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2011-10-15 05:09 - 2011-08-16 20:22 - 0204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSNP.ax
2011-10-15 05:09 - 2011-08-16 20:22 - 0075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2011-10-15 05:09 - 2011-08-16 20:22 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax
2011-10-15 05:09 - 2011-08-16 20:22 - 0059904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax
2011-10-14 16:33 - 2011-10-14 16:33 - 0437101 ____R C:\Windows\System32\Drivers\etc\hosts
2011-10-14 14:55 - 2011-09-05 19:07 - 3134976 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-10-14 14:53 - 2011-08-26 21:40 - 0861184 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2011-10-14 14:53 - 2011-08-26 21:40 - 0331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2011-10-14 14:53 - 2011-08-26 20:43 - 0571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2011-10-14 14:53 - 2011-08-26 20:43 - 0233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2011-10-14 14:37 - 2011-10-14 14:37 - 0000000 ____D C:\703A5225A39DDCAEEB
2011-10-14 14:12 - 2011-08-31 21:12 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-10-14 14:12 - 2011-08-31 21:12 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-10-14 14:12 - 2011-08-31 18:23 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-10-14 14:12 - 2011-08-31 18:22 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-10-14 14:11 - 2011-08-31 21:34 - 17781760 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-10-14 14:11 - 2011-08-31 21:24 - 2309120 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-10-14 14:11 - 2011-08-31 21:24 - 10886144 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-10-14 14:11 - 2011-08-31 21:18 - 1344512 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-10-14 14:11 - 2011-08-31 21:17 - 1389056 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-10-14 14:11 - 2011-08-31 21:16 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-10-14 14:11 - 2011-08-31 21:15 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-10-14 14:11 - 2011-08-31 21:14 - 0818176 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-10-14 14:11 - 2011-08-31 21:12 - 2143744 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-10-14 14:11 - 2011-08-31 21:08 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-10-14 14:11 - 2011-08-31 18:36 - 12275200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-10-14 14:11 - 2011-08-31 18:35 - 1798144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2011-10-14 14:11 - 2011-08-31 18:33 - 9704960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-10-14 14:11 - 2011-08-31 18:28 - 1126912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-10-14 14:11 - 2011-08-31 18:28 - 1102848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-10-14 14:11 - 2011-08-31 18:27 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-10-14 14:11 - 2011-08-31 18:26 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-10-14 14:11 - 2011-08-31 18:24 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-10-14 14:11 - 2011-08-31 18:23 - 1791488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-10-14 14:11 - 2011-08-31 18:21 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-10-14 14:10 - 2011-10-14 14:10 - 0001218 ____N C:\Users\owner\Desktop\Spybot - Search & Destroy.lnk
2011-10-14 14:07 - 2011-10-14 14:08 - 16409960 ____N (Safer Networking Limited ) C:\Users\owner\Downloads\spybotsd162.exe
2011-10-13 18:11 - 2011-10-14 17:59 - 0000000 ____D C:\Windows\System32\MpEngineStore
2011-10-13 17:32 - 2011-10-13 17:32 - 0000000 ____D C:\B291C2EFD1E6CE11ECC633
2011-10-13 17:16 - 2011-10-13 17:19 - 0077040 ____A C:\TDSSKiller.2.6.8.0_13.10.2011_21.16.48_log.txt
2011-10-13 17:16 - 2011-10-13 17:16 - 1541309 ____N C:\Users\owner\Downloads\tdsskiller.zip
2011-10-12 17:32 - 2011-10-14 15:00 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2011-10-12 17:32 - 2011-10-14 14:18 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2011-10-12 17:32 - 2011-10-14 14:18 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2011-10-12 15:53 - 2011-10-12 15:53 - 1402880 ____N C:\Users\owner\Downloads\HiJackThis.msi
2011-10-10 16:01 - 2011-10-10 16:01 - 0302592 ____N C:\Users\owner\Desktop\t8mv5znf.exe
2011-10-10 15:59 - 2011-10-10 15:59 - 0607260 ____R (Swearware) C:\Users\owner\Desktop\dds.scr
2011-10-09 20:26 - 2011-10-09 20:26 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2011-10-09 20:26 - 2011-10-09 20:26 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2011-10-09 20:26 - 2011-10-09 20:26 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2011-10-09 20:26 - 2011-10-09 20:26 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-10-09 20:26 - 2011-10-09 20:26 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2011-10-09 20:26 - 2011-10-09 20:26 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2011-10-09 20:26 - 2011-10-09 20:26 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2011-10-09 20:26 - 2011-10-09 20:26 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2011-10-09 20:26 - 2011-10-09 20:26 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2011-10-09 20:26 - 2011-10-09 20:26 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-10-09 20:25 - 2011-10-09 20:25 - 1492992 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-10-09 20:25 - 2011-10-09 20:25 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-10-09 20:25 - 2011-10-09 20:25 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2011-10-09 20:25 - 2011-10-09 20:25 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2011-10-09 20:25 - 2011-10-09 20:25 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2011-10-09 20:25 - 2011-10-09 20:25 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2011-10-09 20:25 - 2011-10-09 20:25 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2011-10-09 20:25 - 2011-10-09 20:25 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-10-09 20:04 - 2011-10-09 20:26 - 0003948 ____A C:\Windows\IE9_main.log
2011-10-09 19:37 - 2011-10-09 19:37 - 0000000 ____D C:\Windows\System32\SPReview
2011-10-09 19:36 - 2011-10-09 19:36 - 0000000 ____D C:\Windows\System32\EventProviders
2011-10-09 19:22 - 2011-10-18 21:26 - 0002185 ____A C:\Windows\setupact.log
2011-10-09 19:22 - 2011-10-10 15:19 - 0000624 ____A C:\Windows\PFRO.log
2011-10-09 19:22 - 2011-10-09 19:22 - 0000000 ____A C:\Windows\setuperr.log
2011-10-09 19:19 - 2011-10-09 19:19 - 0002215 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2011-10-09 19:16 - 2011-10-09 19:16 - 0000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2011-10-09 19:16 - 2011-10-09 19:16 - 0000000 ____D C:\Program Files\CCleaner
2011-10-09 18:17 - 2011-10-15 05:21 - 0000000 ____D C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2011-10-09 18:17 - 2011-10-09 18:17 - 0001069 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2011-10-09 18:17 - 2011-10-09 18:17 - 0000000 ____D C:\Users\owner\AppData\Roaming\Malwarebytes
2011-10-09 18:17 - 2011-10-09 18:17 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-10-09 18:17 - 2011-10-09 18:17 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-10-09 18:17 - 2011-10-09 18:17 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-09 18:17 - 2011-08-31 13:00 - 0025416 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-10-08 06:34 - 2011-10-08 06:34 - 0000000 ____D C:\Users\owner\AppData\Local\ElevatedDiagnostics
2011-10-08 06:01 - 2011-10-08 06:01 - 0000925 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2011-10-08 06:01 - 2011-10-08 06:01 - 0000000 ____D C:\Program Files (x86)\AVG Secure Search
2011-10-08 05:59 - 2011-10-08 05:59 - 0000000 ____D C:\Users\owner\AppData\Roaming\AVG2012
2011-10-08 05:58 - 2011-10-14 17:49 - 0000000 ____D C:\Users\All Users\AVG2012
2011-10-08 05:58 - 2011-10-14 17:49 - 0000000 ____D C:\ProgramData\AVG2012
2011-10-07 06:24 - 2011-10-07 06:24 - 0000000 ____D C:\Windows\Sun
2011-10-06 07:24 - 2011-10-06 07:24 - 0000000 ____D C:\Windows\system64


============ 3 Months Modified Files and Folders =============

2011-10-20 01:41 - 2011-10-20 01:40 - 0000000 ____D C:\FRST
2011-10-20 01:32 - 2009-11-16 19:22 - 0000000 ____D C:\Users\All Users\Recovery
2011-10-20 01:32 - 2009-11-16 19:22 - 0000000 ____D C:\ProgramData\Recovery
2011-10-18 21:31 - 2009-11-16 19:00 - 1407262 ____A C:\Windows\WindowsUpdate.log
2011-10-18 21:26 - 2011-10-09 19:22 - 0002185 ____A C:\Windows\setupact.log
2011-10-18 21:26 - 2010-10-24 08:14 - 0000000 ____D C:\Users\All Users\MFAData
2011-10-18 21:26 - 2010-10-24 08:14 - 0000000 ____D C:\ProgramData\MFAData
2011-10-18 21:26 - 2009-07-13 21:13 - 0726316 ____A C:\Windows\System32\PerfStringBackup.INI
2011-10-18 21:24 - 2009-07-13 20:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-10-18 21:24 - 2009-07-13 20:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-10-18 21:05 - 2011-10-18 21:05 - 1206567 ____A C:\Users\owner\Downloads\FRST64.exe
2011-10-18 20:40 - 2011-02-23 20:19 - 0000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2011-10-18 14:35 - 2010-12-15 16:48 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2011-10-18 07:40 - 2011-02-23 20:19 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-10-17 21:14 - 2011-10-17 21:14 - 0014337 ____A C:\Windows\SysWOW64\hs_err_pid8148.log
2011-10-17 18:19 - 2011-10-17 18:17 - 0000000 ____D C:\Users\owner\Documents\ContactsBackup
2011-10-17 18:14 - 2011-10-17 18:12 - 0000000 ____D C:\Users\owner\Documents\MailBackup
2011-10-17 16:48 - 2009-12-11 22:51 - 0000281 ____A C:\Users\All Users\HPWALog.txt
2011-10-17 16:48 - 2009-12-11 22:51 - 0000281 ____A C:\ProgramData\HPWALog.txt
2011-10-17 16:37 - 2011-10-17 16:36 - 0000000 ____D C:\Program Files (x86)\Cobian Backup 10
2011-10-17 16:28 - 2011-10-17 16:23 - 15492608 ____N (Luis Cobian, CobianSoft) C:\Users\owner\Downloads\cbSetup.exe
2011-10-17 16:11 - 2011-10-16 12:35 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2011-10-17 16:09 - 2010-04-15 09:19 - 0000000 ____D C:\Users\owner\Tracing
2011-10-17 16:08 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-10-16 12:46 - 2011-10-16 12:46 - 0000472 ____N C:\Users\owner\Downloads\defogger_disable.log
2011-10-16 12:46 - 2011-10-16 12:46 - 0000000 ____N C:\Users\owner\defogger_reenable
2011-10-16 12:46 - 2009-12-11 22:44 - 0000000 ____D C:\Users\owner\Desktop\owner 2011-10-18 21;40;14
2011-10-16 12:46 - 2009-12-11 22:44 - 0000000 ____D C:\Users\owner\Desktop\owner 2011-10-17 22;21;35
2011-10-16 12:46 - 2009-12-11 22:44 - 0000000 ____D C:\users\owner
2011-10-16 12:45 - 2011-10-16 12:45 - 0050477 ____N C:\Users\owner\Downloads\Defogger.exe
2011-10-16 12:36 - 2011-10-16 12:36 - 0000000 ____D C:\Users\owner\AppData\Roaming\SUPERAntiSpyware.com
2011-10-16 12:35 - 2011-10-16 12:35 - 0001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2011-10-16 12:35 - 2011-10-16 12:35 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2011-10-16 12:35 - 2011-10-16 12:35 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2011-10-16 12:34 - 2011-10-16 12:32 - 12827960 ____N (SUPERAntiSpyware.com) C:\Users\owner\Downloads\SUPERAntiSpyware.exe
2011-10-16 10:39 - 2011-10-16 10:39 - 0869194 ____N C:\Users\owner\Downloads\SecurityCheck.exe
2011-10-16 05:11 - 2011-10-16 05:11 - 0000000 ____D C:\Users\Default\AppData\Roaming\Apple Computer
2011-10-16 05:11 - 2011-10-16 05:11 - 0000000 ____D C:\Users\Default\AppData\Local\Apple Computer
2011-10-16 05:11 - 2011-10-16 05:11 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Apple Computer
2011-10-16 05:11 - 2011-10-16 05:11 - 0000000 ____D C:\Users\Default User\AppData\Local\Apple Computer
2011-10-15 16:42 - 2011-10-15 16:42 - 0000000 ____D C:\Users\owner\Downloads\gmer (1)
2011-10-15 16:41 - 2011-10-15 16:41 - 0294216 ____N C:\Users\owner\Downloads\gmer (1).zip
2011-10-15 16:40 - 2011-10-15 16:40 - 0294216 ____N C:\Users\owner\Downloads\gmer.zip
2011-10-15 16:38 - 2011-10-15 16:38 - 0302592 ____N C:\Users\owner\Downloads\ewxw61vx.exe
2011-10-15 16:35 - 2011-10-15 16:34 - 0607260 ____R (Swearware) C:\Users\owner\Downloads\dds.scr
2011-10-15 15:42 - 2011-10-15 15:42 - 0002975 ____N C:\Users\owner\Desktop\HiJackThis.lnk
2011-10-15 15:42 - 2011-10-15 15:42 - 0000000 ____D C:\Program Files (x86)\Trend Micro
2011-10-15 15:41 - 2011-10-15 15:41 - 1402880 ____N C:\Users\owner\Downloads\HiJackThis (1).msi
2011-10-15 13:46 - 2011-10-15 13:46 - 0013934 ____A C:\Windows\SysWOW64\hs_err_pid6628.log
2011-10-15 09:59 - 2011-10-15 09:58 - 0004380 ____A C:\Windows\SysWOW64\jupdate-1.6.0_27-b07.log
2011-10-15 09:59 - 2009-08-24 10:54 - 0000000 ____D C:\Program Files (x86)\Java
2011-10-15 09:57 - 2011-10-15 09:57 - 0909600 ____N (Sun Microsystems, Inc.) C:\Users\owner\Downloads\chromeinstall-6u27.exe
2011-10-15 05:21 - 2011-10-09 18:17 - 0000000 ____D C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2011-10-14 23:18 - 2009-07-13 20:45 - 0331472 ____A C:\Windows\System32\FNTCACHE.DAT
2011-10-14 18:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2011-10-14 17:59 - 2011-10-13 18:11 - 0000000 ____D C:\Windows\System32\MpEngineStore
2011-10-14 17:59 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2011-10-14 17:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2011-10-14 17:49 - 2011-10-08 05:58 - 0000000 ____D C:\Users\All Users\AVG2012
2011-10-14 17:49 - 2011-10-08 05:58 - 0000000 ____D C:\ProgramData\AVG2012
2011-10-14 16:33 - 2011-10-14 16:33 - 0437101 ____R C:\Windows\System32\Drivers\etc\hosts
2011-10-14 15:00 - 2011-10-12 17:32 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2011-10-14 15:00 - 2009-08-24 08:33 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-10-14 14:37 - 2011-10-14 14:37 - 0000000 ____D C:\703A5225A39DDCAEEB
2011-10-14 14:33 - 2009-12-25 18:32 - 0000052 ____A C:\Windows\SysWOW64\DOErrors.log
2011-10-14 14:32 - 2009-12-11 23:37 - 50086344 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-10-14 14:18 - 2011-10-12 17:32 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2011-10-14 14:18 - 2011-10-12 17:32 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2011-10-14 14:10 - 2011-10-14 14:10 - 0001218 ____N C:\Users\owner\Desktop\Spybot - Search & Destroy.lnk
2011-10-14 14:08 - 2011-10-14 14:07 - 16409960 ____N (Safer Networking Limited ) C:\Users\owner\Downloads\spybotsd162.exe
2011-10-14 14:02 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2011-10-13 17:32 - 2011-10-13 17:32 - 0000000 ____D C:\B291C2EFD1E6CE11ECC633
2011-10-13 17:19 - 2011-10-13 17:16 - 0077040 ____A C:\TDSSKiller.2.6.8.0_13.10.2011_21.16.48_log.txt
2011-10-13 17:16 - 2011-10-13 17:16 - 1541309 ____N C:\Users\owner\Downloads\tdsskiller.zip
2011-10-13 17:03 - 2009-07-24 22:11 - 0000000 ____D C:\Windows\Panther
2011-10-12 16:05 - 2009-12-11 22:50 - 0000000 ____D C:\Users\owner\AppData\Local\VirtualStore
2011-10-12 15:53 - 2011-10-12 15:53 - 1402880 ____N C:\Users\owner\Downloads\HiJackThis.msi
2011-10-10 16:01 - 2011-10-10 16:01 - 0302592 ____N C:\Users\owner\Desktop\t8mv5znf.exe
2011-10-10 15:59 - 2011-10-10 15:59 - 0607260 ____R (Swearware) C:\Users\owner\Desktop\dds.scr
2011-10-10 15:32 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2011-10-10 15:20 - 2009-07-13 21:08 - 0032596 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-10-10 15:19 - 2011-10-09 19:22 - 0000624 ____A C:\Windows\PFRO.log
2011-10-09 20:26 - 2011-10-09 20:26 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2011-10-09 20:26 - 2011-10-09 20:26 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2011-10-09 20:26 - 2011-10-09 20:26 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2011-10-09 20:26 - 2011-10-09 20:26 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-10-09 20:26 - 2011-10-09 20:26 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2011-10-09 20:26 - 2011-10-09 20:26 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2011-10-09 20:26 - 2011-10-09 20:26 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2011-10-09 20:26 - 2011-10-09 20:26 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2011-10-09 20:26 - 2011-10-09 20:26 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2011-10-09 20:26 - 2011-10-09 20:26 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-10-09 20:26 - 2011-10-09 20:04 - 0003948 ____A C:\Windows\IE9_main.log
2011-10-09 20:25 - 2011-10-09 20:25 - 1492992 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-10-09 20:25 - 2011-10-09 20:25 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-10-09 20:25 - 2011-10-09 20:25 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2011-10-09 20:25 - 2011-10-09 20:25 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2011-10-09 20:25 - 2011-10-09 20:25 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2011-10-09 20:25 - 2011-10-09 20:25 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2011-10-09 20:25 - 2011-10-09 20:25 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2011-10-09 20:25 - 2011-10-09 20:25 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-10-09 19:37 - 2011-10-09 19:37 - 0000000 ____D C:\Windows\System32\SPReview
2011-10-09 19:36 - 2011-10-09 19:36 - 0000000 ____D C:\Windows\System32\EventProviders
2011-10-09 19:33 - 2011-02-23 20:19 - 0000000 ____D C:\Users\owner\AppData\Local\Google
2011-10-09 19:22 - 2011-10-09 19:22 - 0000000 ____A C:\Windows\setuperr.log
2011-10-09 19:19 - 2011-10-09 19:19 - 0002215 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2011-10-09 19:19 - 2011-02-23 20:19 - 0000000 ____D C:\Program Files (x86)\Google
2011-10-09 19:18 - 2010-10-15 05:34 - 0000000 ____D C:\Windows\Minidump
2011-10-09 19:16 - 2011-10-09 19:16 - 0000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2011-10-09 19:16 - 2011-10-09 19:16 - 0000000 ____D C:\Program Files\CCleaner
2011-10-09 18:17 - 2011-10-09 18:17 - 0001069 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2011-10-09 18:17 - 2011-10-09 18:17 - 0000000 ____D C:\Users\owner\AppData\Roaming\Malwarebytes
2011-10-09 18:17 - 2011-10-09 18:17 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-10-09 18:17 - 2011-10-09 18:17 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-10-09 18:17 - 2011-10-09 18:17 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-08 08:40 - 2010-01-23 07:42 - 0001974 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2011-10-08 06:37 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2011-10-08 06:34 - 2011-10-08 06:34 - 0000000 ____D C:\Users\owner\AppData\Local\ElevatedDiagnostics
2011-10-08 06:01 - 2011-10-08 06:01 - 0000925 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2011-10-08 06:01 - 2011-10-08 06:01 - 0000000 ____D C:\Program Files (x86)\AVG Secure Search
2011-10-08 06:01 - 2009-12-11 22:44 - 0000000 ____D C:\Users\owner\AppData\LocalLow
2011-10-08 05:59 - 2011-10-08 05:59 - 0000000 ____D C:\Users\owner\AppData\Roaming\AVG2012
2011-10-08 05:54 - 2010-04-04 10:45 - 0000000 ____D C:\Program Files (x86)\AVG
2011-10-07 06:41 - 2011-06-29 05:56 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-10-07 06:37 - 2010-04-12 05:35 - 0000332 ____A C:\Windows\Tasks\HPCeeScheduleForowner.job
2011-10-07 06:24 - 2011-10-07 06:24 - 0000000 ____D C:\Windows\Sun
2011-10-06 07:24 - 2011-10-06 07:24 - 0000000 ____D C:\Windows\system64
2011-10-06 07:24 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\sysprep
2011-10-06 04:32 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2011-09-16 05:39 - 2009-08-24 08:28 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2011-09-16 05:38 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Help
2011-09-16 05:34 - 2011-09-16 05:34 - 0002139 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk
2011-09-16 05:34 - 2009-08-24 08:27 - 0000000 ____D C:\Program Files (x86)\Hewlett-Packard
2011-09-16 05:32 - 2011-09-16 05:32 - 0000000 ____D C:\Users\All Users\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
2011-09-16 05:32 - 2011-09-16 05:32 - 0000000 ____D C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
2011-09-16 05:30 - 2009-07-16 15:15 - 0000000 ____D C:\SwSetup
2011-09-13 02:30 - 2011-09-13 02:30 - 0037456 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgrkx64.sys
2011-09-12 06:01 - 2011-09-12 06:01 - 0001743 ____A C:\Users\Public\Desktop\iTunes.lnk
2011-09-12 06:01 - 2011-09-12 06:00 - 0000000 ____D C:\Program Files\iTunes
2011-09-12 06:01 - 2011-09-12 06:00 - 0000000 ____D C:\Program Files (x86)\iTunes
2011-09-12 06:00 - 2011-09-12 06:00 - 0000000 ____D C:\Program Files\iPod
2011-09-12 06:00 - 2010-09-01 09:24 - 0000000 ____D C:\Users\All Users\Apple Computer
2011-09-12 06:00 - 2010-09-01 09:24 - 0000000 ____D C:\ProgramData\Apple Computer
2011-09-05 19:07 - 2011-10-14 14:55 - 3134976 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-08-31 21:34 - 2011-10-14 14:11 - 17781760 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-08-31 21:24 - 2011-10-14 14:11 - 2309120 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-08-31 21:24 - 2011-10-14 14:11 - 10886144 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-08-31 21:18 - 2011-10-14 14:11 - 1344512 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-08-31 21:17 - 2011-10-14 14:11 - 1389056 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-08-31 21:16 - 2011-10-14 14:11 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-08-31 21:15 - 2011-10-14 14:11 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-08-31 21:14 - 2011-10-14 14:11 - 0818176 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-08-31 21:12 - 2011-10-14 14:12 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-08-31 21:12 - 2011-10-14 14:12 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-08-31 21:12 - 2011-10-14 14:11 - 2143744 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-08-31 21:08 - 2011-10-14 14:11 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-08-31 18:36 - 2011-10-14 14:11 - 12275200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-08-31 18:35 - 2011-10-14 14:11 - 1798144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2011-08-31 18:33 - 2011-10-14 14:11 - 9704960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-08-31 18:28 - 2011-10-14 14:11 - 1126912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-08-31 18:28 - 2011-10-14 14:11 - 1102848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-08-31 18:27 - 2011-10-14 14:11 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-08-31 18:26 - 2011-10-14 14:11 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-08-31 18:24 - 2011-10-14 14:11 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-08-31 18:23 - 2011-10-14 14:12 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-08-31 18:23 - 2011-10-14 14:11 - 1791488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-08-31 18:22 - 2011-10-14 14:12 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-08-31 18:21 - 2011-10-14 14:11 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-08-31 13:00 - 2011-10-09 18:17 - 0025416 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-08-29 11:56 - 2009-12-26 09:50 - 0003948 _____ C:\Users\owner\AppData\Roaming\wklnhst.dat
2011-08-26 21:40 - 2011-10-14 14:53 - 0861184 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2011-08-26 21:40 - 2011-10-14 14:53 - 0331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2011-08-26 20:43 - 2011-10-14 14:53 - 0571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2011-08-26 20:43 - 2011-10-14 14:53 - 0233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2011-08-16 21:32 - 2011-10-15 05:09 - 0613888 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2011-08-16 21:27 - 2011-10-15 05:09 - 0288256 ____A (Microsoft Corporation) C:\Windows\System32\MSNP.ax
2011-08-16 21:27 - 2011-10-15 05:09 - 0108032 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2011-08-16 21:27 - 2011-10-15 05:09 - 0104960 ____A (Microsoft Corporation) C:\Windows\System32\Mpeg2Data.ax
2011-08-16 21:27 - 2011-10-15 05:09 - 0075776 ____A (Microsoft Corporation) C:\Windows\System32\MSDvbNP.ax
2011-08-16 20:26 - 2011-10-15 05:09 - 0465408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2011-08-16 20:22 - 2011-10-15 05:09 - 0204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSNP.ax
2011-08-16 20:22 - 2011-10-15 05:09 - 0075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2011-08-16 20:22 - 2011-10-15 05:09 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax
2011-08-16 20:22 - 2011-10-15 05:09 - 0059904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax
2011-08-09 11:44 - 2011-06-05 15:20 - 0002518 ____N C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2011-08-08 05:20 - 2011-08-08 05:20 - 0001805 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2011-08-08 05:20 - 2011-08-08 05:20 - 0000000 ____D C:\Program Files (x86)\QuickTime
2011-08-08 02:08 - 2011-08-08 02:08 - 0046672 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys
2011-07-25 12:31 - 2010-12-20 07:51 - 0002491 ____A C:\Users\Public\Desktop\Safari.lnk
2011-07-25 12:31 - 2010-12-20 07:51 - 0000000 ____D C:\Program Files (x86)\Safari
2011-07-25 12:27 - 2011-07-25 12:27 - 0000000 ____D C:\Program Files\Bonjour
2011-07-25 12:27 - 2011-07-25 12:27 - 0000000 ____D C:\Program Files (x86)\Bonjour

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 19%
Total physical RAM: 3998.96 MB
Available physical RAM: 3216.48 MB
Total Pagefile: 3997.11 MB
Available Pagefile: 3207.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:216.86 GB) (Free:149.94 GB) NTFS
2 Drive e: (RECOVERY) (Fixed) (Total:15.83 GB) (Free:2.59 GB) NTFS
4 Drive g: (ASHLEYD) (Removable) (Total:7.51 GB) (Free:6.53 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS

==========================================================

Last Boot: 2011-10-13 09:47

======================= End Of Log ==========================

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:01 PM

Posted 20 October 2011 - 03:27 AM

Well done.

We are going to remove the infection. We have to restore some registry entries later on after the malware is removed.

  • You have the program Spybot S&D (Teatimer option) running on your machine. We need to disable TeaTimer so it does not interfere with the fixes we are about to do. This will only take a few seconds.
    • First disable TeaTimer:
      • Run Spybot-S&D
      • Go to the Mode menu, and make sure Advanced Mode is selected
      • On the left hand side, choose Tools -> Resident
      • Uncheck Resident TeaTimer and OK any prompts
      • Restart your computer.
      Instruction is also here: How to disable TeaTimer during HijackThis Cleanup
      Note:If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
    • Then download ResetTeaTimer.exe to your desktop.
      • Doubleclick ResetTeaTimer.exe and let it run.
    Note: The Teatimer should be kept disabled until I give you the clean sign.
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    start
    SubSystems: [Windows] ==> ZeroAccess
    c:\windows\system32\consrv.dll
    cmd: type c:\tdss*.txt
    end
    

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the BartPE CD.
    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


#8 Brian209

Brian209
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 22 October 2011 - 09:28 AM

It may be that I cannot do what you need me to do.

Here is what is happening. I boot up and run Spybot S&D, set to advanced mode and uncheck Teatimer. I then reboot and Windows feels that it is in need of repair. I have tried allowing the system restore to run and attempt to automatically fix Windows which always ends saying that it cannot automatically fix the problem. The only way I can get back into windows is to restore from a past restore point. Once I restore, of course Teatimer is running again so I cannot proceed with the next step.

I have tried two different restore points and cannot get the computer to come back into windows after disabling Teatimer. It may be that I have to restore Windows back to factory default and start over, unless there is some way to disable Teatimer, kill a service or task and then run the removal script.

I will await a response before doing anything beyond trying a third restoral point.

Brian

Edited by Brian209, 22 October 2011 - 09:28 AM.


#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:01 PM

Posted 22 October 2011 - 09:39 AM

You should have asked before using system restore. In case you have restored the computer using system restore we might need another log.

Can you uninstall Spybot S&D? In case after uninstalling it Windows didn't boot, do you have another computer to communicate. We can work within the recovery environment to clean the system and boot.

#10 Brian209

Brian209
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 23 October 2011 - 01:19 PM

Sorry about running the system restore point without checking in. I should know better.

The system restore point completed and then I uninstalled Spybot Search and Destroy which wanted to do a reboot to complete the removal. The computer shut down and then started back up. I got the multi color Windows logo and then the screen goes black. No keypress brings anything else up, pressing the power button immediately turns off the laptop (you do not have to hold down the power button to get it to power off).

Power back up and I can either Boot Windows normally or I can go to System Restore. Boot Windows normally repeats the black screen.

I will wait for instructions before proceeding.

Brian

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:01 PM

Posted 23 October 2011 - 01:21 PM

Please go to System Recovery Options, run FRST, Press Scan and post the log please.

#12 Brian209

Brian209
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 23 October 2011 - 02:15 PM

Here is the latest log file:


Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.2.6
Ran by SYSTEM at 2011-10-23 15:11:14
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [318464 2009-05-14] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [610872 2009-07-21] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2009-08-24] (Sun Microsystems, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [165912 2009-12-28] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [387608 2009-12-28] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [365592 2009-12-28] (Intel Corporation)
HKLM-x32\...\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [581480 2009-05-12] (Symantec Corporation)
HKLM-x32\...\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-05-20] (Hewlett-Packard Company)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2404704 2011-09-23] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-08-18] (Apple Inc.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [218440 2011-10-08] ()
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-10-25] (Hewlett-Packard)
HKU\Default\...\Policies\system: [WallpaperStyle] 2
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-10-25] (Hewlett-Packard)
HKU\Default User\...\Policies\system: [WallpaperStyle] 2
HKU\owner\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1668664 2009-10-25] (Hewlett-Packard)
HKU\owner\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-06-16] (Hewlett-Packard Company)
HKU\owner\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation)
HKU\owner\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-02-23] (Google Inc.)
HKU\owner\...\Policies\system: [WallpaperStyle] 2
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5265248 2011-09-12] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [192776 2011-08-02] (AVG Technologies CZ, s.r.o.)
2 BBUpdate; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [249648 2011-06-15] (Microsoft Corporation)
3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [206072 2010-10-12] (WildTangent, Inc.)
2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [85560 2011-06-21] (Hewlett-Packard Company)
2 hpsrv; C:\Windows\System32\Hpservice.exe [30520 2009-07-08] (Hewlett-Packard)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-01-21] ()
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
2 vToolbarUpdater; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [246600 2011-10-08] ()

========================== Drivers (Whitelisted) =============

3 Accelerometer; C:\Windows\System32\DRIVERS\Accelerometer.sys [41272 2009-07-08] (Hewlett-Packard)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [120400 2011-07-10] (AVG Technologies CZ, s.r.o. )
0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-07-10] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29776 2011-07-10] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [282704 2011-07-10] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [46672 2011-08-08] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-09-13] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [375376 2011-07-10] (AVG Technologies CZ, s.r.o.)
3 enecir; C:\Windows\System32\DRIVERS\enecir.sys [70656 2009-05-20] (ENE TECHNOLOGY INC.)
0 hpdskflt; C:\Windows\System32\DRIVERS\hpdskflt.sys [30008 2009-07-08] (Hewlett-Packard)
3 JMCR; C:\Windows\System32\DRIVERS\jmcr.sys [140712 2009-07-22] (JMicron Technology Corporation)
4 eabfiltr; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-10-21 19:37 - 2011-08-16 21:32 - 0613888 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2011-10-21 19:37 - 2011-08-16 21:27 - 0288256 ____A (Microsoft Corporation) C:\Windows\System32\MSNP.ax
2011-10-21 19:37 - 2011-08-16 21:27 - 0108032 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2011-10-21 19:37 - 2011-08-16 21:27 - 0104960 ____A (Microsoft Corporation) C:\Windows\System32\Mpeg2Data.ax
2011-10-21 19:37 - 2011-08-16 21:27 - 0075776 ____A (Microsoft Corporation) C:\Windows\System32\MSDvbNP.ax
2011-10-21 19:37 - 2011-08-16 20:26 - 0465408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2011-10-21 19:37 - 2011-08-16 20:22 - 0204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSNP.ax
2011-10-21 19:37 - 2011-08-16 20:22 - 0075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2011-10-21 19:37 - 2011-08-16 20:22 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax
2011-10-21 19:37 - 2011-08-16 20:22 - 0059904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax
2011-10-20 01:40 - 2011-10-23 15:11 - 0000000 ____D C:\FRST
2011-10-17 18:17 - 2011-10-17 18:19 - 0000000 ____D C:\Users\owner\My Documents\ContactsBackup
2011-10-17 18:17 - 2011-10-17 18:19 - 0000000 ____D C:\Users\owner\Documents\ContactsBackup
2011-10-17 18:12 - 2011-10-17 18:14 - 0000000 ____D C:\Users\owner\My Documents\MailBackup
2011-10-17 18:12 - 2011-10-17 18:14 - 0000000 ____D C:\Users\owner\Documents\MailBackup
2011-10-17 16:36 - 2011-10-20 19:56 - 0000000 ____D C:\Program Files (x86)\Cobian Backup 10
2011-10-16 12:46 - 2011-10-16 12:46 - 0000472 ____N C:\Users\owner\Downloads\defogger_disable.log
2011-10-16 12:46 - 2011-10-16 12:46 - 0000000 ____N C:\Users\owner\defogger_reenable
2011-10-16 12:36 - 2011-10-16 12:36 - 0000000 ____D C:\Users\owner\Application Data\SUPERAntiSpyware.com
2011-10-16 12:36 - 2011-10-16 12:36 - 0000000 ____D C:\Users\owner\AppData\Roaming\SUPERAntiSpyware.com
2011-10-16 12:35 - 2011-10-20 19:56 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2011-10-16 12:35 - 2011-10-16 12:35 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2011-10-16 12:35 - 2011-10-16 12:35 - 0000000 ____D C:\Users\All Users\Application Data\SUPERAntiSpyware.com
2011-10-16 12:35 - 2011-10-16 12:35 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2011-10-16 05:11 - 2011-10-16 05:11 - 0000000 ____D C:\Users\Default\Local Settings\Application Data\Apple Computer
2011-10-16 05:11 - 2011-10-16 05:11 - 0000000 ____D C:\Users\Default\Local Settings\Apple Computer
2011-10-16 05:11 - 2011-10-16 05:11 - 0000000 ____D C:\Users\Default\Application Data\Apple Computer
2011-10-16 05:11 - 2011-10-16 05:11 - 0000000 ____D C:\Users\Default\AppData\Roaming\Apple Computer
2011-10-16 05:11 - 2011-10-16 05:11 - 0000000 ____D C:\Users\Default\AppData\Local\Apple Computer
2011-10-16 05:11 - 2011-10-16 05:11 - 0000000 ____D C:\Users\Default User\Local Settings\Application Data\Apple Computer
2011-10-16 05:11 - 2011-10-16 05:11 - 0000000 ____D C:\Users\Default User\Local Settings\Apple Computer
2011-10-16 05:11 - 2011-10-16 05:11 - 0000000 ____D C:\Users\Default User\Application Data\Apple Computer
2011-10-16 05:11 - 2011-10-16 05:11 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Apple Computer
2011-10-16 05:11 - 2011-10-16 05:11 - 0000000 ____D C:\Users\Default User\AppData\Local\Apple Computer
2011-10-15 16:42 - 2011-10-20 19:56 - 0000000 ____D C:\Users\owner\Downloads\gmer (1)
2011-10-15 16:41 - 2011-10-15 16:41 - 0294216 ____N C:\Users\owner\Downloads\gmer (1).zip
2011-10-15 16:40 - 2011-10-15 16:40 - 0294216 ____N C:\Users\owner\Downloads\gmer.zip
2011-10-15 15:42 - 2011-10-15 15:42 - 0000000 ____D C:\Program Files (x86)\Trend Micro
2011-10-14 19:55 - 2011-10-14 19:55 - 0041272 ____A (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys
2011-10-14 16:33 - 2011-10-14 16:33 - 0437101 ___RA C:\Windows\System32\Drivers\etc\hosts
2011-10-14 14:55 - 2011-09-05 19:07 - 3134976 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-10-14 14:53 - 2011-08-26 21:40 - 0861184 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2011-10-14 14:53 - 2011-08-26 21:40 - 0331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2011-10-14 14:53 - 2011-08-26 20:43 - 0571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2011-10-14 14:53 - 2011-08-26 20:43 - 0233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2011-10-14 14:37 - 2011-10-14 14:37 - 0000000 ____D C:\703A5225A39DDCAEEB
2011-10-14 14:12 - 2011-08-31 21:12 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-10-14 14:12 - 2011-08-31 21:12 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-10-14 14:12 - 2011-08-31 18:23 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-10-14 14:12 - 2011-08-31 18:22 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-10-14 14:11 - 2011-08-31 21:34 - 17781760 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-10-14 14:11 - 2011-08-31 21:24 - 2309120 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-10-14 14:11 - 2011-08-31 21:24 - 10886144 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-10-14 14:11 - 2011-08-31 21:18 - 1344512 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-10-14 14:11 - 2011-08-31 21:17 - 1389056 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-10-14 14:11 - 2011-08-31 21:16 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-10-14 14:11 - 2011-08-31 21:15 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-10-14 14:11 - 2011-08-31 21:14 - 0818176 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-10-14 14:11 - 2011-08-31 21:12 - 2143744 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-10-14 14:11 - 2011-08-31 21:08 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-10-14 14:11 - 2011-08-31 18:36 - 12275200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-10-14 14:11 - 2011-08-31 18:35 - 1798144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2011-10-14 14:11 - 2011-08-31 18:33 - 9704960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-10-14 14:11 - 2011-08-31 18:28 - 1126912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-10-14 14:11 - 2011-08-31 18:28 - 1102848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-10-14 14:11 - 2011-08-31 18:27 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-10-14 14:11 - 2011-08-31 18:26 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-10-14 14:11 - 2011-08-31 18:24 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-10-14 14:11 - 2011-08-31 18:23 - 1791488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-10-14 14:11 - 2011-08-31 18:21 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-10-14 14:07 - 2011-10-14 14:08 - 16409960 ____A (Safer Networking Limited ) C:\Users\owner\Downloads\spybotsd162.exe
2011-10-13 18:11 - 2011-10-14 17:59 - 0000000 ____D C:\Windows\System32\MpEngineStore
2011-10-13 17:32 - 2011-10-13 17:32 - 0000000 ____D C:\B291C2EFD1E6CE11ECC633
2011-10-13 17:16 - 2011-10-13 17:19 - 0077040 ____A C:\TDSSKiller.2.6.8.0_13.10.2011_21.16.48_log.txt
2011-10-13 17:16 - 2011-10-13 17:16 - 1541309 ____N C:\Users\owner\Downloads\tdsskiller.zip
2011-10-12 17:32 - 2011-10-23 10:10 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2011-10-12 17:32 - 2011-10-23 10:08 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2011-10-12 17:32 - 2011-10-23 10:08 - 0000000 ____D C:\Users\All Users\Application Data\Spybot - Search & Destroy
2011-10-12 17:32 - 2011-10-23 10:08 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2011-10-12 15:53 - 2011-10-12 15:53 - 1402880 ____A C:\Users\owner\Downloads\HiJackThis.msi
2011-10-10 16:01 - 2011-10-10 16:01 - 0302592 ____A C:\Users\owner\Desktop\t8mv5znf.exe
2011-10-10 15:59 - 2011-10-10 15:59 - 0607260 ___RA (Swearware) C:\Users\owner\Desktop\dds.scr
2011-10-09 20:26 - 2011-10-09 20:26 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2011-10-09 20:26 - 2011-10-09 20:26 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2011-10-09 20:26 - 2011-10-09 20:26 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2011-10-09 20:26 - 2011-10-09 20:26 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-10-09 20:26 - 2011-10-09 20:26 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2011-10-09 20:26 - 2011-10-09 20:26 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2011-10-09 20:26 - 2011-10-09 20:26 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2011-10-09 20:26 - 2011-10-09 20:26 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2011-10-09 20:26 - 2011-10-09 20:26 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2011-10-09 20:26 - 2011-10-09 20:26 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-10-09 20:25 - 2011-10-09 20:25 - 1492992 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-10-09 20:25 - 2011-10-09 20:25 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-10-09 20:25 - 2011-10-09 20:25 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2011-10-09 20:25 - 2011-10-09 20:25 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2011-10-09 20:25 - 2011-10-09 20:25 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2011-10-09 20:25 - 2011-10-09 20:25 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2011-10-09 20:25 - 2011-10-09 20:25 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2011-10-09 20:25 - 2011-10-09 20:25 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-10-09 20:04 - 2011-10-09 20:26 - 0003948 ____A C:\Windows\IE9_main.log
2011-10-09 19:37 - 2011-10-09 19:37 - 0000000 ____D C:\Windows\System32\SPReview
2011-10-09 19:36 - 2011-10-09 19:36 - 0000000 ____D C:\Windows\System32\EventProviders
2011-10-09 19:22 - 2011-10-23 10:10 - 0001238 ____A C:\Windows\PFRO.log
2011-10-09 19:22 - 2011-10-21 19:23 - 0000672 ____A C:\Windows\setupact.log
2011-10-09 19:22 - 2011-10-09 19:22 - 0000000 ____A C:\Windows\setuperr.log
2011-10-09 19:20 - 2011-10-09 19:20 - 0005222 ____A C:\Users\owner\My Documents\cc_20111009_232022.reg
2011-10-09 19:20 - 2011-10-09 19:20 - 0005222 ____A C:\Users\owner\Documents\cc_20111009_232022.reg
2011-10-09 19:19 - 2011-10-09 19:20 - 0085660 ____A C:\Users\owner\My Documents\cc_20111009_231949.reg
2011-10-09 19:19 - 2011-10-09 19:20 - 0085660 ____A C:\Users\owner\Documents\cc_20111009_231949.reg
2011-10-09 19:19 - 2011-10-09 19:19 - 0002215 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2011-10-09 19:19 - 2011-10-09 19:19 - 0002215 ____A C:\Users\All Users\Desktop\Google Chrome.lnk
2011-10-09 19:16 - 2011-10-09 19:16 - 0000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2011-10-09 19:16 - 2011-10-09 19:16 - 0000822 ____A C:\Users\All Users\Desktop\CCleaner.lnk
2011-10-09 19:16 - 2011-10-09 19:16 - 0000000 ____D C:\Program Files\CCleaner
2011-10-09 18:17 - 2011-10-15 05:21 - 0000000 ____D C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2011-10-09 18:17 - 2011-10-09 18:17 - 0001069 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2011-10-09 18:17 - 2011-10-09 18:17 - 0001069 ____A C:\Users\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
2011-10-09 18:17 - 2011-10-09 18:17 - 0000000 ____D C:\Users\owner\Application Data\Malwarebytes
2011-10-09 18:17 - 2011-10-09 18:17 - 0000000 ____D C:\Users\owner\AppData\Roaming\Malwarebytes
2011-10-09 18:17 - 2011-10-09 18:17 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-10-09 18:17 - 2011-10-09 18:17 - 0000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2011-10-09 18:17 - 2011-10-09 18:17 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-10-09 18:17 - 2011-10-09 18:17 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-09 18:17 - 2011-08-31 13:00 - 0025416 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-10-08 06:34 - 2011-10-08 06:34 - 0000000 ____D C:\Users\owner\Local Settings\ElevatedDiagnostics
2011-10-08 06:34 - 2011-10-08 06:34 - 0000000 ____D C:\Users\owner\Local Settings\Application Data\ElevatedDiagnostics
2011-10-08 06:34 - 2011-10-08 06:34 - 0000000 ____D C:\Users\owner\AppData\Local\ElevatedDiagnostics
2011-10-08 06:01 - 2011-10-08 06:01 - 0000925 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2011-10-08 06:01 - 2011-10-08 06:01 - 0000925 ____A C:\Users\All Users\Desktop\AVG 2012.lnk
2011-10-08 06:01 - 2011-10-08 06:01 - 0000000 ____D C:\Program Files (x86)\AVG Secure Search
2011-10-08 05:59 - 2011-10-21 23:12 - 0000000 ____D C:\Users\owner\Application Data\AVG2012
2011-10-08 05:59 - 2011-10-21 23:12 - 0000000 ____D C:\Users\owner\AppData\Roaming\AVG2012
2011-10-08 05:58 - 2011-10-14 17:49 - 0000000 ____D C:\Users\All Users\AVG2012
2011-10-08 05:58 - 2011-10-14 17:49 - 0000000 ____D C:\Users\All Users\Application Data\AVG2012
2011-10-08 05:58 - 2011-10-14 17:49 - 0000000 ____D C:\ProgramData\AVG2012
2011-10-07 06:24 - 2011-10-07 06:24 - 0000000 ____D C:\Windows\Sun
2011-10-06 07:24 - 2011-10-06 07:24 - 0000000 ____D C:\Windows\system64

============ 3 Months Modified Files and Folders =============

2011-10-23 15:11 - 2011-10-20 01:40 - 0000000 ____D C:\FRST
2011-10-23 14:49 - 2009-11-16 19:22 - 0000000 ____D C:\Users\All Users\Recovery
2011-10-23 14:49 - 2009-11-16 19:22 - 0000000 ____D C:\Users\All Users\Application Data\Recovery
2011-10-23 14:49 - 2009-11-16 19:22 - 0000000 ____D C:\ProgramData\Recovery
2011-10-23 10:10 - 2011-10-12 17:32 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2011-10-23 10:10 - 2011-10-09 19:22 - 0001238 ____A C:\Windows\PFRO.log
2011-10-23 10:08 - 2011-10-12 17:32 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2011-10-23 10:08 - 2011-10-12 17:32 - 0000000 ____D C:\Users\All Users\Application Data\Spybot - Search & Destroy
2011-10-23 10:08 - 2011-10-12 17:32 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2011-10-23 10:08 - 2009-11-16 19:00 - 1389265 ____A C:\Windows\WindowsUpdate.log
2011-10-23 09:41 - 2011-02-23 20:19 - 0000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2011-10-23 05:41 - 2011-02-23 20:19 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-10-23 04:32 - 2010-12-15 16:48 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2011-10-23 04:32 - 2010-10-24 08:14 - 0000000 ____D C:\Users\All Users\MFAData
2011-10-23 04:32 - 2010-10-24 08:14 - 0000000 ____D C:\Users\All Users\Application Data\MFAData
2011-10-23 04:32 - 2010-10-24 08:14 - 0000000 ____D C:\ProgramData\MFAData
2011-10-21 23:12 - 2011-10-08 05:59 - 0000000 ____D C:\Users\owner\Application Data\AVG2012
2011-10-21 23:12 - 2011-10-08 05:59 - 0000000 ____D C:\Users\owner\AppData\Roaming\AVG2012
2011-10-21 23:12 - 2009-12-25 15:18 - 0000000 __RSD C:\Users\owner\My Documents\My Stationery
2011-10-21 23:12 - 2009-12-25 15:18 - 0000000 __RSD C:\Users\owner\Documents\My Stationery
2011-10-21 23:12 - 2009-12-11 23:50 - 0000000 ___RD C:\Users\owner\Desktop\Unused Icons
2011-10-21 23:12 - 2009-12-11 22:50 - 0000000 ____D C:\Users\owner\Local Settings\Hewlett-Packard_Company
2011-10-21 23:12 - 2009-12-11 22:50 - 0000000 ____D C:\Users\owner\Local Settings\Application Data\Hewlett-Packard_Company
2011-10-21 23:12 - 2009-12-11 22:50 - 0000000 ____D C:\Users\owner\AppData\Local\Hewlett-Packard_Company
2011-10-21 23:12 - 2009-12-11 22:45 - 0000000 ____D C:\Users\owner\Local Settings\Hewlett-Packard
2011-10-21 23:12 - 2009-12-11 22:45 - 0000000 ____D C:\Users\owner\Local Settings\Application Data\Hewlett-Packard
2011-10-21 23:12 - 2009-12-11 22:45 - 0000000 ____D C:\Users\owner\AppData\Local\Hewlett-Packard
2011-10-21 23:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\security
2011-10-21 23:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2011-10-21 23:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2011-10-21 23:05 - 2011-02-23 20:19 - 0000000 ____D C:\Users\owner\Local Settings\Google
2011-10-21 23:05 - 2011-02-23 20:19 - 0000000 ____D C:\Users\owner\Local Settings\Application Data\Google
2011-10-21 23:05 - 2011-02-23 20:19 - 0000000 ____D C:\Users\owner\AppData\Local\Google
2011-10-21 23:05 - 2010-09-01 09:32 - 0000000 ____D C:\Users\All Users\Application Data\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-10-21 23:05 - 2010-09-01 09:32 - 0000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-10-21 23:05 - 2010-09-01 09:32 - 0000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-10-21 23:05 - 2009-12-26 14:25 - 0000000 ____D C:\Users\owner\Local Settings\Microsoft Games
2011-10-21 23:05 - 2009-12-26 14:25 - 0000000 ____D C:\Users\owner\Local Settings\Application Data\Microsoft Games
2011-10-21 23:05 - 2009-12-26 14:25 - 0000000 ____D C:\Users\owner\AppData\Local\Microsoft Games
2011-10-21 23:05 - 2009-12-11 22:54 - 0000000 ____D C:\Users\owner\Application Data\Adobe
2011-10-21 23:05 - 2009-12-11 22:54 - 0000000 ____D C:\Users\owner\AppData\Roaming\Adobe
2011-10-21 23:05 - 2009-12-11 22:44 - 0000000 ____D C:\Users\owner\AppData\LocalLow
2011-10-21 23:05 - 2009-11-16 19:05 - 0000000 ____D C:\Program Files\IDT
2011-10-21 23:05 - 2009-08-24 10:54 - 0000000 ____D C:\Program Files (x86)\Java
2011-10-21 19:43 - 2009-12-25 18:32 - 0000052 ____A C:\Windows\SysWOW64\DOErrors.log
2011-10-21 19:39 - 2009-07-13 20:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-10-21 19:39 - 2009-07-13 20:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-10-21 19:35 - 2009-07-13 21:13 - 0726316 ____A C:\Windows\System32\PerfStringBackup.INI
2011-10-21 19:27 - 2010-04-15 09:19 - 0000000 ____D C:\Users\owner\Tracing
2011-10-21 19:27 - 2009-12-11 22:51 - 0000190 ____A C:\Users\All Users\HPWALog.txt
2011-10-21 19:27 - 2009-12-11 22:51 - 0000190 ____A C:\Users\All Users\Application Data\HPWALog.txt
2011-10-21 19:27 - 2009-12-11 22:51 - 0000190 ____A C:\ProgramData\HPWALog.txt
2011-10-21 19:25 - 2009-12-11 22:44 - 0000000 ____D C:\users\owner
2011-10-21 19:23 - 2011-10-09 19:22 - 0000672 ____A C:\Windows\setupact.log
2011-10-21 19:23 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-10-21 19:23 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2011-10-20 19:56 - 2011-10-17 16:36 - 0000000 ____D C:\Program Files (x86)\Cobian Backup 10
2011-10-20 19:56 - 2011-10-16 12:35 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2011-10-20 19:56 - 2011-10-15 16:42 - 0000000 ____D C:\Users\owner\Downloads\gmer (1)
2011-10-20 19:56 - 2009-12-11 22:44 - 0000000 ____D C:\Users\owner\Desktop\owner 2011-10-18 21;40;14
2011-10-20 19:56 - 2009-12-11 22:44 - 0000000 ____D C:\Users\owner\Desktop\owner 2011-10-17 22;21;35
2011-10-17 18:19 - 2011-10-17 18:17 - 0000000 ____D C:\Users\owner\My Documents\ContactsBackup
2011-10-17 18:19 - 2011-10-17 18:17 - 0000000 ____D C:\Users\owner\Documents\ContactsBackup
2011-10-17 18:14 - 2011-10-17 18:12 - 0000000 ____D C:\Users\owner\My Documents\MailBackup
2011-10-17 18:14 - 2011-10-17 18:12 - 0000000 ____D C:\Users\owner\Documents\MailBackup
2011-10-16 12:46 - 2011-10-16 12:46 - 0000472 ____N C:\Users\owner\Downloads\defogger_disable.log
2011-10-16 12:46 - 2011-10-16 12:46 - 0000000 ____N C:\Users\owner\defogger_reenable
2011-10-16 12:36 - 2011-10-16 12:36 - 0000000 ____D C:\Users\owner\Application Data\SUPERAntiSpyware.com
2011-10-16 12:36 - 2011-10-16 12:36 - 0000000 ____D C:\Users\owner\AppData\Roaming\SUPERAntiSpyware.com
2011-10-16 12:35 - 2011-10-16 12:35 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2011-10-16 12:35 - 2011-10-16 12:35 - 0000000 ____D C:\Users\All Users\Application Data\SUPERAntiSpyware.com
2011-10-16 12:35 - 2011-10-16 12:35 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2011-10-16 05:11 - 2011-10-16 05:11 - 0000000 ____D C:\Users\Default\Local Settings\Application Data\Apple Computer
2011-10-16 05:11 - 2011-10-16 05:11 - 0000000 ____D C:\Users\Default\Local Settings\Apple Computer
2011-10-16 05:11 - 2011-10-16 05:11 - 0000000 ____D C:\Users\Default\Application Data\Apple Computer
2011-10-16 05:11 - 2011-10-16 05:11 - 0000000 ____D C:\Users\Default\AppData\Roaming\Apple Computer
2011-10-16 05:11 - 2011-10-16 05:11 - 0000000 ____D C:\Users\Default\AppData\Local\Apple Computer
2011-10-16 05:11 - 2011-10-16 05:11 - 0000000 ____D C:\Users\Default User\Local Settings\Application Data\Apple Computer
2011-10-16 05:11 - 2011-10-16 05:11 - 0000000 ____D C:\Users\Default User\Local Settings\Apple Computer
2011-10-16 05:11 - 2011-10-16 05:11 - 0000000 ____D C:\Users\Default User\Application Data\Apple Computer
2011-10-16 05:11 - 2011-10-16 05:11 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Apple Computer
2011-10-16 05:11 - 2011-10-16 05:11 - 0000000 ____D C:\Users\Default User\AppData\Local\Apple Computer
2011-10-15 16:41 - 2011-10-15 16:41 - 0294216 ____N C:\Users\owner\Downloads\gmer (1).zip
2011-10-15 16:40 - 2011-10-15 16:40 - 0294216 ____N C:\Users\owner\Downloads\gmer.zip
2011-10-15 15:42 - 2011-10-15 15:42 - 0000000 ____D C:\Program Files (x86)\Trend Micro
2011-10-15 05:21 - 2011-10-09 18:17 - 0000000 ____D C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2011-10-14 23:18 - 2009-07-13 20:45 - 0331472 ____A C:\Windows\System32\FNTCACHE.DAT
2011-10-14 19:55 - 2011-10-14 19:55 - 0041272 ____A (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys
2011-10-14 18:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2011-10-14 17:59 - 2011-10-13 18:11 - 0000000 ____D C:\Windows\System32\MpEngineStore
2011-10-14 17:49 - 2011-10-08 05:58 - 0000000 ____D C:\Users\All Users\AVG2012
2011-10-14 17:49 - 2011-10-08 05:58 - 0000000 ____D C:\Users\All Users\Application Data\AVG2012
2011-10-14 17:49 - 2011-10-08 05:58 - 0000000 ____D C:\ProgramData\AVG2012
2011-10-14 16:33 - 2011-10-14 16:33 - 0437101 ___RA C:\Windows\System32\Drivers\etc\hosts
2011-10-14 15:00 - 2009-08-24 08:33 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-10-14 14:37 - 2011-10-14 14:37 - 0000000 ____D C:\703A5225A39DDCAEEB
2011-10-14 14:32 - 2009-12-11 23:37 - 50086344 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-10-14 14:08 - 2011-10-14 14:07 - 16409960 ____A (Safer Networking Limited ) C:\Users\owner\Downloads\spybotsd162.exe
2011-10-13 17:32 - 2011-10-13 17:32 - 0000000 ____D C:\B291C2EFD1E6CE11ECC633
2011-10-13 17:19 - 2011-10-13 17:16 - 0077040 ____A C:\TDSSKiller.2.6.8.0_13.10.2011_21.16.48_log.txt
2011-10-13 17:16 - 2011-10-13 17:16 - 1541309 ____N C:\Users\owner\Downloads\tdsskiller.zip
2011-10-13 17:03 - 2009-07-24 22:11 - 0000000 ____D C:\Windows\Panther
2011-10-12 16:05 - 2009-12-11 22:50 - 0000000 ____D C:\Users\owner\Local Settings\VirtualStore
2011-10-12 16:05 - 2009-12-11 22:50 - 0000000 ____D C:\Users\owner\Local Settings\Application Data\VirtualStore
2011-10-12 16:05 - 2009-12-11 22:50 - 0000000 ____D C:\Users\owner\AppData\Local\VirtualStore
2011-10-12 15:53 - 2011-10-12 15:53 - 1402880 ____A C:\Users\owner\Downloads\HiJackThis.msi
2011-10-10 16:01 - 2011-10-10 16:01 - 0302592 ____A C:\Users\owner\Desktop\t8mv5znf.exe
2011-10-10 15:59 - 2011-10-10 15:59 - 0607260 ___RA (Swearware) C:\Users\owner\Desktop\dds.scr
2011-10-10 15:32 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2011-10-10 15:20 - 2009-07-13 21:08 - 0032596 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-10-09 20:26 - 2011-10-09 20:26 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2011-10-09 20:26 - 2011-10-09 20:26 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2011-10-09 20:26 - 2011-10-09 20:26 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2011-10-09 20:26 - 2011-10-09 20:26 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-10-09 20:26 - 2011-10-09 20:26 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2011-10-09 20:26 - 2011-10-09 20:26 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2011-10-09 20:26 - 2011-10-09 20:26 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2011-10-09 20:26 - 2011-10-09 20:26 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2011-10-09 20:26 - 2011-10-09 20:26 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2011-10-09 20:26 - 2011-10-09 20:26 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2011-10-09 20:26 - 2011-10-09 20:26 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2011-10-09 20:26 - 2011-10-09 20:26 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-10-09 20:26 - 2011-10-09 20:04 - 0003948 ____A C:\Windows\IE9_main.log
2011-10-09 20:25 - 2011-10-09 20:25 - 1492992 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-10-09 20:25 - 2011-10-09 20:25 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-10-09 20:25 - 2011-10-09 20:25 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2011-10-09 20:25 - 2011-10-09 20:25 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2011-10-09 20:25 - 2011-10-09 20:25 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2011-10-09 20:25 - 2011-10-09 20:25 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2011-10-09 20:25 - 2011-10-09 20:25 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2011-10-09 20:25 - 2011-10-09 20:25 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-10-09 19:37 - 2011-10-09 19:37 - 0000000 ____D C:\Windows\System32\SPReview
2011-10-09 19:36 - 2011-10-09 19:36 - 0000000 ____D C:\Windows\System32\EventProviders
2011-10-09 19:22 - 2011-10-09 19:22 - 0000000 ____A C:\Windows\setuperr.log
2011-10-09 19:20 - 2011-10-09 19:20 - 0005222 ____A C:\Users\owner\My Documents\cc_20111009_232022.reg
2011-10-09 19:20 - 2011-10-09 19:20 - 0005222 ____A C:\Users\owner\Documents\cc_20111009_232022.reg
2011-10-09 19:20 - 2011-10-09 19:19 - 0085660 ____A C:\Users\owner\My Documents\cc_20111009_231949.reg
2011-10-09 19:20 - 2011-10-09 19:19 - 0085660 ____A C:\Users\owner\Documents\cc_20111009_231949.reg
2011-10-09 19:19 - 2011-10-09 19:19 - 0002215 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2011-10-09 19:19 - 2011-10-09 19:19 - 0002215 ____A C:\Users\All Users\Desktop\Google Chrome.lnk
2011-10-09 19:19 - 2011-02-23 20:19 - 0000000 ____D C:\Program Files (x86)\Google
2011-10-09 19:18 - 2010-10-15 05:34 - 0000000 ____D C:\Windows\Minidump
2011-10-09 19:16 - 2011-10-09 19:16 - 0000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2011-10-09 19:16 - 2011-10-09 19:16 - 0000822 ____A C:\Users\All Users\Desktop\CCleaner.lnk
2011-10-09 19:16 - 2011-10-09 19:16 - 0000000 ____D C:\Program Files\CCleaner
2011-10-09 18:17 - 2011-10-09 18:17 - 0001069 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2011-10-09 18:17 - 2011-10-09 18:17 - 0001069 ____A C:\Users\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
2011-10-09 18:17 - 2011-10-09 18:17 - 0000000 ____D C:\Users\owner\Application Data\Malwarebytes
2011-10-09 18:17 - 2011-10-09 18:17 - 0000000 ____D C:\Users\owner\AppData\Roaming\Malwarebytes
2011-10-09 18:17 - 2011-10-09 18:17 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-10-09 18:17 - 2011-10-09 18:17 - 0000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2011-10-09 18:17 - 2011-10-09 18:17 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-10-09 18:17 - 2011-10-09 18:17 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-08 08:40 - 2010-01-23 07:42 - 0001974 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2011-10-08 08:40 - 2010-01-23 07:42 - 0001974 ____A C:\Users\All Users\Desktop\Adobe Reader 9.lnk
2011-10-08 06:37 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2011-10-08 06:34 - 2011-10-08 06:34 - 0000000 ____D C:\Users\owner\Local Settings\ElevatedDiagnostics
2011-10-08 06:34 - 2011-10-08 06:34 - 0000000 ____D C:\Users\owner\Local Settings\Application Data\ElevatedDiagnostics
2011-10-08 06:34 - 2011-10-08 06:34 - 0000000 ____D C:\Users\owner\AppData\Local\ElevatedDiagnostics
2011-10-08 06:01 - 2011-10-08 06:01 - 0000925 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2011-10-08 06:01 - 2011-10-08 06:01 - 0000925 ____A C:\Users\All Users\Desktop\AVG 2012.lnk
2011-10-08 06:01 - 2011-10-08 06:01 - 0000000 ____D C:\Program Files (x86)\AVG Secure Search
2011-10-08 05:54 - 2010-04-04 10:45 - 0000000 ____D C:\Program Files (x86)\AVG
2011-10-07 06:41 - 2011-06-29 05:56 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-10-07 06:37 - 2010-04-12 05:35 - 0000332 ____A C:\Windows\Tasks\HPCeeScheduleForowner.job
2011-10-07 06:24 - 2011-10-07 06:24 - 0000000 ____D C:\Windows\Sun
2011-10-06 07:24 - 2011-10-06 07:24 - 0000000 ____D C:\Windows\system64
2011-10-06 07:24 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\sysprep
2011-10-06 04:32 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2011-09-16 05:39 - 2009-08-24 08:28 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2011-09-16 05:38 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Help
2011-09-16 05:34 - 2011-09-16 05:34 - 0002139 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk
2011-09-16 05:34 - 2011-09-16 05:34 - 0002139 ____A C:\Users\All Users\Desktop\HP Support Assistant.lnk
2011-09-16 05:34 - 2009-08-24 08:27 - 0000000 ____D C:\Program Files (x86)\Hewlett-Packard
2011-09-16 05:32 - 2011-09-16 05:32 - 0000000 ____D C:\Users\All Users\Application Data\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
2011-09-16 05:32 - 2011-09-16 05:32 - 0000000 ____D C:\Users\All Users\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
2011-09-16 05:32 - 2011-09-16 05:32 - 0000000 ____D C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
2011-09-16 05:30 - 2009-07-16 15:15 - 0000000 ____D C:\SwSetup
2011-09-13 02:30 - 2011-09-13 02:30 - 0037456 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgrkx64.sys
2011-09-12 06:01 - 2011-09-12 06:01 - 0001743 ____A C:\Users\Public\Desktop\iTunes.lnk
2011-09-12 06:01 - 2011-09-12 06:01 - 0001743 ____A C:\Users\All Users\Desktop\iTunes.lnk
2011-09-12 06:01 - 2011-09-12 06:00 - 0000000 ____D C:\Program Files\iTunes
2011-09-12 06:01 - 2011-09-12 06:00 - 0000000 ____D C:\Program Files (x86)\iTunes
2011-09-12 06:00 - 2011-09-12 06:00 - 0000000 ____D C:\Program Files\iPod
2011-09-12 06:00 - 2010-09-01 09:24 - 0000000 ____D C:\Users\All Users\Application Data\Apple Computer
2011-09-12 06:00 - 2010-09-01 09:24 - 0000000 ____D C:\Users\All Users\Apple Computer
2011-09-12 06:00 - 2010-09-01 09:24 - 0000000 ____D C:\ProgramData\Apple Computer
2011-09-05 19:07 - 2011-10-14 14:55 - 3134976 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-08-31 21:34 - 2011-10-14 14:11 - 17781760 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-08-31 21:24 - 2011-10-14 14:11 - 2309120 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-08-31 21:24 - 2011-10-14 14:11 - 10886144 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-08-31 21:18 - 2011-10-14 14:11 - 1344512 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-08-31 21:17 - 2011-10-14 14:11 - 1389056 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-08-31 21:16 - 2011-10-14 14:11 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-08-31 21:15 - 2011-10-14 14:11 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-08-31 21:14 - 2011-10-14 14:11 - 0818176 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-08-31 21:12 - 2011-10-14 14:12 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-08-31 21:12 - 2011-10-14 14:12 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-08-31 21:12 - 2011-10-14 14:11 - 2143744 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-08-31 21:08 - 2011-10-14 14:11 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-08-31 18:36 - 2011-10-14 14:11 - 12275200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-08-31 18:35 - 2011-10-14 14:11 - 1798144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2011-08-31 18:33 - 2011-10-14 14:11 - 9704960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-08-31 18:28 - 2011-10-14 14:11 - 1126912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-08-31 18:28 - 2011-10-14 14:11 - 1102848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-08-31 18:27 - 2011-10-14 14:11 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-08-31 18:26 - 2011-10-14 14:11 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-08-31 18:24 - 2011-10-14 14:11 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-08-31 18:23 - 2011-10-14 14:12 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-08-31 18:23 - 2011-10-14 14:11 - 1791488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-08-31 18:22 - 2011-10-14 14:12 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-08-31 18:21 - 2011-10-14 14:11 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-08-31 13:00 - 2011-10-09 18:17 - 0025416 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-08-29 11:56 - 2009-12-26 09:50 - 0003948 _____ C:\Users\owner\Application Data\wklnhst.dat
2011-08-29 11:56 - 2009-12-26 09:50 - 0003948 _____ C:\Users\owner\AppData\Roaming\wklnhst.dat
2011-08-26 21:40 - 2011-10-14 14:53 - 0861184 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2011-08-26 21:40 - 2011-10-14 14:53 - 0331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2011-08-26 20:43 - 2011-10-14 14:53 - 0571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2011-08-26 20:43 - 2011-10-14 14:53 - 0233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2011-08-16 21:32 - 2011-10-21 19:37 - 0613888 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2011-08-16 21:27 - 2011-10-21 19:37 - 0288256 ____A (Microsoft Corporation) C:\Windows\System32\MSNP.ax
2011-08-16 21:27 - 2011-10-21 19:37 - 0108032 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2011-08-16 21:27 - 2011-10-21 19:37 - 0104960 ____A (Microsoft Corporation) C:\Windows\System32\Mpeg2Data.ax
2011-08-16 21:27 - 2011-10-21 19:37 - 0075776 ____A (Microsoft Corporation) C:\Windows\System32\MSDvbNP.ax
2011-08-16 20:26 - 2011-10-21 19:37 - 0465408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2011-08-16 20:22 - 2011-10-21 19:37 - 0204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSNP.ax
2011-08-16 20:22 - 2011-10-21 19:37 - 0075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2011-08-16 20:22 - 2011-10-21 19:37 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax
2011-08-16 20:22 - 2011-10-21 19:37 - 0059904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax
2011-08-09 11:44 - 2011-06-05 15:20 - 0002518 ____N C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2011-08-09 11:44 - 2011-06-05 15:20 - 0002518 ____N C:\Users\All Users\Desktop\WildTangent Games App - hp.lnk
2011-08-08 05:20 - 2011-08-08 05:20 - 0001805 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2011-08-08 05:20 - 2011-08-08 05:20 - 0001805 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk
2011-08-08 05:20 - 2011-08-08 05:20 - 0000000 ____D C:\Program Files (x86)\QuickTime
2011-08-08 02:08 - 2011-08-08 02:08 - 0046672 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 3998.96 MB
Available physical RAM: 3301.98 MB
Total Pagefile: 3997.11 MB
Available Pagefile: 3295.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:216.86 GB) (Free:152.45 GB) NTFS
2 Drive e: (RECOVERY) (Fixed) (Total:15.83 GB) (Free:2.59 GB) NTFS
4 Drive g: (LEXAR MEDIA) (Removable) (Total:0.24 GB) (Free:0.06 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS

==========================================================

Last Boot: 2011-10-22 18:59

======================= End Of Log ==========================

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:01 PM

Posted 24 October 2011 - 02:12 AM

Now please do the second step of Post #7.
Also try a restart, let it boot normally and tell me how it went.

#14 Brian209

Brian209
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 24 October 2011 - 07:21 PM

Ran the tool with the fixlist.txt script, below I posted the log it created. I exited the command prompt and then told Windows to reboot and it came up to the login screen for the first time in a while. I will wait for further instructions before doing anything as I am sure that you will want to check more logs and such before declaring the system clean.

Fix result of Farbars's Recovery Tool (FRST written by farbar version 2.2.6)
Ran by SYSTEM at 2011-10-24 20:15:46 R:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
C:\windows\system32\consrv.dll not found.

========= type c:\tdss*.txt =========


c:\TDSSKiller.2.6.8.0_13.10.2011_21.16.48_log.txt


21:16:48.0566 8028 TDSS rootkit removing tool 2.6.8.0 Oct 12 2011 07:30:54
21:16:49.0222 8028 ============================================================
21:16:49.0222 8028 Current date / time: 2011/10/13 21:16:49.0222
21:16:49.0222 8028 SystemInfo:
21:16:49.0222 8028
21:16:49.0222 8028 OS Version: 6.1.7600 ServicePack: 0.0
21:16:49.0222 8028 Product type: Workstation
21:16:49.0222 8028 ComputerName: OWNER-PC
21:16:49.0222 8028 UserName: owner
21:16:49.0222 8028 Windows directory: C:\Windows
21:16:49.0222 8028 System windows directory: C:\Windows
21:16:49.0222 8028 Running under WOW64
21:16:49.0222 8028 Processor architecture: Intel x64
21:16:49.0222 8028 Number of processors: 2
21:16:49.0222 8028 Page size: 0x1000
21:16:49.0222 8028 Boot type: Normal boot
21:16:49.0222 8028 ============================================================
21:16:51.0292 8028 Initialize success
21:16:56.0717 2940 ============================================================
21:16:56.0717 2940 Scan started
21:16:56.0717 2940 Mode: Manual;
21:16:56.0717 2940 ============================================================
21:16:58.0135 2940 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
21:16:58.0148 2940 1394ohci - ok
21:16:58.0264 2940 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
21:16:58.0266 2940 Accelerometer - ok
21:16:58.0343 2940 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
21:16:58.0349 2940 ACPI - ok
21:16:58.0506 2940 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
21:16:58.0508 2940 AcpiPmi - ok
21:16:58.0560 2940 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:16:58.0571 2940 adp94xx - ok
21:16:58.0691 2940 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:16:58.0699 2940 adpahci - ok
21:16:58.0805 2940 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:16:58.0827 2940 adpu320 - ok
21:16:59.0023 2940 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
21:16:59.0096 2940 AFD - ok
21:16:59.0265 2940 AgereSoftModem (c98356d813b581e9c425b42a5d146ce0) C:\Windows\system32\DRIVERS\agrsm64.sys
21:16:59.0314 2940 AgereSoftModem - ok
21:16:59.0440 2940 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
21:16:59.0442 2940 agp440 - ok
21:16:59.0488 2940 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
21:16:59.0490 2940 aliide - ok
21:16:59.0513 2940 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
21:16:59.0515 2940 amdide - ok
21:16:59.0626 2940 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:16:59.0628 2940 AmdK8 - ok
21:16:59.0645 2940 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:16:59.0648 2940 AmdPPM - ok
21:16:59.0706 2940 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
21:16:59.0709 2940 amdsata - ok
21:16:59.0748 2940 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:16:59.0758 2940 amdsbs - ok
21:16:59.0840 2940 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
21:16:59.0844 2940 amdxata - ok
21:16:59.0897 2940 ApfiltrService (05f1a0a81a98cf27e3f028213fb6c36a) C:\Windows\system32\DRIVERS\Apfiltr.sys
21:16:59.0903 2940 ApfiltrService - ok
21:16:59.0946 2940 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
21:16:59.0963 2940 AppID - ok
21:17:00.0113 2940 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:17:00.0119 2940 arc - ok
21:17:00.0148 2940 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:17:00.0150 2940 arcsas - ok
21:17:00.0190 2940 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:17:00.0192 2940 AsyncMac - ok
21:17:00.0291 2940 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
21:17:00.0292 2940 atapi - ok
21:17:00.0404 2940 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
21:17:00.0435 2940 AVGIDSDriver - ok
21:17:00.0555 2940 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
21:17:00.0557 2940 AVGIDSEH - ok
21:17:00.0606 2940 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
21:17:00.0608 2940 AVGIDSFilter - ok
21:17:00.0659 2940 Avgldx64 (dadfccfb036da99fa83e7e1d29290a6c) C:\Windows\system32\DRIVERS\avgldx64.sys
21:17:00.0663 2940 Avgldx64 - ok
21:17:00.0762 2940 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
21:17:00.0764 2940 Avgmfx64 - ok
21:17:00.0832 2940 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
21:17:00.0834 2940 Avgrkx64 - ok
21:17:00.0941 2940 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
21:17:00.0949 2940 Avgtdia - ok
21:17:01.0006 2940 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:17:01.0017 2940 b06bdrv - ok
21:17:01.0138 2940 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:17:01.0160 2940 b57nd60a - ok
21:17:01.0441 2940 BCM43XX (6c95dd14cfd30b0617b91dc6a0b1a1fb) C:\Windows\system32\DRIVERS\bcmwl664.sys
21:17:01.0474 2940 BCM43XX - ok
21:17:01.0600 2940 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:17:01.0600 2940 Beep - ok
21:17:01.0678 2940 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:17:01.0728 2940 blbdrive - ok
21:17:01.0842 2940 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
21:17:01.0844 2940 bowser - ok
21:17:01.0889 2940 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:17:01.0932 2940 BrFiltLo - ok
21:17:01.0966 2940 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:17:01.0968 2940 BrFiltUp - ok
21:17:02.0044 2940 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:17:02.0052 2940 Brserid - ok
21:17:02.0084 2940 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:17:02.0087 2940 BrSerWdm - ok
21:17:02.0120 2940 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:17:02.0122 2940 BrUsbMdm - ok
21:17:02.0155 2940 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:17:02.0157 2940 BrUsbSer - ok
21:17:02.0241 2940 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:17:02.0245 2940 BTHMODEM - ok
21:17:02.0289 2940 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:17:02.0292 2940 cdfs - ok
21:17:02.0340 2940 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
21:17:02.0345 2940 cdrom - ok
21:17:02.0454 2940 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:17:02.0456 2940 circlass - ok
21:17:02.0533 2940 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:17:02.0539 2940 CLFS - ok
21:17:02.0668 2940 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:17:02.0670 2940 CmBatt - ok
21:17:02.0712 2940 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
21:17:02.0714 2940 cmdide - ok
21:17:02.0758 2940 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
21:17:02.0786 2940 CNG - ok
21:17:02.0950 2940 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:17:02.0988 2940 Compbatt - ok
21:17:03.0044 2940 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:17:03.0048 2940 CompositeBus - ok
21:17:03.0094 2940 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:17:03.0097 2940 crcdisk - ok
21:17:03.0231 2940 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
21:17:03.0264 2940 DfsC - ok
21:17:03.0313 2940 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:17:03.0319 2940 discache - ok
21:17:03.0419 2940 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:17:03.0422 2940 Disk - ok
21:17:03.0477 2940 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:17:03.0479 2940 drmkaud - ok
21:17:03.0543 2940 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
21:17:03.0555 2940 DXGKrnl - ok
21:17:03.0759 2940 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:17:03.0794 2940 ebdrv - ok
21:17:03.0944 2940 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:17:03.0951 2940 elxstor - ok
21:17:04.0006 2940 enecir (a9ec08727c64d985678f5b64c03823f0) C:\Windows\system32\DRIVERS\enecir.sys
21:17:04.0029 2940 enecir - ok
21:17:04.0091 2940 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
21:17:04.0107 2940 ErrDev - ok
21:17:04.0172 2940 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:17:04.0182 2940 exfat - ok
21:17:04.0226 2940 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:17:04.0240 2940 fastfat - ok
21:17:04.0340 2940 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:17:04.0343 2940 fdc - ok
21:17:04.0406 2940 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:17:04.0409 2940 FileInfo - ok
21:17:04.0443 2940 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:17:04.0445 2940 Filetrace - ok
21:17:04.0475 2940 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:17:04.0482 2940 flpydisk - ok
21:17:04.0592 2940 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
21:17:04.0600 2940 FltMgr - ok
21:17:04.0650 2940 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:17:04.0656 2940 FsDepends - ok
21:17:04.0669 2940 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:17:04.0670 2940 Fs_Rec - ok
21:17:04.0739 2940 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:17:04.0754 2940 fvevol - ok
21:17:04.0844 2940 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:17:04.0849 2940 gagp30kx - ok
21:17:05.0019 2940 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:17:05.0021 2940 GEARAspiWDM - ok
21:17:05.0080 2940 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:17:05.0083 2940 hcw85cir - ok
21:17:05.0206 2940 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
21:17:05.0212 2940 HdAudAddService - ok
21:17:05.0222 2940 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:17:05.0222 2940 HDAudBus - ok
21:17:05.0269 2940 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:17:05.0316 2940 HidBatt - ok
21:17:05.0363 2940 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:17:05.0363 2940 HidBth - ok
21:17:05.0491 2940 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:17:05.0493 2940 HidIr - ok
21:17:05.0552 2940 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
21:17:05.0558 2940 HidUsb - ok
21:17:05.0714 2940 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
21:17:05.0720 2940 hpdskflt - ok
21:17:05.0762 2940 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
21:17:05.0764 2940 HpqKbFiltr - ok
21:17:05.0893 2940 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:17:05.0897 2940 HpSAMD - ok
21:17:05.0951 2940 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
21:17:05.0961 2940 HTTP - ok
21:17:06.0064 2940 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
21:17:06.0066 2940 hwpolicy - ok
21:17:06.0126 2940 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:17:06.0129 2940 i8042prt - ok
21:17:06.0240 2940 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
21:17:06.0246 2940 iaStorV - ok
21:17:06.0429 2940 igfx (3c3f27002abc69c5afe29cbe6cf7addf) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:17:06.0570 2940 igfx - ok
21:17:06.0704 2940 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:17:06.0706 2940 iirsp - ok
21:17:06.0836 2940 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
21:17:06.0839 2940 IntcHdmiAddService - ok
21:17:06.0953 2940 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
21:17:06.0956 2940 intelide - ok
21:17:06.0993 2940 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:17:06.0997 2940 intelppm - ok
21:17:07.0043 2940 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:17:07.0045 2940 IpFilterDriver - ok
21:17:07.0156 2940 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:17:07.0160 2940 IPMIDRV - ok
21:17:07.0183 2940 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:17:07.0205 2940 IPNAT - ok
21:17:07.0360 2940 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:17:07.0368 2940 IRENUM - ok
21:17:07.0522 2940 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
21:17:07.0537 2940 isapnp - ok
21:17:07.0562 2940 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
21:17:07.0570 2940 iScsiPrt - ok
21:17:07.0690 2940 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:17:07.0690 2940 kbdclass - ok
21:17:07.0721 2940 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
21:17:07.0721 2940 kbdhid - ok
21:17:07.0768 2940 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
21:17:07.0768 2940 KSecDD - ok
21:17:07.0814 2940 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
21:17:07.0818 2940 KSecPkg - ok
21:17:07.0929 2940 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:17:07.0931 2940 ksthunk - ok
21:17:08.0174 2940 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:17:08.0182 2940 lltdio - ok
21:17:08.0234 2940 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:17:08.0237 2940 LSI_FC - ok
21:17:08.0291 2940 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:17:08.0294 2940 LSI_SAS - ok
21:17:08.0385 2940 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:17:08.0398 2940 LSI_SAS2 - ok
21:17:08.0454 2940 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:17:08.0457 2940 LSI_SCSI - ok
21:17:08.0491 2940 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:17:08.0500 2940 luafv - ok
21:17:08.0606 2940 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:17:08.0615 2940 megasas - ok
21:17:08.0654 2940 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:17:08.0678 2940 MegaSR - ok
21:17:08.0711 2940 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:17:08.0713 2940 Modem - ok
21:17:08.0802 2940 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:17:08.0804 2940 monitor - ok
21:17:08.0842 2940 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:17:08.0904 2940 mouclass - ok
21:17:08.0935 2940 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:17:09.0015 2940 mouhid - ok
21:17:09.0050 2940 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
21:17:09.0100 2940 mountmgr - ok
21:17:09.0190 2940 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
21:17:09.0201 2940 mpio - ok
21:17:09.0221 2940 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:17:09.0223 2940 mpsdrv - ok
21:17:09.0352 2940 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
21:17:09.0385 2940 MRxDAV - ok
21:17:09.0548 2940 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:17:09.0572 2940 mrxsmb - ok
21:17:09.0640 2940 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:17:09.0674 2940 mrxsmb10 - ok
21:17:09.0949 2940 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:17:09.0968 2940 mrxsmb20 - ok
21:17:10.0116 2940 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
21:17:10.0116 2940 msahci - ok
21:17:10.0162 2940 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
21:17:10.0162 2940 msdsm - ok
21:17:10.0240 2940 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:17:10.0242 2940 Msfs - ok
21:17:10.0334 2940 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:17:10.0338 2940 mshidkmdf - ok
21:17:10.0379 2940 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
21:17:10.0392 2940 msisadrv - ok
21:17:10.0451 2940 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:17:10.0453 2940 MSKSSRV - ok
21:17:10.0469 2940 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:17:10.0472 2940 MSPCLOCK - ok
21:17:10.0618 2940 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:17:10.0622 2940 MSPQM - ok
21:17:10.0650 2940 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
21:17:10.0657 2940 MsRPC - ok
21:17:10.0703 2940 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:17:10.0718 2940 mssmbios - ok
21:17:10.0848 2940 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:17:10.0850 2940 MSTEE - ok
21:17:10.0876 2940 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:17:10.0880 2940 MTConfig - ok
21:17:10.0908 2940 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:17:10.0911 2940 Mup - ok
21:17:10.0974 2940 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:17:10.0981 2940 NativeWifiP - ok
21:17:11.0274 2940 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
21:17:11.0290 2940 NDIS - ok
21:17:11.0383 2940 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:17:11.0400 2940 NdisCap - ok
21:17:11.0441 2940 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:17:11.0443 2940 NdisTapi - ok
21:17:11.0473 2940 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
21:17:11.0476 2940 Ndisuio - ok
21:17:11.0504 2940 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:17:11.0546 2940 NdisWan - ok
21:17:11.0640 2940 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
21:17:11.0643 2940 NDProxy - ok
21:17:11.0666 2940 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:17:11.0668 2940 NetBIOS - ok
21:17:11.0715 2940 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
21:17:11.0719 2940 NetBT - ok
21:17:12.0011 2940 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
21:17:12.0143 2940 netw5v64 - ok
21:17:12.0256 2940 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:17:12.0258 2940 nfrd960 - ok
21:17:12.0314 2940 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:17:12.0317 2940 Npfs - ok
21:17:12.0349 2940 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:17:12.0351 2940 nsiproxy - ok
21:17:12.0425 2940 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
21:17:12.0453 2940 Ntfs - ok
21:17:12.0570 2940 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:17:12.0586 2940 Null - ok
21:17:12.0642 2940 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
21:17:12.0656 2940 nvraid - ok
21:17:12.0759 2940 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
21:17:12.0769 2940 nvstor - ok
21:17:12.0827 2940 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
21:17:12.0833 2940 nv_agp - ok
21:17:12.0867 2940 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
21:17:12.0869 2940 ohci1394 - ok
21:17:12.0903 2940 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:17:12.0906 2940 Parport - ok
21:17:13.0009 2940 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
21:17:13.0039 2940 partmgr - ok
21:17:13.0060 2940 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
21:17:13.0064 2940 pci - ok
21:17:13.0103 2940 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
21:17:13.0159 2940 pciide - ok
21:17:13.0188 2940 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:17:13.0192 2940 pcmcia - ok
21:17:13.0282 2940 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:17:13.0284 2940 pcw - ok
21:17:13.0320 2940 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:17:13.0331 2940 PEAUTH - ok
21:17:13.0490 2940 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
21:17:13.0493 2940 PptpMiniport - ok
21:17:13.0525 2940 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:17:13.0527 2940 Processor - ok
21:17:13.0575 2940 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
21:17:13.0579 2940 Psched - ok
21:17:13.0643 2940 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:17:13.0661 2940 ql2300 - ok
21:17:13.0754 2940 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:17:13.0754 2940 ql40xx - ok
21:17:13.0801 2940 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:17:13.0801 2940 QWAVEdrv - ok
21:17:13.0836 2940 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:17:13.0841 2940 RasAcd - ok
21:17:13.0878 2940 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:17:13.0880 2940 RasAgileVpn - ok
21:17:13.0974 2940 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:17:13.0977 2940 Rasl2tp - ok
21:17:14.0002 2940 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:17:14.0006 2940 RasPppoe - ok
21:17:14.0030 2940 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:17:14.0037 2940 RasSstp - ok
21:17:14.0073 2940 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
21:17:14.0079 2940 rdbss - ok
21:17:14.0124 2940 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:17:14.0129 2940 rdpbus - ok
21:17:14.0223 2940 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:17:14.0226 2940 RDPCDD - ok
21:17:14.0269 2940 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:17:14.0271 2940 RDPENCDD - ok
21:17:14.0310 2940 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:17:14.0312 2940 RDPREFMP - ok
21:17:14.0344 2940 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
21:17:14.0349 2940 RDPWD - ok
21:17:14.0475 2940 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
21:17:14.0479 2940 rdyboost - ok
21:17:14.0563 2940 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:17:14.0566 2940 rspndr - ok
21:17:14.0640 2940 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:17:14.0644 2940 RTL8167 - ok
21:17:14.0758 2940 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
21:17:14.0761 2940 sbp2port - ok
21:17:14.0832 2940 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
21:17:14.0836 2940 scfilter - ok
21:17:15.0214 2940 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
21:17:15.0217 2940 sdbus - ok
21:17:15.0387 2940 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:17:15.0389 2940 secdrv - ok
21:17:15.0436 2940 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:17:15.0438 2940 Serenum - ok
21:17:15.0464 2940 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:17:15.0467 2940 Serial - ok
21:17:15.0493 2940 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:17:15.0495 2940 sermouse - ok
21:17:15.0600 2940 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
21:17:15.0602 2940 sffdisk - ok
21:17:15.0611 2940 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:17:15.0613 2940 sffp_mmc - ok
21:17:15.0626 2940 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:17:15.0628 2940 sffp_sd - ok
21:17:15.0670 2940 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:17:15.0671 2940 sfloppy - ok
21:17:15.0717 2940 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:17:15.0719 2940 SiSRaid2 - ok
21:17:15.0761 2940 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:17:15.0766 2940 SiSRaid4 - ok
21:17:15.0881 2940 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:17:15.0883 2940 Smb - ok
21:17:15.0922 2940 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:17:15.0927 2940 spldr - ok
21:17:15.0999 2940 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
21:17:16.0009 2940 srv - ok
21:17:16.0120 2940 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
21:17:16.0120 2940 srv2 - ok
21:17:16.0182 2940 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
21:17:16.0198 2940 SrvHsfHDA - ok
21:17:16.0355 2940 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
21:17:16.0410 2940 SrvHsfV92 - ok
21:17:16.0521 2940 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
21:17:16.0530 2940 SrvHsfWinac - ok
21:17:16.0571 2940 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
21:17:16.0575 2940 srvnet - ok
21:17:16.0701 2940 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:17:16.0703 2940 stexstor - ok
21:17:16.0765 2940 STHDA (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys
21:17:16.0773 2940 STHDA - ok
21:17:16.0886 2940 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:17:16.0888 2940 swenum - ok
21:17:16.0979 2940 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
21:17:17.0002 2940 Tcpip - ok
21:17:17.0157 2940 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
21:17:17.0170 2940 TCPIP6 - ok
21:17:17.0272 2940 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
21:17:17.0274 2940 tcpipreg - ok
21:17:17.0296 2940 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:17:17.0298 2940 TDPIPE - ok
21:17:17.0320 2940 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:17:17.0320 2940 TDTCP - ok
21:17:17.0351 2940 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
21:17:17.0366 2940 tdx - ok
21:17:17.0413 2940 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
21:17:17.0413 2940 TermDD - ok
21:17:17.0516 2940 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:17:17.0518 2940 tssecsrv - ok
21:17:17.0771 2940 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
21:17:17.0834 2940 tunnel - ok
21:17:17.0923 2940 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:17:17.0929 2940 uagp35 - ok
21:17:17.0966 2940 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
21:17:17.0971 2940 udfs - ok
21:17:18.0024 2940 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:17:18.0026 2940 uliagpkx - ok
21:17:18.0156 2940 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
21:17:18.0158 2940 umbus - ok
21:17:18.0197 2940 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:17:18.0199 2940 UmPass - ok
21:17:18.0251 2940 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
21:17:18.0254 2940 usbccgp - ok
21:17:18.0354 2940 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
21:17:18.0356 2940 usbcir - ok
21:17:18.0399 2940 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
21:17:18.0401 2940 usbehci - ok
21:17:18.0432 2940 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
21:17:18.0437 2940 usbhub - ok
21:17:18.0529 2940 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
21:17:18.0544 2940 usbohci - ok
21:17:18.0575 2940 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:17:18.0575 2940 usbprint - ok
21:17:18.0622 2940 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
21:17:18.0638 2940 USBSTOR - ok
21:17:18.0690 2940 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:17:18.0692 2940 usbuhci - ok
21:17:18.0800 2940 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
21:17:18.0803 2940 usbvideo - ok
21:17:18.0865 2940 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:17:18.0867 2940 vdrvroot - ok
21:17:18.0913 2940 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:17:18.0915 2940 vga - ok
21:17:19.0013 2940 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:17:19.0015 2940 VgaSave - ok
21:17:19.0047 2940 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
21:17:19.0051 2940 vhdmp - ok
21:17:19.0092 2940 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
21:17:19.0094 2940 viaide - ok
21:17:19.0120 2940 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
21:17:19.0122 2940 volmgr - ok
21:17:19.0220 2940 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
21:17:19.0226 2940 volmgrx - ok
21:17:19.0277 2940 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
21:17:19.0284 2940 volsnap - ok
21:17:19.0328 2940 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:17:19.0332 2940 vsmraid - ok
21:17:19.0520 2940 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:17:19.0522 2940 vwifibus - ok
21:17:19.0563 2940 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:17:19.0565 2940 vwififlt - ok
21:17:19.0601 2940 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:17:19.0603 2940 vwifimp - ok
21:17:19.0698 2940 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:17:19.0700 2940 WacomPen - ok
21:17:19.0739 2940 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:17:19.0739 2940 WANARP - ok
21:17:19.0739 2940 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:17:19.0755 2940 Wanarpv6 - ok
21:17:19.0864 2940 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:17:19.0881 2940 Wd - ok
21:17:19.0934 2940 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:17:19.0943 2940 Wdf01000 - ok
21:17:20.0110 2940 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:17:20.0112 2940 WfpLwf - ok
21:17:20.0135 2940 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:17:20.0137 2940 WIMMount - ok
21:17:20.0315 2940 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
21:17:20.0317 2940 WinUsb - ok
21:17:20.0360 2940 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:17:20.0362 2940 WmiAcpi - ok
21:17:20.0422 2940 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:17:20.0424 2940 ws2ifsl - ok
21:17:20.0533 2940 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
21:17:20.0535 2940 WudfPf - ok
21:17:20.0587 2940 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:17:20.0590 2940 WUDFRd - ok
21:17:20.0659 2940 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
21:17:20.0665 2940 yukonw7 - ok
21:17:20.0708 2940 MBR (0x1B8) (740723db7759467a20da12187b582aa7) \Device\Harddisk0\DR0
21:17:20.0713 2940 \Device\Harddisk0\DR0 - ok
21:17:20.0720 2940 Boot (0x1200) (e446ba6c05ecf8a68eb1163a55a2a0a6) \Device\Harddisk0\DR0\Partition0
21:17:20.0722 2940 \Device\Harddisk0\DR0\Partition0 - ok
21:17:20.0741 2940 Boot (0x1200) (aa6fa4c9cdebdb98a6c7a37e2a141c8f) \Device\Harddisk0\DR0\Partition1
21:17:20.0741 2940 \Device\Harddisk0\DR0\Partition1 - ok
21:17:20.0769 2940 Boot (0x1200) (95831663ff477eb7a7508e6e24a4a5df) \Device\Harddisk0\DR0\Partition2
21:17:20.0772 2940 \Device\Harddisk0\DR0\Partition2 - ok
21:17:20.0773 2940 ============================================================
21:17:20.0773 2940 Scan finished
21:17:20.0773 2940 ============================================================
21:17:20.0793 5652 Detected object count: 0
21:17:20.0793 5652 Actual detected object count: 0
21:19:56.0834 2576 Deinitialize success

========= End of CMD: =========


==== End of Fixlog ====

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:01 PM

Posted 24 October 2011 - 07:38 PM

Great. :thumbup2:

Sure we have still some work to do.

  • Run command Prompt as Administrator. To do that:
    Go to Start and type cmd.exe in the Search box.
    It gives you cmd.exe in the upper part. Right-click cmd.exe and select "Run As Administrator".
    Copy the following command, right-click in the open Command prompt window and select Paste the press Enter:

    netsh winsock reset
  • Open your Malwarebytes' Anti-Malware.
  • First update it, to do that under the Update tab press "Check for Updates".
  • Under Scanner tab select "Perform Quick Scan", then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the MBAM log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users