Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Abnow and other issues


  • This topic is locked This topic is locked
24 replies to this topic

#1 Andrewesquire

Andrewesquire

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 05 March 2012 - 06:18 PM

I have the adnow thing, and would like to get rid of it. The added wrinkle is, whenever I try to go to bleeping computer.com, it deletes my browser. I am typing this on an iPad. Please help.

BC AdBot (Login to Remove)

 


#2 Andrewesquire

Andrewesquire
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 05 March 2012 - 06:26 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_30
Run by Drew at 15:22:02 on 2012-03-05
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2065 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe
C:\Users\Drew\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Drew\AppData\Local\Autobahn\nexdef.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Users\Drew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Drew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Drew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=14196
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: HP SimplePass Identity Protection Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - C:\Program Files (x86)\DigitalPersona\Bin\dpotspluginie8.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "C:\Users\Drew\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Facebook Update] "C:\Users\Drew\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex
StartupFolder: C:\Users\Drew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DING!.lnk - C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe
StartupFolder: C:\Users\Drew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Drew\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Drew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NEXDEF~1.LNK - C:\Users\Drew\AppData\Local\Autobahn\nexdef.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{547A3513-4249-4DC2-A533-17F67416BB9B} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{EDE97838-917D-42AE-AFB5-F97066DEA62E} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{EDE97838-917D-42AE-AFB5-F97066DEA62E}\2456C6B696E6F5E4F575962756C6563737F584F627163656 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{EDE97838-917D-42AE-AFB5-F97066DEA62E}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{EDE97838-917D-42AE-AFB5-F97066DEA62E}\458656051646D27657563747 : DhcpNameServer = 192.168.7.254
TCP: Interfaces\{EDE97838-917D-42AE-AFB5-F97066DEA62E}\7716378696E67647F6E60227564637B696E637022757C656 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{EDE97838-917D-42AE-AFB5-F97066DEA62E}\B497265627 : DhcpNameServer = 66.81.79.2 216.231.41.2
TCP: Interfaces\{EDE97838-917D-42AE-AFB5-F97066DEA62E}\D4F445F425F4C414D25443837303 : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Notification Packages = DPPassFilter scecli
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: HP SimplePass Identity Protection Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\dpotspluginie8.dll
BHO-X64: HP SimplePass Identity Protection Extension - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\0pg719zn.default\
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Drew\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Drew\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\Drew\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Drew\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Drew\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys --> C:\Windows\system32\DRIVERS\dvmio.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/06/26 02:49:13];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-6-26 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-9-7 89600]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-1-15 127984]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-2-8 338168]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-7-12 92216]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-10 652360]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896]
R2 PenCommService;Livescribe Smartpen Service;C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [2010-10-18 457728]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.EXE [2010-6-26 2320920]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-1-5 1791280]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14 136176]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 PulseUsb;Livescribe Smartpen USB Driver;C:\Windows\system32\DRIVERS\PulseUsb.sys --> C:\Windows\system32\DRIVERS\PulseUsb.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
SUnknown dpbvcwls;dpbvcwls; [x]
SUnknown rnrchjlg;rnrchjlg; [x]
.
=============== Created Last 30 ================
.
2012-03-05 23:11:37 -------- d-----w- C:\Users\Drew\AppData\Local\{E48E6F14-8187-42B3-9931-0146503151F0}
2012-03-05 23:11:13 -------- d-----w- C:\Users\Drew\AppData\Local\{7111FF05-4FD1-4AE8-A6FA-36875084C8D5}
2012-03-04 17:58:06 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{73AFB876-BAED-4CC6-A57A-F21BD96A3231}\offreg.dll
2012-03-04 17:47:08 -------- d-----w- C:\Users\Drew\AppData\Local\{1ADEE9AE-481E-4B2C-B6B1-96136AE12C93}
2012-03-04 17:46:39 -------- d-----w- C:\Users\Drew\AppData\Local\{38B35136-B238-4951-8903-085C0ECAC0BC}
2012-03-04 01:20:32 -------- d-----w- C:\Users\Drew\AppData\Local\{000828BC-40F3-4249-8AAB-0E2CCEF1223F}
2012-03-04 01:20:02 -------- d-----w- C:\Users\Drew\AppData\Local\{FF5C366B-AC69-4278-A770-6426E93E2DDB}
2012-03-03 19:23:19 -------- d-----w- C:\Users\Drew\AppData\Local\{952E77FB-41CA-4DAD-987D-46251EF4DC78}
2012-03-03 19:22:52 -------- d-----w- C:\Users\Drew\AppData\Local\{4FE5629E-2023-4512-8588-1038A648ABD0}
2012-03-02 14:45:36 -------- d-----w- C:\Users\Drew\AppData\Local\{1DCA63BD-71EF-47D7-9DEC-1BAE121956B4}
2012-03-02 14:45:14 -------- d-----w- C:\Users\Drew\AppData\Local\{FA8864E7-D3E4-4A3F-977B-26F015F758B5}
2012-03-02 12:57:42 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{73AFB876-BAED-4CC6-A57A-F21BD96A3231}\mpengine.dll
2012-03-01 05:14:27 -------- d-----w- C:\Users\Drew\AppData\Local\{F1CBB603-BBEF-4F06-BC1B-E0C2E6F629B0}
2012-02-29 17:14:09 -------- d-----w- C:\Users\Drew\AppData\Local\{3D5672D5-602E-4733-917A-CBE7334F040C}
2012-02-24 03:35:03 -------- d-----w- C:\Users\Drew\AppData\Local\{E03E39EB-7C9E-4E83-9688-F30F6595B3BC}
2012-02-24 03:34:41 -------- d-----w- C:\Users\Drew\AppData\Local\{5F704277-7E8D-46FD-BD90-F30C8FECCE87}
2012-02-22 01:10:03 -------- d-----w- C:\Users\Drew\AppData\Local\{AA7D8E1C-78C4-4EAA-B1E8-53A540104C2D}
2012-02-22 01:09:41 -------- d-----w- C:\Users\Drew\AppData\Local\{83BE2C22-FB8A-4379-B444-E99E9CFFD82C}
2012-02-21 05:17:02 -------- d-----w- C:\Users\Drew\AppData\Local\{03B0E6D1-D410-448E-A678-96B3A8CC0149}
2012-02-21 05:16:35 -------- d-----w- C:\Users\Drew\AppData\Local\{144D8547-38DC-4CBC-AF75-068583C24C20}
2012-02-19 17:20:34 -------- d-----w- C:\Users\Drew\AppData\Local\{D70ED9C5-BF76-4435-9B86-EC86A5E482E4}
2012-02-19 17:20:11 -------- d-----w- C:\Users\Drew\AppData\Local\{288EB533-0EF9-4386-ABBE-21FF00D0CD95}
2012-02-16 15:55:17 -------- d-----w- C:\Users\Drew\AppData\Local\{63637496-9982-4BA1-9D7A-F8FA3867F5FB}
2012-02-16 15:54:51 -------- d-----w- C:\Users\Drew\AppData\Local\{3556D878-637B-4A38-9933-331B1610DE7B}
2012-02-12 22:40:43 0 --sha-w- C:\Windows\System32\dds_log_trash.cmd
2012-02-10 22:34:18 -------- d-----w- C:\Users\Drew\AppData\Local\{F55DDE33-E3B8-42ED-8173-898472A97B07}
2012-02-10 22:33:48 -------- d-----w- C:\Users\Drew\AppData\Local\{0EEB6932-E706-49B3-A77B-58BC454923E7}
2012-02-10 20:36:48 -------- d-----w- C:\Users\Drew\AppData\Local\{59C552AE-5685-4F1F-8B06-91EF74EB8FDB}
2012-02-10 20:36:19 -------- d-----w- C:\Users\Drew\AppData\Local\{C88E016E-A832-4F58-995D-4E607127337C}
2012-02-10 20:25:24 -------- d-s---w- C:\ComboFix
2012-02-10 20:07:58 -------- d-----w- C:\Users\Drew\AppData\Local\{6F55DBC5-0DD2-4D95-A7F8-2AD1E4342107}
2012-02-10 20:07:31 -------- d-----w- C:\Users\Drew\AppData\Local\{A62F1D22-ECD3-4942-9783-6C9FA8FFEA65}
2012-02-09 17:10:52 -------- d-----w- C:\Users\Drew\AppData\Local\{E931DA6F-9515-4468-9E03-D49B3F6CEDA1}
2012-02-09 17:10:23 -------- d-----w- C:\Users\Drew\AppData\Local\{ABC2EDC1-F188-429D-9962-B539668532BB}
2012-02-08 15:07:39 -------- d-----w- C:\Users\Drew\AppData\Local\{9FC3AC38-E77B-4E83-A14B-0B7663D5B098}
2012-02-08 15:07:14 -------- d-----w- C:\Users\Drew\AppData\Local\{36737213-83F8-4437-B494-EE9D0D8435E4}
2012-02-07 15:20:36 -------- d-----w- C:\Users\Drew\AppData\Local\{7E10C6F3-C1E4-4DAC-8885-477775418553}
2012-02-07 15:20:11 -------- d-----w- C:\Users\Drew\AppData\Local\{17BDBA55-20FE-4B55-88F2-8DD9AF522E22}
.
==================== Find3M ====================
.
2012-03-02 14:45:38 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-29 13:10:42 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-14 04:02:25 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-01-04 09:58:13 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 09:03:07 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-01-03 06:24:52 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-01-03 05:44:24 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:11 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-12-16 08:45:22 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-12-16 08:42:13 634368 ----a-w- C:\Windows\System32\msvcrt.dll
2011-12-16 08:41:26 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-12-16 08:02:26 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-16 07:59:17 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2011-12-16 07:58:33 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-12-16 07:26:35 482816 ----a-w- C:\Windows\System32\html.iec
2011-12-16 06:49:33 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-12-16 06:43:48 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-16 06:15:25 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-12-10 23:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 15:25:19.36 ===============

#3 Andrewesquire

Andrewesquire
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 05 March 2012 - 06:30 PM

ok.....I have posted my log, and attached the appropriate file...I am able to work on internet explorer, but it deletes Chrome if I try....also it is messing around with my cursor if that helps. look forward to the help!

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:42 AM

Posted 05 March 2012 - 09:28 PM

Hi Andrewesquire and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you!


===================================================


Ground Rules:

  • First, I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================


Please allow me some time to review the information you have provided. I will post back as soon as possible.

Edited by Oh My, 05 March 2012 - 09:35 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Andrewesquire

Andrewesquire
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 05 March 2012 - 11:41 PM

Thanks....anything I can do to assist, please let me know.

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:42 AM

Posted 06 March 2012 - 08:32 AM

Greetings Andrewesquire


Thank you for allowing me to review your information. We will have to work on this together so I appreciate your eagerness to help.

At the outset I must advise you of the following:


===================================================


BACKDOOR WARNING!

--------------------

One or more of the identified infections [ZeroAccess] is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


===================================================


Run TDSSKiller by Kaspersky on Vista/7

--------------------

  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • If you desire you may print out and follow the instructions for performing a scan.
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.


    Posted Image

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found, will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.


    Posted Image

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!


    Posted Image

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis. Please submit these results with your next reply


===================================================


Obtaining Current ComboFix.txt

--------------------

I see you previously ran ComboFix on 2-10-12. It is important for me to review that information.

Please copy and paste the contents of the following file in your reply.

C:\ComboFix.txt


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • ComboFix.txt
  • How is your machine running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Andrewesquire

Andrewesquire
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 06 March 2012 - 10:20 AM

07:11:36.0097 8432 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
07:11:37.0045 8432 ============================================================
07:11:37.0045 8432 Current date / time: 2012/03/06 07:11:37.0045
07:11:37.0045 8432 SystemInfo:
07:11:37.0045 8432
07:11:37.0045 8432 OS Version: 6.1.7600 ServicePack: 0.0
07:11:37.0045 8432 Product type: Workstation
07:11:37.0046 8432 ComputerName: DREW-PC
07:11:37.0046 8432 UserName: Drew
07:11:37.0046 8432 Windows directory: C:\Windows
07:11:37.0046 8432 System windows directory: C:\Windows
07:11:37.0046 8432 Running under WOW64
07:11:37.0046 8432 Processor architecture: Intel x64
07:11:37.0046 8432 Number of processors: 4
07:11:37.0046 8432 Page size: 0x1000
07:11:37.0046 8432 Boot type: Normal boot
07:11:37.0046 8432 ============================================================
07:11:38.0123 8432 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:11:38.0127 8432 \Device\Harddisk0\DR0:
07:11:38.0141 8432 MBR used
07:11:38.0141 8432 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
07:11:38.0141 8432 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37850000
07:11:38.0141 8432 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x378B4000, BlocksNum 0x2A9E000
07:11:38.0142 8432 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
07:11:38.0223 8432 Initialize success
07:11:38.0223 8432 ============================================================
07:12:05.0781 6584 ============================================================
07:12:05.0781 6584 Scan started
07:12:05.0781 6584 Mode: Manual;
07:12:05.0781 6584 ============================================================
07:12:06.0948 6584 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
07:12:06.0964 6584 1394ohci - ok
07:12:07.0069 6584 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
07:12:07.0081 6584 Accelerometer - ok
07:12:07.0230 6584 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
07:12:07.0245 6584 ACPI - ok
07:12:07.0333 6584 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
07:12:07.0352 6584 AcpiPmi - ok
07:12:07.0596 6584 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
07:12:07.0611 6584 adp94xx - ok
07:12:07.0742 6584 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
07:12:07.0751 6584 adpahci - ok
07:12:07.0886 6584 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
07:12:07.0896 6584 adpu320 - ok
07:12:08.0097 6584 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
07:12:08.0114 6584 AFD - ok
07:12:08.0246 6584 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
07:12:08.0247 6584 agp440 - ok
07:12:08.0351 6584 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
07:12:08.0361 6584 aliide - ok
07:12:08.0438 6584 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
07:12:08.0439 6584 amdide - ok
07:12:08.0610 6584 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
07:12:08.0622 6584 AmdK8 - ok
07:12:08.0651 6584 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
07:12:08.0661 6584 AmdPPM - ok
07:12:08.0780 6584 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
07:12:08.0788 6584 amdsata - ok
07:12:08.0838 6584 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
07:12:08.0846 6584 amdsbs - ok
07:12:08.0973 6584 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
07:12:08.0974 6584 amdxata - ok
07:12:09.0086 6584 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
07:12:09.0096 6584 AppID - ok
07:12:09.0328 6584 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
07:12:09.0329 6584 arc - ok
07:12:09.0416 6584 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
07:12:09.0426 6584 arcsas - ok
07:12:09.0478 6584 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
07:12:09.0534 6584 AsyncMac - ok
07:12:09.0733 6584 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
07:12:09.0743 6584 atapi - ok
07:12:09.0978 6584 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
07:12:09.0992 6584 b06bdrv - ok
07:12:10.0124 6584 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
07:12:10.0127 6584 b57nd60a - ok
07:12:10.0391 6584 BCM43XX (6c95dd14cfd30b0617b91dc6a0b1a1fb) C:\Windows\system32\DRIVERS\bcmwl664.sys
07:12:10.0429 6584 BCM43XX - ok
07:12:10.0620 6584 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
07:12:10.0626 6584 Beep - ok
07:12:10.0702 6584 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
07:12:10.0712 6584 blbdrive - ok
07:12:10.0929 6584 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
07:12:10.0942 6584 bowser - ok
07:12:11.0009 6584 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:12:11.0010 6584 BrFiltLo - ok
07:12:11.0067 6584 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:12:11.0068 6584 BrFiltUp - ok
07:12:11.0147 6584 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
07:12:11.0151 6584 Brserid - ok
07:12:11.0178 6584 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
07:12:11.0180 6584 BrSerWdm - ok
07:12:11.0192 6584 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
07:12:11.0193 6584 BrUsbMdm - ok
07:12:11.0211 6584 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
07:12:11.0212 6584 BrUsbSer - ok
07:12:11.0227 6584 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
07:12:11.0235 6584 BTHMODEM - ok
07:12:11.0281 6584 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
07:12:11.0282 6584 cdfs - ok
07:12:11.0413 6584 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
07:12:11.0415 6584 cdrom - ok
07:12:11.0504 6584 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
07:12:11.0505 6584 circlass - ok
07:12:11.0568 6584 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
07:12:11.0572 6584 CLFS - ok
07:12:11.0783 6584 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
07:12:11.0784 6584 CmBatt - ok
07:12:11.0836 6584 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
07:12:11.0860 6584 cmdide - ok
07:12:12.0029 6584 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
07:12:12.0037 6584 CNG - ok
07:12:12.0188 6584 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
07:12:12.0190 6584 Compbatt - ok
07:12:12.0277 6584 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
07:12:12.0301 6584 CompositeBus - ok
07:12:12.0460 6584 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
07:12:12.0461 6584 crcdisk - ok
07:12:12.0575 6584 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
07:12:12.0577 6584 DfsC - ok
07:12:12.0614 6584 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
07:12:12.0614 6584 discache - ok
07:12:12.0868 6584 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
07:12:12.0870 6584 Disk - ok
07:12:12.0909 6584 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
07:12:12.0910 6584 drmkaud - ok
07:12:12.0946 6584 DVMIO (a298aea9fca253e7eff040a08c7c6376) C:\Windows\system32\DRIVERS\dvmio.sys
07:12:12.0947 6584 DVMIO - ok
07:12:13.0135 6584 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
07:12:13.0148 6584 DXGKrnl - ok
07:12:13.0283 6584 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
07:12:13.0312 6584 ebdrv - ok
07:12:13.0519 6584 ElbyCDIO (702d5606cf2199e0edea6f0e0d27cd10) C:\Windows\system32\Drivers\ElbyCDIO.sys
07:12:13.0525 6584 ElbyCDIO - ok
07:12:13.0579 6584 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
07:12:13.0585 6584 elxstor - ok
07:12:13.0596 6584 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
07:12:13.0597 6584 ErrDev - ok
07:12:13.0709 6584 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
07:12:13.0721 6584 exfat - ok
07:12:13.0764 6584 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
07:12:13.0767 6584 fastfat - ok
07:12:13.0938 6584 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
07:12:13.0939 6584 fdc - ok
07:12:13.0980 6584 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
07:12:13.0982 6584 FileInfo - ok
07:12:14.0008 6584 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
07:12:14.0009 6584 Filetrace - ok
07:12:14.0044 6584 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
07:12:14.0045 6584 flpydisk - ok
07:12:14.0128 6584 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
07:12:14.0132 6584 FltMgr - ok
07:12:14.0161 6584 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
07:12:14.0162 6584 FsDepends - ok
07:12:14.0254 6584 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
07:12:14.0255 6584 Fs_Rec - ok
07:12:14.0390 6584 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
07:12:14.0399 6584 fvevol - ok
07:12:14.0446 6584 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
07:12:14.0455 6584 gagp30kx - ok
07:12:14.0681 6584 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:12:14.0682 6584 GEARAspiWDM - ok
07:12:14.0817 6584 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
07:12:14.0818 6584 hcw85cir - ok
07:12:14.0896 6584 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
07:12:14.0901 6584 HdAudAddService - ok
07:12:15.0009 6584 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
07:12:15.0012 6584 HDAudBus - ok
07:12:15.0043 6584 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
07:12:15.0045 6584 HECIx64 - ok
07:12:15.0156 6584 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
07:12:15.0181 6584 HidBatt - ok
07:12:15.0310 6584 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
07:12:15.0312 6584 HidBth - ok
07:12:15.0401 6584 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
07:12:15.0402 6584 HidIr - ok
07:12:15.0464 6584 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
07:12:15.0465 6584 HidUsb - ok
07:12:15.0602 6584 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
07:12:15.0616 6584 hpdskflt - ok
07:12:15.0813 6584 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
07:12:15.0815 6584 HpSAMD - ok
07:12:15.0940 6584 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
07:12:15.0941 6584 htcnprot - ok
07:12:16.0077 6584 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
07:12:16.0089 6584 HTTP - ok
07:12:16.0199 6584 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
07:12:16.0200 6584 hwpolicy - ok
07:12:16.0322 6584 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
07:12:16.0324 6584 i8042prt - ok
07:12:16.0436 6584 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
07:12:16.0441 6584 iaStor - ok
07:12:16.0544 6584 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
07:12:16.0559 6584 iaStorV - ok
07:12:17.0180 6584 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
07:12:17.0384 6584 igfx - ok
07:12:17.0483 6584 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
07:12:17.0496 6584 iirsp - ok
07:12:17.0600 6584 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
07:12:17.0603 6584 Impcd - ok
07:12:17.0725 6584 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
07:12:17.0729 6584 IntcDAud - ok
07:12:17.0846 6584 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
07:12:17.0860 6584 intelide - ok
07:12:17.0967 6584 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
07:12:17.0977 6584 intelppm - ok
07:12:18.0006 6584 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:12:18.0008 6584 IpFilterDriver - ok
07:12:18.0047 6584 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
07:12:18.0049 6584 IPMIDRV - ok
07:12:18.0187 6584 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
07:12:18.0196 6584 IPNAT - ok
07:12:18.0310 6584 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
07:12:18.0311 6584 IRENUM - ok
07:12:18.0351 6584 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
07:12:18.0352 6584 isapnp - ok
07:12:18.0619 6584 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
07:12:18.0623 6584 iScsiPrt - ok
07:12:18.0742 6584 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
07:12:18.0744 6584 kbdclass - ok
07:12:18.0763 6584 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
07:12:18.0777 6584 kbdhid - ok
07:12:18.0912 6584 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
07:12:18.0914 6584 KSecDD - ok
07:12:18.0994 6584 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
07:12:19.0010 6584 KSecPkg - ok
07:12:19.0107 6584 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
07:12:19.0108 6584 ksthunk - ok
07:12:19.0354 6584 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
07:12:19.0356 6584 lltdio - ok
07:12:19.0469 6584 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
07:12:19.0475 6584 LSI_FC - ok
07:12:19.0660 6584 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
07:12:19.0686 6584 LSI_SAS - ok
07:12:19.0786 6584 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:12:19.0810 6584 LSI_SAS2 - ok
07:12:19.0937 6584 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:12:19.0952 6584 LSI_SCSI - ok
07:12:20.0018 6584 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
07:12:20.0030 6584 luafv - ok
07:12:20.0228 6584 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
07:12:20.0229 6584 MBAMProtector - ok
07:12:20.0324 6584 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
07:12:20.0325 6584 megasas - ok
07:12:20.0425 6584 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
07:12:20.0430 6584 MegaSR - ok
07:12:20.0489 6584 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
07:12:20.0490 6584 Modem - ok
07:12:20.0573 6584 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
07:12:20.0573 6584 monitor - ok
07:12:20.0660 6584 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
07:12:20.0683 6584 mouclass - ok
07:12:20.0794 6584 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
07:12:20.0795 6584 mouhid - ok
07:12:20.0855 6584 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
07:12:20.0857 6584 mountmgr - ok
07:12:20.0957 6584 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
07:12:20.0971 6584 mpio - ok
07:12:20.0995 6584 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
07:12:20.0997 6584 mpsdrv - ok
07:12:21.0040 6584 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
07:12:21.0042 6584 MRxDAV - ok
07:12:21.0108 6584 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:12:21.0110 6584 mrxsmb - ok
07:12:21.0177 6584 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:12:21.0180 6584 mrxsmb10 - ok
07:12:21.0199 6584 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:12:21.0222 6584 mrxsmb20 - ok
07:12:21.0296 6584 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
07:12:21.0310 6584 msahci - ok
07:12:21.0350 6584 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
07:12:21.0363 6584 msdsm - ok
07:12:21.0438 6584 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
07:12:21.0439 6584 Msfs - ok
07:12:21.0522 6584 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
07:12:21.0537 6584 mshidkmdf - ok
07:12:21.0643 6584 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
07:12:21.0644 6584 msisadrv - ok
07:12:21.0693 6584 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
07:12:21.0694 6584 MSKSSRV - ok
07:12:21.0743 6584 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
07:12:21.0744 6584 MSPCLOCK - ok
07:12:21.0759 6584 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
07:12:21.0780 6584 MSPQM - ok
07:12:21.0827 6584 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
07:12:21.0832 6584 MsRPC - ok
07:12:21.0916 6584 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
07:12:21.0925 6584 mssmbios - ok
07:12:21.0964 6584 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
07:12:21.0965 6584 MSTEE - ok
07:12:21.0980 6584 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
07:12:21.0981 6584 MTConfig - ok
07:12:22.0040 6584 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
07:12:22.0047 6584 Mup - ok
07:12:22.0165 6584 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
07:12:22.0170 6584 NativeWifiP - ok
07:12:22.0300 6584 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
07:12:22.0313 6584 NDIS - ok
07:12:22.0382 6584 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
07:12:22.0383 6584 NdisCap - ok
07:12:22.0479 6584 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
07:12:22.0480 6584 NdisTapi - ok
07:12:22.0525 6584 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
07:12:22.0526 6584 Ndisuio - ok
07:12:22.0570 6584 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
07:12:22.0572 6584 NdisWan - ok
07:12:22.0604 6584 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
07:12:22.0605 6584 NDProxy - ok
07:12:22.0670 6584 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
07:12:22.0697 6584 NetBIOS - ok
07:12:22.0781 6584 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
07:12:22.0786 6584 NetBT - ok
07:12:23.0041 6584 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
07:12:23.0089 6584 netw5v64 - ok
07:12:23.0245 6584 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
07:12:23.0273 6584 nfrd960 - ok
07:12:23.0372 6584 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
07:12:23.0378 6584 Npfs - ok
07:12:23.0400 6584 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
07:12:23.0401 6584 nsiproxy - ok
07:12:23.0485 6584 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
07:12:23.0505 6584 Ntfs - ok
07:12:23.0660 6584 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
07:12:23.0661 6584 Null - ok
07:12:23.0779 6584 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
07:12:23.0803 6584 nvraid - ok
07:12:23.0925 6584 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
07:12:23.0941 6584 nvstor - ok
07:12:24.0102 6584 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
07:12:24.0115 6584 nv_agp - ok
07:12:24.0205 6584 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
07:12:24.0215 6584 ohci1394 - ok
07:12:24.0270 6584 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
07:12:24.0283 6584 Parport - ok
07:12:24.0437 6584 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
07:12:24.0443 6584 partmgr - ok
07:12:24.0510 6584 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
07:12:24.0518 6584 pci - ok
07:12:24.0600 6584 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
07:12:24.0615 6584 pciide - ok
07:12:24.0778 6584 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
07:12:24.0791 6584 pcmcia - ok
07:12:24.0817 6584 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
07:12:24.0830 6584 pcw - ok
07:12:24.0938 6584 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
07:12:24.0956 6584 PEAUTH - ok
07:12:25.0264 6584 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
07:12:25.0276 6584 PptpMiniport - ok
07:12:25.0314 6584 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
07:12:25.0336 6584 Processor - ok
07:12:25.0415 6584 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
07:12:25.0442 6584 Psched - ok
07:12:25.0686 6584 PulseUsb (edc3cc1d029601c8da3ff8bcfb08881f) C:\Windows\system32\DRIVERS\PulseUsb.sys
07:12:25.0697 6584 PulseUsb - ok
07:12:25.0894 6584 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
07:12:25.0918 6584 ql2300 - ok
07:12:26.0064 6584 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
07:12:26.0066 6584 ql40xx - ok
07:12:26.0104 6584 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
07:12:26.0126 6584 QWAVEdrv - ok
07:12:26.0168 6584 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
07:12:26.0169 6584 RasAcd - ok
07:12:26.0207 6584 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
07:12:26.0208 6584 RasAgileVpn - ok
07:12:26.0332 6584 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:12:26.0335 6584 Rasl2tp - ok
07:12:26.0356 6584 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
07:12:26.0358 6584 RasPppoe - ok
07:12:26.0373 6584 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
07:12:26.0375 6584 RasSstp - ok
07:12:26.0393 6584 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
07:12:26.0403 6584 rdbss - ok
07:12:26.0475 6584 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
07:12:26.0476 6584 rdpbus - ok
07:12:26.0537 6584 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:12:26.0537 6584 RDPCDD - ok
07:12:26.0585 6584 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
07:12:26.0586 6584 RDPENCDD - ok
07:12:26.0613 6584 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
07:12:26.0614 6584 RDPREFMP - ok
07:12:26.0631 6584 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
07:12:26.0634 6584 RDPWD - ok
07:12:26.0702 6584 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
07:12:26.0705 6584 rdyboost - ok
07:12:26.0836 6584 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
07:12:26.0838 6584 rspndr - ok
07:12:26.0862 6584 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys
07:12:26.0865 6584 RSUSBSTOR - ok
07:12:26.0918 6584 RTL8167 (777fc2c418465404e3d8a290dc247d24) C:\Windows\system32\DRIVERS\Rt64win7.sys
07:12:26.0921 6584 RTL8167 - ok
07:12:26.0944 6584 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
07:12:26.0957 6584 sbp2port - ok
07:12:26.0996 6584 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
07:12:26.0997 6584 scfilter - ok
07:12:27.0121 6584 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
07:12:27.0123 6584 sdbus - ok
07:12:27.0215 6584 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
07:12:27.0241 6584 secdrv - ok
07:12:27.0330 6584 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
07:12:27.0331 6584 Serenum - ok
07:12:27.0358 6584 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
07:12:27.0360 6584 Serial - ok
07:12:27.0391 6584 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
07:12:27.0392 6584 sermouse - ok
07:12:27.0449 6584 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
07:12:27.0464 6584 sffdisk - ok
07:12:27.0507 6584 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
07:12:27.0508 6584 sffp_mmc - ok
07:12:27.0557 6584 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
07:12:27.0558 6584 sffp_sd - ok
07:12:27.0583 6584 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
07:12:27.0584 6584 sfloppy - ok
07:12:27.0656 6584 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:12:27.0676 6584 SiSRaid2 - ok
07:12:27.0750 6584 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
07:12:27.0752 6584 SiSRaid4 - ok
07:12:27.0828 6584 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
07:12:27.0830 6584 Smb - ok
07:12:27.0865 6584 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
07:12:27.0866 6584 spldr - ok
07:12:27.0954 6584 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
07:12:27.0960 6584 srv - ok
07:12:27.0990 6584 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
07:12:27.0995 6584 srv2 - ok
07:12:28.0077 6584 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
07:12:28.0081 6584 SrvHsfHDA - ok
07:12:28.0207 6584 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
07:12:28.0228 6584 SrvHsfV92 - ok
07:12:28.0320 6584 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
07:12:28.0333 6584 SrvHsfWinac - ok
07:12:28.0488 6584 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
07:12:28.0491 6584 srvnet - ok
07:12:28.0551 6584 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
07:12:28.0552 6584 stexstor - ok
07:12:28.0622 6584 STHDA (4304b75094e106fb5423a290c95841e5) C:\Windows\system32\DRIVERS\stwrt64.sys
07:12:28.0627 6584 STHDA - ok
07:12:28.0770 6584 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
07:12:28.0771 6584 swenum - ok
07:12:28.0909 6584 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
07:12:28.0929 6584 Tcpip - ok
07:12:29.0001 6584 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
07:12:29.0010 6584 TCPIP6 - ok
07:12:29.0110 6584 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
07:12:29.0111 6584 tcpipreg - ok
07:12:29.0145 6584 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
07:12:29.0146 6584 TDPIPE - ok
07:12:29.0163 6584 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
07:12:29.0164 6584 TDTCP - ok
07:12:29.0246 6584 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
07:12:29.0248 6584 tdx - ok
07:12:29.0284 6584 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
07:12:29.0286 6584 TermDD - ok
07:12:29.0373 6584 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:12:29.0375 6584 tssecsrv - ok
07:12:29.0407 6584 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
07:12:29.0409 6584 tunnel - ok
07:12:29.0451 6584 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
07:12:29.0467 6584 uagp35 - ok
07:12:29.0745 6584 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\Windows\system32\DRIVERS\udfs.sys
07:12:29.0750 6584 udfs - ok
07:12:29.0840 6584 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
07:12:29.0843 6584 uliagpkx - ok
07:12:29.0926 6584 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
07:12:29.0927 6584 umbus - ok
07:12:30.0058 6584 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
07:12:30.0059 6584 UmPass - ok
07:12:30.0104 6584 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
07:12:30.0120 6584 USBAAPL64 - ok
07:12:30.0184 6584 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
07:12:30.0192 6584 usbaudio - ok
07:12:30.0298 6584 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
07:12:30.0300 6584 usbccgp - ok
07:12:30.0317 6584 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
07:12:30.0319 6584 usbcir - ok
07:12:30.0465 6584 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
07:12:30.0487 6584 usbehci - ok
07:12:30.0537 6584 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
07:12:30.0542 6584 usbhub - ok
07:12:30.0656 6584 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
07:12:30.0657 6584 usbohci - ok
07:12:30.0724 6584 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
07:12:30.0750 6584 usbprint - ok
07:12:30.0822 6584 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:12:30.0824 6584 USBSTOR - ok
07:12:30.0900 6584 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
07:12:30.0901 6584 usbuhci - ok
07:12:30.0968 6584 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
07:12:30.0971 6584 usbvideo - ok
07:12:31.0024 6584 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
07:12:31.0026 6584 usb_rndisx - ok
07:12:31.0099 6584 VClone (c5e70c4e64666db9d69c9f2fdae22428) C:\Windows\system32\DRIVERS\VClone.sys
07:12:31.0100 6584 VClone - ok
07:12:31.0179 6584 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
07:12:31.0180 6584 vdrvroot - ok
07:12:31.0225 6584 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
07:12:31.0226 6584 vga - ok
07:12:31.0268 6584 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
07:12:31.0269 6584 VgaSave - ok
07:12:31.0294 6584 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
07:12:31.0296 6584 vhdmp - ok
07:12:31.0324 6584 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
07:12:31.0325 6584 viaide - ok
07:12:31.0348 6584 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
07:12:31.0363 6584 volmgr - ok
07:12:31.0408 6584 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
07:12:31.0421 6584 volmgrx - ok
07:12:31.0449 6584 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
07:12:31.0452 6584 volsnap - ok
07:12:31.0499 6584 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
07:12:31.0501 6584 vsmraid - ok
07:12:31.0611 6584 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
07:12:31.0612 6584 vwifibus - ok
07:12:31.0666 6584 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
07:12:31.0667 6584 vwififlt - ok
07:12:31.0817 6584 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
07:12:31.0818 6584 WacomPen - ok
07:12:31.0927 6584 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
07:12:31.0929 6584 WANARP - ok
07:12:31.0944 6584 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
07:12:31.0945 6584 Wanarpv6 - ok
07:12:32.0106 6584 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
07:12:32.0114 6584 Wd - ok
07:12:32.0164 6584 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
07:12:32.0171 6584 Wdf01000 - ok
07:12:32.0264 6584 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
07:12:32.0270 6584 WfpLwf - ok
07:12:32.0352 6584 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
07:12:32.0353 6584 WIMMount - ok
07:12:32.0418 6584 WinUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
07:12:32.0427 6584 WinUSB - ok
07:12:32.0460 6584 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
07:12:32.0461 6584 WmiAcpi - ok
07:12:32.0581 6584 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
07:12:32.0582 6584 ws2ifsl - ok
07:12:32.0636 6584 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
07:12:32.0648 6584 WudfPf - ok
07:12:32.0676 6584 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:12:32.0678 6584 WUDFRd - ok
07:12:32.0811 6584 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
07:12:32.0817 6584 yukonw7 - ok
07:12:32.0949 6584 {55662437-DA8C-40c0-AADA-2C816A897A49} (74983addca2d9618512c088d856d6615) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
07:12:32.0952 6584 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
07:12:32.0993 6584 MBR (0x1B8) (873dfc9880f4d26ea60ca9bca00916cc) \Device\Harddisk0\DR0
07:12:33.0049 6584 \Device\Harddisk0\DR0 - ok
07:12:33.0101 6584 Boot (0x1200) (4a4057f2dad6631e273c9a7c7294439b) \Device\Harddisk0\DR0\Partition0
07:12:33.0115 6584 \Device\Harddisk0\DR0\Partition0 - ok
07:12:33.0137 6584 Boot (0x1200) (08848e709b8612b12ca144b89cf94f9a) \Device\Harddisk0\DR0\Partition1
07:12:33.0173 6584 \Device\Harddisk0\DR0\Partition1 - ok
07:12:33.0221 6584 Boot (0x1200) (d6b4de3c2083282f71594506a5cff6d1) \Device\Harddisk0\DR0\Partition2
07:12:33.0230 6584 \Device\Harddisk0\DR0\Partition2 - ok
07:12:33.0251 6584 Boot (0x1200) (330b8279270abd2f128fa9994f3504da) \Device\Harddisk0\DR0\Partition3
07:12:33.0275 6584 \Device\Harddisk0\DR0\Partition3 - ok
07:12:33.0278 6584 ============================================================
07:12:33.0278 6584 Scan finished
07:12:33.0278 6584 ============================================================
07:12:33.0290 1016 Detected object count: 0
07:12:33.0290 1016 Actual detected object count: 0
07:12:59.0639 8268 Deinitialize success


whenever I attempted/attempt to run combofix it gave me an error...shall I duplicate this and give you the error message?

additionally, other than the web browser issues, I lose control of my cursor sometimes...thats all I have really noticied.

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:42 AM

Posted 06 March 2012 - 06:36 PM

Greetings Andrewesquire,

Let's hold off on the ComboFix issue and try another approach to determine what is going on with your machine.

Please perform the following for me, if you would.


===================================================


Panda USB Vaccine

--------------------

From a clean computer, please download and use Panda USB Vaccine.

Alternate download link 1
Alternate download link 2

  • Double-click on USBVaccineSetup.exe to install the program to C:\Program Files\Panda USB Vaccine.
  • Read and accept the license agreement, then click Next.
  • When setup completes, make sure "Launch Panda USB Vaccine" is checked and click Finish to open the program.
  • Click the Vaccinate computer button. It should now show a green checkmark and confirm Computer vaccinated.
  • Hold down the Shift key and insert your USB flash drive.
  • When the name of the drive appears in the dialog box, click the button to Vaccinate USB drive(s).
  • Exit the program when done
Note: Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced and creates an AUTORUN_.INF as protection against malicious code. The Panda Resarch Blog advises that once USB drives have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process.


===================================================


Farbar's Recovery Scan Tool

--------------------

I would like you to run Farbar's Recovery Scan Tool to check your MBR. For this you will need a USB flash drive.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC and we will enter the System Recovery Options one of the two following ways:

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • FRST.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Andrewesquire

Andrewesquire
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 06 March 2012 - 09:47 PM

Scan result of Farbar Recovery Scan Tool Version: 07-03-2012 01
Ran by SYSTEM at 06-03-2012 18:39:11
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288080 2009-07-17] (Microsoft Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED [3331944 2009-12-03] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2012-01-13] (Malwarebytes Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [85160 2009-05-26] (Elaborate Bytes AG)
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-01-27] ()
HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-01-27] ()
HKU\Drew\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2010-01-22] (Hewlett-Packard Company)
HKU\Drew\...\Run: [Google Update] "C:\Users\Drew\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-08-26] (Google Inc.)
HKU\Drew\...\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED [650104 2012-03-02] (BitTorrent, Inc.)
HKU\Drew\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4240760 2010-11-10] (Microsoft Corporation)
HKU\Drew\...\Run: [Facebook Update] "C:\Users\Drew\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [137536 2011-09-15] (Facebook Inc.)
HKU\Drew\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17146504 2012-02-15] (Skype Technologies S.A.)
HKU\Drew\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\Drew\...\Policies\system: [disableregistrytools] 0
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe, [623368 2009-12-30] (DigitalPersona, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Lsa: [Notification Packages] DPPassFilter
scecli
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 CinemaNow Service; C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [127984 2010-01-15] (CinemaNow, Inc.)
2 DpHost; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [444680 2009-12-30] (DigitalPersona, Inc.)
2 DvmMDES; "C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe" [338168 2010-02-08] (DeviceVM, Inc.)
2 HP Wireless Assistant Service; "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe" [102968 2009-12-16] (Hewlett-Packard)
2 hpsrv; C:\Windows\System32\Hpservice.exe [30520 2009-07-08] (Hewlett-Packard)
2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] ()
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-13] (Malwarebytes Corporation)
2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2010-09-16] ()
2 PCISys; C:\Windows\System32\CTAUDFX.DLL.dll [5120 2009-07-13] (Iomega)
2 PenCommService; "C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe" [457728 2010-10-18] (Livescribe)
2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [158856 2012-02-15] (Skype Technologies)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2010-03-17] (Intel Corporation)
2 vcsFPService; C:\Windows\system32\vcsFPService.exe [2184496 2010-01-06] (Validity Sensors, Inc.)

========================== Drivers (Whitelisted) =============

3 Accelerometer; C:\Windows\System32\DRIVERS\Accelerometer.sys [41272 2009-07-08] (Hewlett-Packard)
1 DVMIO; C:\Windows\System32\DRIVERS\dvmio.sys [20056 2010-01-29] (DeviceVM, Inc.)
0 hpdskflt; C:\Windows\System32\DRIVERS\hpdskflt.sys [30008 2009-07-08] (Hewlett-Packard)
3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [36928 2010-06-25] (Windows ® Win 7 DDK provider)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)
3 PulseUsb; C:\Windows\System32\DRIVERS\PulseUsb.sys [26112 2010-10-18] (Windows ® Win 7 DDK provider)
2 {55662437-DA8C-40c0-AADA-2C816A897A49}; \??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2010-01-27] (CyberLink Corp.)

========================== NetSvcs (Whitelisted) ===========
NETSVC: PCISys

============ One Month Created Files and Folders ==============

2012-03-06 16:04 - 2012-03-06 16:04 - 0000000 ____D C:\Users\All Users\Panda Security
2012-03-06 16:04 - 2012-03-06 16:04 - 0000000 ____D C:\ProgramData\Panda Security
2012-03-06 16:04 - 2012-03-06 16:04 - 0000000 ____D C:\Program Files (x86)\Panda USB Vaccine
2012-03-06 16:03 - 2012-03-06 16:03 - 0848856 ____A (Panda Security ) C:\Users\Drew\Downloads\USBVaccineSetup.exe
2012-03-06 15:43 - 2012-03-06 13:50 - 361866667 ____A C:\Users\Drew\Downloads\tamber_brcc.wmv
2012-03-06 12:38 - 2012-03-06 13:03 - 263754627 ____A C:\Users\Drew\Downloads\serena_brcc.wmv
2012-03-06 12:37 - 2012-03-06 13:36 - 586315580 ____A C:\Users\Drew\Downloads\mother-daughter_brcc.wmv
2012-03-06 12:36 - 2012-03-06 13:43 - 486122468 ____A C:\Users\Drew\Downloads\paige_brcc.wmv
2012-03-06 12:36 - 2012-03-06 13:42 - 443482211 ____A C:\Users\Drew\Downloads\taylor_brcc.wmv
2012-03-06 12:36 - 2012-03-06 13:40 - 352643392 ____A C:\Users\Drew\Downloads\daisy_brcc.wmv
2012-03-06 12:35 - 2012-03-06 13:44 - 451263587 ____A C:\Users\Drew\Downloads\delaney_brcc.wmv
2012-03-06 11:46 - 2012-03-06 11:46 - 1345021 ____A C:\Users\Drew\Downloads\photo (5).JPG
2012-03-06 11:23 - 2012-03-06 11:23 - 0014831 ____A C:\Users\Drew\Downloads\[[Demonoid.me]]-7_Weeks_to_50_Pull_Ups_Strengthen_and_Sculpt_Your_Arms_Shoulders_Back_and_Abs_by_Training_to_Do_2011_(PDF_Epub)_Mantesh_9963251.7286.torrent
2012-03-06 11:23 - 2012-03-06 11:23 - 0011218 ____A C:\Users\Drew\Downloads\(Demonoid.me)-7_Weeks_to_100_Push_Ups_Strengthen_and_Sculpt_Your_Arms_Abs_Chest_Back_and_Glutes_by_Training_to_do_100_Consecutive_Push_Ups_Mantesh_9963251.7286.torrent
2012-03-06 11:23 - 2012-03-06 11:23 - 0000000 ____D C:\Users\Drew\Downloads\7 Weeks to 50 Pull-Ups - Strengthen and Sculpt Your Arms, Shoulders, Back, and Abs by Training to Do 2011(PDF,Epub) -Mantesh
2012-03-06 11:23 - 2012-03-06 11:23 - 0000000 ____D C:\Users\Drew\Downloads\7 Weeks to 100 Push-Ups -Strengthen and Sculpt Your Arms, Abs, Chest, Back and Glutes by Training -Mantesh
2012-03-06 09:19 - 2012-03-06 09:20 - 0000000 ____D C:\Users\Drew\Downloads\Dog training books collection. Humane, positive training
2012-03-06 09:17 - 2012-03-06 09:17 - 0031911 ____A C:\Users\Drew\Downloads\[isoHunt] Dog training books collection. Humane, positive training.torrent
2012-03-06 09:16 - 2012-03-06 09:16 - 0005548 ____A C:\Users\Drew\Downloads\[isoHunt] For Dummies - Puppies, Dog Training, Dog Grooming.torrent
2012-03-06 09:16 - 2012-03-06 09:16 - 0000000 ____D C:\Users\Drew\Downloads\For Dummies - Puppies, Dog Training, Dog Grooming
2012-03-06 09:15 - 2012-03-06 09:44 - 0000000 ____D C:\Users\Drew\Downloads\29 Dog Training eBooks
2012-03-06 09:14 - 2012-03-06 09:14 - 0019082 ____A C:\Users\Drew\Downloads\29_Dog_Training_eBooks__+-Demonoid.me-+_9963251.7286.torrent
2012-03-06 09:10 - 2012-03-06 09:10 - 0006276 ____A C:\Users\Drew\Downloads\How_to_Raise_a_Perfect_Dog_Through_Puppyhood_and_Beyond_By_Cesar_Millan-[Demonoid.me]_9963251.7286.torrent
2012-03-06 09:10 - 2012-03-06 09:10 - 0000000 ____D C:\Users\Drew\Downloads\How to Raise the Perfect Dog - Through Puppyhood and Beyond - Cesar Millan
2012-03-06 08:42 - 2012-03-06 08:42 - 0012367 ____A C:\Users\Drew\Downloads\[isoHunt] Jason_Mraz_-_I_Wont_Give_Up_2012_(Single)_Stumpie1971.6934487.TPB.torrent
2012-03-06 08:42 - 2012-03-06 08:42 - 0000000 ____D C:\Users\Drew\Downloads\Jason Mraz - I Wont Give Up 2012
2012-03-06 08:41 - 2012-03-06 08:41 - 0000000 ____D C:\Users\Drew\Downloads\Jason Mraz - Live Is a Four Letter Word {2012-EP}[EP]
2012-03-06 08:40 - 2012-03-06 08:40 - 0019901 ____A C:\Users\Drew\Downloads\[isoHunt] Jason Mraz - Live Is a Four Letter Word {2012-EP}[EP].torrent
2012-03-06 08:38 - 2012-03-06 08:38 - 0606447 ____A C:\Users\Drew\Downloads\FreeMe2_win32-0.4.zip
2012-03-06 08:29 - 2012-03-06 08:46 - 0000000 ____D C:\Users\Drew\Downloads\Watchmen
2012-03-06 08:29 - 2012-03-06 08:29 - 0018766 ____A C:\Users\Drew\Downloads\COMPLETE_Watchmen_[With_many_extras_including_hilariously_bad_movie_script_from_1989!]-((Demonoid.me))_9963251.7286.torrent
2012-03-06 08:25 - 2012-03-06 08:25 - 0023939 ____A C:\Users\Drew\Downloads\[Weight_Loss_Health]_Ultra_Metabolism_by_Mark_Hyman_M_D__O-Demonoid.me-O_9963251.7286.torrent
2012-03-06 08:24 - 2012-03-06 08:24 - 0026308 ____A C:\Users\Drew\Downloads\[isoHunt] download.torrent
2012-03-06 08:07 - 2012-03-06 08:50 - 0000000 ____D C:\Users\Drew\Downloads\The UltraSimple Diet Kick-start Your Metabolism and Safely Lose Up to 10 Pounds in 7 Days-Mantesh
2012-03-06 08:03 - 2012-03-06 08:03 - 0004804 ____A C:\Users\Drew\Downloads\[isoHunt] The UltraSimple Diet Kick-start Your Metabolism and Safely Lose Up to 10 Pounds in 7 Days-Mantesh.torrent
2012-03-06 08:03 - 2012-03-06 08:03 - 0003772 ____A C:\Users\Drew\Downloads\[isoHunt] The Blood Sugar Solution The UltraHealthy Program for Losing Weight, Preventing Disease, and Feeling Great Now by Mark Hyman.torrent
2012-03-06 08:02 - 2012-03-06 08:02 - 0023939 ____A C:\Users\Drew\Downloads\o-Demonoid.me-o_[Weight_Loss_Health]_Ultra_Metabolism_by_Mark_Hyman_M_D__9963251.7286.torrent
2012-03-06 08:01 - 2012-03-06 08:01 - 0005266 ____A C:\Users\Drew\Downloads\x-Demonoid.me-x_The_UltraSimple_Diet_Kick_start_Your_Metabolism_and_Safely_Lose_Up_to_10_Pounds_in_7_Days_Mantesh_9963251.7286.torrent
2012-03-06 08:00 - 2012-03-06 08:00 - 0002202 ____A C:\Users\Drew\Downloads\The_UltraMind_Solution_Fix_Your_Broken_Brain_by_Healing_Your_Body_First-[Demonoid.me]_9963251.7286.torrent
2012-03-06 07:57 - 2012-03-06 08:07 - 0000000 ____D C:\Users\Drew\Downloads\NYT Bestsellers 3-4-12
2012-03-06 07:56 - 2012-03-06 07:56 - 0050496 ____A C:\Users\Drew\Downloads\(Demonoid.me)-New_York_Times_Bestsellers_for_3_4_12_9963251.7286.torrent
2012-03-06 07:56 - 2012-03-06 07:56 - 0002978 ____A C:\Users\Drew\Downloads\The_Power_of_Habit_Why_We_Do_What_We_Do_in_Life_and_Business_(2012)_epub_mobi_+-Demonoid.me-+_9963251.7286.torrent
2012-03-06 07:11 - 2012-03-06 07:12 - 0079538 ____A C:\TDSSKiller.2.7.19.0_06.03.2012_07.11.36_log.txt
2012-03-05 15:27 - 2012-03-05 15:27 - 0007440 ____A C:\Users\Drew\Desktop\Attach.txt
2012-03-05 15:11 - 2012-03-05 15:11 - 0000000 ____D C:\Users\Drew\AppData\Local\{E48E6F14-8187-42B3-9931-0146503151F0}
2012-03-05 15:11 - 2012-03-05 15:11 - 0000000 ____D C:\Users\Drew\AppData\Local\{7111FF05-4FD1-4AE8-A6FA-36875084C8D5}
2012-03-05 13:25 - 2012-03-05 13:25 - 0000000 ____D C:\Users\Drew\Downloads\The Lorax
2012-03-05 13:24 - 2012-03-05 13:24 - 0008841 ____A C:\Users\Drew\Downloads\Dr_Seuss's_The_Lorax_O-Demonoid.me-O_9963251.7286.torrent
2012-03-04 10:17 - 2012-03-06 17:04 - 0002391 ____A C:\Users\Drew\Desktop\Google Chrome.lnk
2012-03-04 10:00 - 2012-03-04 10:00 - 0001218 ____A C:\Users\Drew\Desktop\Spybot - Search & Destroy.lnk
2012-03-04 09:54 - 2012-03-04 11:38 - 0000000 ___SD C:\32788R22FWJFW
2012-03-04 09:50 - 2012-03-04 09:50 - 0001090 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-03-04 09:47 - 2012-03-04 09:47 - 0000000 ____D C:\Users\Drew\AppData\Local\{1ADEE9AE-481E-4B2C-B6B1-96136AE12C93}
2012-03-04 09:46 - 2012-03-04 09:47 - 0000000 ____D C:\Users\Drew\AppData\Local\{38B35136-B238-4951-8903-085C0ECAC0BC}
2012-03-04 09:41 - 2012-03-04 10:16 - 0000000 __ASH C:\Windows\muzuki.exc
2012-03-04 09:40 - 2012-03-04 09:40 - 3712496 ____A (PC Tools) C:\Users\Drew\Downloads\SDAV_Online_aff_GenericRevenueWire_207.exe
2012-03-03 18:22 - 2012-03-03 18:22 - 0086583 ____A C:\Users\Drew\Desktop\United Airlines - Thank You for Choosing United Airlines.htm
2012-03-03 18:22 - 2012-03-03 18:22 - 0000000 ____D C:\Users\Drew\Desktop\United Airlines - Thank You for Choosing United Airlines_files
2012-03-03 17:22 - 2012-03-03 17:22 - 0002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-03-03 17:21 - 2012-03-03 17:21 - 0944264 ____A (Skype Technologies S.A.) C:\Users\Drew\Downloads\SkypeSetup (1).exe
2012-03-03 17:20 - 2012-03-03 17:20 - 0000000 ____D C:\Users\Drew\AppData\Local\{FF5C366B-AC69-4278-A770-6426E93E2DDB}
2012-03-03 17:20 - 2012-03-03 17:20 - 0000000 ____D C:\Users\Drew\AppData\Local\{000828BC-40F3-4249-8AAB-0E2CCEF1223F}
2012-03-03 11:23 - 2012-03-03 11:23 - 0000000 ____D C:\Users\Drew\AppData\Local\{952E77FB-41CA-4DAD-987D-46251EF4DC78}
2012-03-03 11:22 - 2012-03-03 11:23 - 0000000 ____D C:\Users\Drew\AppData\Local\{4FE5629E-2023-4512-8588-1038A648ABD0}
2012-03-02 06:45 - 2012-03-02 06:45 - 0000000 ____D C:\Users\Drew\AppData\Local\{FA8864E7-D3E4-4A3F-977B-26F015F758B5}
2012-03-02 06:45 - 2012-03-02 06:45 - 0000000 ____D C:\Users\Drew\AppData\Local\{1DCA63BD-71EF-47D7-9DEC-1BAE121956B4}
2012-03-01 08:57 - 2012-03-01 09:20 - 227479552 ____A C:\Users\Drew\Downloads\nicolereg.mpg
2012-03-01 08:56 - 2012-03-01 09:59 - 710512872 ____A C:\Users\Drew\Downloads\leanne_dp_reg.wmv
2012-03-01 08:56 - 2012-03-01 09:57 - 685853945 ____A C:\Users\Drew\Downloads\lynn_full.wmv
2012-03-01 08:55 - 2012-03-01 10:14 - 1218374523 ____A C:\Users\Drew\Downloads\ecg_april.wmv
2012-03-01 08:55 - 2012-03-01 10:06 - 821456645 ____A C:\Users\Drew\Downloads\amia_reg.wmv
2012-03-01 08:22 - 2012-03-01 08:22 - 0092905 ____A C:\Users\Drew\Downloads\eba16d9c3d9f0e823f5ae18131d45b72_width_640x.jpg
2012-02-29 21:14 - 2012-02-29 21:14 - 0000000 ____D C:\Users\Drew\AppData\Local\{F1CBB603-BBEF-4F06-BC1B-E0C2E6F629B0}
2012-02-29 09:14 - 2012-02-29 21:14 - 0000000 ____D C:\Users\Drew\AppData\Local\{3D5672D5-602E-4733-917A-CBE7334F040C}
2012-02-29 00:25 - 2012-02-29 00:26 - 18762281 ____A C:\Users\Drew\Downloads\uclastory.zip
2012-02-27 11:57 - 2012-02-27 13:20 - 1023504800 ____A C:\Users\Drew\Downloads\ecg_chelsea2.wmv
2012-02-27 10:58 - 2012-02-27 11:57 - 777836337 ____A C:\Users\Drew\Downloads\ecg_khloe2.wmv
2012-02-27 10:57 - 2012-02-27 13:18 - 921023348 ____A C:\Users\Drew\Downloads\ecg_alejandra.wmv
2012-02-27 10:57 - 2012-02-27 13:17 - 1011777914 ____A C:\Users\Drew\Downloads\ecg_cassie.wmv
2012-02-27 10:57 - 2012-02-27 13:12 - 1113911562 ____A C:\Users\Drew\Downloads\ecg_camilla-hazel (1).wmv
2012-02-27 10:57 - 2012-02-27 13:05 - 743868814 ____A C:\Users\Drew\Downloads\ecg_monika.wmv
2012-02-27 10:57 - 2012-02-27 12:28 - 994343672 ____A C:\Users\Drew\Downloads\ecg_hazel.wmv
2012-02-27 08:29 - 2012-02-27 10:25 - 1254288947 ____A C:\Users\Drew\Downloads\ecg_katie3.wmv
2012-02-27 08:29 - 2012-02-27 10:10 - 1142237969 ____A C:\Users\Drew\Downloads\ecg_maelynn.wmv
2012-02-27 08:29 - 2012-02-27 09:49 - 1048408435 ____A C:\Users\Drew\Downloads\ecg_callie.wmv
2012-02-27 08:28 - 2012-02-27 10:34 - 1234257889 ____A C:\Users\Drew\Downloads\ecg_devon.wmv
2012-02-27 08:28 - 2012-02-27 10:34 - 1230715462 ____A C:\Users\Drew\Downloads\ecg_kirsten.wmv
2012-02-26 12:11 - 2012-02-26 12:11 - 0697076 ____A C:\Users\Drew\Downloads\Giraffe-ad-regular-hours.pdf
2012-02-25 22:02 - 2012-02-25 23:34 - 1150986068 ____A C:\Users\Drew\Downloads\ecg_alicia.wmv
2012-02-25 22:02 - 2012-02-25 23:14 - 852857211 ____A C:\Users\Drew\Downloads\ecg_nina2.wmv
2012-02-25 21:57 - 2012-02-25 23:35 - 1208346235 ____A C:\Users\Drew\Downloads\ecg_abrina (1).wmv
2012-02-25 21:57 - 2012-02-25 23:20 - 820935928 ____A C:\Users\Drew\Downloads\ecg_diane.wmv
2012-02-25 21:56 - 2012-02-25 22:58 - 562869286 ____A C:\Users\Drew\Downloads\ecg_kenzie.wmv
2012-02-24 17:24 - 2012-02-24 17:24 - 2941021 ____A C:\Users\Drew\Downloads\SO2012_settimes_page.pdf
2012-02-24 16:47 - 2012-02-24 16:47 - 0023648 ____A C:\Users\Drew\Downloads\780_CAS_Trial_Attorney_Position_Announcement (1).pdf
2012-02-24 13:21 - 2012-02-24 13:21 - 0000022 ____A C:\Users\Drew\Downloads\password.txt
2012-02-24 13:13 - 2012-02-24 13:13 - 0216951 ____A C:\Users\Drew\Downloads\Code+Black+Facebook+Account+Hacker.rar
2012-02-23 19:35 - 2012-02-23 19:35 - 0000000 ____D C:\Users\Drew\AppData\Local\{E03E39EB-7C9E-4E83-9688-F30F6595B3BC}
2012-02-23 19:34 - 2012-02-23 19:35 - 0000000 ____D C:\Users\Drew\AppData\Local\{5F704277-7E8D-46FD-BD90-F30C8FECCE87}
2012-02-23 08:52 - 2012-02-23 09:51 - 493328081 ____A C:\Users\Drew\Downloads\melissa_anal_reg.wmv
2012-02-23 08:51 - 2012-02-23 09:41 - 405620736 ____A C:\Users\Drew\Downloads\twins2reg.mpg
2012-02-23 08:50 - 2012-02-23 09:44 - 423170048 ____A C:\Users\Drew\Downloads\Mandi_Kristinareg.mpg
2012-02-23 08:49 - 2012-02-23 10:28 - 1337634944 ____A C:\Users\Drew\Downloads\taylor_full.wmv
2012-02-23 08:49 - 2012-02-23 10:00 - 693352872 ____A C:\Users\Drew\Downloads\tria_full.wmv
2012-02-23 08:48 - 2012-02-23 10:26 - 1304027590 ____A C:\Users\Drew\Downloads\ecg_abrina.wmv
2012-02-22 12:53 - 2012-02-22 13:27 - 467157565 ____A C:\Users\Drew\Downloads\ami_reg (1).wmv
2012-02-22 12:18 - 2012-02-22 13:21 - 679484813 ____A C:\Users\Drew\Downloads\danielle_reg.wmv
2012-02-22 12:17 - 2012-02-22 13:33 - 1113911562 ____A C:\Users\Drew\Downloads\ecg_camilla-hazel.wmv
2012-02-22 12:08 - 2012-02-22 12:45 - 368465491 ____A C:\Users\Drew\Downloads\ecg_alex_reg.wmv
2012-02-21 17:10 - 2012-02-21 17:10 - 0000000 ____D C:\Users\Drew\AppData\Local\{AA7D8E1C-78C4-4EAA-B1E8-53A540104C2D}
2012-02-21 17:09 - 2012-02-21 17:10 - 0000000 ____D C:\Users\Drew\AppData\Local\{83BE2C22-FB8A-4379-B444-E99E9CFFD82C}
2012-02-21 15:30 - 2012-02-21 15:30 - 0004923 ____A C:\Users\Drew\Downloads\Paw-Print.jpg
2012-02-21 08:12 - 2012-02-21 08:12 - 0112445 ____A C:\Users\Drew\Downloads\[isoHunt] 82b53b053b48b196264fede0bd7704008b58bc43.torrent
2012-02-20 21:17 - 2012-02-20 21:17 - 0000000 ____D C:\Users\Drew\AppData\Local\{03B0E6D1-D410-448E-A678-96B3A8CC0149}
2012-02-20 21:16 - 2012-02-20 21:16 - 0000000 ____D C:\Users\Drew\AppData\Local\{144D8547-38DC-4CBC-AF75-068583C24C20}
2012-02-20 20:47 - 2012-02-20 20:47 - 0100193 ____A C:\Users\Drew\Downloads\prof.jpg
2012-02-20 20:36 - 2012-02-20 20:36 - 0784916 ____A C:\Users\Drew\Downloads\photo (2).JPG
2012-02-20 20:36 - 2012-02-20 20:36 - 0594458 ____A C:\Users\Drew\Downloads\photo (3).JPG
2012-02-20 20:36 - 2012-02-20 20:36 - 0578387 ____A C:\Users\Drew\Downloads\photo (4).JPG
2012-02-19 09:20 - 2012-02-19 09:20 - 0000000 ____D C:\Users\Drew\AppData\Local\{D70ED9C5-BF76-4435-9B86-EC86A5E482E4}
2012-02-19 09:20 - 2012-02-19 09:20 - 0000000 ____D C:\Users\Drew\AppData\Local\{288EB533-0EF9-4386-ABBE-21FF00D0CD95}
2012-02-16 07:55 - 2012-02-16 07:55 - 0000000 ____D C:\Users\Drew\AppData\Local\{63637496-9982-4BA1-9D7A-F8FA3867F5FB}
2012-02-16 07:54 - 2012-02-16 07:55 - 0000000 ____D C:\Users\Drew\AppData\Local\{3556D878-637B-4A38-9933-331B1610DE7B}
2012-02-16 07:45 - 2012-02-16 07:46 - 0000353 ____A C:\Windows\SynInst.log
2012-02-15 15:56 - 2012-02-15 15:56 - 0606154 ____A C:\Users\Drew\Downloads\courthouselunchmenu.pdf
2012-02-15 11:50 - 2012-01-13 20:02 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-15 11:50 - 2012-01-04 01:59 - 14164480 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-02-15 11:50 - 2012-01-04 01:58 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-02-15 11:50 - 2012-01-04 01:03 - 12868096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-02-15 11:50 - 2012-01-04 01:03 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-02-15 11:50 - 2012-01-02 22:24 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-02-15 11:50 - 2012-01-02 21:44 - 0478208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2012-02-15 11:50 - 2011-12-27 19:59 - 0499200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-02-15 11:50 - 2011-12-16 00:45 - 1501184 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-15 11:50 - 2011-12-16 00:45 - 1197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-15 11:50 - 2011-12-16 00:42 - 9335296 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-15 11:50 - 2011-12-16 00:42 - 1026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-02-15 11:50 - 2011-12-16 00:42 - 0703488 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-02-15 11:50 - 2011-12-16 00:42 - 0634368 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-02-15 11:50 - 2011-12-16 00:40 - 12372480 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-15 11:50 - 2011-12-16 00:40 - 0445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-02-15 11:50 - 2011-12-16 00:02 - 1230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-15 11:50 - 2011-12-16 00:02 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-15 11:50 - 2011-12-15 23:59 - 5999104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-15 11:50 - 2011-12-15 23:59 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-02-15 11:50 - 2011-12-15 23:59 - 0606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2012-02-15 11:50 - 2011-12-15 23:59 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-02-15 11:50 - 2011-12-15 23:58 - 10991104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-15 11:50 - 2011-12-15 23:58 - 0381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-02-15 11:49 - 2011-12-16 00:45 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-15 11:49 - 2011-12-16 00:42 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-15 11:49 - 2011-12-16 00:42 - 0082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-02-15 11:49 - 2011-12-16 00:41 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-15 11:49 - 2011-12-16 00:41 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-02-15 11:49 - 2011-12-16 00:40 - 2458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-15 11:49 - 2011-12-16 00:40 - 0256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-02-15 11:49 - 2011-12-16 00:40 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-15 11:49 - 2011-12-16 00:38 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-02-15 11:49 - 2011-12-16 00:02 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-15 11:49 - 2011-12-15 23:59 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-15 11:49 - 2011-12-15 23:59 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-02-15 11:49 - 2011-12-15 23:58 - 2072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-15 11:49 - 2011-12-15 23:58 - 0185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-02-15 11:49 - 2011-12-15 23:58 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-15 11:49 - 2011-12-15 23:58 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-15 11:49 - 2011-12-15 23:58 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-02-15 11:49 - 2011-12-15 23:56 - 0012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-02-15 11:49 - 2011-12-15 23:26 - 0482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-02-15 11:49 - 2011-12-15 22:49 - 0386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-02-15 11:49 - 2011-12-15 22:43 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-15 11:49 - 2011-12-15 22:15 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-12 14:40 - 2012-03-06 18:37 - 0000000 __ASH C:\Windows\System32\dds_log_trash.cmd
2012-02-11 10:16 - 2012-02-11 10:16 - 0023648 ____A C:\Users\Drew\Downloads\780_CAS_Trial_Attorney_Position_Announcement.pdf
2012-02-10 14:34 - 2012-02-10 14:34 - 0000000 ____D C:\Users\Drew\AppData\Local\{F55DDE33-E3B8-42ED-8173-898472A97B07}
2012-02-10 14:33 - 2012-02-10 14:34 - 0000000 ____D C:\Users\Drew\AppData\Local\{0EEB6932-E706-49B3-A77B-58BC454923E7}
2012-02-10 12:36 - 2012-02-10 12:37 - 0000000 ____D C:\Users\Drew\AppData\Local\{59C552AE-5685-4F1F-8B06-91EF74EB8FDB}
2012-02-10 12:36 - 2012-02-10 12:36 - 0000000 ____D C:\Users\Drew\AppData\Local\{C88E016E-A832-4F58-995D-4E607127337C}
2012-02-10 12:33 - 2012-02-10 12:33 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\Drew\Downloads\mbam-setup-1.60.1.1000.exe
2012-02-10 12:31 - 2012-02-10 12:31 - 0607260 ____R (Swearware) C:\Users\Drew\Downloads\dds.com
2012-02-10 12:26 - 2012-02-10 12:26 - 0509440 ____A (iS3, Inc.) C:\Users\Drew\Downloads\STOPzilla_Setup (1).exe
2012-02-10 12:25 - 2012-02-10 12:25 - 0000000 ___SD C:\ComboFix
2012-02-10 12:13 - 2012-02-10 12:16 - 0079944 ____A C:\TDSSKiller.2.7.11.0_10.02.2012_12.13.24_log.txt
2012-02-10 12:07 - 2012-02-10 12:08 - 0000000 ____D C:\Users\Drew\AppData\Local\{6F55DBC5-0DD2-4D95-A7F8-2AD1E4342107}
2012-02-10 12:07 - 2012-02-10 12:07 - 0000000 ____D C:\Users\Drew\AppData\Local\{A62F1D22-ECD3-4942-9783-6C9FA8FFEA65}
2012-02-10 12:03 - 2012-03-06 07:10 - 2063920 ____A (Kaspersky Lab ZAO) C:\Users\Drew\Desktop\TDSSKiller.exe
2012-02-10 12:03 - 2011-01-01 01:14 - 0002254 ____A C:\Users\Drew\Desktop\eula.txt
2012-02-10 11:38 - 2012-02-10 11:38 - 2041278 ____A C:\Users\Drew\Downloads\tdsskiller (1).zip
2012-02-10 11:37 - 2012-02-10 11:38 - 4400207 ____R (Swearware) C:\Users\Drew\Downloads\ComboFix.exe
2012-02-09 09:10 - 2012-02-09 09:11 - 0000000 ____D C:\Users\Drew\AppData\Local\{E931DA6F-9515-4468-9E03-D49B3F6CEDA1}
2012-02-09 09:10 - 2012-02-09 09:10 - 0000000 ____D C:\Users\Drew\AppData\Local\{ABC2EDC1-F188-429D-9962-B539668532BB}
2012-02-09 09:01 - 2012-02-09 09:01 - 0509440 ____A (iS3, Inc.) C:\Users\Drew\Downloads\STOPzilla_Setup.exe
2012-02-08 07:07 - 2012-02-08 07:07 - 0000000 ____D C:\Users\Drew\AppData\Local\{9FC3AC38-E77B-4E83-A14B-0B7663D5B098}
2012-02-08 07:07 - 2012-02-08 07:07 - 0000000 ____D C:\Users\Drew\AppData\Local\{36737213-83F8-4437-B494-EE9D0D8435E4}
2012-02-07 07:20 - 2012-02-07 07:20 - 0000000 ____D C:\Users\Drew\AppData\Local\{7E10C6F3-C1E4-4DAC-8885-477775418553}
2012-02-07 07:20 - 2012-02-07 07:20 - 0000000 ____D C:\Users\Drew\AppData\Local\{17BDBA55-20FE-4B55-88F2-8DD9AF522E22}
2012-02-07 07:18 - 2012-02-07 07:18 - 0282664 ____A C:\Windows\Minidump\020712-36816-01.dmp
2012-02-07 07:16 - 2012-02-07 07:16 - 1015096 ____A C:\Users\Drew\Downloads\crown_fellowship_hr_brochure.pdf
2012-02-05 08:33 - 2012-02-05 08:33 - 0000000 ____A C:\Users\Drew\Downloads\download (1)
2012-02-05 08:33 - 2012-02-05 08:33 - 0000000 ____A C:\Users\Drew\Downloads\download


============ 3 Months Modified Files and Folders =============

2012-03-06 18:39 - 2012-03-06 18:39 - 0000000 ____D C:\FRST
2012-03-06 18:37 - 2012-02-12 14:40 - 0000000 __ASH C:\Windows\System32\dds_log_trash.cmd
2012-03-06 18:37 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-06 18:37 - 2009-07-13 20:51 - 0068690 ____A C:\Windows\setupact.log
2012-03-06 18:36 - 2010-10-14 09:25 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-03-06 18:36 - 2010-06-26 01:42 - 1528683 ____A C:\Windows\WindowsUpdate.log
2012-03-06 18:36 - 2010-06-26 01:34 - 3062255616 __ASH C:\hiberfil.sys
2012-03-06 18:36 - 2009-07-13 20:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-03-06 18:36 - 2009-07-13 20:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-03-06 18:31 - 2011-10-11 07:34 - 0000000 ___RD C:\Users\Drew\Dropbox
2012-03-06 18:31 - 2011-10-11 07:32 - 0000000 ____D C:\Users\Drew\AppData\Roaming\Dropbox
2012-03-06 18:31 - 2010-10-28 19:57 - 0000000 ____D C:\Users\Drew\Tracing
2012-03-06 18:31 - 2010-10-27 07:27 - 0000000 ____D C:\Users\Drew\AppData\Roaming\BitTorrent
2012-03-06 18:31 - 2010-10-14 09:25 - 0000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-03-06 18:30 - 2011-11-02 07:38 - 0000328 ____A C:\Windows\Tasks\HPCeeScheduleForDrew.job
2012-03-06 18:24 - 2010-10-08 14:38 - 0000000 ____D C:\Users\Drew\Calibre Library
2012-03-06 18:24 - 2009-07-13 21:13 - 0726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-03-06 18:03 - 2010-08-26 20:20 - 0000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-540288810-2497427636-1473453702-1001UA.job
2012-03-06 17:04 - 2012-03-04 10:17 - 0002391 ____A C:\Users\Drew\Desktop\Google Chrome.lnk
2012-03-06 16:55 - 2011-09-15 12:50 - 0000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-540288810-2497427636-1473453702-1001UA.job
2012-03-06 16:04 - 2012-03-06 16:04 - 0000000 ____D C:\Users\All Users\Panda Security
2012-03-06 16:04 - 2012-03-06 16:04 - 0000000 ____D C:\ProgramData\Panda Security
2012-03-06 16:04 - 2012-03-06 16:04 - 0000000 ____D C:\Program Files (x86)\Panda USB Vaccine
2012-03-06 16:03 - 2012-03-06 16:03 - 0848856 ____A (Panda Security ) C:\Users\Drew\Downloads\USBVaccineSetup.exe
2012-03-06 13:55 - 2011-09-15 12:50 - 0000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-540288810-2497427636-1473453702-1001Core.job
2012-03-06 13:50 - 2012-03-06 15:43 - 361866667 ____A C:\Users\Drew\Downloads\tamber_brcc.wmv
2012-03-06 13:44 - 2012-03-06 12:35 - 451263587 ____A C:\Users\Drew\Downloads\delaney_brcc.wmv
2012-03-06 13:43 - 2012-03-06 12:36 - 486122468 ____A C:\Users\Drew\Downloads\paige_brcc.wmv
2012-03-06 13:42 - 2012-03-06 12:36 - 443482211 ____A C:\Users\Drew\Downloads\taylor_brcc.wmv
2012-03-06 13:40 - 2012-03-06 12:36 - 352643392 ____A C:\Users\Drew\Downloads\daisy_brcc.wmv
2012-03-06 13:36 - 2012-03-06 12:37 - 586315580 ____A C:\Users\Drew\Downloads\mother-daughter_brcc.wmv
2012-03-06 13:03 - 2012-03-06 12:38 - 263754627 ____A C:\Users\Drew\Downloads\serena_brcc.wmv
2012-03-06 12:04 - 2010-08-26 20:08 - 0000000 ____D C:\users\Drew
2012-03-06 11:46 - 2012-03-06 11:46 - 1345021 ____A C:\Users\Drew\Downloads\photo (5).JPG
2012-03-06 11:23 - 2012-03-06 11:23 - 0014831 ____A C:\Users\Drew\Downloads\[[Demonoid.me]]-7_Weeks_to_50_Pull_Ups_Strengthen_and_Sculpt_Your_Arms_Shoulders_Back_and_Abs_by_Training_to_Do_2011_(PDF_Epub)_Mantesh_9963251.7286.torrent
2012-03-06 11:23 - 2012-03-06 11:23 - 0011218 ____A C:\Users\Drew\Downloads\(Demonoid.me)-7_Weeks_to_100_Push_Ups_Strengthen_and_Sculpt_Your_Arms_Abs_Chest_Back_and_Glutes_by_Training_to_do_100_Consecutive_Push_Ups_Mantesh_9963251.7286.torrent
2012-03-06 11:23 - 2012-03-06 11:23 - 0000000 ____D C:\Users\Drew\Downloads\7 Weeks to 50 Pull-Ups - Strengthen and Sculpt Your Arms, Shoulders, Back, and Abs by Training to Do 2011(PDF,Epub) -Mantesh
2012-03-06 11:23 - 2012-03-06 11:23 - 0000000 ____D C:\Users\Drew\Downloads\7 Weeks to 100 Push-Ups -Strengthen and Sculpt Your Arms, Abs, Chest, Back and Glutes by Training -Mantesh
2012-03-06 09:44 - 2012-03-06 09:15 - 0000000 ____D C:\Users\Drew\Downloads\29 Dog Training eBooks
2012-03-06 09:20 - 2012-03-06 09:19 - 0000000 ____D C:\Users\Drew\Downloads\Dog training books collection. Humane, positive training
2012-03-06 09:17 - 2012-03-06 09:17 - 0031911 ____A C:\Users\Drew\Downloads\[isoHunt] Dog training books collection. Humane, positive training.torrent
2012-03-06 09:16 - 2012-03-06 09:16 - 0005548 ____A C:\Users\Drew\Downloads\[isoHunt] For Dummies - Puppies, Dog Training, Dog Grooming.torrent
2012-03-06 09:16 - 2012-03-06 09:16 - 0000000 ____D C:\Users\Drew\Downloads\For Dummies - Puppies, Dog Training, Dog Grooming
2012-03-06 09:14 - 2012-03-06 09:14 - 0019082 ____A C:\Users\Drew\Downloads\29_Dog_Training_eBooks__+-Demonoid.me-+_9963251.7286.torrent
2012-03-06 09:10 - 2012-03-06 09:10 - 0006276 ____A C:\Users\Drew\Downloads\How_to_Raise_a_Perfect_Dog_Through_Puppyhood_and_Beyond_By_Cesar_Millan-[Demonoid.me]_9963251.7286.torrent
2012-03-06 09:10 - 2012-03-06 09:10 - 0000000 ____D C:\Users\Drew\Downloads\How to Raise the Perfect Dog - Through Puppyhood and Beyond - Cesar Millan
2012-03-06 08:50 - 2012-03-06 08:07 - 0000000 ____D C:\Users\Drew\Downloads\The UltraSimple Diet Kick-start Your Metabolism and Safely Lose Up to 10 Pounds in 7 Days-Mantesh
2012-03-06 08:50 - 2011-11-23 08:19 - 0000000 ____D C:\Users\Drew\Downloads\Jo Nesbo
2012-03-06 08:46 - 2012-03-06 08:29 - 0000000 ____D C:\Users\Drew\Downloads\Watchmen
2012-03-06 08:42 - 2012-03-06 08:42 - 0012367 ____A C:\Users\Drew\Downloads\[isoHunt] Jason_Mraz_-_I_Wont_Give_Up_2012_(Single)_Stumpie1971.6934487.TPB.torrent
2012-03-06 08:42 - 2012-03-06 08:42 - 0000000 ____D C:\Users\Drew\Downloads\Jason Mraz - I Wont Give Up 2012
2012-03-06 08:41 - 2012-03-06 08:41 - 0000000 ____D C:\Users\Drew\Downloads\Jason Mraz - Live Is a Four Letter Word {2012-EP}[EP]
2012-03-06 08:40 - 2012-03-06 08:40 - 0019901 ____A C:\Users\Drew\Downloads\[isoHunt] Jason Mraz - Live Is a Four Letter Word {2012-EP}[EP].torrent
2012-03-06 08:38 - 2012-03-06 08:38 - 0606447 ____A C:\Users\Drew\Downloads\FreeMe2_win32-0.4.zip
2012-03-06 08:29 - 2012-03-06 08:29 - 0018766 ____A C:\Users\Drew\Downloads\COMPLETE_Watchmen_[With_many_extras_including_hilariously_bad_movie_script_from_1989!]-((Demonoid.me))_9963251.7286.torrent
2012-03-06 08:25 - 2012-03-06 08:25 - 0023939 ____A C:\Users\Drew\Downloads\[Weight_Loss_Health]_Ultra_Metabolism_by_Mark_Hyman_M_D__O-Demonoid.me-O_9963251.7286.torrent
2012-03-06 08:24 - 2012-03-06 08:24 - 0026308 ____A C:\Users\Drew\Downloads\[isoHunt] download.torrent
2012-03-06 08:07 - 2012-03-06 07:57 - 0000000 ____D C:\Users\Drew\Downloads\NYT Bestsellers 3-4-12
2012-03-06 08:03 - 2012-03-06 08:03 - 0004804 ____A C:\Users\Drew\Downloads\[isoHunt] The UltraSimple Diet Kick-start Your Metabolism and Safely Lose Up to 10 Pounds in 7 Days-Mantesh.torrent
2012-03-06 08:03 - 2012-03-06 08:03 - 0003772 ____A C:\Users\Drew\Downloads\[isoHunt] The Blood Sugar Solution The UltraHealthy Program for Losing Weight, Preventing Disease, and Feeling Great Now by Mark Hyman.torrent
2012-03-06 08:02 - 2012-03-06 08:02 - 0023939 ____A C:\Users\Drew\Downloads\o-Demonoid.me-o_[Weight_Loss_Health]_Ultra_Metabolism_by_Mark_Hyman_M_D__9963251.7286.torrent
2012-03-06 08:01 - 2012-03-06 08:01 - 0005266 ____A C:\Users\Drew\Downloads\x-Demonoid.me-x_The_UltraSimple_Diet_Kick_start_Your_Metabolism_and_Safely_Lose_Up_to_10_Pounds_in_7_Days_Mantesh_9963251.7286.torrent
2012-03-06 08:00 - 2012-03-06 08:00 - 0002202 ____A C:\Users\Drew\Downloads\The_UltraMind_Solution_Fix_Your_Broken_Brain_by_Healing_Your_Body_First-[Demonoid.me]_9963251.7286.torrent
2012-03-06 07:56 - 2012-03-06 07:56 - 0050496 ____A C:\Users\Drew\Downloads\(Demonoid.me)-New_York_Times_Bestsellers_for_3_4_12_9963251.7286.torrent
2012-03-06 07:56 - 2012-03-06 07:56 - 0002978 ____A C:\Users\Drew\Downloads\The_Power_of_Habit_Why_We_Do_What_We_Do_in_Life_and_Business_(2012)_epub_mobi_+-Demonoid.me-+_9963251.7286.torrent
2012-03-06 07:12 - 2012-03-06 07:11 - 0079538 ____A C:\TDSSKiller.2.7.19.0_06.03.2012_07.11.36_log.txt
2012-03-06 07:10 - 2012-02-10 12:03 - 2063920 ____A (Kaspersky Lab ZAO) C:\Users\Drew\Desktop\TDSSKiller.exe
2012-03-06 07:07 - 2010-08-26 21:41 - 0000000 ____D C:\Users\Drew\AppData\Roaming\Skype
2012-03-05 21:03 - 2010-08-26 20:20 - 0000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-540288810-2497427636-1473453702-1001Core.job
2012-03-05 15:27 - 2012-03-05 15:27 - 0007440 ____A C:\Users\Drew\Desktop\Attach.txt
2012-03-05 15:11 - 2012-03-05 15:11 - 0000000 ____D C:\Users\Drew\AppData\Local\{E48E6F14-8187-42B3-9931-0146503151F0}
2012-03-05 15:11 - 2012-03-05 15:11 - 0000000 ____D C:\Users\Drew\AppData\Local\{7111FF05-4FD1-4AE8-A6FA-36875084C8D5}
2012-03-05 15:10 - 2011-10-26 14:35 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-03-05 15:10 - 2011-10-26 14:35 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-03-05 15:04 - 2010-06-26 01:45 - 0490468 ____A C:\Windows\PFRO.log
2012-03-05 13:25 - 2012-03-05 13:25 - 0000000 ____D C:\Users\Drew\Downloads\The Lorax
2012-03-05 13:24 - 2012-03-05 13:24 - 0008841 ____A C:\Users\Drew\Downloads\Dr_Seuss's_The_Lorax_O-Demonoid.me-O_9963251.7286.torrent
2012-03-04 11:38 - 2012-03-04 09:54 - 0000000 ___SD C:\32788R22FWJFW
2012-03-04 10:16 - 2012-03-04 09:41 - 0000000 __ASH C:\Windows\muzuki.exc
2012-03-04 10:06 - 2011-12-19 21:05 - 0000000 ____D C:\Users\Drew\Downloads\Vh1's 100 Best Songs of the 90's
2012-03-04 10:06 - 2011-12-13 09:50 - 0000000 ____D C:\Users\Drew\Downloads\Pearl Jam - 2011 - Vancouver, British Columbia (9-25-11) FLAC
2012-03-04 10:06 - 2011-12-07 06:51 - 0000000 ____D C:\Users\Drew\Downloads\Eminem Discography (1995-2009)
2012-03-04 10:06 - 2011-12-07 06:47 - 0000000 ____D C:\Users\Drew\Downloads\B.o.B - EPIC Every Play Is Crucial [2011] [160 kbps]
2012-03-04 10:06 - 2011-12-07 06:45 - 0000000 ____D C:\Users\Drew\Downloads\The Black Keys
2012-03-04 10:06 - 2011-12-07 06:31 - 0000000 ____D C:\Users\Drew\Downloads\El Camino
2012-03-04 10:06 - 2011-12-05 05:49 - 0000000 ____D C:\Users\Drew\Downloads\MS Office 2007 Professional Plus SP3
2012-03-04 10:06 - 2011-12-05 05:48 - 0000000 ____D C:\Users\Drew\Downloads\Office 2010 Toolkit and EZ-Activator v 2.1.6 Final
2012-03-04 10:06 - 2011-11-03 16:10 - 0000000 ____D C:\Users\Drew\Downloads\Trombone_Shorty-For_True-2011-C4
2012-03-04 10:06 - 2011-11-03 16:10 - 0000000 ____D C:\Users\Drew\Downloads\Trombone Shorty - Backatown [2010]
2012-03-04 10:06 - 2011-10-29 11:08 - 0000000 ____D C:\Users\Drew\Downloads\bill bryson
2012-03-04 10:06 - 2011-10-29 11:07 - 0000000 ____D C:\Users\Drew\Downloads\Shakespeare (8)
2012-03-04 10:06 - 2011-10-28 13:26 - 0000000 ____D C:\Users\Drew\Downloads\Malwarebytes' Anti-Malware 1.51.2.1300
2012-03-04 10:06 - 2011-10-25 17:45 - 0000000 ____D C:\Users\Drew\Downloads\RegInOut System Utilities V3.0.0.2 {Precracked} {blaze69}
2012-03-04 10:06 - 2011-10-18 05:42 - 0000000 ____D C:\Users\Drew\Downloads\Understanding the Fundamentals of Music
2012-03-04 10:06 - 2011-10-17 07:06 - 0000000 ____D C:\Users\Drew\Downloads\TTC Video - The Everyday Guide To Wine (24 Lectures - 2010)
2012-03-04 10:06 - 2011-10-17 06:56 - 0000000 ____D C:\Users\Drew\Downloads\TTC Video - How to Look At and Understand Great Art
2012-03-04 10:06 - 2011-10-08 11:11 - 0000000 ____D C:\Users\Drew\Downloads\On the Road
2012-03-04 10:06 - 2011-10-07 14:56 - 0000000 ____D C:\Users\Drew\Downloads\Entre los Que Quieran
2012-03-04 10:06 - 2011-10-04 15:44 - 0000000 ____D C:\Users\Drew\Downloads\Nirvana - Nevermind (Super Deluxe 4CD iTunes Version)-AAC-2011
2012-03-04 10:06 - 2011-09-29 14:25 - 0000000 ____D C:\Users\Drew\Downloads\hammett
2012-03-04 10:06 - 2011-08-09 21:15 - 0000000 ____D C:\Users\Drew\Downloads\Skrillex - Scary Monsters and Nice Sprites [FLAC _ MP3]
2012-03-04 10:06 - 2011-08-08 17:33 - 0000000 ____D C:\Users\Drew\Downloads\Watch the Throne (Deluxe Version)
2012-03-04 10:06 - 2011-06-28 07:24 - 0000000 ____D C:\Users\Drew\Downloads\Bon Iver - Bon Iver(2011) [FLAC]
2012-03-04 10:06 - 2011-06-09 11:03 - 0000000 ____D C:\Users\Drew\Downloads\The Ting Tings - We Started Nothing
2012-03-04 10:06 - 2011-06-09 10:58 - 0000000 ____D C:\Users\Drew\Downloads\Saturday Sessions the Dermot O' Leary Show
2012-03-04 10:06 - 2011-06-09 10:49 - 0000000 ____D C:\Users\Drew\Downloads\Arctic Monkeys
2012-03-04 10:06 - 2011-06-07 23:42 - 0000000 ____D C:\Users\Drew\Downloads\Suck It and See
2012-03-04 10:06 - 2011-05-28 09:17 - 0000000 ____D C:\Users\Drew\Downloads\Helplessness Blues
2012-03-04 10:06 - 2011-05-26 17:38 - 0000000 ____D C:\Users\Drew\Downloads\Eddie Vedder – Ukulele Songs (2011)
2012-03-04 10:06 - 2011-05-24 20:04 - 0000000 ____D C:\Users\Drew\Downloads\Reddit's Favorite Books
2012-03-04 10:06 - 2011-05-23 22:46 - 0000000 ____D C:\Users\Drew\Downloads\iBooks
2012-03-04 10:06 - 2011-05-23 22:38 - 0000000 ____D C:\Users\Drew\Downloads\Michelangelo and the Pope's Ceiling
2012-03-04 10:06 - 2011-05-23 22:10 - 0000000 ____D C:\Users\Drew\Downloads\Boston Legal
2012-03-04 10:06 - 2011-05-23 22:08 - 0000000 ____D C:\Users\Drew\Downloads\4HOURBODY
2012-03-04 10:06 - 2011-05-20 12:08 - 0000000 ____D C:\Users\Drew\Downloads\eBooks
2012-03-04 10:06 - 2011-05-17 06:43 - 0000000 ____D C:\Users\Drew\Downloads\Danger Mouse & Daniele Luppi - Rome (2011) MP3
2012-03-04 10:06 - 2011-05-02 17:58 - 0000000 ____D C:\Users\Drew\Downloads\Beastie Boys - Hot Sauce Committee Part Two (Explicit) [MJN]
2012-03-04 10:06 - 2011-02-18 17:31 - 0000000 ____D C:\Users\Drew\Downloads\Pepper - Stitches
2012-03-04 10:06 - 2011-02-16 09:33 - 0000000 ____D C:\Users\Drew\Downloads\Bright Eyes - The People's Key (2011)(ADVANCE)(Indie Folk Rock)(MP3@320)
2012-03-04 10:06 - 2011-02-05 18:31 - 0000000 ____D C:\Users\Drew\Downloads\The Black Keys - Brothers[2010][CD+Cov]320Kbps
2012-03-04 10:06 - 2011-01-09 20:34 - 0000000 ____D C:\Users\Drew\Downloads\e-books
2012-03-04 10:06 - 2011-01-09 00:11 - 0000000 ____D C:\Users\Drew\Downloads\Bob_Marley-Legend_The_Best_of_Bob_Marley_And_The_Wailers-2002
2012-03-04 10:06 - 2011-01-09 00:11 - 0000000 ____D C:\Users\Drew\Downloads\Bob Marley Songs Of Freedom (Limited Edition)-Kompletlywyred.com-DHZ.Inc Release
2012-03-04 10:06 - 2011-01-06 19:30 - 0000000 ____D C:\Users\Drew\Downloads\Pearl Jam
2012-03-04 10:06 - 2010-11-12 18:26 - 0000000 ____D C:\Users\Drew\Downloads\Kanye West – My Beautiful Dark Twisted Fantasy [2010-MP3-Cov][Bubanee]
2012-03-04 10:06 - 2010-11-04 12:40 - 0000000 ____D C:\Users\Drew\Downloads\Robbie Williams - Swing When Youre Winning (2001)
2012-03-04 10:06 - 2010-11-04 12:40 - 0000000 ____D C:\Users\Drew\Downloads\Jason Mraz - Singles
2012-03-04 10:06 - 2010-11-04 12:15 - 0000000 ____D C:\Users\Drew\Downloads\1986 Beastie Boys - Licensed To Ill
2012-03-04 10:06 - 2010-11-04 12:05 - 0000000 ____D C:\Users\Drew\Downloads\Kid Cudi - Man on the Moon II
2012-03-04 10:00 - 2012-03-04 10:00 - 0001218 ____A C:\Users\Drew\Desktop\Spybot - Search & Destroy.lnk
2012-03-04 10:00 - 2011-10-26 14:35 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-04 09:51 - 2010-08-26 22:02 - 0000000 ____D C:\Users\Drew\AppData\Roaming\Mozilla
2012-03-04 09:50 - 2012-03-04 09:50 - 0001090 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-03-04 09:50 - 2010-08-27 07:00 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-03-04 09:47 - 2012-03-04 09:47 - 0000000 ____D C:\Users\Drew\AppData\Local\{1ADEE9AE-481E-4B2C-B6B1-96136AE12C93}
2012-03-04 09:47 - 2012-03-04 09:46 - 0000000 ____D C:\Users\Drew\AppData\Local\{38B35136-B238-4951-8903-085C0ECAC0BC}
2012-03-04 09:47 - 2011-10-11 07:34 - 0001013 ____A C:\Users\Drew\Desktop\Dropbox.lnk
2012-03-04 09:47 - 2011-10-11 07:33 - 0000993 ____A C:\Users\Drew\Start Menu\Programs\Startup\Dropbox.lnk
2012-03-04 09:47 - 2011-10-11 07:33 - 0000993 ____A C:\Users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2012-03-04 09:42 - 2010-08-26 20:20 - 0000000 ____D C:\Users\Drew\AppData\Local\Deployment
2012-03-04 09:42 - 2010-08-26 20:20 - 0000000 ____D C:\Users\Drew\AppData\Local\Apps\2.0
2012-03-04 09:40 - 2012-03-04 09:40 - 3712496 ____A (PC Tools) C:\Users\Drew\Downloads\SDAV_Online_aff_GenericRevenueWire_207.exe
2012-03-04 09:23 - 2011-01-20 16:21 - 0000000 ____D C:\Users\Drew\AppData\Local\CrashDumps
2012-03-04 03:00 - 2011-10-25 17:28 - 0000354 ____A C:\Windows\Tasks\RegInOut Scheduled Scan - Drew.job
2012-03-03 18:22 - 2012-03-03 18:22 - 0086583 ____A C:\Users\Drew\Desktop\United Airlines - Thank You for Choosing United Airlines.htm
2012-03-03 18:22 - 2012-03-03 18:22 - 0000000 ____D C:\Users\Drew\Desktop\United Airlines - Thank You for Choosing United Airlines_files
2012-03-03 17:22 - 2012-03-03 17:22 - 0002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-03-03 17:22 - 2010-08-26 21:40 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-03-03 17:22 - 2010-08-26 21:40 - 0000000 ____D C:\Users\All Users\Skype
2012-03-03 17:22 - 2010-08-26 21:40 - 0000000 ____D C:\ProgramData\Skype
2012-03-03 17:21 - 2012-03-03 17:21 - 0944264 ____A (Skype Technologies S.A.) C:\Users\Drew\Downloads\SkypeSetup (1).exe
2012-03-03 17:20 - 2012-03-03 17:20 - 0000000 ____D C:\Users\Drew\AppData\Local\{FF5C366B-AC69-4278-A770-6426E93E2DDB}
2012-03-03 17:20 - 2012-03-03 17:20 - 0000000 ____D C:\Users\Drew\AppData\Local\{000828BC-40F3-4249-8AAB-0E2CCEF1223F}
2012-03-03 11:29 - 2010-11-09 10:14 - 0000000 ____D C:\Users\Drew\AppData\Roaming\FrostWire
2012-03-03 11:23 - 2012-03-03 11:23 - 0000000 ____D C:\Users\Drew\AppData\Local\{952E77FB-41CA-4DAD-987D-46251EF4DC78}
2012-03-03 11:23 - 2012-03-03 11:22 - 0000000 ____D C:\Users\Drew\AppData\Local\{4FE5629E-2023-4512-8588-1038A648ABD0}
2012-03-03 11:20 - 2010-10-27 07:28 - 0000000 ____D C:\Program Files (x86)\BitTorrent
2012-03-03 10:41 - 2011-12-11 10:27 - 0000000 ____D C:\Users\Drew\.frostwire5
2012-03-02 06:45 - 2012-03-02 06:45 - 0000000 ____D C:\Users\Drew\AppData\Local\{FA8864E7-D3E4-4A3F-977B-26F015F758B5}
2012-03-02 06:45 - 2012-03-02 06:45 - 0000000 ____D C:\Users\Drew\AppData\Local\{1DCA63BD-71EF-47D7-9DEC-1BAE121956B4}
2012-03-02 06:45 - 2011-05-31 20:48 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-03-01 10:14 - 2012-03-01 08:55 - 1218374523 ____A C:\Users\Drew\Downloads\ecg_april.wmv
2012-03-01 10:06 - 2012-03-01 08:55 - 821456645 ____A C:\Users\Drew\Downloads\amia_reg.wmv
2012-03-01 09:59 - 2012-03-01 08:56 - 710512872 ____A C:\Users\Drew\Downloads\leanne_dp_reg.wmv
2012-03-01 09:57 - 2012-03-01 08:56 - 685853945 ____A C:\Users\Drew\Downloads\lynn_full.wmv
2012-03-01 09:20 - 2012-03-01 08:57 - 227479552 ____A C:\Users\Drew\Downloads\nicolereg.mpg
2012-03-01 08:22 - 2012-03-01 08:22 - 0092905 ____A C:\Users\Drew\Downloads\eba16d9c3d9f0e823f5ae18131d45b72_width_640x.jpg
2012-02-29 21:14 - 2012-02-29 21:14 - 0000000 ____D C:\Users\Drew\AppData\Local\{F1CBB603-BBEF-4F06-BC1B-E0C2E6F629B0}
2012-02-29 21:14 - 2012-02-29 09:14 - 0000000 ____D C:\Users\Drew\AppData\Local\{3D5672D5-602E-4733-917A-CBE7334F040C}
2012-02-29 00:26 - 2012-02-29 00:25 - 18762281 ____A C:\Users\Drew\Downloads\uclastory.zip
2012-02-27 13:20 - 2012-02-27 11:57 - 1023504800 ____A C:\Users\Drew\Downloads\ecg_chelsea2.wmv
2012-02-27 13:18 - 2012-02-27 10:57 - 921023348 ____A C:\Users\Drew\Downloads\ecg_alejandra.wmv
2012-02-27 13:17 - 2012-02-27 10:57 - 1011777914 ____A C:\Users\Drew\Downloads\ecg_cassie.wmv
2012-02-27 13:12 - 2012-02-27 10:57 - 1113911562 ____A C:\Users\Drew\Downloads\ecg_camilla-hazel (1).wmv
2012-02-27 13:05 - 2012-02-27 10:57 - 743868814 ____A C:\Users\Drew\Downloads\ecg_monika.wmv
2012-02-27 12:28 - 2012-02-27 10:57 - 994343672 ____A C:\Users\Drew\Downloads\ecg_hazel.wmv
2012-02-27 11:57 - 2012-02-27 10:58 - 777836337 ____A C:\Users\Drew\Downloads\ecg_khloe2.wmv
2012-02-27 10:34 - 2012-02-27 08:28 - 1234257889 ____A C:\Users\Drew\Downloads\ecg_devon.wmv
2012-02-27 10:34 - 2012-02-27 08:28 - 1230715462 ____A C:\Users\Drew\Downloads\ecg_kirsten.wmv
2012-02-27 10:25 - 2012-02-27 08:29 - 1254288947 ____A C:\Users\Drew\Downloads\ecg_katie3.wmv
2012-02-27 10:10 - 2012-02-27 08:29 - 1142237969 ____A C:\Users\Drew\Downloads\ecg_maelynn.wmv
2012-02-27 09:49 - 2012-02-27 08:29 - 1048408435 ____A C:\Users\Drew\Downloads\ecg_callie.wmv
2012-02-26 12:11 - 2012-02-26 12:11 - 0697076 ____A C:\Users\Drew\Downloads\Giraffe-ad-regular-hours.pdf
2012-02-25 23:35 - 2012-02-25 21:57 - 1208346235 ____A C:\Users\Drew\Downloads\ecg_abrina (1).wmv
2012-02-25 23:34 - 2012-02-25 22:02 - 1150986068 ____A C:\Users\Drew\Downloads\ecg_alicia.wmv
2012-02-25 23:20 - 2012-02-25 21:57 - 820935928 ____A C:\Users\Drew\Downloads\ecg_diane.wmv
2012-02-25 23:14 - 2012-02-25 22:02 - 852857211 ____A C:\Users\Drew\Downloads\ecg_nina2.wmv
2012-02-25 22:58 - 2012-02-25 21:56 - 562869286 ____A C:\Users\Drew\Downloads\ecg_kenzie.wmv
2012-02-24 17:24 - 2012-02-24 17:24 - 2941021 ____A C:\Users\Drew\Downloads\SO2012_settimes_page.pdf
2012-02-24 16:47 - 2012-02-24 16:47 - 0023648 ____A C:\Users\Drew\Downloads\780_CAS_Trial_Attorney_Position_Announcement (1).pdf
2012-02-24 13:21 - 2012-02-24 13:21 - 0000022 ____A C:\Users\Drew\Downloads\password.txt
2012-02-24 13:13 - 2012-02-24 13:13 - 0216951 ____A C:\Users\Drew\Downloads\Code+Black+Facebook+Account+Hacker.rar
2012-02-23 19:35 - 2012-02-23 19:35 - 0000000 ____D C:\Users\Drew\AppData\Local\{E03E39EB-7C9E-4E83-9688-F30F6595B3BC}
2012-02-23 19:35 - 2012-02-23 19:34 - 0000000 ____D C:\Users\Drew\AppData\Local\{5F704277-7E8D-46FD-BD90-F30C8FECCE87}
2012-02-23 10:28 - 2012-02-23 08:49 - 1337634944 ____A C:\Users\Drew\Downloads\taylor_full.wmv
2012-02-23 10:26 - 2012-02-23 08:48 - 1304027590 ____A C:\Users\Drew\Downloads\ecg_abrina.wmv
2012-02-23 10:00 - 2012-02-23 08:49 - 693352872 ____A C:\Users\Drew\Downloads\tria_full.wmv
2012-02-23 09:51 - 2012-02-23 08:52 - 493328081 ____A C:\Users\Drew\Downloads\melissa_anal_reg.wmv
2012-02-23 09:44 - 2012-02-23 08:50 - 423170048 ____A C:\Users\Drew\Downloads\Mandi_Kristinareg.mpg
2012-02-23 09:41 - 2012-02-23 08:51 - 405620736 ____A C:\Users\Drew\Downloads\twins2reg.mpg
2012-02-23 09:18 - 2010-08-26 20:35 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-22 13:33 - 2012-02-22 12:17 - 1113911562 ____A C:\Users\Drew\Downloads\ecg_camilla-hazel.wmv
2012-02-22 13:27 - 2012-02-22 12:53 - 467157565 ____A C:\Users\Drew\Downloads\ami_reg (1).wmv
2012-02-22 13:21 - 2012-02-22 12:18 - 679484813 ____A C:\Users\Drew\Downloads\danielle_reg.wmv
2012-02-22 12:45 - 2012-02-22 12:08 - 368465491 ____A C:\Users\Drew\Downloads\ecg_alex_reg.wmv
2012-02-21 17:10 - 2012-02-21 17:10 - 0000000 ____D C:\Users\Drew\AppData\Local\{AA7D8E1C-78C4-4EAA-B1E8-53A540104C2D}
2012-02-21 17:10 - 2012-02-21 17:09 - 0000000 ____D C:\Users\Drew\AppData\Local\{83BE2C22-FB8A-4379-B444-E99E9CFFD82C}
2012-02-21 16:36 - 2009-07-13 20:45 - 0441352 ____A C:\Windows\System32\FNTCACHE.DAT
2012-02-21 15:30 - 2012-02-21 15:30 - 0004923 ____A C:\Users\Drew\Downloads\Paw-Print.jpg
2012-02-21 15:29 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\FxsTmp
2012-02-21 15:28 - 2010-08-26 20:11 - 0121144 ____A C:\Users\Drew\AppData\Local\GDIPFONTCACHEV1.DAT
2012-02-21 08:12 - 2012-02-21 08:12 - 0112445 ____A C:\Users\Drew\Downloads\[isoHunt] 82b53b053b48b196264fede0bd7704008b58bc43.torrent
2012-02-21 07:00 - 2010-02-27 18:20 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-02-21 07:00 - 2010-02-27 18:20 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-02-21 06:59 - 2010-02-27 17:59 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-02-21 06:58 - 2009-07-13 18:34 - 0000362 ____A C:\Windows\win.ini
2012-02-21 06:57 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-02-20 21:17 - 2012-02-20 21:17 - 0000000 ____D C:\Users\Drew\AppData\Local\{03B0E6D1-D410-448E-A678-96B3A8CC0149}
2012-02-20 21:16 - 2012-02-20 21:16 - 0000000 ____D C:\Users\Drew\AppData\Local\{144D8547-38DC-4CBC-AF75-068583C24C20}
2012-02-20 20:47 - 2012-02-20 20:47 - 0100193 ____A C:\Users\Drew\Downloads\prof.jpg
2012-02-20 20:36 - 2012-02-20 20:36 - 0784916 ____A C:\Users\Drew\Downloads\photo (2).JPG
2012-02-20 20:36 - 2012-02-20 20:36 - 0594458 ____A C:\Users\Drew\Downloads\photo (3).JPG
2012-02-20 20:36 - 2012-02-20 20:36 - 0578387 ____A C:\Users\Drew\Downloads\photo (4).JPG
2012-02-19 09:20 - 2012-02-19 09:20 - 0000000 ____D C:\Users\Drew\AppData\Local\{D70ED9C5-BF76-4435-9B86-EC86A5E482E4}
2012-02-19 09:20 - 2012-02-19 09:20 - 0000000 ____D C:\Users\Drew\AppData\Local\{288EB533-0EF9-4386-ABBE-21FF00D0CD95}
2012-02-18 10:36 - 2011-12-10 18:05 - 0000000 ____D C:\Users\Drew\Downloads\Ultimate Celebrity Sex Tape Collection
2012-02-18 08:47 - 2011-05-24 19:20 - 0000000 ____D C:\Users\Drew\Desktop\books
2012-02-18 08:47 - 2011-03-26 10:07 - 0000000 ____D C:\Users\Drew\Desktop\face_files
2012-02-18 08:47 - 2010-11-26 09:03 - 0000000 ____D C:\Users\Drew\Desktop\KINDLE
2012-02-18 08:45 - 2011-06-27 10:49 - 0000000 ____D C:\Users\Drew\Desktop\one_files
2012-02-18 08:45 - 2010-11-16 17:30 - 0000000 ____D C:\Users\Drew\Desktop\girltalk
2012-02-16 07:58 - 2011-03-30 01:52 - 0000204 ____A C:\Users\Drew\AppData\Roaming\wklnhst.dat
2012-02-16 07:55 - 2012-02-16 07:55 - 0000000 ____D C:\Users\Drew\AppData\Local\{63637496-9982-4BA1-9D7A-F8FA3867F5FB}
2012-02-16 07:55 - 2012-02-16 07:54 - 0000000 ____D C:\Users\Drew\AppData\Local\{3556D878-637B-4A38-9933-331B1610DE7B}
2012-02-16 07:52 - 2010-08-26 20:12 - 0000174 ___SH C:\Users\Drew\Start Menu\Programs\Startup\desktop.ini
2012-02-16 07:52 - 2010-08-26 20:12 - 0000174 ___SH C:\Users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-16 07:49 - 2010-02-27 19:44 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-16 07:47 - 2011-07-17 20:22 - 0000000 ____D C:\Users\Drew\AppData\Roaming\Spotify
2012-02-16 07:46 - 2012-02-16 07:45 - 0000353 ____A C:\Windows\SynInst.log
2012-02-16 07:23 - 2011-07-17 20:22 - 0000000 ____D C:\Users\Drew\AppData\Local\Spotify
2012-02-15 15:56 - 2012-02-15 15:56 - 0606154 ____A C:\Users\Drew\Downloads\courthouselunchmenu.pdf
2012-02-14 11:12 - 2011-07-17 20:22 - 0000000 ____D C:\Program Files (x86)\Spotify
2012-02-14 11:07 - 2010-08-31 10:45 - 0000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-02-12 07:35 - 2010-08-27 06:17 - 0000000 ____D C:\Users\Drew\AppData\Local\ElevatedDiagnostics
2012-02-11 10:16 - 2012-02-11 10:16 - 0023648 ____A C:\Users\Drew\Downloads\780_CAS_Trial_Attorney_Position_Announcement.pdf
2012-02-10 14:34 - 2012-02-10 14:34 - 0000000 ____D C:\Users\Drew\AppData\Local\{F55DDE33-E3B8-42ED-8173-898472A97B07}
2012-02-10 14:34 - 2012-02-10 14:33 - 0000000 ____D C:\Users\Drew\AppData\Local\{0EEB6932-E706-49B3-A77B-58BC454923E7}
2012-02-10 12:37 - 2012-02-10 12:36 - 0000000 ____D C:\Users\Drew\AppData\Local\{59C552AE-5685-4F1F-8B06-91EF74EB8FDB}
2012-02-10 12:36 - 2012-02-10 12:36 - 0000000 ____D C:\Users\Drew\AppData\Local\{C88E016E-A832-4F58-995D-4E607127337C}
2012-02-10 12:34 - 2011-10-30 10:01 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-10 12:33 - 2012-02-10 12:33 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\Drew\Downloads\mbam-setup-1.60.1.1000.exe
2012-02-10 12:33 - 2012-01-15 14:43 - 0001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-02-10 12:31 - 2012-02-10 12:31 - 0607260 ____R (Swearware) C:\Users\Drew\Downloads\dds.com
2012-02-10 12:26 - 2012-02-10 12:26 - 0509440 ____A (iS3, Inc.) C:\Users\Drew\Downloads\STOPzilla_Setup (1).exe
2012-02-10 12:25 - 2012-02-10 12:25 - 0000000 ___SD C:\ComboFix
2012-02-10 12:16 - 2012-02-10 12:13 - 0079944 ____A C:\TDSSKiller.2.7.11.0_10.02.2012_12.13.24_log.txt
2012-02-10 12:08 - 2012-02-10 12:07 - 0000000 ____D C:\Users\Drew\AppData\Local\{6F55DBC5-0DD2-4D95-A7F8-2AD1E4342107}
2012-02-10 12:07 - 2012-02-10 12:07 - 0000000 ____D C:\Users\Drew\AppData\Local\{A62F1D22-ECD3-4942-9783-6C9FA8FFEA65}
2012-02-10 11:38 - 2012-02-10 11:38 - 2041278 ____A C:\Users\Drew\Downloads\tdsskiller (1).zip
2012-02-10 11:38 - 2012-02-10 11:37 - 4400207 ____R (Swearware) C:\Users\Drew\Downloads\ComboFix.exe
2012-02-09 09:11 - 2012-02-09 09:10 - 0000000 ____D C:\Users\Drew\AppData\Local\{E931DA6F-9515-4468-9E03-D49B3F6CEDA1}
2012-02-09 09:10 - 2012-02-09 09:10 - 0000000 ____D C:\Users\Drew\AppData\Local\{ABC2EDC1-F188-429D-9962-B539668532BB}
2012-02-09 09:01 - 2012-02-09 09:01 - 0509440 ____A (iS3, Inc.) C:\Users\Drew\Downloads\STOPzilla_Setup.exe
2012-02-08 07:07 - 2012-02-08 07:07 - 0000000 ____D C:\Users\Drew\AppData\Local\{9FC3AC38-E77B-4E83-A14B-0B7663D5B098}
2012-02-08 07:07 - 2012-02-08 07:07 - 0000000 ____D C:\Users\Drew\AppData\Local\{36737213-83F8-4437-B494-EE9D0D8435E4}
2012-02-07 07:20 - 2012-02-07 07:20 - 0000000 ____D C:\Users\Drew\AppData\Local\{7E10C6F3-C1E4-4DAC-8885-477775418553}
2012-02-07 07:20 - 2012-02-07 07:20 - 0000000 ____D C:\Users\Drew\AppData\Local\{17BDBA55-20FE-4B55-88F2-8DD9AF522E22}
2012-02-07 07:18 - 2012-02-07 07:18 - 0282664 ____A C:\Windows\Minidump\020712-36816-01.dmp
2012-02-07 07:18 - 2011-12-07 05:28 - 755523862 ____A C:\Windows\MEMORY.DMP
2012-02-07 07:18 - 2010-12-01 13:39 - 0000000 ____D C:\Windows\Minidump
2012-02-07 07:16 - 2012-02-07 07:16 - 1015096 ____A C:\Users\Drew\Downloads\crown_fellowship_hr_brochure.pdf
2012-02-05 10:23 - 2010-08-26 20:08 - 0000000 ____D C:\Users\Drew\AppData\LocalLow
2012-02-05 08:33 - 2012-02-05 08:33 - 0000000 ____A C:\Users\Drew\Downloads\download (1)
2012-02-05 08:33 - 2012-02-05 08:33 - 0000000 ____A C:\Users\Drew\Downloads\download
2012-02-04 09:26 - 2012-02-04 09:26 - 1030066 ____A C:\Users\Drew\Downloads\2012-CAPITALCASE_11.0.pdf
2012-02-02 21:22 - 2012-02-02 21:22 - 0000000 ____D C:\Users\Drew\AppData\Roaming\StreamTorrent
2012-02-02 21:21 - 2012-02-02 21:21 - 1463054 ____A C:\Users\Drew\Downloads\StreamTorrent10Build0077.zip
2012-02-02 07:54 - 2012-02-02 07:53 - 0000000 ____D C:\Users\Drew\AppData\Local\{0210B670-CD09-4E43-B4BC-B15D7AE87BA5}
2012-02-02 07:53 - 2012-02-02 07:53 - 0000000 ____D C:\Users\Drew\AppData\Local\{5C098004-4AC9-4AA7-9067-0B2058C39CE4}
2012-01-31 20:22 - 2012-01-31 20:22 - 0004136 ____A C:\Windows\SysWOW64\jupdate-1.6.0_30-b12.log
2012-01-31 20:22 - 2010-02-27 19:54 - 0000000 ____D C:\Program Files (x86)\Java
2012-01-31 20:21 - 2012-01-31 20:21 - 0909600 ____A (Sun Microsystems, Inc.) C:\Users\Drew\Downloads\chromeinstall.exe
2012-01-29 21:24 - 2012-01-29 21:23 - 0000000 ____D C:\Users\Drew\AppData\Local\{82277D49-BA7C-4146-84FE-19FD8A1E1A9C}
2012-01-29 21:23 - 2012-01-29 21:23 - 0000000 ____D C:\Users\Drew\AppData\Local\{4F97604C-AD17-4D8C-A01B-C04FFE27AB21}
2012-01-29 18:06 - 2012-01-29 18:06 - 0041100 ____A C:\Users\Drew\Downloads\416-1506-1-PB.pdf
2012-01-29 12:55 - 2012-01-29 12:55 - 0000000 ____D C:\Users\Drew\AppData\Local\{E30D1D70-031B-4FF0-A338-DE78492A5254}
2012-01-29 12:54 - 2012-01-29 12:54 - 0000000 ____D C:\Users\Drew\AppData\Local\{15219029-C27E-4ED6-A379-749AAA41E1B9}
2012-01-29 12:53 - 2012-01-29 12:52 - 0717888 ____A C:\Windows\Minidump\012912-21418-01.dmp
2012-01-28 07:07 - 2012-01-28 07:07 - 0000000 ____D C:\Users\Drew\AppData\Local\{9F8B9AD9-9FFC-4E63-A2C1-38FE57830EEB}
2012-01-28 07:07 - 2012-01-28 07:07 - 0000000 ____D C:\Users\Drew\AppData\Local\{26A078A5-B511-41CC-A100-BCE6B6E90A21}
2012-01-28 06:54 - 2012-01-28 06:54 - 0709640 ____A C:\Windows\Minidump\012812-19250-01.dmp
2012-01-27 12:30 - 2012-01-27 12:30 - 0000000 ____D C:\Users\Drew\AppData\Local\{600041F5-3E4C-4572-9C74-5A69B6FA9188}
2012-01-27 12:29 - 2012-01-27 12:29 - 0000000 ____D C:\Users\Drew\AppData\Local\{1C1C4819-B12F-4337-9D20-171DE748637E}
2012-01-26 04:39 - 2012-01-26 04:39 - 0000000 ____D C:\Users\Drew\AppData\Local\{960C095E-D25F-43B8-BC49-97755E82626D}
2012-01-26 04:39 - 2012-01-26 04:39 - 0000000 ____D C:\Users\Drew\AppData\Local\{0DEB9F7A-2654-40EF-8332-15CC7203E914}
2012-01-26 03:21 - 2012-01-26 03:21 - 0000000 ____D C:\Users\Drew\AppData\Local\{FA34DC67-C80D-4178-A7F8-DE22A3BEF3DF}
2012-01-26 03:21 - 2012-01-26 03:21 - 0000000 ____D C:\Users\Drew\AppData\Local\{DB997E45-F48D-4B61-8914-040367240497}
2012-01-26 03:11 - 2012-01-26 03:11 - 0717832 ____A C:\Windows\Minidump\012612-21528-01.dmp
2012-01-23 21:53 - 2012-01-23 21:53 - 0000000 ____D C:\Users\Drew\AppData\Local\{A8C703AF-B825-4A0F-BCE7-46ECD4762171}
2012-01-23 21:53 - 2012-01-23 21:52 - 0000000 ____D C:\Users\Drew\AppData\Local\{1C53FC5D-B14D-49E8-A0CC-362747A8BFD6}
2012-01-23 14:14 - 2012-01-23 14:14 - 0000000 ____D C:\Users\Drew\AppData\Local\{4601E63C-A331-4771-BEC7-F9E0DFEFB78C}
2012-01-23 14:14 - 2012-01-23 14:14 - 0000000 ____D C:\Users\Drew\AppData\Local\{4272A774-7507-426A-8532-C9024CE0FC7B}
2012-01-23 14:11 - 2012-01-23 14:11 - 0709640 ____A C:\Windows\Minidump\012312-20810-01.dmp
2012-01-23 08:10 - 2012-01-23 08:10 - 0000000 ____D C:\Users\Drew\AppData\Local\{D3D90A11-B6FA-4FDF-8BDB-887BCFADD1FE}
2012-01-23 08:10 - 2012-01-23 08:10 - 0000000 ____D C:\Users\Drew\AppData\Local\{08B7301B-C4F6-4156-B810-128759205B0D}
2012-01-23 08:07 - 2012-01-23 08:07 - 0709640 ____A C:\Windows\Minidump\012312-22729-01.dmp
2012-01-22 15:11 - 2012-01-22 15:11 - 0000000 ____D C:\Users\Drew\AppData\Local\{FEBCC6F3-EBEF-4462-95BB-133C2316E052}
2012-01-22 15:11 - 2012-01-22 15:11 - 0000000 ____D C:\Users\Drew\AppData\Local\{471C3FC7-12A2-4193-9167-66AAD8E553E3}
2012-01-22 15:08 - 2012-01-22 15:08 - 0713952 ____A C:\Windows\Minidump\012212-23415-01.dmp
2012-01-21 10:53 - 2012-01-21 10:53 - 0165278 ____A C:\Users\Drew\Downloads\montis_lunchdinner (1).pdf
2012-01-21 10:50 - 2012-01-21 10:50 - 0165278 ____A C:\Users\Drew\Downloads\montis_lunchdinner.pdf
2012-01-21 10:44 - 2012-01-21 10:44 - 0056944 ____A C:\Users\Drew\Downloads\montis_midday.pdf
2012-01-21 10:43 - 2012-01-21 10:43 - 0261566 ____A C:\Users\Drew\Downloads\willis_seafood_menu.pdf
2012-01-21 08:31 - 2012-01-21 08:31 - 0000000 ____D C:\Users\Drew\AppData\Local\{8432CB3E-A774-42E4-B7E4-0530EA6EE690}
2012-01-21 08:31 - 2012-01-21 08:31 - 0000000 ____D C:\Users\Drew\AppData\Local\{441DB22F-89FE-4B45-B409-596B21C67BB9}
2012-01-20 20:07 - 2012-01-20 20:06 - 0701553 ____A C:\Users\Drew\Downloads\Papa-Murphys-Pizza-Coupons-All (3).pdf
2012-01-20 20:04 - 2012-01-20 20:04 - 0000000 ____D C:\Users\Drew\AppData\Local\{F44BFCCD-3631-4D82-A916-69A3D2DC49D8}
2012-01-20 20:04 - 2012-01-20 20:04 - 0000000 ____D C:\Users\Drew\AppData\Local\{D803781A-59AF-4E08-972D-DF1F7D445E20}
2012-01-20 19:28 - 2012-01-20 19:27 - 0000000 ____D C:\Users\Drew\AppData\Local\{F05B2C5D-EE4B-4938-BBE5-6072222631D4}
2012-01-20 19:27 - 2012-01-20 19:27 - 0000000 ____D C:\Users\Drew\AppData\Local\{44483B19-3DCD-4450-A9C2-EBC08E2AF50A}
2012-01-20 19:24 - 2012-01-20 19:24 - 0717888 ____A C:\Windows\Minidump\012012-20654-01.dmp
2012-01-20 05:20 - 2012-01-20 05:19 - 0000000 ____D C:\Users\Drew\AppData\Local\{72465E74-274D-44B0-920E-FCA1A07C3E74}
2012-01-20 05:19 - 2012-01-20 05:19 - 0000000 ____D C:\Users\Drew\AppData\Local\{1F2EFD05-74DE-4477-B458-751F470E3A93}
2012-01-20 05:09 - 2012-01-20 05:09 - 0709696 ____A C:\Windows\Minidump\012012-22869-01.dmp
2012-01-19 11:28 - 2012-01-19 11:28 - 0000000 ____D C:\Users\Drew\AppData\Local\{C1DE4094-5C05-4FA0-AE11-DE16ABF78B79}
2012-01-19 11:28 - 2012-01-19 11:28 - 0000000 ____D C:\Users\Drew\AppData\Local\{B82F26CD-7834-4F38-B5C5-5C7C65FB6702}
2012-01-19 11:27 - 2012-01-19 11:27 - 0709696 ____A C:\Windows\Minidump\011912-23571-01.dmp
2012-01-19 09:04 - 2012-01-19 09:04 - 0145689 ____A C:\Users\Drew\Downloads\JOB_SALARY_CLASSIFICATIONS (1).pdf
2012-01-19 08:32 - 2012-01-19 08:32 - 0000000 ____D C:\Users\Drew\AppData\Local\{4584C7BE-D23C-4167-9394-1F1AF65A34AD}
2012-01-19 08:32 - 2012-01-19 08:31 - 0000000 ____D C:\Users\Drew\AppData\Local\{C7F0B299-1DDA-45E6-A625-C33D55786C7D}
2012-01-18 06:24 - 2012-01-18 06:24 - 0000000 ____D C:\Users\Drew\AppData\Local\{06407A0C-55E7-49DD-9002-EA801FD35576}
2012-01-18 06:24 - 2012-01-18 06:23 - 0000000 ____D C:\Users\Drew\AppData\Local\{61960C92-EA57-44C0-B109-1DB837013F56}
2012-01-18 06:20 - 2012-01-18 06:19 - 0718248 ____A C:\Windows\Minidump\011812-24819-01.dmp
2012-01-17 19:16 - 2012-01-17 19:16 - 0046050 ____A C:\Users\Drew\Downloads\734_AFD_12-0001.pdf
2012-01-17 12:26 - 2012-01-17 12:26 - 0041315 ____A C:\Users\Drew\Downloads\chs_ac_dogLicenseApplication.pdf
2012-01-17 06:23 - 2012-01-17 06:23 - 0000000 ____D C:\Users\Drew\AppData\Local\{CE60D7D1-CA64-49A7-9896-3D24447BE5E9}
2012-01-17 06:23 - 2012-01-17 06:23 - 0000000 ____D C:\Users\Drew\AppData\Local\{A72157F1-BBCA-41B0-A6FE-13389D21D7E2}
2012-01-17 06:21 - 2012-01-17 06:21 - 0710056 ____A C:\Windows\Minidump\011712-23556-01.dmp
2012-01-16 08:58 - 2012-01-16 08:58 - 0000000 ____D C:\Users\Drew\AppData\Local\{D54C474E-B2D4-4244-96CC-BBBF682A1239}
2012-01-16 08:58 - 2012-01-16 08:58 - 0000000 ____D C:\Users\Drew\AppData\Local\{12237130-CD08-4F68-BE0D-11092988E496}
2012-01-16 08:56 - 2009-07-13 21:08 - 0032572 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-01-15 17:14 - 2012-01-15 17:14 - 0000000 ____D C:\Users\Drew\AppData\Local\{A467AA97-6CDD-4385-A624-9ED0E5BB2BB8}
2012-01-15 17:14 - 2012-01-15 17:13 - 0000000 ____D C:\Users\Drew\AppData\Local\{9620BBEC-74C6-4140-B035-61C8EC271235}
2012-01-15 16:54 - 2012-01-15 16:54 - 0000000 ____D C:\Users\Drew\AppData\Local\{7443C2CE-046E-4E92-8143-992FD502FF59}
2012-01-15 16:54 - 2012-01-15 16:54 - 0000000 ____D C:\Users\Drew\AppData\Local\{16EF4570-5F21-4240-B6AF-CEE63FFACECC}
2012-01-14 01:02 - 2012-01-14 01:02 - 0000000 ____D C:\Users\Drew\AppData\Local\{C01B7A8D-0A8F-4D32-A0CA-FB7CFC19021E}
2012-01-14 01:02 - 2012-01-13 13:01 - 0000000 ____D C:\Users\Drew\AppData\Local\{E5E2DFFC-ACA0-449D-AE5E-098B4581ECCD}
2012-01-13 20:02 - 2012-02-15 11:50 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-13 16:51 - 2012-01-13 16:51 - 1360123 ____A C:\Users\Drew\Downloads\dog-days.pdf
2012-01-13 15:42 - 2012-01-13 15:42 - 1691907 ____A C:\Users\Drew\Downloads\docs_Employee Services Agency (AGY)_attachments_base_salary_plan.pdf
2012-01-13 15:32 - 2012-01-13 15:22 - 105670656 ____A C:\Users\Drew\Downloads\YouPorn - Erica and Brittney Sorry girls.mpeg
2012-01-13 15:31 - 2012-01-13 15:23 - 84795392 ____A C:\Users\Drew\Downloads\YouPorn - Great Body Great Sex Great Blowjob.mpeg
2012-01-13 15:31 - 2012-01-13 15:23 - 76894208 ____A C:\Users\Drew\Downloads\YouPorn - X Art Private Tutor.mpeg
2012-01-13 15:29 - 2012-01-13 15:23 - 51468288 ____A C:\Users\Drew\Downloads\YouPorn - Fantasy Girl Cums To Life.mpeg
2012-01-13 15:28 - 2012-01-13 15:23 - 35039666 ____A C:\Users\Drew\Downloads\YouPorn - X Art HOT Young Couple in Love.mp4
2012-01-13 10:42 - 2012-01-13 10:42 - 0180386 ____A C:\Users\Drew\Downloads\Disposition_of_Retirement_Funds.pdf
2012-01-13 09:01 - 2012-01-13 09:01 - 0000000 ____D C:\Windows\ERDNT
2012-01-13 09:01 - 2012-01-13 09:01 - 0000000 ____D C:\Qoobox
2012-01-13 08:23 - 2012-01-13 08:22 - 20148224 ____A C:\Users\Drew\Downloads\YouPorn - Another Vid of 3 Angels Shaking Their Asses.mpeg
2012-01-13 08:22 - 2012-01-13 08:22 - 17338368 ____A C:\Users\Drew\Downloads\YouPorn - 3 Angels Shaking Their Asses On Webcam.mpeg
2012-01-13 08:04 - 2012-01-13 08:04 - 4382027 ____R (Swearware) C:\Users\Drew\Desktop\ComboFix.exe
2012-01-13 08:03 - 2012-01-13 08:02 - 0155976 ____A C:\TDSSKiller.2.7.1.0_13.01.2012_08.02.32_log.txt
2012-01-13 08:02 - 2012-01-13 08:02 - 1953112 ____A C:\Users\Drew\Downloads\tdsskiller.zip
2012-01-12 19:56 - 2012-01-12 19:55 - 0000000 ____D C:\Users\Drew\AppData\Local\{A604A7DF-1982-4673-B20D-E932C337E94C}
2012-01-12 19:55 - 2012-01-12 07:55 - 0000000 ____D C:\Users\Drew\AppData\Local\{643FBE84-3438-4EBF-B4DA-8C344E1852C4}
2012-01-12 07:30 - 2012-01-12 07:30 - 0717888 ____A C:\Windows\Minidump\011212-24616-01.dmp
2012-01-11 17:30 - 2012-01-11 17:30 - 0000000 ____D C:\Users\Drew\AppData\Local\{9294A00F-971F-4502-A828-F21CDE4E33C3}
2012-01-11 17:27 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-01-11 16:51 - 2012-01-11 16:46 - 29206528 ____A C:\Users\Drew\Downloads\YouPorn - Girl With Big Tits Dancing In The Bathroom (1).mpeg
2012-01-11 16:50 - 2012-01-11 16:46 - 48998400 ____A C:\Users\Drew\Downloads\YouPorn - Amateur Hottie Freaky bleep.mpeg
2012-01-11 16:50 - 2012-01-11 16:46 - 47239168 ____A C:\Users\Drew\Downloads\YouPorn - 18 yeas old Caprice touching rubbing her pussy.mpeg
2012-01-11 16:50 - 2012-01-11 16:46 - 39966720 ____A C:\Users\Drew\Downloads\YouPorn - 18 yr old cute amateur girl makes video.mpeg
2012-01-11 16:50 - 2012-01-11 16:46 - 36227072 ____A C:\Users\Drew\Downloads\YouPorn - Hot 18yo college girl bleeped at home POV.mpeg
2012-01-11 16:50 - 2012-01-11 16:46 - 36227072 ____A C:\Users\Drew\Downloads\YouPorn - College freshmen girlfriend hot home sex.mpeg
2012-01-11 16:48 - 2012-01-11 16:48 - 13938688 ____A C:\Users\Drew\Downloads\YouPorn - Smoking Hot Blonde Makes Sexy Vid For Boyfriend (1).mpeg
2012-01-11 16:48 - 2012-01-11 16:47 - 13938688 ____A C:\Users\Drew\Downloads\YouPorn - Smoking Hot Blonde Makes Sexy Vid For Boyfriend.mpeg
2012-01-11 16:42 - 2012-01-11 16:41 - 29206528 ____A C:\Users\Drew\Downloads\YouPorn - Girl With Big Tits Dancing In The Bathroom.mpeg
2012-01-11 16:42 - 2012-01-11 16:40 - 72042496 ____A C:\Users\Drew\Downloads\YouPorn - young American gf dancing and caressing.mpeg
2012-01-11 16:36 - 2012-01-11 16:36 - 0000000 ____D C:\Users\Drew\AppData\Local\{C5B6C548-B543-4577-A5EA-7F4042D449CB}
2012-01-11 14:26 - 2012-01-11 14:26 - 0000000 ____D C:\Users\Drew\Downloads\29 Dog Training eBooks & 4 DVD's
2012-01-11 11:57 - 2012-01-11 11:57 - 0000000 ____D C:\Users\Drew\AppData\Local\{1091CC9E-91FF-4AEE-B982-2D4D6591FC2B}
2012-01-11 11:30 - 2011-12-11 10:27 - 0000000 ____D C:\Program Files (x86)\FrostWire 5
2012-01-11 10:49 - 2012-01-11 10:49 - 0000000 ____D C:\Users\Drew\Downloads\General Dog Training & Health PLUS Shih Tzu & Chihuahua (6 eBooks)
2012-01-11 10:30 - 2012-01-11 10:28 - 42526720 ____A C:\Users\Drew\Downloads\YouPorn - Amateur Dances and Shows Tits and Pussy for Ex BF.mpeg
2012-01-11 07:50 - 2012-01-11 07:50 - 0000000 ____D C:\Users\Drew\AppData\Local\{A31BAA05-053D-4457-BA03-3C0989FAB374}
2012-01-11 07:49 - 2012-01-11 07:48 - 0717888 ____A C:\Windows\Minidump\011112-24055-01.dmp
2012-01-09 13:39 - 2012-01-09 13:39 - 0000000 ____D C:\Users\Drew\AppData\Local\{AA967CD8-1DDC-428F-A1A4-E67ABF58903B}
2012-01-09 13:39 - 2012-01-09 13:39 - 0000000 ____D C:\Users\Drew\AppData\Local\{6D8F8BE7-6B75-4913-874A-D8666BB3931C}
2012-01-09 13:37 - 2012-01-09 13:37 - 0709640 ____A C:\Windows\Minidump\010912-22729-01.dmp
2012-01-09 10:10 - 2012-01-09 10:10 - 0000000 ____D C:\Users\Drew\AppData\Local\{CD402A41-277F-4E15-B446-E46967128192}
2012-01-09 10:10 - 2012-01-09 10:10 - 0000000 ____D C:\Users\Drew\AppData\Local\{ACC7FFB9-C327-4783-800A-5AF199DB6C42}
2012-01-09 10:08 - 2012-01-09 10:08 - 0709640 ____A C:\Windows\Minidump\010912-26020-01.dmp
2012-01-09 08:46 - 2012-01-09 08:46 - 0006901 ____A C:\Users\Drew\Downloads\arizona-wildcats.csv
2012-01-09 08:44 - 2012-01-09 08:44 - 0000000 ____D C:\Users\Drew\AppData\Local\{A74F9072-D2BD-447B-BC5B-49DEDBFD8045}
2012-01-09 08:44 - 2012-01-09 08:44 - 0000000 ____D C:\Users\Drew\AppData\Local\{74E39FA3-27C3-47F8-AFA7-3A1F59505FF3}
2012-01-09 08:42 - 2012-01-09 08:42 - 0709640 ____A C:\Windows\Minidump\010912-24102-01.dmp
2012-01-08 15:43 - 2012-01-08 15:43 - 0000000 ____D C:\Users\Drew\AppData\Local\{93BE74A8-7FC3-4A92-9448-77E4AAB7CB8C}
2012-01-08 15:43 - 2012-01-08 15:43 - 0000000 ____D C:\Users\Drew\AppData\Local\{46D5C25E-5088-42BC-BB3E-98B330808286}
2012-01-08 15:41 - 2012-01-08 15:41 - 0709640 ____A C:\Windows\Minidump\010812-22885-01.dmp
2012-01-08 14:35 - 2012-01-08 14:35 - 0000000 ____D C:\Users\Drew\AppData\Local\{860CF3C2-692C-45BF-8FFF-5DBDA8EF5269}
2012-01-08 14:35 - 2012-01-08 14:35 - 0000000 ____D C:\Users\Drew\AppData\Local\{628A91C6-5BE7-400A-B94B-819834A36294}
2012-01-08 14:33 - 2012-01-08 14:33 - 0709640 ____A C:\Windows\Minidump\010812-24367-01.dmp
2012-01-07 08:13 - 2012-01-07 08:13 - 0317239 ____A C:\Users\Drew\Downloads\photo (21).JPG
2012-01-07 07:47 - 2012-01-07 07:47 - 0000000 ____D C:\Users\Drew\AppData\Local\{0079C973-FA6B-4914-997A-618B9254B787}
2012-01-07 07:26 - 2012-01-07 07:25 - 0709696 ____A C:\Windows\Minidump\010712-25740-01.dmp
2012-01-06 18:01 - 2012-01-06 18:01 - 0000000 ____D C:\Users\Drew\AppData\Local\{07437056-9767-4BA0-B8BC-2A9B5D234056}
2012-01-06 17:56 - 2012-01-06 17:56 - 0717888 ____A C:\Windows\Minidump\010612-25693-01.dmp
2012-01-06 06:57 - 2012-01-06 06:57 - 0018384 ____A C:\Users\Drew\Downloads\0001453123_12_30_2010 (1).pdf
2012-01-06 06:49 - 2012-01-06 06:49 - 0018510 ____A C:\Users\Drew\Downloads\0001492283_12_30_2011.pdf
2012-01-06 06:41 - 2012-01-06 06:41 - 0000000 ____D C:\Users\Drew\AppData\Local\{9F6B7176-1079-4A69-B76E-94F597601F40}
2012-01-06 06:37 - 2012-01-06 06:36 - 0709696 ____A C:\Windows\Minidump\010612-23712-01.dmp
2012-01-05 06:06 - 2012-01-05 06:06 - 0000000 ____D C:\Users\Drew\AppData\Local\{4FA3EAE7-6D4D-41A3-B985-7DD496D11A30}
2012-01-05 06:05 - 2012-01-05 06:05 - 0000000 ____D C:\Users\Drew\AppData\Local\{0AFACB81-FBA0-4A5B-899B-4A14C1B2E2B9}
2012-01-05 06:02 - 2012-01-05 06:02 - 0709696 ____A C:\Windows\Minidump\010512-22198-01.dmp
2012-01-04 17:59 - 2012-01-04 17:59 - 0000000 ____D C:\Users\Drew\AppData\Local\{46B64D65-A28E-4CBB-9D7F-2A22A709BFE3}
2012-01-04 07:34 - 2012-01-04 07:34 - 0000000 ____D C:\Users\Drew\AppData\Local\{2FCB32F3-F88C-4A8C-8C39-3C80A9515C25}
2012-01-04 07:29 - 2012-01-04 07:28 - 0717888 ____A C:\Windows\Minidump\010412-22744-01.dmp
2012-01-04 01:59 - 2012-02-15 11:50 - 14164480 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-01-04 01:58 - 2012-02-15 11:50 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-01-04 01:03 - 2012-02-15 11:50 - 12868096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-01-04 01:03 - 2012-02-15 11:50 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-01-03 12:12 - 2012-01-03 12:12 - 0145689 ____A C:\Users\Drew\Downloads\JOB_SALARY_CLASSIFICATIONS.pdf
2012-01-02 22:24 - 2012-02-15 11:50 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-01-02 21:44 - 2012-02-15 11:50 - 0478208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2012-01-02 18:34 - 2012-01-02 18:34 - 0000000 ____D C:\Users\Drew\AppData\Local\{84B12FFB-FFAC-4A37-AE65-06A2B3270430}
2012-01-02 18:32 - 2012-01-02 18:32 - 0709640 ____A C:\Windows\Minidump\010212-23072-01.dmp
2012-01-02 08:01 - 2012-01-02 08:01 - 0000000 ____D C:\Users\Drew\AppData\Local\{F5E6BFE0-434C-4404-8BF0-24D3C9344F88}
2012-01-02 08:00 - 2012-01-02 07:59 - 0709640 ____A C:\Windows\Minidump\010212-21528-01.dmp
2011-12-31 13:16 - 2011-12-31 13:16 - 0000000 ____D C:\Users\Drew\AppData\Local\{C03838B2-830E-4E2E-A4F7-0C287E686A5E}
2011-12-31 13:16 - 2011-12-31 13:16 - 0000000 ____D C:\Users\Drew\AppData\Local\{3807908B-8919-4AF9-A964-FF3F2A09EA0C}
2011-12-31 13:13 - 2011-12-31 13:13 - 0735448 ____A C:\Windows\Minidump\123111-21340-01.dmp
2011-12-31 12:16 - 2011-12-31 12:16 - 0000000 ____D C:\Users\Drew\AppData\Local\{F1DE4EE4-0B32-4D98-9A20-0469E86C4BD9}
2011-12-31 12:15 - 2011-12-31 12:15 - 0000000 ____D C:\Users\Drew\AppData\Local\{5E9A754E-B248-45F8-9D97-60FB3EF36F0D}
2011-12-31 11:56 - 2011-12-31 11:55 - 0709640 ____A C:\Windows\Minidump\123111-26613-01.dmp
2011-12-30 20:06 - 2011-12-30 20:05 - 0000000 ____D C:\Users\Drew\AppData\Local\{DA649193-8EA4-4FD3-AEDC-206DF680FD9A}
2011-12-30 20:05 - 2011-12-30 20:05 - 0000000 ____D C:\Users\Drew\AppData\Local\{44EABB0C-0199-418B-A4BD-4E2E3E6D2C5F}
2011-12-30 20:04 - 2011-12-30 20:03 - 0717832 ____A C:\Windows\Minidump\123011-21793-01.dmp
2011-12-30 18:09 - 2011-12-30 18:09 - 0000000 ____D C:\Users\Drew\AppData\Local\{C55C0FD5-06A2-4B8C-8FF1-C0E848304C36}
2011-12-30 18:09 - 2011-12-30 18:09 - 0000000 ____D C:\Users\Drew\AppData\Local\{5DC575EF-DBEC-47A0-AFB4-7FBA42B838B5}
2011-12-30 18:07 - 2011-12-30 18:07 - 0717832 ____A C:\Windows\Minidump\123011-23353-01.dmp
2011-12-29 08:37 - 2011-12-29 08:34 - 95148032 ____A C:\Users\Drew\Downloads\YouPorn - Busty Lauren Dirty Enough for Porn Fame.mpeg
2011-12-29 07:34 - 2011-12-29 07:34 - 0000000 ____D C:\Users\Drew\AppData\Local\{0F1D978F-17E7-4F2B-A35C-D40A7E44FC6D}
2011-12-29 07:32 - 2011-12-29 07:32 - 0709696 ____A C:\Windows\Minidump\122911-24195-01.dmp
2011-12-28 23:46 - 2011-12-28 23:46 - 0000000 ____D C:\Users\Drew\AppData\Local\{0BBCCAA1-6AF4-45EE-BA56-8AF7CA1C35A7}
2011-12-28 23:46 - 2011-12-28 11:45 - 0000000 ____D C:\Users\Drew\AppData\Local\{2E22D561-118C-41C4-951B-074DE239D238}
2011-12-28 11:54 - 2011-12-28 11:54 - 0000000 ____D C:\Users\Drew\AppData\Local\{A08F0545-D08A-4E2F-90EB-FE207734988D}
2011-12-28 11:54 - 2011-12-28 11:53 - 0000000 ____D C:\Users\Drew\AppData\Local\{68AF4C57-7602-4772-90C0-9576DEB6C368}
2011-12-28 11:10 - 2011-12-28 11:10 - 0023818 ____A C:\Users\Drew\Downloads\28240_111083375605603_100001118222278_80937_945904_n.jpg
2011-12-28 08:52 - 2011-12-28 08:52 - 0067969 ____A C:\Users\Drew\Downloads\boy f.jpg
2011-12-28 04:34 - 2011-12-28 04:34 - 0121698 ____A C:\Users\Drew\Downloads\316972_262394300474509_100001118222278_760814_1241050274_n (2).jpg
2011-12-28 04:27 - 2011-12-28 04:27 - 0121698 ____A C:\Users\Drew\Downloads\316972_262394300474509_100001118222278_760814_1241050274_n (1).jpg
2011-12-28 04:26 - 2011-12-28 04:26 - 0121698 ____A C:\Users\Drew\Downloads\316972_262394300474509_100001118222278_760814_1241050274_n.jpg
2011-12-28 04:22 - 2011-12-28 04:22 - 0000000 ____D C:\Users\Drew\AppData\Local\{BB636E96-0336-41CB-B095-F1A553719AF9}
2011-12-28 04:21 - 2011-12-28 04:21 - 0709696 ____A C:\Windows\Minidump\122811-31683-01.dmp
2011-12-27 19:59 - 2012-02-15 11:50 - 0499200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2011-12-27 15:10 - 2011-12-27 15:10 - 3767430 ____A C:\Users\Drew\Downloads\IMG_1534.MOV
2011-12-23 11:41 - 2011-12-23 11:41 - 0000000 ____D C:\Users\Drew\AppData\Local\{7CF6AA54-6FFC-4478-8E31-2176DBF45052}
2011-12-23 11:39 - 2011-12-23 11:39 - 0709640 ____A C:\Windows\Minidump\122311-23790-01.dmp
2011-12-23 06:02 - 2011-12-23 05:58 - 88961024 ____A C:\Users\Drew\Downloads\YouPorn - Casting of Veronica.mpeg
2011-12-23 06:01 - 2011-12-23 05:58 - 76247040 ____A C:\Users\Drew\Downloads\YouPorn - 18 year old Nicole Casting Petergirls.mpeg
2011-12-23 06:01 - 2011-12-23 05:58 - 74057728 ____A C:\Users\Drew\Downloads\YouPorn - Audition Kendra ass interview.mpeg
2011-12-23 05:35 - 2011-12-23 05:34 - 0000000 ____D C:\Users\Drew\AppData\Local\{A254A29A-AD2C-4CF7-886E-7A493AD76247}
2011-12-23 05:34 - 2011-12-23 05:34 - 0000000 ____D C:\Users\Drew\AppData\Local\{69529499-5DA2-4EB0-93DE-1DAACA40526C}
2011-12-23 05:33 - 2011-12-23 05:32 - 0709696 ____A C:\Windows\Minidump\122311-23649-01.dmp
2011-12-22 12:37 - 2011-12-22 12:37 - 0000000 ____D C:\Users\Drew\AppData\Local\{CD6A395A-5885-4023-A263-797676EFD5F4}
2011-12-22 09:54 - 2011-12-22 09:54 - 0000000 ____D C:\Users\Drew\AppData\Local\{6016361C-A382-438E-92AC-0E98B18C9A8F}
2011-12-22 09:52 - 2011-12-22 09:52 - 0709696 ____A C:\Windows\Minidump\122211-23930-01.dmp
2011-12-21 15:37 - 2011-12-21 15:37 - 0000000 ____D C:\Users\Drew\AppData\Local\{77371E58-67E5-443B-B330-65737CEACC84}
2011-12-21 11:15 - 2011-12-21 11:15 - 0000000 ____D C:\Users\Drew\AppData\Local\{F01CB498-4C78-4534-862E-AD4F457CE938}
2011-12-21 11:14 - 2011-12-21 11:14 - 0000000 ____D C:\Users\Drew\AppData\Local\{2EB8CFC4-ECF6-4D0C-AB6C-60DB67D1DC03}
2011-12-21 11:11 - 2011-12-21 11:11 - 0709696 ____A C:\Windows\Minidump\122111-28906-01.dmp
2011-12-20 18:51 - 2011-12-20 18:51 - 0000000 ____D C:\Users\Drew\AppData\Local\{74FF6449-3F27-40EB-A04D-853C1DAA851A}
2011-12-20 18:51 - 2011-12-20 06:50 - 0000000 ____D C:\Users\Drew\AppData\Local\{F8E6C95F-1CDB-4282-9C74-BB1C0448A8E7}
2011-12-20 15:34 - 2011-12-20 15:34 - 0203264 ____A C:\Users\Drew\Downloads\Jacobson-IMPEACHMENT.ppt
2011-12-20 06:51 - 2011-12-19 16:05 - 0000000 ____D C:\Users\Drew\Downloads\262 Personal Memoirs_mobi
2011-12-20 06:51 - 2011-12-19 16:04 - 0000000 ____D C:\Users\Drew\Downloads\tom clancy locked on
2011-12-20 06:51 - 2011-12-19 16:02 - 0000000 ____D C:\Users\Drew\Downloads\Cornwell - Red Mist
2011-12-20 06:51 - 2011-12-19 15:59 - 0000000 ____D C:\Users\Drew\Downloads\NYTimes Bestseller List Fiction Only 8-21-2011
2011-12-20 06:51 - 2011-12-18 08:42 - 0000000 ____D C:\Users\Drew\Downloads\Nirvana - Nevermind. 20th Anniversary Edition .2011[www.lokotorrents.com][mp3]
2011-12-20 06:51 - 2011-05-20 11:59 - 0000000 ____D C:\Users\Drew\Downloads\NY Times Best Seller List
2011-12-19 18:40 - 2011-12-19 18:40 - 0000000 ____D C:\Users\Drew\AppData\Local\{E9189CA6-7863-447D-BA09-B1F756E12C86}
2011-12-19 18:40 - 2011-12-19 18:39 - 0000000 ____D C:\Users\Drew\AppData\Local\{A1B9CF34-22D0-459D-A339-B079B8FCC69E}
2011-12-19 08:08 - 2011-12-19 08:08 - 0000000 ____D C:\Users\Drew\AppData\Local\{2913FBA3-C8CD-4D40-B218-42536D2F3BAC}
2011-12-19 08:08 - 2011-12-19 08:07 - 0000000 ____D C:\Users\Drew\AppData\Local\{F3EE6A51-B55F-4C81-81B9-824B34C9C488}
2011-12-19 08:04 - 2011-12-19 08:04 - 0717832 ____A C:\Windows\Minidump\121911-24726-01.dmp
2011-12-18 17:00 - 2011-12-18 17:00 - 0039127 ____A C:\Users\Drew\Downloads\111215064748-hubble-holiday-snow-angel-story-top.jpg
2011-12-18 15:50 - 2011-12-18 15:49 - 0000000 ____D C:\Users\Drew\AppData\Local\{9FEDC805-AEA3-4D08-81C0-7591DAF52E76}
2011-12-18 15:49 - 2011-12-18 15:49 - 0000000 ____D C:\Users\Drew\AppData\Local\{63408CFF-7F62-466D-8168-E0B76E7082C0}
2011-12-18 15:48 - 2011-12-18 15:47 - 0743640 ____A C:\Windows\Minidump\121811-22760-01.dmp
2011-12-18 08:19 - 2011-12-18 08:19 - 0000000 ____D C:\Users\Drew\AppData\Local\{38DB1960-0E0F-4C46-8057-98713CE234F4}
2011-12-18 08:17 - 2011-12-18 08:16 - 0709640 ____A C:\Windows\Minidump\121811-23774-01.dmp
2011-12-17 07:52 - 2011-12-17 07:52 - 0002563 ____A C:\Users\Drew\Desktop\MySJU Password Change Form.htm
2011-12-17 07:52 - 2011-12-17 07:52 - 0000000 ____D C:\Users\Drew\Desktop\MySJU Password Change Form_files
2011-12-17 07:39 - 2011-12-17 07:39 - 0000000 ____D C:\Users\Drew\AppData\Local\{5D0DCC63-8515-4AED-994B-DED11A364177}
2011-12-17 07:39 - 2011-12-17 07:39 - 0000000 ____D C:\Users\Drew\AppData\Local\{383B458F-664A-475F-A747-40C783669FE6}
2011-12-16 17:09 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2011-12-16 00:45 - 2012-02-15 11:50 - 1501184 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-12-16 00:45 - 2012-02-15 11:50 - 1197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-12-16 00:45 - 2012-02-15 11:49 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-12-16 00:42 - 2012-02-15 11:50 - 9335296 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-12-16 00:42 - 2012-02-15 11:50 - 1026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2011-12-16 00:42 - 2012-02-15 11:50 - 0703488 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-12-16 00:42 - 2012-02-15 11:50 - 0634368 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2011-12-16 00:42 - 2012-02-15 11:49 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-12-16 00:42 - 2012-02-15 11:49 - 0082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-12-16 00:41 - 2012-02-15 11:49 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-12-16 00:41 - 2012-02-15 11:49 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-12-16 00:40 - 2012-02-15 11:50 - 12372480 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-12-16 00:40 - 2012-02-15 11:50 - 0445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-12-16 00:40 - 2012-02-15 11:49 - 2458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-12-16 00:40 - 2012-02-15 11:49 - 0256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-12-16 00:40 - 2012-02-15 11:49 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-12-16 00:38 - 2012-02-15 11:49 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-12-16 00:02 - 2012-02-15 11:50 - 1230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-12-16 00:02 - 2012-02-15 11:50 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-12-16 00:02 - 2012-02-15 11:49 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-12-15 23:59 - 2012-02-15 11:50 - 5999104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-12-15 23:59 - 2012-02-15 11:50 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2011-12-15 23:59 - 2012-02-15 11:50 - 0606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2011-12-15 23:59 - 2012-02-15 11:50 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-12-15 23:59 - 2012-02-15 11:49 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-12-15 23:59 - 2012-02-15 11:49 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2011-12-15 23:58 - 2012-02-15 11:50 - 10991104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-12-15 23:58 - 2012-02-15 11:50 - 0381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2011-12-15 23:58 - 2012-02-15 11:49 - 2072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-12-15 23:58 - 2012-02-15 11:49 - 0185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2011-12-15 23:58 - 2012-02-15 11:49 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-12-15 23:58 - 2012-02-15 11:49 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-12-15 23:58 - 2012-02-15 11:49 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2011-12-15 23:56 - 2012-02-15 11:49 - 0012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2011-12-15 23:26 - 2012-02-15 11:49 - 0482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-12-15 22:49 - 2012-02-15 11:49 - 0386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2011-12-15 22:43 - 2012-02-15 11:49 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-12-15 22:15 - 2012-02-15 11:49 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-12-15 08:20 - 2011-12-15 08:20 - 0000000 ____D C:\Users\Drew\AppData\Local\{8573B927-D7CA-4BF3-AC33-92AAC91AF5F1}
2011-12-15 08:20 - 2011-12-15 08:20 - 0000000 ____D C:\Users\Drew\AppData\Local\{66046E2C-A238-4951-9078-7F31C9082314}
2011-12-15 08:06 - 2011-12-15 08:06 - 0709696 ____A C:\Windows\Minidump\121511-25350-01.dmp
2011-12-14 12:46 - 2011-12-14 12:46 - 0000000 ____D C:\Users\Drew\AppData\Local\{E9213000-E053-49FD-BD12-B009234C2B27}
2011-12-14 12:46 - 2011-12-14 12:46 - 0000000 ____D C:\Users\Drew\AppData\Local\{41F8479C-E0C3-47CC-BDF0-1AA964989EC1}
2011-12-14 06:10 - 2011-12-14 06:09 - 0000000 ____D C:\Users\Drew\AppData\Local\{B74B5B6C-D343-4252-912B-2F12C096B400}
2011-12-14 06:10 - 2011-12-11 10:00 - 0000000 ____D C:\Users\Drew\Downloads\New Music Releases Xmas Special 2011
2011-12-14 06:09 - 2011-12-14 06:09 - 0000000 ____D C:\Users\Drew\AppData\Local\{5696C7FD-30AC-4A76-8DA0-1179DF1DC1D0}
2011-12-13 10:28 - 2011-12-13 10:15 - 0000000 ____D C:\output
2011-12-13 10:24 - 2011-12-13 10:15 - 0000516 ____A C:\11.txt
2011-12-13 10:24 - 2011-12-13 10:15 - 0000000 ____D C:\tmp
2011-12-13 09:56 - 2011-12-13 09:56 - 4968296 ____A (FLAC To MP3, http://www.FlacMP3.net/ ) C:\Users\Drew\Downloads\flac2mp3.exe
2011-12-13 09:56 - 2011-12-13 09:56 - 0000597 ____A C:\Users\Public\Desktop\FLAC To MP3.lnk
2011-12-13 09:56 - 2011-12-13 09:56 - 0000000 ____D C:\FLAC To MP3
2011-12-13 09:50 - 2011-12-13 09:50 - 0000000 ____D C:\Program Files (x86)\Bigasoft
2011-12-13 09:49 - 2011-12-13 09:49 - 9797664 ____A (Bigasoft Corporation) C:\Users\Drew\Downloads\b-audio-converter.exe
2011-12-13 04:46 - 2011-12-13 04:46 - 0001175 ____A C:\Users\Drew\Desktop\FrostWire 5.2.11.lnk
2011-12-13 04:44 - 2011-12-13 04:44 - 10393960 ____A (FrostWire Team) C:\Users\Drew\Downloads\frostwire-5.2.11.windows.exe
2011-12-13 04:38 - 2011-12-02 17:53 - 0000000 ____D C:\Program Files (x86)\Ask.com
2011-12-13 04:30 - 2011-12-13 04:30 - 0000000 ____D C:\Users\Drew\AppData\Local\{4A954784-BAC7-4A53-A528-2C85754AA5E6}
2011-12-13 04:30 - 2011-12-13 04:29 - 0000000 ____D C:\Users\Drew\AppData\Local\{5EE50F82-D2AF-4E4F-81F7-A4EA63FC0EEF}
2011-12-13 04:28 - 2011-12-13 04:27 - 0709696 ____A C:\Windows\Minidump\121311-29281-01.dmp
2011-12-12 08:00 - 2011-12-12 08:00 - 0038895 ____A C:\Users\Drew\Downloads\40011Andrew Higgins current resume (Autosaved).docx
2011-12-12 07:58 - 2011-12-12 07:58 - 0038895 ____A C:\Users\Drew\Desktop\Andrew Higgins current resume (Autosaved).docx
2011-12-12 07:58 - 2011-12-12 07:58 - 0000162 ___AH C:\Users\Drew\Desktop\~$drew Higgins current resume (Autosaved).docx
2011-12-11 16:17 - 2011-12-11 16:17 - 0084947 ____A C:\Users\Drew\Downloads\tebow.jpg
2011-12-11 10:03 - 2011-12-10 17:53 - 0000000 ____D C:\Users\Drew\Downloads\Paris.Hilton.One.night.in.Paris.XXX.DVDRip.XviD.iNTERNAL-DARKZONE
2011-12-10 20:11 - 2011-12-10 20:11 - 0000000 ____D C:\Users\Drew\AppData\Local\{3657C569-805C-41F3-84A9-C380E2669FAA}
2011-12-10 20:11 - 2011-12-10 08:11 - 0000000 ____D C:\Users\Drew\AppData\Local\{4D71409C-D530-4168-80AA-D80D682FDBFD}
2011-12-10 15:24 - 2011-10-28 13:27 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-10 09:16 - 2011-12-10 09:17 - 0039849 ____A C:\Users\Drew\Downloads\urb.jpg
2011-12-10 08:09 - 2011-12-10 08:09 - 0709696 ____A C:\Windows\Minidump\121011-24616-01.dmp

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 19%
Total physical RAM: 3893.86 MB
Available physical RAM: 3117.7 MB
Total Pagefile: 3892.01 MB
Available Pagefile: 3113.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:444.16 GB) (Free:9.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:21.31 GB) (Free:3.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: (HP v195b) (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 3824 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 444 GB 200 MB
Partition 3 Primary 21 GB 444 GB
Partition 4 Primary 103 MB 465 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 444 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 21 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3823 MB 572 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H HP v195b FAT32 Removable 3823 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-02-29 01:12

======================= End Of Log ==========================

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:42 AM

Posted 07 March 2012 - 09:58 AM

Greetings Andrewesquire,


We need to run a couple programs to address some issues on your machine. I also need to provide a warning which I would recommend be taken seriously. It very well could be the means through which your computer was infected.


===================================================


P2P Warning

--------------------

Going over your logs I noticed that you have BitTorrent and Limewire installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall BitTorrent and Limewire, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.


===================================================


Farbar's Recovery Scan Tool - Run Fix

--------------------

  • Press windows key Posted Image + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt

    SubSystems: [Windows] ==> ZeroAccess
    2012-02-12 14:40 - 2012-03-06 18:37 - 0000000 __ASH C:\Windows\System32\dds_log_trash.cmd
    2 PCISys; C:\Windows\System32\CTAUDFX.DLL.dll [5120 2009-07-13] (Iomega)
    NETSVC: PCISys
    
  • NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Now please enter System Recovery Options.
  • Run FRST 64 and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the flashdrive (Fixlog.txt) please post it to your reply
  • Reboot your computer

===================================================


Re-installing and Running Combofix

--------------------

I would like you to delete Combofix and then re-install it. We will then run the program again with the new copy.

  • Right click on the ComboFix Icon Posted Image on your desktop and select Delete.
  • Please download ComboFix from one of these locations and save it to your desktop:

    Bleepingcomputer

    ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe.
  • If ComboFix stalls, please try the next step to see if you can free it up
  • When finished, it will produce a log. Please include the C:\Combofix.txt log in your next reply.

===================================================


ComboFix Stalled

--------------------

If ComboFix appears to be stuck, frozen or failed to reboot, please do the following:

Open Task Manager and look for the following ComboFix related processes (some have a .3XE extension):

  • PEV.exe
  • NirCmd.3XE
  • PEV.3XE
  • SED
  • GREP
  • Any file that has the extension *.3XE
One at a time, right-click and select End Process. If doing that did not free ComboFix, then you will need to reboot the computer manually.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • fixlog.txt
  • ComboFix.txt
  • How is your computer behaving?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Andrewesquire

Andrewesquire
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 07 March 2012 - 11:06 AM

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 07-03-2012 01
Ran by SYSTEM at 2012-03-07 07:24:21 R:1
Running from H:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
C:\Windows\System32\dds_log_trash.cmd moved successfully.
PCISys service deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs PCISys Deleted successfully.

==== End of Fixlog ====



ComboFix 12-03-07.04 - Drew 03/07/2012 7:38.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2244 [GMT -8:00]
Running from: c:\users\Drew\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Drew\AppData\Local\dc261462\U
c:\users\Drew\AppData\Local\dc261462\U\80000000.@
c:\users\Drew\AppData\Local\dc261462\U\800000cb.@
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\00000001.@
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
.
.
((((((((((((((((((((((((( Files Created from 2012-02-07 to 2012-03-07 )))))))))))))))))))))))))))))))
.
.
2012-03-07 15:52 . 2012-03-07 15:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-07 03:31 . 2012-03-07 03:49 -------- d-----w- C:\books
2012-03-07 02:39 . 2012-03-07 02:40 -------- d-----w- C:\FRST
2012-03-07 00:04 . 2012-03-07 00:04 -------- d-----w- c:\programdata\Panda Security
2012-03-07 00:04 . 2012-03-07 00:04 -------- d-----w- c:\program files (x86)\Panda USB Vaccine
2012-03-04 01:22 . 2012-03-04 01:22 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-02-15 19:50 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 19:50 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 19:50 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 19:50 . 2012-01-14 04:02 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 19:50 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 19:50 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 19:50 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 19:50 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-07 11:04 . 2012-03-07 11:04 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-07 11:04 . 2012-03-07 11:04 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-03-02 14:45 . 2011-06-01 04:48 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 17:18 . 2010-08-27 04:35 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-08 07:13 . 2012-03-06 15:09 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D8341EF8-9443-42F2-822B-00AFFE8D1CEE}\mpengine.dll
2011-12-10 23:24 . 2011-10-28 21:27 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Drew\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Drew\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Drew\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Drew\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-03-02 650104]
"Facebook Update"="c:\users\Drew\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-15 137536]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-15 17146504]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Google Update"="c:\users\Drew\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-27 136176]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-04 3331944]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe" [2011-10-27 247968]
.
c:\users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DING!.lnk - c:\program files (x86)\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
Dropbox.lnk - c:\users\Drew\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
NexDef Plug-in.lnk - c:\users\Drew\AppData\Local\Autobahn\nexdef.exe [2011-8-11 15490560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-13 136176]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-13 136176]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\DRIVERS\PulseUsb.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/06/26 02:49];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-01-27 22:48 146928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2010-09-07 89600]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-01-16 127984]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-02-08 338168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-07-12 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 PenCommService;Livescribe Smartpen Service;c:\program files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [2010-10-18 457728]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-01-06 2184496]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 18:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-540288810-2497427636-1473453702-1001Core.job
- c:\users\Drew\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-15 20:50]
.
2012-03-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-540288810-2497427636-1473453702-1001UA.job
- c:\users\Drew\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-15 20:50]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14 21:27]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14 21:27]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-540288810-2497427636-1473453702-1001Core.job
- c:\users\Drew\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 04:20]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-540288810-2497427636-1473453702-1001UA.job
- c:\users\Drew\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 04:20]
.
2012-03-07 c:\windows\Tasks\HPCeeScheduleForDrew.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 11:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Drew\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Drew\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Drew\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Drew\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?l=dis&o=14196
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\0pg719zn.default\
.
- - - - ORPHANS REMOVED - - - -
.
Notify-igfxcui - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\DigitalPersona\Bin\DPAgent.exe
c:\program files (x86)\Panda USB Vaccine\USBVaccine.exe
c:\program files (x86)\iTunes\iTunes.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
.
**************************************************************************
.
Completion time: 2012-03-07 08:03:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-07 16:03
.
Pre-Run: 16,529,068,032 bytes free
Post-Run: 17,269,514,240 bytes free
.
- - End Of File - - 29CB54F8B6087D21B7EA1776F683E5B0


I will play around and see how my issues have progressed....

#12 Andrewesquire

Andrewesquire
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 07 March 2012 - 11:08 AM

So far, so good....seems like things are working...what else need I do? Thanks a bunch, btw

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:42 AM

Posted 07 March 2012 - 04:18 PM

Greetings Andrewesquire,


Very nice results. Let's continue with a couple more things. We are not quite done yet.


===================================================


There is a suspicious file I would like to check. Please complete the below.


Jotti's Online Virus Scanner

--------------------

Hi Please visit the online Jotti Virus Scanner Posted Image<--link

  • Browse to the following filepaths:

    C:\Windows\muzuki.exc

  • Click on the Posted Image button. The scanner will check the file with various AV companies.
  • Copy and paste the results box into a reply to this thread.

===================================================


Farbar's Recovery Scan Tool

--------------------

  • Press windows key Posted Image + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt

    C:\32788R22FWJFW
    
  • NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Now please enter System Recovery Options.
  • Run FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the flashdrive (Fixlog.txt) please post it to your reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Results from Jotti's
  • Fixlog.txt
  • Is your computer still running OK?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Andrewesquire

Andrewesquire
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 07 March 2012 - 05:50 PM

jottis: could not locate file

fixlog:

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 07-03-2012 01
Ran by SYSTEM at 2012-03-07 14:45:17 R:2
Running from H:\

==============================================

C:\32788R22FWJFW not found.

==== End of Fixlog ====

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:42 AM

Posted 07 March 2012 - 10:41 PM

Greetings Andrewesquire,


Things are looking much better so I would like us to run a couple of scans to look for traces of malware on your computer.

If you would, please run the following for me.


===================================================


Rerun Malwarebytes

--------------------

Temporarily disable your antivirus program.

  • Please locate your Malwarebytes icon Posted Image and launch the program
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

    Posted Image

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • MBAM log
  • ESET log
  • Are you having any issues with your computer?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users