Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Zeroaccess.B win7


  • This topic is locked This topic is locked
15 replies to this topic

#1 mjawkins

mjawkins

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 30 March 2012 - 04:46 PM

Having troubles with Trojan.Zeroaccess.B , as per a previous post. This is the DDS log and the other has been attached as requested. Thank again for the help!






.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Mitch at 17:36:17 on 2012-03-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3894.2047 [GMT -4:00]
.
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Norton Internet Security *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://easy-google-search.blogspot.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
BHO: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
TB: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Facebook Update] "C:\Users\Mitch\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Google Update] "C:\Users\Mitch\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRun: [4Y3Y0C3AUF7W1VXVNTECSGW] C:\Recycle.Bin\B6232F3ABBB.exe /q
StartupFolder: C:\Users\Mitch\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\Users\Mitch\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 24.226.1.93 24.226.10.193
TCP: Interfaces\{5B550C84-603A-4D7F-87D6-ECE799494854} : DhcpNameServer = 192.168.1.1 24.226.1.93 24.226.10.193
TCP: Interfaces\{5B550C84-603A-4D7F-87D6-ECE799494854}\05572707C656D4F6F63756D27657563747 : DhcpNameServer = 38.117.70.129
TCP: Interfaces\{5B550C84-603A-4D7F-87D6-ECE799494854}\2456C6C644242314 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5B550C84-603A-4D7F-87D6-ECE799494854}\35471607C65637241636B6236313 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5B550C84-603A-4D7F-87D6-ECE799494854}\46C696E6B6 : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
BHO-X64: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
TB-X64: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\i7gftcmw.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-5528014799800033:cevktqnfrvl&ie=ISO-8859-1&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Users\Mitch\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Mitch\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Mitch\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Mitch\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-17 1157240]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys --> C:\Windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys --> C:\Windows\system32\DRIVERS\dvmio.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20120329.002\IDSviA64.sys [2012-3-30 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\NISx64\1108000.005\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NISx64\1108000.005\SYMTDIV.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-14 169624]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-4-16 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-2-8 338168]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-2-4 92216]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-29 652360]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe [2012-3-29 126392]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.EXE [2010-6-26 2320920]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-3-30 138360]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 253600]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [2010-9-20 366840]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [2010-9-20 1142224]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-03-30 14:36:11 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys
2012-03-30 14:17:02 -------- d-----w- C:\Users\Mitch\AppData\Local\{FA8AE5C7-D860-405A-BBE4-54518E0C32BB}
2012-03-29 21:05:35 -------- d-----w- C:\_OTL
2012-03-29 20:15:55 505392 ----a-w- C:\Windows\System32\drivers\NISx64\1108000.005\srtsp64.sys
2012-03-29 20:15:55 451120 ----a-w- C:\Windows\System32\drivers\NISx64\1108000.005\symtdiv.sys
2012-03-29 20:15:55 433200 ----a-r- C:\Windows\System32\drivers\NISx64\1108000.005\symds64.sys
2012-03-29 20:15:55 32304 ----a-w- C:\Windows\System32\drivers\NISx64\1108000.005\srtspx64.sys
2012-03-29 20:15:55 221232 ----a-w- C:\Windows\System32\drivers\NISx64\1108000.005\symefa64.sys
2012-03-29 20:15:54 615040 ----a-w- C:\Windows\System32\drivers\NISx64\1108000.005\cchpx64.sys
2012-03-29 20:15:54 150064 ----a-w- C:\Windows\System32\drivers\NISx64\1108000.005\ironx64.sys
2012-03-29 20:15:25 -------- d-----w- C:\Windows\System32\drivers\NISx64\1108000.005
2012-03-29 20:08:14 8767136 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-03-29 20:02:35 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-29 20:01:14 -------- d-----w- C:\Users\Mitch\AppData\Local\{BFAAA6DB-4CD3-459A-B914-12E1AD7EEF90}
2012-03-29 19:59:36 -------- d-----w- C:\Users\Mitch\AppData\Local\Symantec
2012-03-29 17:43:25 -------- d-----w- C:\Users\Mitch\AppData\Roaming\Malwarebytes
2012-03-29 17:43:20 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-29 17:43:19 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-29 17:43:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-29 03:38:29 -------- d-----w- C:\ProgramData\Recovery
2012-03-29 00:12:22 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D384202F-2CE7-499B-9CF4-56B1A3060BD5}\offreg.dll
2012-03-29 00:07:47 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D384202F-2CE7-499B-9CF4-56B1A3060BD5}\mpengine.dll
2012-03-29 00:02:17 -------- d-----w- C:\Users\Mitch\AppData\Roaming\Tific
2012-03-28 23:59:23 -------- d-----w- C:\Users\Mitch\AppData\Local\{3470A684-877A-486D-B2C8-5E6F0D88074D}
2012-03-28 23:56:43 -------- d-----we C:\Windows\system64
2012-03-28 21:59:10 256000 ----a-w- C:\Windows\PEV.exe
2012-03-28 21:59:10 208896 ----a-w- C:\Windows\MBR.exe
2012-03-28 21:59:09 98816 ----a-w- C:\Windows\sed.exe
2012-03-28 21:59:09 518144 ----a-w- C:\Windows\SWREG.exe
2012-03-28 21:58:58 -------- d-s---w- C:\ComboFix
2012-03-28 11:50:09 -------- d-----w- C:\Users\Mitch\AppData\Local\{1E17F7F4-B133-4C38-82DE-64BA27649424}
2012-03-27 17:29:46 -------- d-----w- C:\Users\Mitch\AppData\Local\{8D937644-BCB3-424C-9F0E-74034593151D}
2012-03-27 17:29:36 -------- d-----w- C:\Users\Mitch\AppData\Local\{E8D9EE41-9395-4543-8D31-B768A8ED6D1D}
2012-03-27 03:17:55 -------- d-----w- C:\Users\Mitch\AppData\Local\NPE
2012-03-27 01:40:01 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-03-27 01:33:06 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-03-27 01:32:36 -------- d-----w- C:\Program Files\Symantec
2012-03-27 01:32:36 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-03-26 21:51:19 -------- d-----w- C:\Program Files (x86)\Rovio
2012-03-26 19:02:09 -------- d-----w- C:\Users\Mitch\AppData\Local\{B3D6081A-910D-413E-9D69-652515D4D954}
2012-03-26 19:01:43 -------- d-----w- C:\Users\Mitch\AppData\Local\{F3554E9A-F9EC-4954-8AAE-10339B41D0CB}
2012-03-26 15:01:32 -------- d-----w- C:\Users\Mitch\AppData\Local\{F082F2EA-D4BE-4FEC-B2D7-DEEBB0185AAC}
2012-03-26 15:01:13 84992 ----a-w- C:\Windows\SysWow64\iemARkm2.com_
2012-03-25 15:18:56 -------- d-----w- C:\Users\Mitch\AppData\Local\{9D1E2528-F9CE-44E5-8040-38C38689964B}
2012-03-25 15:18:45 -------- d-----w- C:\Users\Mitch\AppData\Local\{AFA476CA-F72B-4246-BF8D-C68C10BF04C7}
2012-03-25 03:18:32 -------- d-----w- C:\Users\Mitch\AppData\Local\{A8C4831C-273F-475E-AC3D-8845B2DB5C2B}
2012-03-25 03:18:22 -------- d-----w- C:\Users\Mitch\AppData\Local\{8812F932-4DC4-4C96-A879-2574844CC666}
2012-03-24 15:17:58 -------- d-----w- C:\Users\Mitch\AppData\Local\{7DE44783-AD2B-4042-94EE-6B257BAB7211}
2012-03-24 15:17:37 -------- d-----w- C:\Users\Mitch\AppData\Local\{09347842-3775-48FB-9AAE-E38AEA5AB132}
2012-03-24 02:12:10 -------- d-----w- C:\Users\Mitch\AppData\Local\{474F5151-89C9-434A-8805-57439C3EEC6B}
2012-03-24 02:12:00 -------- d-----w- C:\Users\Mitch\AppData\Local\{8973843E-F26A-4FD6-9F40-9E752A7E71E6}
2012-03-24 01:20:39 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-03-23 14:11:36 -------- d-----w- C:\Users\Mitch\AppData\Local\{25AB73B5-5A49-4D22-98E3-029F38F1CA0B}
2012-03-23 14:11:26 -------- d-----w- C:\Users\Mitch\AppData\Local\{DC24FDFE-3D80-4BC0-8770-B9CB77F08217}
2012-03-23 02:11:15 -------- d-----w- C:\Users\Mitch\AppData\Local\{AD91B937-EDCE-47B5-ACCD-EE7EF21902F4}
2012-03-23 02:11:05 -------- d-----w- C:\Users\Mitch\AppData\Local\{9CD621FE-DA85-4D96-A4F3-6AEBD5DB8B9C}
2012-03-22 14:10:53 -------- d-----w- C:\Users\Mitch\AppData\Local\{40672B68-435C-46C5-81FF-F5181C81E890}
2012-03-22 14:10:43 -------- d-----w- C:\Users\Mitch\AppData\Local\{9996FD04-3D5A-4B81-9E96-626C3A387F26}
2012-03-22 02:10:31 -------- d-----w- C:\Users\Mitch\AppData\Local\{83FDA061-4469-44FA-B40D-94AB16E6C6C3}
2012-03-22 02:10:21 -------- d-----w- C:\Users\Mitch\AppData\Local\{2F37DC21-5874-4A6D-A99D-6593EA9BB8BC}
2012-03-21 14:10:10 -------- d-----w- C:\Users\Mitch\AppData\Local\{F68AFE8F-F635-4960-AFF2-3AFB9B0969DA}
2012-03-21 14:10:00 -------- d-----w- C:\Users\Mitch\AppData\Local\{62A13F15-9A82-4F0E-820B-7B8D6E2DE3AB}
2012-03-21 01:54:31 -------- d-----w- C:\Users\Mitch\AppData\Local\{BB7F3BC5-7B52-451D-99DF-DED107E8B0A9}
2012-03-21 01:54:21 -------- d-----w- C:\Users\Mitch\AppData\Local\{A82D5B94-4627-4AB9-91C1-BE4754E35D6A}
2012-03-19 02:32:58 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 02:32:58 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-18 20:08:23 -------- d-----w- C:\Users\Mitch\AppData\Local\{995FDA14-540C-44FB-A005-70608E92F3E7}
2012-03-18 20:08:13 -------- d-----w- C:\Users\Mitch\AppData\Local\{3F119BF6-FFD5-4FF7-8B65-A543B0C7E037}
2012-03-16 00:27:07 -------- d-----w- C:\Users\Mitch\AppData\Local\{7F1812C3-8430-4535-9AAD-69B549A6F9E9}
2012-03-16 00:26:56 -------- d-----w- C:\Users\Mitch\AppData\Local\{0006EFB6-DEB0-4DE4-9D20-77F3CAD609E9}
2012-03-15 12:06:33 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-15 12:06:32 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-15 12:06:32 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-15 12:01:08 -------- d-----w- C:\Users\Mitch\AppData\Local\{BA7419DB-5AD1-4914-8211-E86F554731E4}
2012-03-15 12:00:58 -------- d-----w- C:\Users\Mitch\AppData\Local\{4540C9C8-15B5-48F0-BDB4-CD8B7A67DF83}
2012-03-14 22:48:51 -------- d-----w- C:\Users\Mitch\AppData\Local\{05C69F77-78E4-464A-83FC-D319BD03F6B2}
2012-03-14 22:48:40 -------- d-----w- C:\Users\Mitch\AppData\Local\{0FCEC0F1-3B10-4C4F-83B6-7AED3F9BCFC6}
2012-03-14 15:15:48 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 15:15:45 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 15:15:45 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 15:12:36 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 15:12:36 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 15:12:36 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 15:12:35 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 15:12:34 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 15:12:34 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 15:12:34 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-13 15:11:34 -------- d-----w- C:\Users\Mitch\AppData\Local\{FADF68B8-6E45-4DB5-8BDA-B52D5AE3FE04}
2012-03-13 15:11:19 -------- d-----w- C:\Users\Mitch\AppData\Local\{D5B17D49-270A-49C2-B409-7180684C3965}
2012-03-12 23:43:46 -------- d-----w- C:\Users\Mitch\AppData\Local\{5D71CB96-C29D-4C88-A8B0-0E56BB4A7912}
2012-03-12 23:43:36 -------- d-----w- C:\Users\Mitch\AppData\Local\{F2BE37C4-D048-40B1-9339-B5B3687FBF06}
2012-03-12 11:43:12 -------- d-----w- C:\Users\Mitch\AppData\Local\{31DFE17B-D2BA-455C-B1C9-0290FBADBA78}
2012-03-12 11:43:02 -------- d-----w- C:\Users\Mitch\AppData\Local\{521F40CD-731E-4669-9539-45C625FE8786}
2012-03-11 23:13:35 -------- d-----w- C:\Users\Mitch\AppData\Local\{9B170C3F-6A95-4B46-9E74-C3D6A62140BD}
2012-03-11 23:13:25 -------- d-----w- C:\Users\Mitch\AppData\Local\{585B6DD8-E013-4DFD-88B6-38A7A6062D05}
2012-03-11 10:59:26 -------- d-----w- C:\Users\Mitch\AppData\Local\{53466397-B622-48E8-BF3B-CFA0BBFFCB64}
2012-03-11 10:59:15 -------- d-----w- C:\Users\Mitch\AppData\Local\{2958DC30-7A67-4D0D-907C-AD88D203B38F}
2012-03-10 20:48:45 -------- d-----w- C:\Users\Mitch\AppData\Local\{DC5ADE64-A12F-420F-B296-C9AE6BF19645}
2012-03-10 20:48:34 -------- d-----w- C:\Users\Mitch\AppData\Local\{CDE7720B-DA8A-4B8E-99F3-4FAEC8B2AD9E}
2012-03-10 03:13:41 -------- d-----w- C:\Users\Mitch\AppData\Local\{3C7AECED-0ECE-4D94-9136-DAF297C0B926}
2012-03-10 03:13:30 -------- d-----w- C:\Users\Mitch\AppData\Local\{D4E8B890-7219-4B03-B385-DBDEF00053AE}
2012-03-09 15:13:06 -------- d-----w- C:\Users\Mitch\AppData\Local\{C3007544-C4EB-4E8A-9A69-D5F1D2439E32}
2012-03-09 15:12:56 -------- d-----w- C:\Users\Mitch\AppData\Local\{8A97C288-0E4F-4A76-9C20-545550EA6D52}
2012-03-09 03:12:43 -------- d-----w- C:\Users\Mitch\AppData\Local\{71E96C47-DF74-45D8-B58E-059C0D28E78A}
2012-03-09 03:12:30 -------- d-----w- C:\Users\Mitch\AppData\Local\{5E37BDC3-4571-46DC-B198-A9F8F8204FE9}
2012-03-08 15:12:18 -------- d-----w- C:\Users\Mitch\AppData\Local\{D1B91169-5135-4D54-961B-B06E2BFCA6FE}
2012-03-08 15:12:05 -------- d-----w- C:\Users\Mitch\AppData\Local\{5F753E68-6059-45B5-817F-4594196344EC}
2012-03-08 03:11:53 -------- d-----w- C:\Users\Mitch\AppData\Local\{0BC49015-A2D4-46B7-BE2A-B24C26663067}
2012-03-08 03:11:42 -------- d-----w- C:\Users\Mitch\AppData\Local\{CA15E02A-6751-4FA6-9FF1-D8D2FC190627}
2012-03-07 15:11:17 -------- d-----w- C:\Users\Mitch\AppData\Local\{69A22BEB-972B-4C5A-A42F-FDB34A72A7FA}
2012-03-07 00:07:09 -------- d-----w- C:\Users\Mitch\AppData\Local\{C10FB468-BD77-4E1F-BAD2-C82999BCAE89}
2012-03-07 00:06:55 -------- d-----w- C:\Users\Mitch\AppData\Local\{D3DF9B00-C88F-429B-95D5-1D6CDD4BC2AD}
2012-03-04 22:50:05 -------- d-----w- C:\Users\Mitch\AppData\Local\{A784C0F6-8E16-4DA6-A1B2-51934CE61017}
2012-03-04 22:49:53 -------- d-----w- C:\Users\Mitch\AppData\Local\{55788DBE-A79F-44DD-9033-60FFA09CFD6B}
2012-03-04 02:05:03 -------- d-----w- C:\Users\Mitch\AppData\Local\{DC5ABC0A-351F-406E-8E1E-C640C91E1D20}
2012-03-04 02:04:51 -------- d-----w- C:\Users\Mitch\AppData\Local\{53121F9C-38C1-4A8A-AF05-886A8152A2FD}
2012-03-03 14:04:27 -------- d-----w- C:\Users\Mitch\AppData\Local\{840FEB7A-473E-4C2B-8F55-91D9F763908D}
2012-03-03 14:04:17 -------- d-----w- C:\Users\Mitch\AppData\Local\{492E296D-2B98-482A-8EEF-A2AA1C9C3B25}
2012-03-03 02:04:00 -------- d-----w- C:\Users\Mitch\AppData\Local\{237F5FE6-5CF5-43DB-BCC7-C64C269C237E}
2012-03-03 02:03:49 -------- d-----w- C:\Users\Mitch\AppData\Local\{A7C7A11A-C01D-4307-B9FE-584A65BAE1AF}
2012-03-02 13:51:35 -------- d-----w- C:\Users\Mitch\AppData\Local\{80D25A18-343B-4F21-81EA-97337BC86971}
2012-03-02 13:51:25 -------- d-----w- C:\Users\Mitch\AppData\Local\{0F6AFC45-781A-4E51-9B41-4A6FE787F6A2}
2012-03-01 20:48:12 -------- d-----w- C:\Users\Mitch\AppData\Local\{81FFF4A6-31CA-408E-B93A-32D660AA3F85}
2012-03-01 20:48:01 -------- d-----w- C:\Users\Mitch\AppData\Local\{97E51FEE-9093-4281-9276-901C54FF8BB3}
.
==================== Find3M ====================
.
2012-03-29 20:08:18 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 13:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
.
============= FINISH: 17:37:09.91 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 PM

Posted 30 March 2012 - 11:14 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 mjawkins

mjawkins
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 31 March 2012 - 11:48 AM

Ok, I removed Spyware Doctor and ran everything as you said and the only issue I had was after booting up after Combofix finished. As soon as I logged in I got a window saying that the Recycling bin on C had been corrupted and asking if it could be emptied. I had nothing important in there so I just clicked yes. Everything after that went fine. As far as my computer nothing has changed so far.

The combofix log has also been attached.


ComboFix 12-03-31.02 - Mitch 31/03/2012 12:09:26.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3894.2269 [GMT -4:00]
Running from: c:\users\Mitch\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-31 )))))))))))))))))))))))))))))))
.
.
2012-03-31 16:22 . 2012-03-31 16:22 -------- d-----w- c:\users\mom.Mitch-PC\AppData\Local\temp
2012-03-31 16:22 . 2012-03-31 16:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-31 16:22 . 2012-03-31 16:22 -------- d-----w- c:\users\mom\AppData\Local\temp
2012-03-30 14:36 . 2012-03-30 14:36 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-03-29 21:05 . 2012-03-29 21:05 -------- d-----w- C:\_OTL
2012-03-29 20:08 . 2012-03-29 20:08 8767136 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-29 20:02 . 2012-03-29 20:08 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-29 19:59 . 2012-03-29 19:59 -------- d-----w- c:\users\Mitch\AppData\Local\Symantec
2012-03-29 17:43 . 2012-03-29 17:43 -------- d-----w- c:\users\Mitch\AppData\Roaming\Malwarebytes
2012-03-29 17:43 . 2012-03-29 17:43 -------- d-----w- c:\programdata\Malwarebytes
2012-03-29 17:43 . 2012-03-29 17:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-29 17:43 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 03:38 . 2012-03-29 03:45 -------- d-----w- c:\programdata\Recovery
2012-03-29 00:07 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D384202F-2CE7-499B-9CF4-56B1A3060BD5}\mpengine.dll
2012-03-29 00:02 . 2012-03-29 00:02 -------- d-----w- c:\users\Mitch\AppData\Roaming\Tific
2012-03-28 23:56 . 2012-03-28 23:56 -------- d-----we c:\windows\system64
2012-03-27 03:17 . 2012-03-30 15:07 -------- d-----w- c:\users\Mitch\AppData\Local\NPE
2012-03-27 01:40 . 2012-03-31 16:07 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-03-26 21:51 . 2012-03-26 21:51 -------- d-----w- c:\program files (x86)\Rovio
2012-03-26 15:01 . 2012-03-24 01:51 84992 ----a-w- c:\windows\SysWow64\iemARkm2.com_
2012-03-24 01:20 . 2012-03-29 19:59 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-19 02:32 . 2012-03-19 02:32 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 02:32 . 2012-03-19 02:32 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-15 12:06 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 12:06 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 12:06 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 15:15 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 15:15 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 15:15 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 15:12 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 15:12 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 15:12 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 15:12 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 15:12 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 15:12 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 15:12 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-29 20:08 . 2011-06-13 22:39 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-24 00:33 . 2012-02-24 00:33 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-24 00:33 . 2012-02-24 00:33 1798656 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-24 00:33 . 2012-02-24 00:33 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-24 00:33 . 2012-02-24 00:33 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-24 00:33 . 2012-02-24 00:33 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-24 00:33 . 2012-02-24 00:33 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-24 00:33 . 2012-02-24 00:33 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-24 00:33 . 2012-02-24 00:33 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-24 00:33 . 2012-02-24 00:33 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-24 00:33 . 2012-02-24 00:33 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-24 00:33 . 2012-02-24 00:33 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-24 00:33 . 2012-02-24 00:33 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-24 00:33 . 2012-02-24 00:33 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-24 00:33 . 2012-02-24 00:33 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-24 00:33 . 2012-02-24 00:33 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-24 00:33 . 2012-02-24 00:33 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-24 00:33 . 2012-02-24 00:33 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-24 00:33 . 2012-02-24 00:33 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-24 00:33 . 2012-02-24 00:33 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-24 00:33 . 2012-02-24 00:33 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-24 00:33 . 2012-02-24 00:33 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-24 00:33 . 2012-02-24 00:33 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-24 00:33 . 2012-02-24 00:33 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-24 00:33 . 2012-02-24 00:33 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-24 00:33 . 2012-02-24 00:33 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-24 00:33 . 2012-02-24 00:33 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-24 00:33 . 2012-02-24 00:33 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-24 00:33 . 2012-02-24 00:33 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-24 00:33 . 2012-02-24 00:33 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-24 00:33 . 2012-02-24 00:33 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-24 00:33 . 2012-02-24 00:33 448512 ----a-w- c:\windows\system32\html.iec
2012-02-24 00:33 . 2012-02-24 00:33 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-24 00:33 . 2012-02-24 00:33 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-24 00:33 . 2012-02-24 00:33 2308096 ----a-w- c:\windows\system32\jscript9.dll
2012-02-24 00:33 . 2012-02-24 00:33 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-24 00:33 . 2012-02-24 00:33 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-24 00:33 . 2012-02-24 00:33 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-24 00:33 . 2012-02-24 00:33 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-24 00:33 . 2012-02-24 00:33 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-24 00:33 . 2012-02-24 00:33 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-24 00:33 . 2012-02-24 00:33 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-24 00:33 . 2012-02-24 00:33 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-23 13:18 . 2010-09-21 00:41 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 10:44 . 2012-02-15 16:01 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 16:01 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 17:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-01-28 1712184]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-06-16 2736128]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-21 39408]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-01-02 395640]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-10 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Facebook Update"="c:\users\Mitch\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-11 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-04 3331944]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [BU]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"4Y3Y0C3AUF7W1VXVNTECSGW"="c:\recycle.bin\B6232F3ABBB.exe" [BU]
.
c:\users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-12-26 576000]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-12-12 117248]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-15 169624]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-04-16 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-02-08 338168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-04 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 17:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 20:08]
.
2012-03-31 c:\windows\Tasks\At10.job
- c:\windows\system32\iemARkm2.com_ [2012-03-26 01:51]
.
2012-03-31 c:\windows\Tasks\At12.job
- c:\windows\system32\iemARkm2.com_ [2012-03-26 01:51]
.
2012-03-31 c:\windows\Tasks\At14.job
- c:\windows\system32\iemARkm2.com_ [2012-03-26 01:51]
.
2012-03-31 c:\windows\Tasks\At16.job
- c:\windows\system32\iemARkm2.com_ [2012-03-26 01:51]
.
2012-03-31 c:\windows\Tasks\At18.job
- c:\windows\system32\iemARkm2.com_ [2012-03-26 01:51]
.
2012-03-31 c:\windows\Tasks\At2.job
- c:\windows\system32\iemARkm2.com_ [2012-03-26 01:51]
.
2012-03-31 c:\windows\Tasks\At20.job
- c:\windows\system32\iemARkm2.com_ [2012-03-26 01:51]
.
2012-03-31 c:\windows\Tasks\At22.job
- c:\windows\system32\iemARkm2.com_ [2012-03-26 01:51]
.
2012-03-31 c:\windows\Tasks\At24.job
- c:\windows\system32\iemARkm2.com_ [2012-03-26 01:51]
.
2012-03-30 c:\windows\Tasks\At26.job
- c:\windows\system32\iemARkm2.com_ [2012-03-26 01:51]
.
2012-03-30 c:\windows\Tasks\At28.job
- c:\windows\system32\iemARkm2.com_ [2012-03-26 01:51]
.
2012-03-30 c:\windows\Tasks\At30.job
- c:\windows\system32\iemARkm2.com_ [2012-03-26 01:51]
.
2012-03-30 c:\windows\Tasks\At32.job
- c:\windows\system32\iemARkm2.com_ [2012-03-26 01:51]
.
2012-03-30 c:\windows\Tasks\At34.job
- c:\windows\system32\iemARkm2.com_ [2012-03-26 01:51]
.
2012-03-30 c:\windows\Tasks\At36.job
- c:\windows\system32\iemARkm2.com_ [2012-03-26 01:51]
.
2012-03-30 c:\windows\Tasks\At38.job
- c:\windows\system32\iemARkm2.com_ [2012-03-26 01:51]
.
2012-03-31 c:\windows\Tasks\At4.job
- c:\windows\system32\iemARkm2.com_ [2012-03-26 01:51]
.
2012-03-30 c:\windows\Tasks\At40.job
- c:\windows\system32\iemARkm2.com_ [2012-03-26 01:51]
.
2012-03-31 c:\windows\Tasks\At42.job
- c:\windows\system32\iemARkm2.com_ [2012-03-26 01:51]
.
2012-03-31 c:\windows\Tasks\At44.job
- c:\windows\system32\iemARkm2.com_ [2012-03-26 01:51]
.
2012-03-31 c:\windows\Tasks\At46.job
- c:\windows\system32\iemARkm2.com_ [2012-03-26 01:51]
.
2012-03-31 c:\windows\Tasks\At48.job
- c:\windows\system32\iemARkm2.com_ [2012-03-26 01:51]
.
2012-03-31 c:\windows\Tasks\At6.job
- c:\windows\system32\iemARkm2.com_ [2012-03-26 01:51]
.
2012-03-31 c:\windows\Tasks\At8.job
- c:\windows\system32\iemARkm2.com_ [2012-03-26 01:51]
.
2012-03-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-470935310-1960509635-4070439341-1000Core.job
- c:\users\Mitch\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-11 16:15]
.
2012-03-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-470935310-1960509635-4070439341-1000UA.job
- c:\users\Mitch\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-11 16:15]
.
2012-03-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-09-21 17:59]
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-470935310-1960509635-4070439341-1000Core.job
- c:\users\Mitch\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-16 02:00]
.
2012-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-470935310-1960509635-4070439341-1000UA.job
- c:\users\Mitch\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-16 02:00]
.
2012-03-27 c:\windows\Tasks\HPCeeScheduleForMitch.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 11:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-20 107832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-02 172032]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2009-12-16 8192]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-04-16 487424]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
sprtsvc_dellsupportcenter
.
------- Supplementary Scan -------
.
uStart Page = hxxp://easy-google-search.blogspot.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 24.226.1.93 24.226.10.193
FF - ProfilePath - c:\users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\i7gftcmw.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-5528014799800033:cevktqnfrvl&ie=ISO-8859-1&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:82,b7,1a,18,a4,0b,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-03-31 12:30:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-31 16:30
ComboFix2.txt 2012-03-28 23:12
.
Pre-Run: 260,331,261,952 bytes free
Post-Run: 260,365,471,744 bytes free
.
- - End Of File - - 2ED3ADC7EFA132DF8979CF7CF5AAB27A

Attached Files


Edited by gringo_pr, 31 March 2012 - 12:09 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 PM

Posted 31 March 2012 - 12:11 PM

Greetings

Please Do not attach the reports as asked in my opening speech and in my signature - please copy and paste the report into the topic (see edit above)

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 mjawkins

mjawkins
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 31 March 2012 - 01:24 PM

The TDSS didn't find anything, but this is the report:



14:19:26.0677 3388 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
14:19:26.0989 3388 ============================================================
14:19:26.0989 3388 Current date / time: 2012/03/31 14:19:26.0989
14:19:26.0989 3388 SystemInfo:
14:19:26.0989 3388
14:19:26.0989 3388 OS Version: 6.1.7601 ServicePack: 1.0
14:19:26.0989 3388 Product type: Workstation
14:19:26.0989 3388 ComputerName: MITCH-PC
14:19:26.0989 3388 UserName: Mitch
14:19:26.0989 3388 Windows directory: C:\Windows
14:19:26.0989 3388 System windows directory: C:\Windows
14:19:26.0989 3388 Running under WOW64
14:19:26.0989 3388 Processor architecture: Intel x64
14:19:26.0989 3388 Number of processors: 4
14:19:26.0989 3388 Page size: 0x1000
14:19:26.0989 3388 Boot type: Normal boot
14:19:26.0989 3388 ============================================================
14:19:27.0629 3388 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:19:27.0707 3388 \Device\Harddisk0\DR0:
14:19:27.0722 3388 MBR used
14:19:27.0722 3388 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
14:19:27.0722 3388 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x3774D800
14:19:27.0722 3388 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x377B1800, BlocksNum 0x2BA0800
14:19:27.0722 3388 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
14:19:27.0972 3388 Initialize success
14:19:27.0972 3388 ============================================================
14:21:08.0327 1652 ============================================================
14:21:08.0327 1652 Scan started
14:21:08.0327 1652 Mode: Manual;
14:21:08.0327 1652 ============================================================
14:21:09.0060 1652 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:21:09.0060 1652 1394ohci - ok
14:21:09.0122 1652 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
14:21:09.0122 1652 Accelerometer - ok
14:21:09.0200 1652 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:21:09.0200 1652 ACPI - ok
14:21:09.0294 1652 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:21:09.0294 1652 AcpiPmi - ok
14:21:09.0450 1652 AdobeActiveFileMonitor10.0 (047bd1eb681453a7fe492a71802ac9f3) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
14:21:09.0450 1652 AdobeActiveFileMonitor10.0 - ok
14:21:09.0590 1652 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:21:09.0590 1652 AdobeFlashPlayerUpdateSvc - ok
14:21:09.0731 1652 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:21:09.0746 1652 adp94xx - ok
14:21:09.0824 1652 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:21:09.0824 1652 adpahci - ok
14:21:09.0871 1652 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:21:09.0871 1652 adpu320 - ok
14:21:09.0918 1652 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:21:09.0918 1652 AeLookupSvc - ok
14:21:10.0027 1652 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
14:21:10.0043 1652 AESTFilters - ok
14:21:10.0183 1652 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:21:10.0199 1652 AFD - ok
14:21:10.0261 1652 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:21:10.0261 1652 agp440 - ok
14:21:10.0324 1652 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:21:10.0324 1652 ALG - ok
14:21:10.0417 1652 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:21:10.0417 1652 aliide - ok
14:21:10.0480 1652 AMD External Events Utility (48619a29f9c9c3cfeb66718dd03d8057) C:\Windows\system32\atiesrxx.exe
14:21:10.0495 1652 AMD External Events Utility - ok
14:21:10.0558 1652 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:21:10.0558 1652 amdide - ok
14:21:10.0636 1652 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:21:10.0636 1652 AmdK8 - ok
14:21:10.0885 1652 amdkmdag (06bf0785de714637eba9bb1084b28626) C:\Windows\system32\DRIVERS\atikmdag.sys
14:21:11.0057 1652 amdkmdag - ok
14:21:11.0135 1652 amdkmdap (2dec3274589ff6889ab05adceeb0f642) C:\Windows\system32\DRIVERS\atikmpag.sys
14:21:11.0135 1652 amdkmdap - ok
14:21:11.0213 1652 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:21:11.0213 1652 AmdPPM - ok
14:21:11.0260 1652 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:21:11.0260 1652 amdsata - ok
14:21:11.0306 1652 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:21:11.0306 1652 amdsbs - ok
14:21:11.0353 1652 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:21:11.0353 1652 amdxata - ok
14:21:11.0431 1652 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:21:11.0431 1652 AppID - ok
14:21:11.0462 1652 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:21:11.0462 1652 AppIDSvc - ok
14:21:11.0509 1652 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:21:11.0509 1652 Appinfo - ok
14:21:11.0650 1652 Apple Mobile Device (70d7be78061126dd0c3accdb7e129017) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:21:11.0665 1652 Apple Mobile Device - ok
14:21:11.0774 1652 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:21:11.0774 1652 arc - ok
14:21:11.0806 1652 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:21:11.0806 1652 arcsas - ok
14:21:11.0930 1652 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:21:11.0977 1652 aspnet_state - ok
14:21:12.0071 1652 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:21:12.0071 1652 AsyncMac - ok
14:21:12.0180 1652 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:21:12.0196 1652 atapi - ok
14:21:12.0305 1652 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
14:21:12.0305 1652 AtiHdmiService - ok
14:21:12.0383 1652 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:21:12.0398 1652 AudioEndpointBuilder - ok
14:21:12.0414 1652 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:21:12.0430 1652 AudioSrv - ok
14:21:12.0523 1652 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:21:12.0523 1652 AxInstSV - ok
14:21:12.0617 1652 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:21:12.0617 1652 b06bdrv - ok
14:21:12.0757 1652 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:21:12.0757 1652 b57nd60a - ok
14:21:12.0913 1652 BCM43XX (0e7a9264576b40638a3fbc804de1ff76) C:\Windows\system32\DRIVERS\bcmwl664.sys
14:21:12.0991 1652 BCM43XX - ok
14:21:13.0100 1652 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:21:13.0116 1652 BDESVC - ok
14:21:13.0210 1652 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:21:13.0210 1652 Beep - ok
14:21:13.0288 1652 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:21:13.0319 1652 BFE - ok
14:21:13.0381 1652 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
14:21:13.0412 1652 BITS - ok
14:21:13.0522 1652 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:21:13.0522 1652 blbdrive - ok
14:21:13.0662 1652 Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
14:21:13.0662 1652 Bonjour Service - ok
14:21:13.0771 1652 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:21:13.0771 1652 bowser - ok
14:21:13.0802 1652 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:21:13.0802 1652 BrFiltLo - ok
14:21:13.0834 1652 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:21:13.0834 1652 BrFiltUp - ok
14:21:13.0896 1652 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:21:13.0896 1652 BridgeMP - ok
14:21:13.0974 1652 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:21:13.0990 1652 Browser - ok
14:21:14.0021 1652 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:21:14.0036 1652 Brserid - ok
14:21:14.0068 1652 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:21:14.0068 1652 BrSerWdm - ok
14:21:14.0114 1652 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:21:14.0114 1652 BrUsbMdm - ok
14:21:14.0146 1652 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:21:14.0146 1652 BrUsbSer - ok
14:21:14.0177 1652 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:21:14.0192 1652 BTHMODEM - ok
14:21:14.0224 1652 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:21:14.0224 1652 bthserv - ok
14:21:14.0270 1652 catchme - ok
14:21:14.0333 1652 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:21:14.0333 1652 cdfs - ok
14:21:14.0411 1652 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:21:14.0411 1652 cdrom - ok
14:21:14.0489 1652 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:21:14.0489 1652 CertPropSvc - ok
14:21:14.0520 1652 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:21:14.0520 1652 circlass - ok
14:21:14.0567 1652 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:21:14.0567 1652 CLFS - ok
14:21:14.0645 1652 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:21:14.0645 1652 clr_optimization_v2.0.50727_32 - ok
14:21:14.0692 1652 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:21:14.0692 1652 clr_optimization_v2.0.50727_64 - ok
14:21:14.0785 1652 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:21:14.0863 1652 clr_optimization_v4.0.30319_32 - ok
14:21:15.0004 1652 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:21:15.0019 1652 clr_optimization_v4.0.30319_64 - ok
14:21:15.0113 1652 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:21:15.0113 1652 CmBatt - ok
14:21:15.0160 1652 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:21:15.0175 1652 cmdide - ok
14:21:15.0222 1652 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:21:15.0238 1652 CNG - ok
14:21:15.0284 1652 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:21:15.0300 1652 Compbatt - ok
14:21:15.0362 1652 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:21:15.0362 1652 CompositeBus - ok
14:21:15.0394 1652 COMSysApp - ok
14:21:15.0550 1652 cpuz132 - ok
14:21:15.0612 1652 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:21:15.0612 1652 crcdisk - ok
14:21:15.0690 1652 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:21:15.0690 1652 CryptSvc - ok
14:21:15.0784 1652 dc3d (23d4b856725f5fc3c4f410c150ab107b) C:\Windows\system32\DRIVERS\dc3d.sys
14:21:15.0784 1652 dc3d - ok
14:21:15.0862 1652 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:21:15.0877 1652 DcomLaunch - ok
14:21:15.0924 1652 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:21:15.0924 1652 defragsvc - ok
14:21:16.0033 1652 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:21:16.0033 1652 DfsC - ok
14:21:16.0158 1652 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:21:16.0158 1652 Dhcp - ok
14:21:16.0220 1652 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:21:16.0220 1652 discache - ok
14:21:16.0298 1652 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:21:16.0298 1652 Disk - ok
14:21:16.0376 1652 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:21:16.0376 1652 Dnscache - ok
14:21:16.0423 1652 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:21:16.0423 1652 dot3svc - ok
14:21:16.0470 1652 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:21:16.0470 1652 DPS - ok
14:21:16.0548 1652 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:21:16.0548 1652 drmkaud - ok
14:21:16.0657 1652 dtsoftbus01 (8aae70d76436e4695455aa9ca634a9f4) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:21:16.0657 1652 dtsoftbus01 - ok
14:21:16.0735 1652 DVMIO (a298aea9fca253e7eff040a08c7c6376) C:\Windows\system32\DRIVERS\dvmio.sys
14:21:16.0751 1652 DVMIO - ok
14:21:16.0813 1652 DvmMDES (291a3dee24999ee4618ed0c7a9a8db7a) C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
14:21:16.0829 1652 DvmMDES - ok
14:21:16.0938 1652 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:21:16.0969 1652 DXGKrnl - ok
14:21:17.0032 1652 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:21:17.0032 1652 EapHost - ok
14:21:17.0156 1652 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:21:17.0234 1652 ebdrv - ok
14:21:17.0297 1652 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:21:17.0297 1652 EFS - ok
14:21:17.0406 1652 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:21:17.0422 1652 ehRecvr - ok
14:21:17.0453 1652 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:21:17.0453 1652 ehSched - ok
14:21:17.0562 1652 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:21:17.0578 1652 elxstor - ok
14:21:17.0609 1652 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:21:17.0609 1652 ErrDev - ok
14:21:17.0671 1652 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:21:17.0687 1652 EventSystem - ok
14:21:17.0702 1652 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:21:17.0718 1652 exfat - ok
14:21:17.0734 1652 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:21:17.0734 1652 fastfat - ok
14:21:17.0827 1652 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:21:17.0858 1652 Fax - ok
14:21:17.0921 1652 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:21:17.0936 1652 fdc - ok
14:21:17.0968 1652 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:21:17.0968 1652 fdPHost - ok
14:21:17.0983 1652 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:21:17.0983 1652 FDResPub - ok
14:21:18.0014 1652 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:21:18.0014 1652 FileInfo - ok
14:21:18.0046 1652 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:21:18.0046 1652 Filetrace - ok
14:21:18.0077 1652 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:21:18.0077 1652 flpydisk - ok
14:21:18.0124 1652 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:21:18.0124 1652 FltMgr - ok
14:21:18.0186 1652 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:21:18.0217 1652 FontCache - ok
14:21:18.0295 1652 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:21:18.0295 1652 FontCache3.0.0.0 - ok
14:21:18.0342 1652 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:21:18.0342 1652 FsDepends - ok
14:21:18.0420 1652 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:21:18.0420 1652 Fs_Rec - ok
14:21:18.0514 1652 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:21:18.0514 1652 fvevol - ok
14:21:18.0623 1652 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:21:18.0623 1652 gagp30kx - ok
14:21:18.0716 1652 GameConsoleService (e53ee18a21c025deabcfe0f72fc481bb) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
14:21:18.0716 1652 GameConsoleService - ok
14:21:18.0794 1652 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:21:18.0794 1652 GEARAspiWDM - ok
14:21:18.0888 1652 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:21:18.0904 1652 gpsvc - ok
14:21:19.0013 1652 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:21:19.0013 1652 gusvc - ok
14:21:19.0075 1652 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:21:19.0091 1652 hcw85cir - ok
14:21:19.0169 1652 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:21:19.0169 1652 HdAudAddService - ok
14:21:19.0278 1652 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:21:19.0278 1652 HDAudBus - ok
14:21:19.0340 1652 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
14:21:19.0340 1652 HECIx64 - ok
14:21:19.0387 1652 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:21:19.0387 1652 HidBatt - ok
14:21:19.0418 1652 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:21:19.0418 1652 HidBth - ok
14:21:19.0450 1652 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:21:19.0450 1652 HidIr - ok
14:21:19.0481 1652 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:21:19.0481 1652 hidserv - ok
14:21:19.0543 1652 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:21:19.0559 1652 HidUsb - ok
14:21:19.0590 1652 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:21:19.0590 1652 hkmsvc - ok
14:21:19.0637 1652 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:21:19.0652 1652 HomeGroupListener - ok
14:21:19.0699 1652 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:21:19.0699 1652 HomeGroupProvider - ok
14:21:19.0871 1652 HP Health Check Service (45a12cacb97b4f15858fcfd59355a1e9) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
14:21:19.0871 1652 HP Health Check Service - ok
14:21:19.0949 1652 HP Wireless Assistant Service (a2de0a67c77ebc6dfad3d55232790add) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
14:21:19.0949 1652 HP Wireless Assistant Service - ok
14:21:20.0074 1652 HPDrvMntSvc.exe (03431817c7236371433d3c860810fe8a) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
14:21:20.0089 1652 HPDrvMntSvc.exe - ok
14:21:20.0183 1652 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
14:21:20.0183 1652 hpdskflt - ok
14:21:20.0308 1652 hpqwmiex (cc518f83732860997c3faf56d15627a7) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
14:21:20.0323 1652 hpqwmiex - ok
14:21:20.0464 1652 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:21:20.0464 1652 HpSAMD - ok
14:21:20.0495 1652 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
14:21:20.0495 1652 hpsrv - ok
14:21:20.0620 1652 HPWMISVC (b6492d01712a22ff3fea25a999dbd321) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
14:21:20.0620 1652 HPWMISVC - ok
14:21:20.0760 1652 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:21:20.0776 1652 HTTP - ok
14:21:20.0854 1652 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:21:20.0854 1652 hwpolicy - ok
14:21:20.0916 1652 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:21:20.0916 1652 i8042prt - ok
14:21:20.0963 1652 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
14:21:20.0963 1652 iaStor - ok
14:21:21.0041 1652 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:21:21.0056 1652 iaStorV - ok
14:21:21.0150 1652 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:21:21.0181 1652 idsvc - ok
14:21:21.0462 1652 igfx (1be8d9ca4f2363b8e8015621878e0043) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:21:21.0696 1652 igfx - ok
14:21:21.0790 1652 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:21:21.0790 1652 iirsp - ok
14:21:21.0852 1652 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:21:21.0883 1652 IKEEXT - ok
14:21:21.0977 1652 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
14:21:21.0977 1652 Impcd - ok
14:21:22.0055 1652 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:21:22.0055 1652 intelide - ok
14:21:22.0336 1652 intelkmd (1be8d9ca4f2363b8e8015621878e0043) C:\Windows\system32\DRIVERS\igdpmd64.sys
14:21:22.0554 1652 intelkmd - ok
14:21:22.0710 1652 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:21:22.0710 1652 intelppm - ok
14:21:22.0741 1652 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:21:22.0757 1652 IPBusEnum - ok
14:21:22.0835 1652 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:21:22.0835 1652 IpFilterDriver - ok
14:21:22.0897 1652 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:21:22.0897 1652 iphlpsvc - ok
14:21:22.0944 1652 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:21:22.0944 1652 IPMIDRV - ok
14:21:23.0022 1652 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:21:23.0022 1652 IPNAT - ok
14:21:23.0131 1652 iPod Service (f0eac938ecc1b2764d04ce16f8627e56) C:\Program Files\iPod\bin\iPodService.exe
14:21:23.0162 1652 iPod Service - ok
14:21:23.0272 1652 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:21:23.0272 1652 IRENUM - ok
14:21:23.0318 1652 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:21:23.0318 1652 isapnp - ok
14:21:23.0365 1652 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:21:23.0365 1652 iScsiPrt - ok
14:21:23.0428 1652 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:21:23.0428 1652 kbdclass - ok
14:21:23.0490 1652 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:21:23.0490 1652 kbdhid - ok
14:21:23.0552 1652 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:21:23.0552 1652 KeyIso - ok
14:21:23.0568 1652 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:21:23.0568 1652 KSecDD - ok
14:21:23.0599 1652 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:21:23.0599 1652 KSecPkg - ok
14:21:23.0662 1652 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:21:23.0662 1652 ksthunk - ok
14:21:23.0724 1652 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:21:23.0740 1652 KtmRm - ok
14:21:23.0818 1652 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
14:21:23.0818 1652 LanmanServer - ok
14:21:23.0880 1652 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:21:23.0896 1652 LanmanWorkstation - ok
14:21:24.0020 1652 LightScribeService (07b1888209c54b675ffccbde9f06d2c6) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
14:21:24.0020 1652 LightScribeService - ok
14:21:24.0130 1652 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:21:24.0130 1652 lltdio - ok
14:21:24.0192 1652 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:21:24.0208 1652 lltdsvc - ok
14:21:24.0223 1652 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:21:24.0223 1652 lmhosts - ok
14:21:24.0379 1652 LMS (7485fbcef9136f530953575e2977859d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:21:24.0379 1652 LMS - ok
14:21:24.0504 1652 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:21:24.0504 1652 LSI_FC - ok
14:21:24.0551 1652 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:21:24.0551 1652 LSI_SAS - ok
14:21:24.0582 1652 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:21:24.0582 1652 LSI_SAS2 - ok
14:21:24.0613 1652 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:21:24.0613 1652 LSI_SCSI - ok
14:21:24.0676 1652 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:21:24.0676 1652 luafv - ok
14:21:24.0754 1652 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
14:21:24.0754 1652 MBAMProtector - ok
14:21:24.0847 1652 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:21:24.0847 1652 MBAMService - ok
14:21:24.0925 1652 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:21:24.0925 1652 Mcx2Svc - ok
14:21:24.0972 1652 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:21:24.0972 1652 megasas - ok
14:21:25.0003 1652 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:21:25.0003 1652 MegaSR - ok
14:21:25.0050 1652 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:21:25.0050 1652 MMCSS - ok
14:21:25.0081 1652 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:21:25.0081 1652 Modem - ok
14:21:25.0128 1652 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:21:25.0128 1652 monitor - ok
14:21:25.0253 1652 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:21:25.0253 1652 mouclass - ok
14:21:25.0346 1652 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:21:25.0346 1652 mouhid - ok
14:21:25.0393 1652 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:21:25.0393 1652 mountmgr - ok
14:21:25.0440 1652 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:21:25.0440 1652 mpio - ok
14:21:25.0487 1652 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:21:25.0487 1652 mpsdrv - ok
14:21:25.0643 1652 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:21:25.0674 1652 MpsSvc - ok
14:21:25.0721 1652 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:21:25.0721 1652 MRxDAV - ok
14:21:25.0768 1652 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:21:25.0768 1652 mrxsmb - ok
14:21:25.0830 1652 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:21:25.0830 1652 mrxsmb10 - ok
14:21:25.0861 1652 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:21:25.0861 1652 mrxsmb20 - ok
14:21:25.0908 1652 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:21:25.0908 1652 msahci - ok
14:21:25.0939 1652 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:21:25.0939 1652 msdsm - ok
14:21:25.0970 1652 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:21:25.0970 1652 MSDTC - ok
14:21:26.0048 1652 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:21:26.0048 1652 Msfs - ok
14:21:26.0158 1652 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:21:26.0158 1652 mshidkmdf - ok
14:21:26.0204 1652 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:21:26.0220 1652 msisadrv - ok
14:21:26.0298 1652 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:21:26.0298 1652 MSiSCSI - ok
14:21:26.0329 1652 msiserver - ok
14:21:26.0407 1652 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:21:26.0407 1652 MSKSSRV - ok
14:21:26.0423 1652 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:21:26.0423 1652 MSPCLOCK - ok
14:21:26.0454 1652 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:21:26.0454 1652 MSPQM - ok
14:21:26.0501 1652 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:21:26.0516 1652 MsRPC - ok
14:21:26.0563 1652 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:21:26.0563 1652 mssmbios - ok
14:21:26.0626 1652 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:21:26.0626 1652 MSTEE - ok
14:21:26.0657 1652 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:21:26.0657 1652 MTConfig - ok
14:21:26.0719 1652 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:21:26.0719 1652 Mup - ok
14:21:26.0766 1652 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:21:26.0782 1652 napagent - ok
14:21:26.0860 1652 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:21:26.0860 1652 NativeWifiP - ok
14:21:26.0953 1652 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:21:26.0984 1652 NDIS - ok
14:21:27.0094 1652 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:21:27.0094 1652 NdisCap - ok
14:21:27.0156 1652 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:21:27.0156 1652 NdisTapi - ok
14:21:27.0281 1652 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:21:27.0281 1652 Ndisuio - ok
14:21:27.0328 1652 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:21:27.0343 1652 NdisWan - ok
14:21:27.0390 1652 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:21:27.0406 1652 NDProxy - ok
14:21:27.0452 1652 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:21:27.0452 1652 NetBIOS - ok
14:21:27.0499 1652 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:21:27.0515 1652 NetBT - ok
14:21:27.0562 1652 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:21:27.0562 1652 Netlogon - ok
14:21:27.0593 1652 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:21:27.0608 1652 Netman - ok
14:21:27.0749 1652 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:21:27.0780 1652 NetMsmqActivator - ok
14:21:27.0811 1652 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:21:27.0811 1652 NetPipeActivator - ok
14:21:27.0905 1652 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:21:27.0920 1652 netprofm - ok
14:21:28.0030 1652 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:21:28.0030 1652 NetTcpActivator - ok
14:21:28.0030 1652 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:21:28.0045 1652 NetTcpPortSharing - ok
14:21:28.0264 1652 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
14:21:28.0404 1652 netw5v64 - ok
14:21:28.0482 1652 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:21:28.0482 1652 nfrd960 - ok
14:21:28.0576 1652 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:21:28.0591 1652 NlaSvc - ok
14:21:28.0638 1652 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:21:28.0638 1652 Npfs - ok
14:21:28.0685 1652 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:21:28.0685 1652 nsi - ok
14:21:28.0700 1652 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:21:28.0700 1652 nsiproxy - ok
14:21:28.0778 1652 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:21:28.0825 1652 Ntfs - ok
14:21:28.0903 1652 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:21:28.0903 1652 Null - ok
14:21:28.0997 1652 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:21:28.0997 1652 nvraid - ok
14:21:29.0075 1652 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:21:29.0090 1652 nvstor - ok
14:21:29.0153 1652 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:21:29.0153 1652 nv_agp - ok
14:21:29.0324 1652 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:21:29.0340 1652 odserv - ok
14:21:29.0418 1652 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:21:29.0418 1652 ohci1394 - ok
14:21:29.0527 1652 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:21:29.0543 1652 ose - ok
14:21:29.0621 1652 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:21:29.0621 1652 p2pimsvc - ok
14:21:29.0668 1652 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:21:29.0683 1652 p2psvc - ok
14:21:29.0730 1652 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:21:29.0746 1652 Parport - ok
14:21:29.0777 1652 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:21:29.0777 1652 partmgr - ok
14:21:29.0808 1652 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:21:29.0824 1652 PcaSvc - ok
14:21:29.0855 1652 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:21:29.0886 1652 pci - ok
14:21:29.0933 1652 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:21:29.0933 1652 pciide - ok
14:21:29.0964 1652 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:21:29.0964 1652 pcmcia - ok
14:21:29.0995 1652 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:21:29.0995 1652 pcw - ok
14:21:30.0042 1652 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:21:30.0058 1652 PEAUTH - ok
14:21:30.0182 1652 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:21:30.0182 1652 PerfHost - ok
14:21:30.0292 1652 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:21:30.0338 1652 pla - ok
14:21:30.0401 1652 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:21:30.0416 1652 PlugPlay - ok
14:21:30.0432 1652 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:21:30.0448 1652 PNRPAutoReg - ok
14:21:30.0463 1652 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:21:30.0463 1652 PNRPsvc - ok
14:21:30.0526 1652 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:21:30.0541 1652 PolicyAgent - ok
14:21:30.0619 1652 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:21:30.0619 1652 Power - ok
14:21:30.0697 1652 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:21:30.0697 1652 PptpMiniport - ok
14:21:30.0728 1652 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:21:30.0744 1652 Processor - ok
14:21:30.0791 1652 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:21:30.0791 1652 ProfSvc - ok
14:21:30.0838 1652 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:21:30.0853 1652 ProtectedStorage - ok
14:21:30.0931 1652 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:21:30.0931 1652 Psched - ok
14:21:31.0009 1652 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
14:21:31.0009 1652 PxHlpa64 - ok
14:21:31.0072 1652 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:21:31.0134 1652 ql2300 - ok
14:21:31.0181 1652 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:21:31.0181 1652 ql40xx - ok
14:21:31.0228 1652 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:21:31.0243 1652 QWAVE - ok
14:21:31.0259 1652 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:21:31.0259 1652 QWAVEdrv - ok
14:21:31.0290 1652 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:21:31.0290 1652 RasAcd - ok
14:21:31.0368 1652 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:21:31.0368 1652 RasAgileVpn - ok
14:21:31.0415 1652 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:21:31.0430 1652 RasAuto - ok
14:21:31.0508 1652 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:21:31.0508 1652 Rasl2tp - ok
14:21:31.0555 1652 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:21:31.0571 1652 RasMan - ok
14:21:31.0602 1652 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:21:31.0602 1652 RasPppoe - ok
14:21:31.0633 1652 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:21:31.0633 1652 RasSstp - ok
14:21:31.0680 1652 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:21:31.0680 1652 rdbss - ok
14:21:31.0711 1652 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:21:31.0711 1652 rdpbus - ok
14:21:31.0727 1652 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:21:31.0742 1652 RDPCDD - ok
14:21:31.0789 1652 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:21:31.0789 1652 RDPENCDD - ok
14:21:31.0852 1652 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:21:31.0852 1652 RDPREFMP - ok
14:21:31.0930 1652 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
14:21:31.0945 1652 RDPWD - ok
14:21:32.0086 1652 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:21:32.0086 1652 rdyboost - ok
14:21:32.0242 1652 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:21:32.0242 1652 RemoteAccess - ok
14:21:32.0273 1652 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:21:32.0273 1652 RemoteRegistry - ok
14:21:32.0304 1652 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:21:32.0304 1652 RpcEptMapper - ok
14:21:32.0335 1652 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:21:32.0335 1652 RpcLocator - ok
14:21:32.0382 1652 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
14:21:32.0382 1652 RpcSs - ok
14:21:32.0460 1652 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:21:32.0460 1652 rspndr - ok
14:21:32.0569 1652 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys
14:21:32.0569 1652 RSUSBSTOR - ok
14:21:32.0647 1652 RTL8167 (777fc2c418465404e3d8a290dc247d24) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:21:32.0647 1652 RTL8167 - ok
14:21:32.0741 1652 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:21:32.0741 1652 SamSs - ok
14:21:32.0788 1652 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:21:32.0803 1652 sbp2port - ok
14:21:32.0834 1652 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:21:32.0834 1652 SCardSvr - ok
14:21:32.0881 1652 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:21:32.0881 1652 scfilter - ok
14:21:32.0944 1652 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:21:32.0975 1652 Schedule - ok
14:21:33.0022 1652 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:21:33.0022 1652 SCPolicySvc - ok
14:21:33.0131 1652 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
14:21:33.0131 1652 sdbus - ok
14:21:33.0193 1652 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:21:33.0193 1652 SDRSVC - ok
14:21:33.0287 1652 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:21:33.0287 1652 secdrv - ok
14:21:33.0334 1652 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:21:33.0334 1652 seclogon - ok
14:21:33.0365 1652 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
14:21:33.0365 1652 SENS - ok
14:21:33.0412 1652 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:21:33.0427 1652 SensrSvc - ok
14:21:33.0458 1652 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:21:33.0458 1652 Serenum - ok
14:21:33.0490 1652 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:21:33.0490 1652 Serial - ok
14:21:33.0552 1652 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:21:33.0568 1652 sermouse - ok
14:21:33.0630 1652 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:21:33.0630 1652 SessionEnv - ok
14:21:33.0646 1652 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:21:33.0661 1652 sffdisk - ok
14:21:33.0677 1652 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:21:33.0677 1652 sffp_mmc - ok
14:21:33.0692 1652 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:21:33.0708 1652 sffp_sd - ok
14:21:33.0724 1652 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:21:33.0724 1652 sfloppy - ok
14:21:33.0817 1652 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:21:33.0817 1652 SharedAccess - ok
14:21:33.0880 1652 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:21:33.0895 1652 ShellHWDetection - ok
14:21:33.0973 1652 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:21:33.0973 1652 SiSRaid2 - ok
14:21:34.0036 1652 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:21:34.0036 1652 SiSRaid4 - ok
14:21:34.0098 1652 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:21:34.0098 1652 Smb - ok
14:21:34.0176 1652 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:21:34.0192 1652 SNMPTRAP - ok
14:21:34.0223 1652 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:21:34.0223 1652 spldr - ok
14:21:34.0285 1652 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:21:34.0301 1652 Spooler - ok
14:21:34.0426 1652 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:21:34.0519 1652 sppsvc - ok
14:21:34.0613 1652 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:21:34.0613 1652 sppuinotify - ok
14:21:34.0706 1652 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
14:21:34.0753 1652 sptd - ok
14:21:34.0800 1652 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:21:34.0816 1652 srv - ok
14:21:34.0862 1652 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:21:34.0862 1652 srv2 - ok
14:21:34.0940 1652 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
14:21:34.0940 1652 SrvHsfHDA - ok
14:21:35.0018 1652 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
14:21:35.0081 1652 SrvHsfV92 - ok
14:21:35.0128 1652 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
14:21:35.0143 1652 SrvHsfWinac - ok
14:21:35.0237 1652 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:21:35.0237 1652 srvnet - ok
14:21:35.0284 1652 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:21:35.0284 1652 SSDPSRV - ok
14:21:35.0299 1652 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:21:35.0315 1652 SstpSvc - ok
14:21:35.0424 1652 STacSV (b00068ba94f5f306911b14b425aaeb56) C:\Program Files\IDT\WDM\STacSV64.exe
14:21:35.0440 1652 STacSV - ok
14:21:35.0486 1652 Steam Client Service - ok
14:21:35.0564 1652 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:21:35.0564 1652 stexstor - ok
14:21:35.0642 1652 STHDA (da40d9c9ccb9836d6abd1706935a2277) C:\Windows\system32\DRIVERS\stwrt64.sys
14:21:35.0674 1652 STHDA - ok
14:21:35.0736 1652 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:21:35.0752 1652 stisvc - ok
14:21:35.0830 1652 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:21:35.0830 1652 swenum - ok
14:21:35.0970 1652 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
14:21:36.0001 1652 SwitchBoard - ok
14:21:36.0064 1652 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:21:36.0095 1652 swprv - ok
14:21:36.0204 1652 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
14:21:36.0251 1652 SynTP - ok
14:21:36.0329 1652 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:21:36.0376 1652 SysMain - ok
14:21:36.0438 1652 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:21:36.0438 1652 TabletInputService - ok
14:21:36.0500 1652 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:21:36.0516 1652 TapiSrv - ok
14:21:36.0563 1652 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:21:36.0563 1652 TBS - ok
14:21:36.0688 1652 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:21:36.0750 1652 Tcpip - ok
14:21:36.0828 1652 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:21:36.0844 1652 TCPIP6 - ok
14:21:36.0906 1652 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:21:36.0906 1652 tcpipreg - ok
14:21:36.0968 1652 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:21:36.0968 1652 TDPIPE - ok
14:21:37.0015 1652 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:21:37.0015 1652 TDTCP - ok
14:21:37.0062 1652 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:21:37.0062 1652 tdx - ok
14:21:37.0093 1652 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:21:37.0093 1652 TermDD - ok
14:21:37.0156 1652 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:21:37.0187 1652 TermService - ok
14:21:37.0218 1652 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:21:37.0218 1652 Themes - ok
14:21:37.0249 1652 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:21:37.0249 1652 THREADORDER - ok
14:21:37.0280 1652 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:21:37.0296 1652 TrkWks - ok
14:21:37.0343 1652 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:21:37.0343 1652 TrustedInstaller - ok
14:21:37.0390 1652 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:21:37.0405 1652 tssecsrv - ok
14:21:37.0530 1652 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:21:37.0530 1652 TsUsbFlt - ok
14:21:37.0639 1652 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:21:37.0639 1652 tunnel - ok
14:21:37.0686 1652 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:21:37.0686 1652 uagp35 - ok
14:21:37.0733 1652 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:21:37.0748 1652 udfs - ok
14:21:37.0811 1652 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:21:37.0811 1652 UI0Detect - ok
14:21:37.0904 1652 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:21:37.0904 1652 uliagpkx - ok
14:21:38.0014 1652 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:21:38.0014 1652 umbus - ok
14:21:38.0060 1652 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:21:38.0076 1652 UmPass - ok
14:21:38.0263 1652 UNS (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:21:38.0357 1652 UNS - ok
14:21:38.0435 1652 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:21:38.0450 1652 upnphost - ok
14:21:38.0513 1652 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
14:21:38.0513 1652 USBAAPL64 - ok
14:21:38.0560 1652 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:21:38.0560 1652 usbccgp - ok
14:21:38.0606 1652 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:21:38.0606 1652 usbcir - ok
14:21:38.0638 1652 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
14:21:38.0638 1652 usbehci - ok
14:21:38.0700 1652 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:21:38.0700 1652 usbhub - ok
14:21:38.0747 1652 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:21:38.0747 1652 usbohci - ok
14:21:38.0794 1652 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:21:38.0794 1652 usbprint - ok
14:21:38.0856 1652 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:21:38.0856 1652 usbscan - ok
14:21:38.0903 1652 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:21:38.0903 1652 USBSTOR - ok
14:21:38.0934 1652 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:21:38.0934 1652 usbuhci - ok
14:21:38.0996 1652 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
14:21:38.0996 1652 usbvideo - ok
14:21:39.0028 1652 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:21:39.0028 1652 UxSms - ok
14:21:39.0074 1652 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:21:39.0074 1652 VaultSvc - ok
14:21:39.0152 1652 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:21:39.0152 1652 vdrvroot - ok
14:21:39.0215 1652 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:21:39.0230 1652 vds - ok
14:21:39.0308 1652 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:21:39.0308 1652 vga - ok
14:21:39.0340 1652 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:21:39.0340 1652 VgaSave - ok
14:21:39.0386 1652 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:21:39.0386 1652 vhdmp - ok
14:21:39.0433 1652 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:21:39.0433 1652 viaide - ok
14:21:39.0449 1652 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:21:39.0449 1652 volmgr - ok
14:21:39.0496 1652 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:21:39.0511 1652 volmgrx - ok
14:21:39.0558 1652 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:21:39.0558 1652 volsnap - ok
14:21:39.0620 1652 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:21:39.0636 1652 vsmraid - ok
14:21:39.0714 1652 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:21:39.0776 1652 VSS - ok
14:21:39.0808 1652 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:21:39.0808 1652 vwifibus - ok
14:21:39.0870 1652 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:21:39.0870 1652 vwififlt - ok
14:21:39.0932 1652 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
14:21:39.0932 1652 vwifimp - ok
14:21:39.0964 1652 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:21:39.0979 1652 W32Time - ok
14:21:40.0010 1652 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:21:40.0010 1652 WacomPen - ok
14:21:40.0088 1652 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:21:40.0104 1652 WANARP - ok
14:21:40.0120 1652 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:21:40.0120 1652 Wanarpv6 - ok
14:21:40.0244 1652 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:21:40.0291 1652 WatAdminSvc - ok
14:21:40.0354 1652 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:21:40.0416 1652 wbengine - ok
14:21:40.0463 1652 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:21:40.0463 1652 WbioSrvc - ok
14:21:40.0525 1652 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:21:40.0541 1652 wcncsvc - ok
14:21:40.0588 1652 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:21:40.0588 1652 WcsPlugInService - ok
14:21:40.0619 1652 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:21:40.0619 1652 Wd - ok
14:21:40.0666 1652 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:21:40.0681 1652 Wdf01000 - ok
14:21:40.0712 1652 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:21:40.0728 1652 WdiServiceHost - ok
14:21:40.0728 1652 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:21:40.0728 1652 WdiSystemHost - ok
14:21:40.0775 1652 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:21:40.0790 1652 WebClient - ok
14:21:40.0822 1652 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:21:40.0822 1652 Wecsvc - ok
14:21:40.0837 1652 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:21:40.0853 1652 wercplsupport - ok
14:21:40.0900 1652 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:21:40.0900 1652 WerSvc - ok
14:21:40.0993 1652 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:21:40.0993 1652 WfpLwf - ok
14:21:41.0024 1652 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:21:41.0024 1652 WIMMount - ok
14:21:41.0071 1652 WinDefend - ok
14:21:41.0102 1652 WinHttpAutoProxySvc - ok
14:21:41.0196 1652 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:21:41.0212 1652 Winmgmt - ok
14:21:41.0305 1652 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:21:41.0368 1652 WinRM - ok
14:21:41.0461 1652 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:21:41.0461 1652 WinUsb - ok
14:21:41.0524 1652 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:21:41.0555 1652 Wlansvc - ok
14:21:41.0742 1652 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:21:41.0789 1652 wlidsvc - ok
14:21:41.0898 1652 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:21:41.0898 1652 WmiAcpi - ok
14:21:41.0960 1652 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:21:41.0960 1652 wmiApSrv - ok
14:21:42.0038 1652 WMPNetworkSvc - ok
14:21:42.0101 1652 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:21:42.0101 1652 WPCSvc - ok
14:21:42.0148 1652 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:21:42.0148 1652 WPDBusEnum - ok
14:21:42.0194 1652 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:21:42.0194 1652 ws2ifsl - ok
14:21:42.0226 1652 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
14:21:42.0241 1652 wscsvc - ok
14:21:42.0241 1652 WSearch - ok
14:21:42.0319 1652 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:21:42.0397 1652 wuauserv - ok
14:21:42.0444 1652 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:21:42.0444 1652 WudfPf - ok
14:21:42.0522 1652 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:21:42.0522 1652 WUDFRd - ok
14:21:42.0569 1652 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:21:42.0569 1652 wudfsvc - ok
14:21:42.0600 1652 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:21:42.0600 1652 WwanSvc - ok
14:21:42.0631 1652 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
14:21:42.0631 1652 yukonw7 - ok
14:21:42.0694 1652 MBR (0x1B8) (765388fd5dd8d88cd8c8a9182e55a9ca) \Device\Harddisk0\DR0
14:21:42.0725 1652 \Device\Harddisk0\DR0 - ok
14:21:42.0772 1652 Boot (0x1200) (f2518cabf633582497443f640dcefe1b) \Device\Harddisk0\DR0\Partition0
14:21:42.0772 1652 \Device\Harddisk0\DR0\Partition0 - ok
14:21:42.0787 1652 Boot (0x1200) (acf02929c68467223c9cdff77d6acc3e) \Device\Harddisk0\DR0\Partition1
14:21:42.0787 1652 \Device\Harddisk0\DR0\Partition1 - ok
14:21:42.0818 1652 Boot (0x1200) (5c6b533c0737b6b573bd89369f38aad7) \Device\Harddisk0\DR0\Partition2
14:21:42.0818 1652 \Device\Harddisk0\DR0\Partition2 - ok
14:21:42.0850 1652 Boot (0x1200) (e8cdca210cdd5faa975d0cf854be4eeb) \Device\Harddisk0\DR0\Partition3
14:21:42.0850 1652 \Device\Harddisk0\DR0\Partition3 - ok
14:21:42.0850 1652 ============================================================
14:21:42.0850 1652 Scan finished
14:21:42.0850 1652 ============================================================
14:21:42.0850 4352 Detected object count: 0
14:21:42.0850 4352 Actual detected object count: 0










And this is the aswMBR report:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-31 13:41:53
-----------------------------
13:41:53.086 OS Version: Windows x64 6.1.7601 Service Pack 1
13:41:53.086 Number of processors: 4 586 0x2502
13:41:53.086 ComputerName: MITCH-PC UserName: Mitch
13:41:54.599 Initialize success
13:42:02.259 AVAST engine defs: 12033101
13:42:15.457 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:42:15.457 Disk 0 Vendor: ST950032 0005 Size: 476940MB BusType: 3
13:42:15.472 Disk 0 MBR read successfully
13:42:15.472 Disk 0 MBR scan
13:42:15.488 Disk 0 unknown MBR code
13:42:15.488 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
13:42:15.488 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 454299 MB offset 409600
13:42:15.519 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 22337 MB offset 930813952
13:42:15.550 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
13:42:15.582 Disk 0 scanning C:\Windows\system32\drivers
13:42:29.497 Service scanning
13:43:07.764 Modules scanning
13:43:07.764 Disk 0 trace - called modules:
13:43:08.434 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
13:43:08.434 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006fde060]
13:43:08.450 3 CLASSPNP.SYS[fffff88001d9643f] -> nt!IofCallDriver -> [0xfffffa800510cb10]
13:43:08.450 5 hpdskflt.sys[fffff88001d3d189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004fe2050]
13:43:09.760 AVAST engine scan C:\Windows
13:43:13.161 AVAST engine scan C:\Windows\system32
13:45:42.682 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
13:45:47.128 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
13:48:21.803 AVAST engine scan C:\Windows\system32\drivers
13:48:48.900 AVAST engine scan C:\Users\Mitch
14:06:00.750 AVAST engine scan C:\ProgramData
14:11:53.942 Scan finished successfully
14:19:03.084 Disk 0 MBR has been saved successfully to "C:\Users\Mitch\Desktop\MBR.dat"
14:19:03.099 The log file has been saved successfully to "C:\Users\Mitch\Desktop\aswMBR log.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 PM

Posted 31 March 2012 - 08:12 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 PM

Posted 04 April 2012 - 01:23 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 mjawkins

mjawkins
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 04 April 2012 - 07:25 PM

Sorry, I'm currently in the middle of exams, so life is a bit hectic. I should be able to run this fix tomorrow night.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 PM

Posted 04 April 2012 - 09:15 PM

Hello

Don't worry I will check in on you in a couple of days


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 mjawkins

mjawkins
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 05 April 2012 - 06:23 PM

Ok, here's the FRST log


Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 05-04-2012 19:11:51
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-16] (Synaptics Incorporated)
HKLM\...\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [451072 2010-01-18] (Hewlett-Packard Company)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [611896 2010-01-20] ()
HKLM\...\Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPTonectl.exe [107832 2009-08-19] (Hewlett-Packard )
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [172032 2010-03-01] (Sun Microsystems, Inc.)
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2009-12-16] (Hewlett-Packard)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2011-04-16] (IDT, Inc.)
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-07-28] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-07-28] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-07-28] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED [3331944 2009-12-03] (Symantec Corporation)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [x]
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-09-08] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2010-09-23] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2012-01-13] (Malwarebytes Corporation)
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-01-27] ()
HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-01-27] ()
HKU\Mitch\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-01-27] ()
HKU\Mitch\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-06-16] (Hewlett-Packard Company)
HKU\Mitch\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-09-20] (Google Inc.)
HKU\Mitch\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" [395640 2011-01-02] (BitTorrent, Inc.)
HKU\Mitch\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-08-10] (Valve Corporation)
HKU\Mitch\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [17351304 2011-10-13] (Skype Technologies S.A.)
HKU\Mitch\...\Run: [Facebook Update] "C:\Users\Mitch\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [137536 2011-11-11] (Facebook Inc.)
HKU\Mitch\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4283256 2011-05-13] (Microsoft Corporation)
HKU\Mitch\...\Policies\system: [LogonHoursAction] 2
HKU\Mitch\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\mom\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-01-27] ()
HKU\mom\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-06-16] (Hewlett-Packard Company)
HKU\mom\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-09-20] (Google Inc.)
HKU\mom.Mitch-PC\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-01-27] ()
HKU\mom.Mitch-PC\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-06-16] (Hewlett-Packard Company)
HKU\mom.Mitch-PC\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-09-08] (Apple Inc.)
HKU\mom.Mitch-PC\...\Policies\system: [LogonHoursAction] 2
HKU\mom.Mitch-PC\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 24.226.1.93 24.226.10.193

==================== Services (Whitelisted) ======

2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253600 2012-03-29] (Adobe Systems Incorporated)
2 DvmMDES; "C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe" [338168 2010-02-08] (DeviceVM, Inc.)
2 HP Wireless Assistant Service; "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe" [102968 2009-12-16] (Hewlett-Packard)
2 hpsrv; C:\Windows\System32\Hpservice.exe [30520 2011-05-13] (Hewlett-Packard Company)
2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] ()
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-13] (Malwarebytes Corporation)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2010-03-17] (Intel Corporation)
4 NetMsmqActivator; "c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [x]
4 NetPipeActivator; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpActivator; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpPortSharing; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]

========================== Drivers (Whitelisted) =============

3 Accelerometer; C:\Windows\System32\Drivers\Accelerometer.sys [43320 2011-05-13] (Hewlett-Packard Company)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [256576 2011-01-02] (DT Soft Ltd)
1 DVMIO; C:\Windows\System32\Drivers\DVMIO.sys [20056 2010-01-29] (DeviceVM, Inc.)
0 hpdskflt; C:\Windows\System32\Drivers\hpdskflt.sys [30008 2011-05-13] (Hewlett-Packard Company)
3 intelkmd; C:\Windows\System32\DRIVERS\igdpmd64.sys [10610400 2010-07-28] (Intel Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)
4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-10-25] (Duplex Secure Ltd.)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 cpuz132; \??\C:\Users\Mitch\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: sprtsvc_dellsupportcenter

============ One Month Created Files and Folders ==============

2012-04-05 19:11 - 2012-04-05 19:12 - 0000000 ____D C:\FRST
2012-04-05 14:49 - 2012-04-05 14:49 - 1385843 ____A C:\Users\Mitch\Desktop\FRST64.exe
2012-04-05 14:48 - 2012-04-05 14:49 - 1385843 ____A C:\Users\Mitch\Downloads\FRST64.exe
2012-04-05 10:32 - 2012-04-05 10:32 - 0000000 ____D C:\Users\Mitch\AppData\Local\{894CC563-61E7-4532-93B7-77485944661C}
2012-04-04 21:28 - 2012-04-04 21:28 - 0087914 ____A C:\Users\Mitch\Desktop\2260 11.pdf
2012-04-04 19:30 - 2012-04-04 19:30 - 0000000 ____D C:\Users\Mitch\AppData\Local\{4C72F04A-DA8B-4280-A66E-1AD44C385584}
2012-04-04 11:16 - 2012-04-04 11:16 - 0038912 ____A C:\Users\Mitch\Desktop\Mitch Hawkins - Resume.doc
2012-04-04 11:01 - 2012-04-04 11:01 - 0202953 ____A C:\Users\Mitch\Desktop\icecream-muffins.png
2012-04-04 09:45 - 2012-04-04 09:46 - 0011127 ____A C:\Users\Mitch\Desktop\cover letter 2012.docx
2012-04-04 07:29 - 2012-04-04 07:30 - 0000000 ____D C:\Users\Mitch\AppData\Local\{24B204FC-238F-46C8-A401-B14FE18C3BFB}
2012-04-03 19:17 - 2012-04-03 19:17 - 0441936 ____A C:\Users\Mitch\Desktop\1333201634207.gif
2012-04-03 17:20 - 2012-04-03 17:20 - 0010898 ____A C:\Users\Mitch\Desktop\old cover letter.docx
2012-04-03 16:44 - 2012-04-04 09:46 - 0038912 ____A C:\Users\Mitch\Desktop\resume 2012.doc
2012-04-03 14:37 - 2012-04-03 14:37 - 0131587 ____A C:\Users\Mitch\Desktop\2180 chap 3.pdf
2012-04-03 14:37 - 2012-04-03 14:37 - 0107789 ____A C:\Users\Mitch\Desktop\2180 chap 4.pdf
2012-04-03 14:37 - 2012-04-03 14:37 - 0104259 ____A C:\Users\Mitch\Desktop\2180 chap 5.pdf
2012-04-03 14:20 - 2012-04-03 14:20 - 0000000 ____D C:\Users\Mitch\AppData\Local\{E8D2475F-9762-4AC6-B6C2-D2C9A8AE6688}
2012-04-03 13:03 - 2012-04-03 13:03 - 0016213 ____A C:\Users\Mitch\Desktop\3210 4.pdf
2012-04-03 13:02 - 2012-04-03 13:02 - 0019217 ____A C:\Users\Mitch\Desktop\2320 a 4.pdf
2012-04-03 13:00 - 2012-04-03 13:00 - 0026112 ____A C:\Users\Mitch\Desktop\Math2350HAsst4.doc
2012-04-03 12:58 - 2012-04-03 12:58 - 0028302 ____A C:\Users\Mitch\Desktop\2180 A4.pdf
2012-04-01 19:12 - 2012-04-01 19:12 - 0000000 ____D C:\Users\Mitch\AppData\Local\{87A4BC27-0F74-4994-8550-5BBDB56D3AC7}
2012-04-01 09:37 - 2012-04-01 09:37 - 0016631 ____A C:\Users\Mitch\Desktop\a 3 2320.pdf
2012-04-01 07:12 - 2012-04-01 07:12 - 0000000 ____D C:\Users\Mitch\AppData\Local\{EE8037AD-E30F-421B-B0DC-C16A51EAE297}
2012-03-31 12:27 - 2012-03-31 12:27 - 0081672 ____A C:\Users\Mitch\Desktop\12.03.28-Natural-Graffiti.jpg
2012-03-31 11:00 - 2012-03-31 11:00 - 0001294 ____A C:\Users\Mitch\Desktop\Norton Installation Files.lnk
2012-03-31 11:00 - 2012-03-31 11:00 - 0000000 ____D C:\Users\Public\Downloads\Norton
2012-03-31 10:19 - 2012-03-31 10:23 - 0130030 ____A C:\TDSSKiller.2.7.23.0_31.03.2012_14.19.26_log.txt
2012-03-31 10:19 - 2012-03-31 10:19 - 0002299 ____A C:\Users\Mitch\Desktop\aswMBR log.txt
2012-03-31 10:19 - 2012-03-31 10:19 - 0000512 ____A C:\Users\Mitch\Desktop\MBR.dat
2012-03-31 09:38 - 2012-03-31 09:38 - 0278648 ____A C:\Windows\Minidump\033112-27300-01.dmp
2012-03-31 09:24 - 2012-03-31 09:27 - 0258358 ____A C:\TDSSKiller.2.7.23.0_31.03.2012_13.24.42_log.txt
2012-03-31 09:23 - 2012-03-31 09:14 - 4731392 ____A (AVAST Software) C:\Users\Mitch\Desktop\aswMBR.exe
2012-03-31 09:14 - 2012-03-31 09:14 - 4731392 ____A (AVAST Software) C:\Users\Mitch\Downloads\aswMBR.exe
2012-03-31 09:13 - 2012-03-31 09:13 - 2068016 ____A (Kaspersky Lab ZAO) C:\Users\Mitch\Downloads\tdsskiller.exe
2012-03-31 09:13 - 2012-03-31 09:13 - 2068016 ____A (Kaspersky Lab ZAO) C:\Users\Mitch\Desktop\tdsskiller.exe
2012-03-31 08:36 - 2012-04-02 02:06 - 0000000 __SHD C:\$RECYCLE.BIN
2012-03-31 08:35 - 2012-03-31 08:35 - 0027833 ____A C:\Users\Mitch\Desktop\combofix log.txt
2012-03-31 08:30 - 2012-03-31 08:30 - 0027833 ____A C:\ComboFix.txt
2012-03-31 08:22 - 2012-03-31 08:24 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-03-31 08:04 - 2012-03-31 08:03 - 4452676 ____R (Swearware) C:\Users\Mitch\Desktop\ComboFix.exe
2012-03-31 08:03 - 2012-03-31 08:03 - 4452676 ____A (Swearware) C:\Users\Mitch\Downloads\ComboFix.exe
2012-03-31 07:06 - 2012-03-31 07:07 - 0000000 ____D C:\Users\Mitch\AppData\Local\{C2474F1B-465C-439A-9036-EDB463165B35}
2012-03-30 18:17 - 2012-03-30 18:17 - 0000000 ____D C:\Users\Mitch\AppData\Local\{CE920D03-B681-4468-8403-B7CC8F81AD36}
2012-03-30 13:37 - 2012-03-30 13:37 - 0034739 ____A C:\Users\Mitch\Desktop\DDS.txt
2012-03-30 13:37 - 2012-03-30 13:37 - 0015494 ____A C:\Users\Mitch\Desktop\Attach.txt
2012-03-30 13:30 - 2012-03-30 13:30 - 0607260 ____R (Swearware) C:\Users\Mitch\Downloads\dds.scr
2012-03-30 13:20 - 2012-03-30 13:20 - 0050477 ____A C:\Users\Mitch\Downloads\Defogger.exe
2012-03-30 13:20 - 2012-03-30 13:20 - 0000366 ____A C:\Users\Mitch\defogger_reenable
2012-03-30 09:24 - 2012-03-30 11:34 - 0000600 ____A C:\Windows\ntbtlog.txt
2012-03-30 08:23 - 2012-03-30 08:23 - 0127636 ____A C:\Users\Mitch\Desktop\booster-pack-smell.png
2012-03-30 06:45 - 2012-03-30 06:45 - 2804712 ____A (Symantec Corporation) C:\Users\Mitch\Downloads\NPE(1).exe
2012-03-30 06:36 - 2012-03-30 06:36 - 0027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-03-30 06:34 - 2012-03-30 06:34 - 1805736 ____A (Symantec Corporation) C:\Users\Mitch\Downloads\FixZeroAccess.exe
2012-03-30 06:27 - 2012-03-30 06:27 - 0829136 ____A (Symantec Corporation) C:\Users\Mitch\Downloads\NISDownloader.exe
2012-03-30 06:17 - 2012-03-30 06:17 - 0000000 ____D C:\Users\Mitch\AppData\Local\{FA8AE5C7-D860-405A-BBE4-54518E0C32BB}
2012-03-29 13:05 - 2012-03-29 13:05 - 0000000 ____D C:\_OTL
2012-03-29 12:20 - 2012-03-29 12:21 - 0593920 ____A (OldTimer Tools) C:\Users\Mitch\Downloads\OTL.exe
2012-03-29 12:08 - 2012-03-29 12:08 - 8767136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-03-29 12:02 - 2012-04-05 15:04 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-03-29 12:02 - 2012-03-29 12:08 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-03-29 12:01 - 2012-03-29 12:01 - 0000000 ____D C:\Users\Mitch\AppData\Local\{BFAAA6DB-4CD3-459A-B914-12E1AD7EEF90}
2012-03-29 11:59 - 2012-03-29 11:59 - 0000000 ____D C:\Users\Mitch\AppData\Local\Symantec
2012-03-29 09:43 - 2012-03-29 09:43 - 0001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-03-29 09:43 - 2012-03-29 09:43 - 0000000 ____D C:\Users\Mitch\AppData\Roaming\Malwarebytes
2012-03-29 09:43 - 2012-03-29 09:43 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-03-29 09:43 - 2012-03-29 09:43 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-03-29 09:43 - 2012-03-29 09:43 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-29 09:43 - 2011-12-10 11:24 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-29 09:42 - 2012-03-29 09:42 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\Mitch\Downloads\mbam--setup-1.60.1.1000.exe
2012-03-28 19:38 - 2012-04-05 19:09 - 0000000 ____D C:\Users\All Users\Recovery
2012-03-28 19:38 - 2012-04-05 19:09 - 0000000 ____D C:\ProgramData\Recovery
2012-03-28 16:11 - 2012-03-28 16:11 - 0107789 ____A C:\Users\Mitch\Desktop\notes 4.pdf
2012-03-28 16:10 - 2012-03-28 16:10 - 0044299 ____A C:\Users\Mitch\Desktop\sample 4.pdf
2012-03-28 16:02 - 2012-03-28 16:02 - 0000000 ____D C:\Users\Mitch\AppData\Roaming\Tific
2012-03-28 15:59 - 2012-03-28 15:59 - 0000000 ____D C:\Users\Mitch\AppData\Local\{3470A684-877A-486D-B2C8-5E6F0D88074D}
2012-03-28 15:56 - 2012-03-28 15:56 - 0000000 ____D C:\Windows\system64
2012-03-28 14:19 - 2012-03-28 14:19 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-03-28 14:19 - 2012-03-28 14:19 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-03-28 14:19 - 2012-03-28 14:19 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-03-28 14:19 - 2012-03-28 14:19 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-03-28 14:19 - 2012-03-28 14:19 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-03-28 14:19 - 2012-03-28 14:19 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-03-28 14:19 - 2012-03-28 14:19 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-03-28 14:19 - 2012-03-28 14:19 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-03-28 14:19 - 2012-03-28 14:19 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-03-28 14:19 - 2012-03-28 14:19 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-03-28 13:59 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-03-28 13:59 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-03-28 13:59 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-03-28 13:59 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-03-28 13:59 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-03-28 13:59 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-03-28 13:59 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-03-28 13:59 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-03-28 13:58 - 2012-03-31 08:28 - 0000000 ____D C:\Windows\ERDNT
2012-03-28 13:55 - 2012-03-31 08:30 - 0000000 ____D C:\Qoobox
2012-03-28 03:50 - 2012-03-28 03:50 - 0000000 ____D C:\Users\Mitch\AppData\Local\{1E17F7F4-B133-4C38-82DE-64BA27649424}
2012-03-27 09:29 - 2012-03-28 03:50 - 0000000 ____D C:\Users\Mitch\AppData\Local\{E8D9EE41-9395-4543-8D31-B768A8ED6D1D}
2012-03-27 09:29 - 2012-03-27 09:29 - 0000000 ____D C:\Users\Mitch\AppData\Local\{8D937644-BCB3-424C-9F0E-74034593151D}
2012-03-26 19:17 - 2012-03-30 07:07 - 0000000 ____D C:\Users\Mitch\AppData\Local\NPE
2012-03-26 19:17 - 2012-03-26 19:17 - 2804712 ____A (Symantec Corporation) C:\Users\Mitch\Downloads\NPE.exe
2012-03-26 13:51 - 2012-03-26 13:51 - 0000000 ____D C:\Program Files (x86)\Rovio
2012-03-26 13:51 - 2011-12-08 13:28 - 0085182 ____A C:\Windows\fav_google.ico
2012-03-26 13:51 - 2010-04-12 19:51 - 0029070 ____A C:\Windows\fav_123setup.ico
2012-03-26 11:02 - 2012-03-26 11:02 - 0000000 ____D C:\Users\Mitch\AppData\Local\{B3D6081A-910D-413E-9D69-652515D4D954}
2012-03-26 11:01 - 2012-03-26 11:01 - 0000000 ____D C:\Users\Mitch\AppData\Local\{F3554E9A-F9EC-4954-8AAE-10339B41D0CB}
2012-03-26 07:01 - 2012-03-26 07:01 - 0000000 ____D C:\Users\Mitch\AppData\Local\{F082F2EA-D4BE-4FEC-B2D7-DEEBB0185AAC}
2012-03-26 07:01 - 2012-03-23 17:51 - 0084992 ____A C:\Windows\SysWOW64\iemARkm2.com_
2012-03-25 18:28 - 2012-03-25 18:28 - 0082870 ____A C:\Users\Mitch\Desktop\falcon-get-girl.png
2012-03-25 09:26 - 2012-03-25 09:29 - 0000000 ____D C:\Users\Mitch\Desktop\tax
2012-03-25 09:25 - 2012-03-25 09:29 - 0000000 ____D C:\Users\Mitch\Desktop\old work y2 s2
2012-03-25 09:25 - 2012-03-25 09:28 - 0000000 ____D C:\Users\Mitch\Desktop\prac
2012-03-25 07:18 - 2012-03-25 07:19 - 0000000 ____D C:\Users\Mitch\AppData\Local\{9D1E2528-F9CE-44E5-8040-38C38689964B}
2012-03-25 07:18 - 2012-03-25 07:18 - 0000000 ____D C:\Users\Mitch\AppData\Local\{AFA476CA-F72B-4246-BF8D-C68C10BF04C7}
2012-03-24 19:18 - 2012-03-24 19:18 - 0000000 ____D C:\Users\Mitch\AppData\Local\{A8C4831C-273F-475E-AC3D-8845B2DB5C2B}
2012-03-24 19:18 - 2012-03-24 19:18 - 0000000 ____D C:\Users\Mitch\AppData\Local\{8812F932-4DC4-4C96-A879-2574844CC666}
2012-03-24 07:17 - 2012-03-24 07:18 - 0000000 ____D C:\Users\Mitch\AppData\Local\{7DE44783-AD2B-4042-94EE-6B257BAB7211}
2012-03-24 07:17 - 2012-03-24 07:17 - 0000000 ____D C:\Users\Mitch\AppData\Local\{09347842-3775-48FB-9AAE-E38AEA5AB132}
2012-03-23 18:12 - 2012-03-23 18:12 - 0000000 ____D C:\Users\Mitch\AppData\Local\{8973843E-F26A-4FD6-9F40-9E752A7E71E6}
2012-03-23 18:12 - 2012-03-23 18:12 - 0000000 ____D C:\Users\Mitch\AppData\Local\{474F5151-89C9-434A-8805-57439C3EEC6B}
2012-03-23 17:50 - 2012-04-05 14:31 - 0000352 ____A C:\Windows\Tasks\At38.job
2012-03-23 17:50 - 2012-04-05 14:27 - 0000352 ____A C:\Windows\Tasks\At36.job
2012-03-23 17:50 - 2012-04-05 14:27 - 0000352 ____A C:\Windows\Tasks\At34.job
2012-03-23 17:50 - 2012-04-05 11:31 - 0000352 ____A C:\Windows\Tasks\At32.job
2012-03-23 17:50 - 2012-04-05 10:31 - 0000352 ____A C:\Windows\Tasks\At30.job
2012-03-23 17:50 - 2012-04-05 09:31 - 0000352 ____A C:\Windows\Tasks\At28.job
2012-03-23 17:50 - 2012-04-05 08:31 - 0000352 ____A C:\Windows\Tasks\At26.job
2012-03-23 17:50 - 2012-04-05 07:31 - 0000352 ____A C:\Windows\Tasks\At24.job
2012-03-23 17:50 - 2012-04-05 06:31 - 0000352 ____A C:\Windows\Tasks\At22.job
2012-03-23 17:50 - 2012-04-05 05:31 - 0000352 ____A C:\Windows\Tasks\At20.job
2012-03-23 17:50 - 2012-04-05 05:01 - 0000352 ____A C:\Windows\Tasks\At8.job
2012-03-23 17:50 - 2012-04-05 05:01 - 0000352 ____A C:\Windows\Tasks\At6.job
2012-03-23 17:50 - 2012-04-05 05:01 - 0000352 ____A C:\Windows\Tasks\At18.job
2012-03-23 17:50 - 2012-04-05 05:01 - 0000352 ____A C:\Windows\Tasks\At16.job
2012-03-23 17:50 - 2012-04-05 05:01 - 0000352 ____A C:\Windows\Tasks\At14.job
2012-03-23 17:50 - 2012-04-05 05:01 - 0000352 ____A C:\Windows\Tasks\At12.job
2012-03-23 17:50 - 2012-04-05 05:01 - 0000352 ____A C:\Windows\Tasks\At10.job
2012-03-23 17:50 - 2012-04-04 21:31 - 0000352 ____A C:\Windows\Tasks\At4.job
2012-03-23 17:50 - 2012-04-04 20:31 - 0000352 ____A C:\Windows\Tasks\At2.job
2012-03-23 17:50 - 2012-04-04 19:31 - 0000352 ____A C:\Windows\Tasks\At48.job
2012-03-23 17:50 - 2012-04-04 18:31 - 0000352 ____A C:\Windows\Tasks\At46.job
2012-03-23 17:50 - 2012-04-04 17:31 - 0000352 ____A C:\Windows\Tasks\At44.job
2012-03-23 17:50 - 2012-04-04 16:31 - 0000352 ____A C:\Windows\Tasks\At42.job
2012-03-23 17:50 - 2012-04-04 15:31 - 0000352 ____A C:\Windows\Tasks\At40.job
2012-03-23 17:50 - 2012-03-26 07:01 - 0000112 ____A C:\Users\All Users\Jj5bWc.dat
2012-03-23 17:50 - 2012-03-26 07:01 - 0000112 ____A C:\ProgramData\Jj5bWc.dat
2012-03-23 17:20 - 2012-03-29 11:59 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-03-23 06:11 - 2012-03-23 06:11 - 0000000 ____D C:\Users\Mitch\AppData\Local\{DC24FDFE-3D80-4BC0-8770-B9CB77F08217}
2012-03-23 06:11 - 2012-03-23 06:11 - 0000000 ____D C:\Users\Mitch\AppData\Local\{25AB73B5-5A49-4D22-98E3-029F38F1CA0B}
2012-03-22 18:11 - 2012-03-22 18:11 - 0000000 ____D C:\Users\Mitch\AppData\Local\{AD91B937-EDCE-47B5-ACCD-EE7EF21902F4}
2012-03-22 18:11 - 2012-03-22 18:11 - 0000000 ____D C:\Users\Mitch\AppData\Local\{9CD621FE-DA85-4D96-A4F3-6AEBD5DB8B9C}
2012-03-22 06:10 - 2012-03-22 06:11 - 0000000 ____D C:\Users\Mitch\AppData\Local\{40672B68-435C-46C5-81FF-F5181C81E890}
2012-03-22 06:10 - 2012-03-22 06:10 - 0000000 ____D C:\Users\Mitch\AppData\Local\{9996FD04-3D5A-4B81-9E96-626C3A387F26}
2012-03-21 18:10 - 2012-03-21 18:10 - 0000000 ____D C:\Users\Mitch\AppData\Local\{83FDA061-4469-44FA-B40D-94AB16E6C6C3}
2012-03-21 18:10 - 2012-03-21 18:10 - 0000000 ____D C:\Users\Mitch\AppData\Local\{2F37DC21-5874-4A6D-A99D-6593EA9BB8BC}
2012-03-21 17:49 - 2012-03-21 17:49 - 0088411 ____A C:\Users\Mitch\Desktop\MATH2260H-A9.pdf
2012-03-21 17:38 - 2012-03-21 17:38 - 0110254 ____A C:\Users\Mitch\Desktop\MATH2260H-A8.pdf
2012-03-21 17:38 - 2012-03-21 17:38 - 0106721 ____A C:\Users\Mitch\Desktop\MATH2260H-A6.pdf
2012-03-21 17:38 - 2012-03-21 17:38 - 0106687 ____A C:\Users\Mitch\Desktop\MATH2260H-A7.pdf
2012-03-21 17:38 - 2012-03-21 17:38 - 0095030 ____A C:\Users\Mitch\Desktop\MATH2260H-A4.pdf
2012-03-21 17:38 - 2012-03-21 17:38 - 0084246 ____A C:\Users\Mitch\Desktop\MATH2260H-A3.pdf
2012-03-21 17:38 - 2012-03-21 17:38 - 0080988 ____A C:\Users\Mitch\Desktop\MATH2260H-A5.pdf
2012-03-21 06:10 - 2012-03-21 06:10 - 0000000 ____D C:\Users\Mitch\AppData\Local\{F68AFE8F-F635-4960-AFF2-3AFB9B0969DA}
2012-03-21 06:10 - 2012-03-21 06:10 - 0000000 ____D C:\Users\Mitch\AppData\Local\{62A13F15-9A82-4F0E-820B-7B8D6E2DE3AB}
2012-03-20 17:54 - 2012-03-20 17:54 - 0000000 ____D C:\Users\Mitch\AppData\Local\{BB7F3BC5-7B52-451D-99DF-DED107E8B0A9}
2012-03-20 17:54 - 2012-03-20 17:54 - 0000000 ____D C:\Users\Mitch\AppData\Local\{A82D5B94-4627-4AB9-91C1-BE4754E35D6A}
2012-03-19 10:10 - 2012-03-19 10:13 - 0779382 ____A C:\Users\Mitch\Desktop\accessibility logo.png
2012-03-18 12:08 - 2012-03-18 12:08 - 0000000 ____D C:\Users\Mitch\AppData\Local\{995FDA14-540C-44FB-A005-70608E92F3E7}
2012-03-18 12:08 - 2012-03-18 12:08 - 0000000 ____D C:\Users\Mitch\AppData\Local\{3F119BF6-FFD5-4FF7-8B65-A543B0C7E037}
2012-03-15 16:27 - 2012-03-15 16:27 - 0000000 ____D C:\Users\Mitch\AppData\Local\{7F1812C3-8430-4535-9AAD-69B549A6F9E9}
2012-03-15 16:26 - 2012-03-15 16:27 - 0000000 ____D C:\Users\Mitch\AppData\Local\{0006EFB6-DEB0-4DE4-9D20-77F3CAD609E9}
2012-03-15 04:06 - 2011-11-19 07:20 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-15 04:06 - 2011-11-19 06:50 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-15 04:06 - 2011-11-19 06:50 - 3913584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-15 04:01 - 2012-03-15 04:01 - 0000000 ____D C:\Users\Mitch\AppData\Local\{BA7419DB-5AD1-4914-8211-E86F554731E4}
2012-03-15 04:00 - 2012-03-15 04:01 - 0000000 ____D C:\Users\Mitch\AppData\Local\{4540C9C8-15B5-48F0-BDB4-CD8B7A67DF83}
2012-03-14 14:48 - 2012-03-14 14:49 - 0000000 ____D C:\Users\Mitch\AppData\Local\{05C69F77-78E4-464A-83FC-D319BD03F6B2}
2012-03-14 14:48 - 2012-03-14 14:48 - 0000000 ____D C:\Users\Mitch\AppData\Local\{0FCEC0F1-3B10-4C4F-83B6-7AED3F9BCFC6}
2012-03-14 07:15 - 2012-02-09 22:36 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-14 07:15 - 2012-02-09 21:38 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-14 07:15 - 2012-02-02 20:34 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-14 07:12 - 2012-02-16 22:38 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-14 07:12 - 2012-02-16 21:34 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-14 07:12 - 2012-02-16 20:58 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-14 07:12 - 2012-02-16 20:57 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-14 07:12 - 2012-01-24 22:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-14 07:12 - 2012-01-24 22:38 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-14 07:12 - 2012-01-24 22:33 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-03-13 09:19 - 2012-03-13 09:19 - 0016631 ____A C:\Users\Mitch\Desktop\2320 ass 3.pdf
2012-03-13 08:54 - 2012-03-20 07:42 - 0000000 ____D C:\Users\Mitch\Downloads\Altera Quartus II v10.0 crack only
2012-03-13 07:11 - 2012-03-13 07:11 - 0000000 ____D C:\Users\Mitch\AppData\Local\{FADF68B8-6E45-4DB5-8BDA-B52D5AE3FE04}
2012-03-13 07:11 - 2012-03-13 07:11 - 0000000 ____D C:\Users\Mitch\AppData\Local\{D5B17D49-270A-49C2-B409-7180684C3965}
2012-03-12 15:43 - 2012-03-12 15:43 - 0000000 ____D C:\Users\Mitch\AppData\Local\{F2BE37C4-D048-40B1-9339-B5B3687FBF06}
2012-03-12 15:43 - 2012-03-12 15:43 - 0000000 ____D C:\Users\Mitch\AppData\Local\{5D71CB96-C29D-4C88-A8B0-0E56BB4A7912}
2012-03-12 03:43 - 2012-03-12 03:43 - 0000000 ____D C:\Users\Mitch\AppData\Local\{521F40CD-731E-4669-9539-45C625FE8786}
2012-03-12 03:43 - 2012-03-12 03:43 - 0000000 ____D C:\Users\Mitch\AppData\Local\{31DFE17B-D2BA-455C-B1C9-0290FBADBA78}
2012-03-11 15:13 - 2012-03-11 15:13 - 0000000 ____D C:\Users\Mitch\AppData\Local\{9B170C3F-6A95-4B46-9E74-C3D6A62140BD}
2012-03-11 15:13 - 2012-03-11 15:13 - 0000000 ____D C:\Users\Mitch\AppData\Local\{585B6DD8-E013-4DFD-88B6-38A7A6062D05}
2012-03-11 02:59 - 2012-03-11 02:59 - 0000000 ____D C:\Users\Mitch\AppData\Local\{53466397-B622-48E8-BF3B-CFA0BBFFCB64}
2012-03-11 02:59 - 2012-03-11 02:59 - 0000000 ____D C:\Users\Mitch\AppData\Local\{2958DC30-7A67-4D0D-907C-AD88D203B38F}
2012-03-10 12:48 - 2012-03-10 12:48 - 0000000 ____D C:\Users\Mitch\AppData\Local\{DC5ADE64-A12F-420F-B296-C9AE6BF19645}
2012-03-10 12:48 - 2012-03-10 12:48 - 0000000 ____D C:\Users\Mitch\AppData\Local\{CDE7720B-DA8A-4B8E-99F3-4FAEC8B2AD9E}
2012-03-09 19:13 - 2012-03-09 19:13 - 0000000 ____D C:\Users\Mitch\AppData\Local\{D4E8B890-7219-4B03-B385-DBDEF00053AE}
2012-03-09 19:13 - 2012-03-09 19:13 - 0000000 ____D C:\Users\Mitch\AppData\Local\{3C7AECED-0ECE-4D94-9136-DAF297C0B926}
2012-03-09 07:13 - 2012-03-09 07:13 - 0000000 ____D C:\Users\Mitch\AppData\Local\{C3007544-C4EB-4E8A-9A69-D5F1D2439E32}
2012-03-09 07:12 - 2012-03-09 07:13 - 0000000 ____D C:\Users\Mitch\AppData\Local\{8A97C288-0E4F-4A76-9C20-545550EA6D52}
2012-03-09 06:44 - 2012-03-09 06:44 - 0000162 ___AH C:\Users\Mitch\Desktop\~$arning task Mitch Hawkins (Autosaved).doc
2012-03-08 19:12 - 2012-03-08 19:12 - 0000000 ____D C:\Users\Mitch\AppData\Local\{71E96C47-DF74-45D8-B58E-059C0D28E78A}
2012-03-08 19:12 - 2012-03-08 19:12 - 0000000 ____D C:\Users\Mitch\AppData\Local\{5E37BDC3-4571-46DC-B198-A9F8F8204FE9}
2012-03-08 07:12 - 2012-03-08 07:12 - 0000000 ____D C:\Users\Mitch\AppData\Local\{D1B91169-5135-4D54-961B-B06E2BFCA6FE}
2012-03-08 07:12 - 2012-03-08 07:12 - 0000000 ____D C:\Users\Mitch\AppData\Local\{5F753E68-6059-45B5-817F-4594196344EC}
2012-03-07 19:11 - 2012-03-07 19:12 - 0000000 ____D C:\Users\Mitch\AppData\Local\{0BC49015-A2D4-46B7-BE2A-B24C26663067}
2012-03-07 19:11 - 2012-03-07 19:11 - 0000000 ____D C:\Users\Mitch\AppData\Local\{CA15E02A-6751-4FA6-9FF1-D8D2FC190627}
2012-03-07 07:11 - 2012-03-07 07:11 - 0000000 ____D C:\Users\Mitch\AppData\Local\{69A22BEB-972B-4C5A-A42F-FDB34A72A7FA}
2012-03-06 16:15 - 2012-03-06 16:15 - 0000000 ____D C:\Users\Mitch\AppData\Roaming\Opera
2012-03-06 16:07 - 2012-03-06 16:07 - 0000000 ____D C:\Users\Mitch\AppData\Local\{C10FB468-BD77-4E1F-BAD2-C82999BCAE89}
2012-03-06 16:06 - 2012-03-07 07:11 - 0000000 ____D C:\Users\Mitch\AppData\Local\{D3DF9B00-C88F-429B-95D5-1D6CDD4BC2AD}

============ 3 Months Modified Files and Folders =============

2012-04-05 19:12 - 2012-04-05 19:11 - 0000000 ____D C:\FRST
2012-04-05 19:09 - 2012-03-28 19:38 - 0000000 ____D C:\Users\All Users\Recovery
2012-04-05 19:09 - 2012-03-28 19:38 - 0000000 ____D C:\ProgramData\Recovery
2012-04-05 15:06 - 2011-02-21 08:52 - 0000000 ____D C:\Users\Mitch\AppData\Roaming\Skype
2012-04-05 15:05 - 2010-10-03 17:46 - 0000000 ____D C:\Program Files (x86)\Steam
2012-04-05 15:04 - 2012-03-29 12:02 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-05 15:04 - 2010-09-27 09:22 - 0000000 ____D C:\Users\Mitch\AppData\Roaming\uTorrent
2012-04-05 15:04 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-05 15:04 - 2009-07-13 20:51 - 0094760 ____A C:\Windows\setupact.log
2012-04-05 15:03 - 2010-06-26 01:54 - 0255820 ____A C:\Windows\PFRO.log
2012-04-05 15:03 - 2010-06-26 01:39 - 3062255616 __ASH C:\hiberfil.sys
2012-04-05 15:00 - 2010-06-26 01:49 - 2037516 ____A C:\Windows\WindowsUpdate.log
2012-04-05 14:49 - 2012-04-05 14:49 - 1385843 ____A C:\Users\Mitch\Desktop\FRST64.exe
2012-04-05 14:49 - 2012-04-05 14:48 - 1385843 ____A C:\Users\Mitch\Downloads\FRST64.exe
2012-04-05 14:46 - 2012-02-15 18:00 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-470935310-1960509635-4070439341-1000UA.job
2012-04-05 14:43 - 2009-07-13 21:13 - 0779266 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-05 14:31 - 2012-03-23 17:50 - 0000352 ____A C:\Windows\Tasks\At38.job
2012-04-05 14:27 - 2012-03-23 17:50 - 0000352 ____A C:\Windows\Tasks\At36.job
2012-04-05 14:27 - 2012-03-23 17:50 - 0000352 ____A C:\Windows\Tasks\At34.job
2012-04-05 14:27 - 2012-02-15 18:00 - 0000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-470935310-1960509635-4070439341-1000Core.job
2012-04-05 14:27 - 2011-11-11 08:15 - 0000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-470935310-1960509635-4070439341-1000UA.job
2012-04-05 11:31 - 2012-03-23 17:50 - 0000352 ____A C:\Windows\Tasks\At32.job
2012-04-05 10:32 - 2012-04-05 10:32 - 0000000 ____D C:\Users\Mitch\AppData\Local\{894CC563-61E7-4532-93B7-77485944661C}
2012-04-05 10:31 - 2012-03-23 17:50 - 0000352 ____A C:\Windows\Tasks\At30.job
2012-04-05 09:31 - 2012-03-23 17:50 - 0000352 ____A C:\Windows\Tasks\At28.job
2012-04-05 08:31 - 2012-03-23 17:50 - 0000352 ____A C:\Windows\Tasks\At26.job
2012-04-05 08:21 - 2010-09-20 16:44 - 0000880 ____A C:\Windows\Tasks\Google Software Updater.job
2012-04-05 07:31 - 2012-03-23 17:50 - 0000352 ____A C:\Windows\Tasks\At24.job
2012-04-05 07:20 - 2011-11-11 08:15 - 0000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-470935310-1960509635-4070439341-1000Core.job
2012-04-05 06:31 - 2012-03-23 17:50 - 0000352 ____A C:\Windows\Tasks\At22.job
2012-04-05 05:31 - 2012-03-23 17:50 - 0000352 ____A C:\Windows\Tasks\At20.job
2012-04-05 05:01 - 2012-03-23 17:50 - 0000352 ____A C:\Windows\Tasks\At8.job
2012-04-05 05:01 - 2012-03-23 17:50 - 0000352 ____A C:\Windows\Tasks\At6.job
2012-04-05 05:01 - 2012-03-23 17:50 - 0000352 ____A C:\Windows\Tasks\At18.job
2012-04-05 05:01 - 2012-03-23 17:50 - 0000352 ____A C:\Windows\Tasks\At16.job
2012-04-05 05:01 - 2012-03-23 17:50 - 0000352 ____A C:\Windows\Tasks\At14.job
2012-04-05 05:01 - 2012-03-23 17:50 - 0000352 ____A C:\Windows\Tasks\At12.job
2012-04-05 05:01 - 2012-03-23 17:50 - 0000352 ____A C:\Windows\Tasks\At10.job
2012-04-04 21:31 - 2012-03-23 17:50 - 0000352 ____A C:\Windows\Tasks\At4.job
2012-04-04 21:28 - 2012-04-04 21:28 - 0087914 ____A C:\Users\Mitch\Desktop\2260 11.pdf
2012-04-04 20:31 - 2012-03-23 17:50 - 0000352 ____A C:\Windows\Tasks\At2.job
2012-04-04 19:31 - 2012-03-23 17:50 - 0000352 ____A C:\Windows\Tasks\At48.job
2012-04-04 19:30 - 2012-04-04 19:30 - 0000000 ____D C:\Users\Mitch\AppData\Local\{4C72F04A-DA8B-4280-A66E-1AD44C385584}
2012-04-04 18:31 - 2012-03-23 17:50 - 0000352 ____A C:\Windows\Tasks\At46.job
2012-04-04 17:31 - 2012-03-23 17:50 - 0000352 ____A C:\Windows\Tasks\At44.job
2012-04-04 16:31 - 2012-03-23 17:50 - 0000352 ____A C:\Windows\Tasks\At42.job
2012-04-04 15:31 - 2012-03-23 17:50 - 0000352 ____A C:\Windows\Tasks\At40.job
2012-04-04 12:19 - 2010-10-20 12:20 - 0000000 ____D C:\Users\Mitch\Documents\My Received Files
2012-04-04 11:16 - 2012-04-04 11:16 - 0038912 ____A C:\Users\Mitch\Desktop\Mitch Hawkins - Resume.doc
2012-04-04 11:01 - 2012-04-04 11:01 - 0202953 ____A C:\Users\Mitch\Desktop\icecream-muffins.png
2012-04-04 09:46 - 2012-04-04 09:45 - 0011127 ____A C:\Users\Mitch\Desktop\cover letter 2012.docx
2012-04-04 09:46 - 2012-04-03 16:44 - 0038912 ____A C:\Users\Mitch\Desktop\resume 2012.doc
2012-04-04 07:34 - 2009-07-13 20:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-04 07:34 - 2009-07-13 20:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-04 07:30 - 2012-04-04 07:29 - 0000000 ____D C:\Users\Mitch\AppData\Local\{24B204FC-238F-46C8-A401-B14FE18C3BFB}
2012-04-03 19:17 - 2012-04-03 19:17 - 0441936 ____A C:\Users\Mitch\Desktop\1333201634207.gif
2012-04-03 17:20 - 2012-04-03 17:20 - 0010898 ____A C:\Users\Mitch\Desktop\old cover letter.docx
2012-04-03 14:37 - 2012-04-03 14:37 - 0131587 ____A C:\Users\Mitch\Desktop\2180 chap 3.pdf
2012-04-03 14:37 - 2012-04-03 14:37 - 0107789 ____A C:\Users\Mitch\Desktop\2180 chap 4.pdf
2012-04-03 14:37 - 2012-04-03 14:37 - 0104259 ____A C:\Users\Mitch\Desktop\2180 chap 5.pdf
2012-04-03 14:20 - 2012-04-03 14:20 - 0000000 ____D C:\Users\Mitch\AppData\Local\{E8D2475F-9762-4AC6-B6C2-D2C9A8AE6688}
2012-04-03 13:03 - 2012-04-03 13:03 - 0016213 ____A C:\Users\Mitch\Desktop\3210 4.pdf
2012-04-03 13:02 - 2012-04-03 13:02 - 0019217 ____A C:\Users\Mitch\Desktop\2320 a 4.pdf
2012-04-03 13:00 - 2012-04-03 13:00 - 0026112 ____A C:\Users\Mitch\Desktop\Math2350HAsst4.doc
2012-04-03 12:58 - 2012-04-03 12:58 - 0028302 ____A C:\Users\Mitch\Desktop\2180 A4.pdf
2012-04-03 12:55 - 2010-09-20 16:48 - 0000000 ____D C:\Users\Mitch\AppData\Roaming\Mozilla
2012-04-02 02:06 - 2012-03-31 08:36 - 0000000 __SHD C:\$RECYCLE.BIN
2012-04-01 19:12 - 2012-04-01 19:12 - 0000000 ____D C:\Users\Mitch\AppData\Local\{87A4BC27-0F74-4994-8550-5BBDB56D3AC7}
2012-04-01 09:37 - 2012-04-01 09:37 - 0016631 ____A C:\Users\Mitch\Desktop\a 3 2320.pdf
2012-04-01 07:12 - 2012-04-01 07:12 - 0000000 ____D C:\Users\Mitch\AppData\Local\{EE8037AD-E30F-421B-B0DC-C16A51EAE297}
2012-03-31 12:27 - 2012-03-31 12:27 - 0081672 ____A C:\Users\Mitch\Desktop\12.03.28-Natural-Graffiti.jpg
2012-03-31 11:04 - 2010-06-26 02:12 - 0000000 ____D C:\Users\All Users\Norton
2012-03-31 11:04 - 2010-06-26 02:12 - 0000000 ____D C:\ProgramData\Norton
2012-03-31 11:00 - 2012-03-31 11:00 - 0001294 ____A C:\Users\Mitch\Desktop\Norton Installation Files.lnk
2012-03-31 11:00 - 2012-03-31 11:00 - 0000000 ____D C:\Users\Public\Downloads\Norton
2012-03-31 10:23 - 2012-03-31 10:19 - 0130030 ____A C:\TDSSKiller.2.7.23.0_31.03.2012_14.19.26_log.txt
2012-03-31 10:19 - 2012-03-31 10:19 - 0002299 ____A C:\Users\Mitch\Desktop\aswMBR log.txt
2012-03-31 10:19 - 2012-03-31 10:19 - 0000512 ____A C:\Users\Mitch\Desktop\MBR.dat
2012-03-31 09:38 - 2012-03-31 09:38 - 0278648 ____A C:\Windows\Minidump\033112-27300-01.dmp
2012-03-31 09:38 - 2010-11-12 20:18 - 468029091 ____A C:\Windows\MEMORY.DMP
2012-03-31 09:38 - 2010-11-12 20:18 - 0000000 ____D C:\Windows\Minidump
2012-03-31 09:27 - 2012-03-31 09:24 - 0258358 ____A C:\TDSSKiller.2.7.23.0_31.03.2012_13.24.42_log.txt
2012-03-31 09:14 - 2012-03-31 09:23 - 4731392 ____A (AVAST Software) C:\Users\Mitch\Desktop\aswMBR.exe
2012-03-31 09:14 - 2012-03-31 09:14 - 4731392 ____A (AVAST Software) C:\Users\Mitch\Downloads\aswMBR.exe
2012-03-31 09:13 - 2012-03-31 09:13 - 2068016 ____A (Kaspersky Lab ZAO) C:\Users\Mitch\Downloads\tdsskiller.exe
2012-03-31 09:13 - 2012-03-31 09:13 - 2068016 ____A (Kaspersky Lab ZAO) C:\Users\Mitch\Desktop\tdsskiller.exe
2012-03-31 08:35 - 2012-03-31 08:35 - 0027833 ____A C:\Users\Mitch\Desktop\combofix log.txt
2012-03-31 08:30 - 2012-03-31 08:30 - 0027833 ____A C:\ComboFix.txt
2012-03-31 08:30 - 2012-03-28 13:55 - 0000000 ____D C:\Qoobox
2012-03-31 08:28 - 2012-03-28 13:58 - 0000000 ____D C:\Windows\ERDNT
2012-03-31 08:24 - 2012-03-31 08:22 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-03-31 08:24 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-03-31 08:03 - 2012-03-31 08:04 - 4452676 ____R (Swearware) C:\Users\Mitch\Desktop\ComboFix.exe
2012-03-31 08:03 - 2012-03-31 08:03 - 4452676 ____A (Swearware) C:\Users\Mitch\Downloads\ComboFix.exe
2012-03-31 07:38 - 2010-09-20 16:27 - 0000000 ____D C:\Users\Mitch\AppData\LocalLow
2012-03-31 07:07 - 2012-03-31 07:06 - 0000000 ____D C:\Users\Mitch\AppData\Local\{C2474F1B-465C-439A-9036-EDB463165B35}
2012-03-31 07:07 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\System32\GroupPolicyUsers
2012-03-30 18:17 - 2012-03-30 18:17 - 0000000 ____D C:\Users\Mitch\AppData\Local\{CE920D03-B681-4468-8403-B7CC8F81AD36}
2012-03-30 13:37 - 2012-03-30 13:37 - 0034739 ____A C:\Users\Mitch\Desktop\DDS.txt
2012-03-30 13:37 - 2012-03-30 13:37 - 0015494 ____A C:\Users\Mitch\Desktop\Attach.txt
2012-03-30 13:30 - 2012-03-30 13:30 - 0607260 ____R (Swearware) C:\Users\Mitch\Downloads\dds.scr
2012-03-30 13:20 - 2012-03-30 13:20 - 0050477 ____A C:\Users\Mitch\Downloads\Defogger.exe
2012-03-30 13:20 - 2012-03-30 13:20 - 0000366 ____A C:\Users\Mitch\defogger_reenable
2012-03-30 13:20 - 2010-09-20 16:45 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-03-30 13:20 - 2010-09-20 16:27 - 0000000 ____D C:\users\Mitch
2012-03-30 12:59 - 2011-02-08 17:33 - 0497734 ____A C:\Users\Mitch\Downloads\taboo_Vision_Rainmeter_skin.zip
2012-03-30 11:34 - 2012-03-30 09:24 - 0000600 ____A C:\Windows\ntbtlog.txt
2012-03-30 08:23 - 2012-03-30 08:23 - 0127636 ____A C:\Users\Mitch\Desktop\booster-pack-smell.png
2012-03-30 07:07 - 2012-03-26 19:17 - 0000000 ____D C:\Users\Mitch\AppData\Local\NPE
2012-03-30 06:45 - 2012-03-30 06:45 - 2804712 ____A (Symantec Corporation) C:\Users\Mitch\Downloads\NPE(1).exe
2012-03-30 06:36 - 2012-03-30 06:36 - 0027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-03-30 06:34 - 2012-03-30 06:34 - 1805736 ____A (Symantec Corporation) C:\Users\Mitch\Downloads\FixZeroAccess.exe
2012-03-30 06:27 - 2012-03-30 06:27 - 0829136 ____A (Symantec Corporation) C:\Users\Mitch\Downloads\NISDownloader.exe
2012-03-30 06:17 - 2012-03-30 06:17 - 0000000 ____D C:\Users\Mitch\AppData\Local\{FA8AE5C7-D860-405A-BBE4-54518E0C32BB}
2012-03-29 13:05 - 2012-03-29 13:05 - 0000000 ____D C:\_OTL
2012-03-29 12:21 - 2012-03-29 12:20 - 0593920 ____A (OldTimer Tools) C:\Users\Mitch\Downloads\OTL.exe
2012-03-29 12:08 - 2012-03-29 12:08 - 8767136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-03-29 12:08 - 2012-03-29 12:02 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-03-29 12:08 - 2011-06-13 14:39 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-03-29 12:01 - 2012-03-29 12:01 - 0000000 ____D C:\Users\Mitch\AppData\Local\{BFAAA6DB-4CD3-459A-B914-12E1AD7EEF90}
2012-03-29 11:59 - 2012-03-29 11:59 - 0000000 ____D C:\Users\Mitch\AppData\Local\Symantec
2012-03-29 11:59 - 2012-03-23 17:20 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-03-29 09:43 - 2012-03-29 09:43 - 0001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-03-29 09:43 - 2012-03-29 09:43 - 0000000 ____D C:\Users\Mitch\AppData\Roaming\Malwarebytes
2012-03-29 09:43 - 2012-03-29 09:43 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-03-29 09:43 - 2012-03-29 09:43 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-03-29 09:43 - 2012-03-29 09:43 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-29 09:42 - 2012-03-29 09:42 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\Mitch\Downloads\mbam--setup-1.60.1.1000.exe
2012-03-28 19:55 - 2010-12-30 03:08 - 0000000 ____D C:\users\mom.Mitch-PC
2012-03-28 19:55 - 2010-12-14 14:12 - 0000000 ____D C:\Users\Mitch\AppData\Roaming\Rainmeter
2012-03-28 19:55 - 2010-11-27 04:16 - 0000000 ____D C:\users\mom
2012-03-28 19:55 - 2010-06-26 01:34 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-03-28 19:54 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-03-28 19:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-03-28 19:53 - 2009-09-06 16:40 - 0000000 ____D C:\SwSetup
2012-03-28 19:53 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-03-28 16:11 - 2012-03-28 16:11 - 0107789 ____A C:\Users\Mitch\Desktop\notes 4.pdf
2012-03-28 16:10 - 2012-03-28 16:10 - 0044299 ____A C:\Users\Mitch\Desktop\sample 4.pdf
2012-03-28 16:02 - 2012-03-28 16:02 - 0000000 ____D C:\Users\Mitch\AppData\Roaming\Tific
2012-03-28 15:59 - 2012-03-28 15:59 - 0000000 ____D C:\Users\Mitch\AppData\Local\{3470A684-877A-486D-B2C8-5E6F0D88074D}
2012-03-28 15:56 - 2012-03-28 15:56 - 0000000 ____D C:\Windows\system64
2012-03-28 15:56 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-03-28 14:20 - 2009-07-13 18:34 - 84672512 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-03-28 14:20 - 2009-07-13 18:34 - 18087936 ____A C:\Windows\System32\config\SYSTEM.bak
2012-03-28 14:20 - 2009-07-13 18:34 - 1572864 ____A C:\Windows\System32\config\DEFAULT.bak
2012-03-28 14:20 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-03-28 14:20 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SAM.bak
2012-03-28 14:19 - 2012-03-28 14:19 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-03-28 14:19 - 2012-03-28 14:19 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-03-28 14:19 - 2012-03-28 14:19 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-03-28 14:19 - 2012-03-28 14:19 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-03-28 14:19 - 2012-03-28 14:19 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-03-28 14:19 - 2012-03-28 14:19 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-03-28 14:19 - 2012-03-28 14:19 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-03-28 14:19 - 2012-03-28 14:19 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-03-28 14:19 - 2012-03-28 14:19 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-03-28 14:19 - 2012-03-28 14:19 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-03-28 03:50 - 2012-03-28 03:50 - 0000000 ____D C:\Users\Mitch\AppData\Local\{1E17F7F4-B133-4C38-82DE-64BA27649424}
2012-03-28 03:50 - 2012-03-27 09:29 - 0000000 ____D C:\Users\Mitch\AppData\Local\{E8D9EE41-9395-4543-8D31-B768A8ED6D1D}
2012-03-28 03:50 - 2011-05-18 11:08 - 0000000 ____D C:\Users\Mitch\AppData\Local\Windows Live
2012-03-27 09:29 - 2012-03-27 09:29 - 0000000 ____D C:\Users\Mitch\AppData\Local\{8D937644-BCB3-424C-9F0E-74034593151D}
2012-03-26 19:17 - 2012-03-26 19:17 - 2804712 ____A (Symantec Corporation) C:\Users\Mitch\Downloads\NPE.exe
2012-03-26 17:23 - 2011-11-20 17:04 - 0000332 ____A C:\Windows\Tasks\HPCeeScheduleForMitch.job
2012-03-26 13:51 - 2012-03-26 13:51 - 0000000 ____D C:\Program Files (x86)\Rovio
2012-03-26 13:51 - 2011-01-07 09:30 - 0000000 ____D C:\Users\Mitch\AppData\Roaming\Rovio
2012-03-26 11:02 - 2012-03-26 11:02 - 0000000 ____D C:\Users\Mitch\AppData\Local\{B3D6081A-910D-413E-9D69-652515D4D954}
2012-03-26 11:01 - 2012-03-26 11:01 - 0000000 ____D C:\Users\Mitch\AppData\Local\{F3554E9A-F9EC-4954-8AAE-10339B41D0CB}
2012-03-26 07:04 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-03-26 07:01 - 2012-03-26 07:01 - 0000000 ____D C:\Users\Mitch\AppData\Local\{F082F2EA-D4BE-4FEC-B2D7-DEEBB0185AAC}
2012-03-26 07:01 - 2012-03-23 17:50 - 0000112 ____A C:\Users\All Users\Jj5bWc.dat
2012-03-26 07:01 - 2012-03-23 17:50 - 0000112 ____A C:\ProgramData\Jj5bWc.dat
2012-03-25 18:28 - 2012-03-25 18:28 - 0082870 ____A C:\Users\Mitch\Desktop\falcon-get-girl.png
2012-03-25 09:29 - 2012-03-25 09:26 - 0000000 ____D C:\Users\Mitch\Desktop\tax
2012-03-25 09:29 - 2012-03-25 09:25 - 0000000 ____D C:\Users\Mitch\Desktop\old work y2 s2
2012-03-25 09:28 - 2012-03-25 09:25 - 0000000 ____D C:\Users\Mitch\Desktop\prac
2012-03-25 09:28 - 2012-02-21 05:14 - 0000000 ____D C:\Users\Mitch\Desktop\New folder
2012-03-25 07:19 - 2012-03-25 07:18 - 0000000 ____D C:\Users\Mitch\AppData\Local\{9D1E2528-F9CE-44E5-8040-38C38689964B}
2012-03-25 07:18 - 2012-03-25 07:18 - 0000000 ____D C:\Users\Mitch\AppData\Local\{AFA476CA-F72B-4246-BF8D-C68C10BF04C7}
2012-03-24 19:18 - 2012-03-24 19:18 - 0000000 ____D C:\Users\Mitch\AppData\Local\{A8C4831C-273F-475E-AC3D-8845B2DB5C2B}
2012-03-24 19:18 - 2012-03-24 19:18 - 0000000 ____D C:\Users\Mitch\AppData\Local\{8812F932-4DC4-4C96-A879-2574844CC666}
2012-03-24 08:58 - 2010-09-26 10:15 - 0000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-03-24 07:18 - 2012-03-24 07:17 - 0000000 ____D C:\Users\Mitch\AppData\Local\{7DE44783-AD2B-4042-94EE-6B257BAB7211}
2012-03-24 07:17 - 2012-03-24 07:17 - 0000000 ____D C:\Users\Mitch\AppData\Local\{09347842-3775-48FB-9AAE-E38AEA5AB132}
2012-03-23 18:12 - 2012-03-23 18:12 - 0000000 ____D C:\Users\Mitch\AppData\Local\{8973843E-F26A-4FD6-9F40-9E752A7E71E6}
2012-03-23 18:12 - 2012-03-23 18:12 - 0000000 ____D C:\Users\Mitch\AppData\Local\{474F5151-89C9-434A-8805-57439C3EEC6B}
2012-03-23 17:51 - 2012-03-26 07:01 - 0084992 ____A C:\Windows\SysWOW64\iemARkm2.com_
2012-03-23 13:52 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\FxsTmp
2012-03-23 06:11 - 2012-03-23 06:11 - 0000000 ____D C:\Users\Mitch\AppData\Local\{DC24FDFE-3D80-4BC0-8770-B9CB77F08217}
2012-03-23 06:11 - 2012-03-23 06:11 - 0000000 ____D C:\Users\Mitch\AppData\Local\{25AB73B5-5A49-4D22-98E3-029F38F1CA0B}
2012-03-22 18:11 - 2012-03-22 18:11 - 0000000 ____D C:\Users\Mitch\AppData\Local\{AD91B937-EDCE-47B5-ACCD-EE7EF21902F4}
2012-03-22 18:11 - 2012-03-22 18:11 - 0000000 ____D C:\Users\Mitch\AppData\Local\{9CD621FE-DA85-4D96-A4F3-6AEBD5DB8B9C}
2012-03-22 06:11 - 2012-03-22 06:10 - 0000000 ____D C:\Users\Mitch\AppData\Local\{40672B68-435C-46C5-81FF-F5181C81E890}
2012-03-22 06:10 - 2012-03-22 06:10 - 0000000 ____D C:\Users\Mitch\AppData\Local\{9996FD04-3D5A-4B81-9E96-626C3A387F26}
2012-03-21 18:10 - 2012-03-21 18:10 - 0000000 ____D C:\Users\Mitch\AppData\Local\{83FDA061-4469-44FA-B40D-94AB16E6C6C3}
2012-03-21 18:10 - 2012-03-21 18:10 - 0000000 ____D C:\Users\Mitch\AppData\Local\{2F37DC21-5874-4A6D-A99D-6593EA9BB8BC}
2012-03-21 17:49 - 2012-03-21 17:49 - 0088411 ____A C:\Users\Mitch\Desktop\MATH2260H-A9.pdf
2012-03-21 17:38 - 2012-03-21 17:38 - 0110254 ____A C:\Users\Mitch\Desktop\MATH2260H-A8.pdf
2012-03-21 17:38 - 2012-03-21 17:38 - 0106721 ____A C:\Users\Mitch\Desktop\MATH2260H-A6.pdf
2012-03-21 17:38 - 2012-03-21 17:38 - 0106687 ____A C:\Users\Mitch\Desktop\MATH2260H-A7.pdf
2012-03-21 17:38 - 2012-03-21 17:38 - 0095030 ____A C:\Users\Mitch\Desktop\MATH2260H-A4.pdf
2012-03-21 17:38 - 2012-03-21 17:38 - 0084246 ____A C:\Users\Mitch\Desktop\MATH2260H-A3.pdf
2012-03-21 17:38 - 2012-03-21 17:38 - 0080988 ____A C:\Users\Mitch\Desktop\MATH2260H-A5.pdf
2012-03-21 06:10 - 2012-03-21 06:10 - 0000000 ____D C:\Users\Mitch\AppData\Local\{F68AFE8F-F635-4960-AFF2-3AFB9B0969DA}
2012-03-21 06:10 - 2012-03-21 06:10 - 0000000 ____D C:\Users\Mitch\AppData\Local\{62A13F15-9A82-4F0E-820B-7B8D6E2DE3AB}
2012-03-20 17:54 - 2012-03-20 17:54 - 0000000 ____D C:\Users\Mitch\AppData\Local\{BB7F3BC5-7B52-451D-99DF-DED107E8B0A9}
2012-03-20 17:54 - 2012-03-20 17:54 - 0000000 ____D C:\Users\Mitch\AppData\Local\{A82D5B94-4627-4AB9-91C1-BE4754E35D6A}
2012-03-20 07:42 - 2012-03-13 08:54 - 0000000 ____D C:\Users\Mitch\Downloads\Altera Quartus II v10.0 crack only
2012-03-19 10:13 - 2012-03-19 10:10 - 0779382 ____A C:\Users\Mitch\Desktop\accessibility logo.png
2012-03-18 12:08 - 2012-03-18 12:08 - 0000000 ____D C:\Users\Mitch\AppData\Local\{995FDA14-540C-44FB-A005-70608E92F3E7}
2012-03-18 12:08 - 2012-03-18 12:08 - 0000000 ____D C:\Users\Mitch\AppData\Local\{3F119BF6-FFD5-4FF7-8B65-A543B0C7E037}
2012-03-15 16:27 - 2012-03-15 16:27 - 0000000 ____D C:\Users\Mitch\AppData\Local\{7F1812C3-8430-4535-9AAD-69B549A6F9E9}
2012-03-15 16:27 - 2012-03-15 16:26 - 0000000 ____D C:\Users\Mitch\AppData\Local\{0006EFB6-DEB0-4DE4-9D20-77F3CAD609E9}
2012-03-15 08:30 - 2009-07-13 20:45 - 5127464 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-15 04:03 - 2010-11-12 19:20 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-15 04:02 - 2010-03-01 16:22 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-03-15 04:02 - 2010-03-01 16:22 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-03-15 04:01 - 2012-03-15 04:01 - 0000000 ____D C:\Users\Mitch\AppData\Local\{BA7419DB-5AD1-4914-8211-E86F554731E4}
2012-03-15 04:01 - 2012-03-15 04:00 - 0000000 ____D C:\Users\Mitch\AppData\Local\{4540C9C8-15B5-48F0-BDB4-CD8B7A67DF83}
2012-03-14 14:49 - 2012-03-14 14:48 - 0000000 ____D C:\Users\Mitch\AppData\Local\{05C69F77-78E4-464A-83FC-D319BD03F6B2}
2012-03-14 14:48 - 2012-03-14 14:48 - 0000000 ____D C:\Users\Mitch\AppData\Local\{0FCEC0F1-3B10-4C4F-83B6-7AED3F9BCFC6}
2012-03-14 08:23 - 2011-08-18 09:51 - 0013551 ____A C:\Users\Mitch\Desktop\Course Schedule Mitch.docx
2012-03-14 07:08 - 2011-01-23 17:03 - 0765178 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-03-13 09:19 - 2012-03-13 09:19 - 0016631 ____A C:\Users\Mitch\Desktop\2320 ass 3.pdf
2012-03-13 07:11 - 2012-03-13 07:11 - 0000000 ____D C:\Users\Mitch\AppData\Local\{FADF68B8-6E45-4DB5-8BDA-B52D5AE3FE04}
2012-03-13 07:11 - 2012-03-13 07:11 - 0000000 ____D C:\Users\Mitch\AppData\Local\{D5B17D49-270A-49C2-B409-7180684C3965}
2012-03-12 15:43 - 2012-03-12 15:43 - 0000000 ____D C:\Users\Mitch\AppData\Local\{F2BE37C4-D048-40B1-9339-B5B3687FBF06}
2012-03-12 15:43 - 2012-03-12 15:43 - 0000000 ____D C:\Users\Mitch\AppData\Local\{5D71CB96-C29D-4C88-A8B0-0E56BB4A7912}
2012-03-12 03:43 - 2012-03-12 03:43 - 0000000 ____D C:\Users\Mitch\AppData\Local\{521F40CD-731E-4669-9539-45C625FE8786}
2012-03-12 03:43 - 2012-03-12 03:43 - 0000000 ____D C:\Users\Mitch\AppData\Local\{31DFE17B-D2BA-455C-B1C9-0290FBADBA78}
2012-03-11 15:13 - 2012-03-11 15:13 - 0000000 ____D C:\Users\Mitch\AppData\Local\{9B170C3F-6A95-4B46-9E74-C3D6A62140BD}
2012-03-11 15:13 - 2012-03-11 15:13 - 0000000 ____D C:\Users\Mitch\AppData\Local\{585B6DD8-E013-4DFD-88B6-38A7A6062D05}
2012-03-11 02:59 - 2012-03-11 02:59 - 0000000 ____D C:\Users\Mitch\AppData\Local\{53466397-B622-48E8-BF3B-CFA0BBFFCB64}
2012-03-11 02:59 - 2012-03-11 02:59 - 0000000 ____D C:\Users\Mitch\AppData\Local\{2958DC30-7A67-4D0D-907C-AD88D203B38F}
2012-03-10 15:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-03-10 12:48 - 2012-03-10 12:48 - 0000000 ____D C:\Users\Mitch\AppData\Local\{DC5ADE64-A12F-420F-B296-C9AE6BF19645}
2012-03-10 12:48 - 2012-03-10 12:48 - 0000000 ____D C:\Users\Mitch\AppData\Local\{CDE7720B-DA8A-4B8E-99F3-4FAEC8B2AD9E}
2012-03-09 19:13 - 2012-03-09 19:13 - 0000000 ____D C:\Users\Mitch\AppData\Local\{D4E8B890-7219-4B03-B385-DBDEF00053AE}
2012-03-09 19:13 - 2012-03-09 19:13 - 0000000 ____D C:\Users\Mitch\AppData\Local\{3C7AECED-0ECE-4D94-9136-DAF297C0B926}
2012-03-09 07:13 - 2012-03-09 07:13 - 0000000 ____D C:\Users\Mitch\AppData\Local\{C3007544-C4EB-4E8A-9A69-D5F1D2439E32}
2012-03-09 07:13 - 2012-03-09 07:12 - 0000000 ____D C:\Users\Mitch\AppData\Local\{8A97C288-0E4F-4A76-9C20-545550EA6D52}
2012-03-09 06:44 - 2012-03-09 06:44 - 0000162 ___AH C:\Users\Mitch\Desktop\~$arning task Mitch Hawkins (Autosaved).doc
2012-03-09 06:36 - 2012-01-11 17:11 - 0044544 ____H C:\Users\Mitch\Desktop\~WRL3868.tmp
2012-03-08 19:12 - 2012-03-08 19:12 - 0000000 ____D C:\Users\Mitch\AppData\Local\{71E96C47-DF74-45D8-B58E-059C0D28E78A}
2012-03-08 19:12 - 2012-03-08 19:12 - 0000000 ____D C:\Users\Mitch\AppData\Local\{5E37BDC3-4571-46DC-B198-A9F8F8204FE9}
2012-03-08 07:12 - 2012-03-08 07:12 - 0000000 ____D C:\Users\Mitch\AppData\Local\{D1B91169-5135-4D54-961B-B06E2BFCA6FE}
2012-03-08 07:12 - 2012-03-08 07:12 - 0000000 ____D C:\Users\Mitch\AppData\Local\{5F753E68-6059-45B5-817F-4594196344EC}
2012-03-08 06:16 - 2009-07-13 18:34 - 0000478 ____A C:\Windows\win.ini
2012-03-07 19:12 - 2012-03-07 19:11 - 0000000 ____D C:\Users\Mitch\AppData\Local\{0BC49015-A2D4-46B7-BE2A-B24C26663067}
2012-03-07 19:11 - 2012-03-07 19:11 - 0000000 ____D C:\Users\Mitch\AppData\Local\{CA15E02A-6751-4FA6-9FF1-D8D2FC190627}
2012-03-07 07:11 - 2012-03-07 07:11 - 0000000 ____D C:\Users\Mitch\AppData\Local\{69A22BEB-972B-4C5A-A42F-FDB34A72A7FA}
2012-03-07 07:11 - 2012-03-06 16:06 - 0000000 ____D C:\Users\Mitch\AppData\Local\{D3DF9B00-C88F-429B-95D5-1D6CDD4BC2AD}
2012-03-06 16:15 - 2012-03-06 16:15 - 0000000 ____D C:\Users\Mitch\AppData\Roaming\Opera
2012-03-06 16:07 - 2012-03-06 16:07 - 0000000 ____D C:\Users\Mitch\AppData\Local\{C10FB468-BD77-4E1F-BAD2-C82999BCAE89}
2012-03-04 14:57 - 2011-02-04 10:46 - 0000000 ____D C:\Users\Mitch\AppData\Roaming\vlc
2012-03-04 14:50 - 2012-03-04 14:50 - 0000000 ____D C:\Users\Mitch\AppData\Local\{A784C0F6-8E16-4DA6-A1B2-51934CE61017}
2012-03-04 14:50 - 2012-03-04 14:49 - 0000000 ____D C:\Users\Mitch\AppData\Local\{55788DBE-A79F-44DD-9033-60FFA09CFD6B}
2012-03-03 18:05 - 2012-03-03 18:05 - 0000000 ____D C:\Users\Mitch\AppData\Local\{DC5ABC0A-351F-406E-8E1E-C640C91E1D20}
2012-03-03 18:05 - 2012-03-03 18:04 - 0000000 ____D C:\Users\Mitch\AppData\Local\{53121F9C-38C1-4A8A-AF05-886A8152A2FD}
2012-03-03 06:04 - 2012-03-03 06:04 - 0000000 ____D C:\Users\Mitch\AppData\Local\{840FEB7A-473E-4C2B-8F55-91D9F763908D}
2012-03-03 06:04 - 2012-03-03 06:04 - 0000000 ____D C:\Users\Mitch\AppData\Local\{492E296D-2B98-482A-8EEF-A2AA1C9C3B25}
2012-03-02 18:04 - 2012-03-02 18:04 - 0000000 ____D C:\Users\Mitch\AppData\Local\{237F5FE6-5CF5-43DB-BCC7-C64C269C237E}
2012-03-02 18:03 - 2012-03-02 18:03 - 0000000 ____D C:\Users\Mitch\AppData\Local\{A7C7A11A-C01D-4307-B9FE-584A65BAE1AF}
2012-03-02 05:51 - 2012-03-02 05:51 - 0000000 ____D C:\Users\Mitch\AppData\Local\{80D25A18-343B-4F21-81EA-97337BC86971}
2012-03-02 05:51 - 2012-03-02 05:51 - 0000000 ____D C:\Users\Mitch\AppData\Local\{0F6AFC45-781A-4E51-9B41-4A6FE787F6A2}
2012-03-01 15:55 - 2012-03-01 15:55 - 0009344 ____A C:\Users\Mitch\Downloads\Eleventh.tex
2012-03-01 12:55 - 2010-09-20 16:27 - 0000000 ____D C:\Users\Mitch\AppData\Roaming\Media Center Programs
2012-03-01 12:48 - 2012-03-01 12:48 - 0000000 ____D C:\Users\Mitch\AppData\Local\{97E51FEE-9093-4281-9276-901C54FF8BB3}
2012-03-01 12:48 - 2012-03-01 12:48 - 0000000 ____D C:\Users\Mitch\AppData\Local\{81FFF4A6-31CA-408E-B93A-32D660AA3F85}
2012-03-01 11:00 - 2010-12-30 03:10 - 0168096 ____A C:\Users\mom.Mitch-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-01 10:59 - 2010-12-30 03:09 - 0000174 ___SH C:\Users\mom.Mitch-PC\Start Menu\Programs\Startup\desktop.ini
2012-03-01 10:59 - 2010-12-30 03:09 - 0000174 ___SH C:\Users\mom.Mitch-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-29 13:25 - 2012-02-29 13:25 - 0000000 ____D C:\Users\Mitch\AppData\Local\{1CA86285-CA4C-4905-B3D8-36C33DFAA7FE}
2012-02-29 13:25 - 2012-02-29 13:25 - 0000000 ____D C:\Users\Mitch\AppData\Local\{1A0091E4-71EB-4493-828A-73B3736997CD}
2012-02-28 18:30 - 2012-02-28 18:30 - 0000000 ____D C:\Users\Mitch\AppData\Local\{DAE18107-8EDB-40DA-8905-89385A53BC59}
2012-02-28 18:30 - 2012-02-28 18:30 - 0000000 ____D C:\Users\Mitch\AppData\Local\{204AD09B-7D4A-48B2-A74F-E67D1684D977}
2012-02-28 06:29 - 2012-02-28 06:29 - 0000000 ____D C:\Users\Mitch\AppData\Local\{FBD95414-52F5-4D47-86D8-7BBB636CF432}
2012-02-28 06:29 - 2012-02-28 06:29 - 0000000 ____D C:\Users\Mitch\AppData\Local\{95B0F7AA-7663-475B-8EC4-F5406DE77524}
2012-02-27 18:29 - 2012-02-27 18:29 - 0000000 ____D C:\Users\Mitch\AppData\Local\{5EDF3031-75B0-4BA9-B975-3930E51A8D35}
2012-02-27 18:29 - 2012-02-27 18:28 - 0000000 ____D C:\Users\Mitch\AppData\Local\{6E987894-7F7B-498B-A012-ADC7811C3F99}
2012-02-27 13:01 - 2012-02-27 13:01 - 0000000 ____D C:\Users\Mitch\AppData\Local\{78C29E88-9B7F-4ED1-AC40-1E06ABFC33D3}
2012-02-26 11:10 - 2012-02-26 11:09 - 0000000 ____D C:\Users\Mitch\AppData\Local\{21121387-E887-4239-ADE2-80C3773EC06C}
2012-02-26 11:09 - 2012-02-26 11:09 - 0000000 ____D C:\Users\Mitch\AppData\Local\{C46026A3-1201-471F-8EA8-C482F8298C82}
2012-02-24 07:11 - 2012-02-24 07:11 - 0000000 ____D C:\Users\Mitch\AppData\Local\{DBFB58EF-C18B-449A-AFEE-0085D66FA53D}
2012-02-24 05:12 - 2012-02-24 05:11 - 0000000 ____D C:\Users\Mitch\AppData\Local\{D3F00FA2-1E49-4900-896F-8B046D561BEC}
2012-02-23 16:48 - 2010-03-01 16:58 - 0000000 ____D C:\Users\All Users\Adobe
2012-02-23 16:48 - 2010-03-01 16:58 - 0000000 ____D C:\ProgramData\Adobe
2012-02-23 16:48 - 2010-03-01 16:57 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-02-23 16:47 - 2010-09-20 17:32 - 0000000 ____D C:\Users\Mitch\AppData\Local\Adobe
2012-02-23 16:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-02-23 16:34 - 2011-08-28 17:00 - 0005662 ____A C:\Windows\IE9_main.log
2012-02-23 16:33 - 2012-02-23 16:33 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-02-23 16:33 - 2012-02-23 16:33 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-02-23 16:33 - 2012-02-23 16:33 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-23 16:33 - 2012-02-23 16:33 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-23 16:33 - 2012-02-23 16:33 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-23 16:33 - 2012-02-23 16:33 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-23 16:33 - 2012-02-23 16:33 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-02-23 16:33 - 2012-02-23 16:33 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-02-23 16:33 - 2012-02-23 16:33 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-02-23 16:33 - 2012-02-23 16:33 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-02-23 16:33 - 2012-02-23 16:33 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-02-23 16:33 - 2012-02-23 16:33 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-02-23 16:33 - 2012-02-23 16:33 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-02-23 16:33 - 2012-02-23 16:33 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-02-23 16:33 - 2012-02-23 16:33 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-02-23 16:33 - 2012-02-23 16:33 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-02-23 16:33 - 2012-02-23 16:33 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-02-23 16:33 - 2012-02-23 16:33 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-02-23 16:33 - 2012-02-23 16:33 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-02-23 16:33 - 2012-02-23 16:33 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-02-23 16:33 - 2012-02-23 16:33 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-02-23 16:33 - 2012-02-23 16:33 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-02-23 16:33 - 2012-02-23 16:33 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-02-23 16:33 - 2012-02-23 16:33 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-02-23 16:33 - 2012-02-23 16:33 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-02-23 16:33 - 2012-02-23 16:33 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-02-23 16:33 - 2012-02-23 16:33 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-02-23 16:33 - 2012-02-23 16:33 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-02-23 16:33 - 2012-02-23 16:33 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-02-23 15:50 - 2011-09-27 15:39 - 0001049 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-02-23 15:46 - 2012-02-23 15:46 - 15792320 ____A (Mozilla) C:\Users\Mitch\Downloads\Firefox Setup 10.0.2.exe
2012-02-23 15:42 - 2012-02-23 15:42 - 0000000 ____D C:\Users\Mitch\AppData\Local\{EA19EF4A-AF9E-4B21-9A95-AF3E5AEC2ADB}
2012-02-23 15:42 - 2012-02-23 15:41 - 0000000 ____D C:\Users\Mitch\AppData\Local\{66AAE5CF-E1C5-409D-93C0-F2604121AF56}
2012-02-23 14:16 - 2012-02-23 14:15 - 16748448 ____A (Mozilla) C:\Users\Mitch\Downloads\Firefox Setup 11.0b3.exe
2012-02-23 14:13 - 2012-02-23 14:13 - 0000000 ____D C:\Users\Mitch\AppData\Local\{AA3FBB9A-764E-4E93-97C7-1A74AB6C87A2}
2012-02-23 14:13 - 2012-02-23 14:12 - 0000000 ____D C:\Users\Mitch\AppData\Local\{103A4DC6-67FD-4B7B-AD75-3870DE27469D}
2012-02-23 05:18 - 2010-09-20 16:41 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-22 19:55 - 2012-02-22 19:55 - 0000000 ____D C:\Users\Mitch\AppData\Local\{7C83D626-42F8-43FC-80BC-3015EB37EAC5}
2012-02-22 19:55 - 2012-02-22 19:55 - 0000000 ____D C:\Users\Mitch\AppData\Local\{4BD12530-2FC2-4BD8-9D8F-C4D10EFE06A8}
2012-02-22 11:47 - 2012-02-22 11:46 - 0393776 ____A (ArenaNet) C:\Users\Mitch\Downloads\Scannertron.exe
2012-02-22 11:32 - 2010-09-20 16:42 - 0000000 ____D C:\Users\Mitch\AppData\Roaming\Adobe
2012-02-22 05:11 - 2012-02-22 05:10 - 0000000 ____D C:\Users\Mitch\AppData\Local\{8E778E3D-1914-475D-BF4C-EDA1FE834FC7}
2012-02-21 16:12 - 2012-02-21 16:12 - 0000000 ____D C:\Users\Mitch\AppData\Local\{01973062-FBFC-450C-BF3F-E0887C7E779A}
2012-02-21 16:12 - 2012-02-21 16:11 - 0000000 ____D C:\Users\Mitch\AppData\Local\{E474933E-A708-4B0B-B67A-38106315BE0A}
2012-02-21 05:57 - 2012-02-21 05:55 - 0000000 ____D C:\Users\Mitch\AppData\Local\{2B75D2A0-A2AB-47F5-BB9B-EF13A31535EE}
2012-02-21 05:20 - 2012-02-21 05:20 - 0011450 ____A C:\Users\Mitch\Documents\Condensed Photoshop Outline TIJ10.docx
2012-02-21 05:16 - 2012-02-21 05:16 - 0001079 ____A C:\Users\Mitch\Downloads\Documents - Shortcut.lnk
2012-02-21 04:46 - 2012-02-20 17:47 - 0000000 ____D C:\Users\Mitch\Desktop\Assignment photos
2012-02-20 19:51 - 2011-04-15 18:25 - 0000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-02-20 19:51 - 2011-04-15 18:25 - 0000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2012-02-20 19:51 - 2010-09-20 16:30 - 0168096 ____A C:\Users\Mitch\AppData\Local\GDIPFONTCACHEV1.DAT
2012-02-20 18:13 - 2012-02-20 18:13 - 0709726 ____A C:\Users\Mitch\Downloads\animal-tiger-011(www.TheWallpapers.org).jpg
2012-02-20 18:12 - 2012-02-20 18:12 - 1473697 ____A C:\Users\Mitch\Downloads\snowy-owl-in-flight-pictures(www.TheWallpapers.org).jpg
2012-02-20 17:41 - 2012-02-20 17:39 - 0000000 ____D C:\Users\Mitch\Downloads\Adobe.Photoshop.Elements.v10.0.Multilingual.Incl.Keymaker-CORE
2012-02-18 19:49 - 2012-02-18 19:45 - 0000000 ____D C:\Users\Mitch\Downloads\The.Big.Bang.Theory.S05E17.HDTV.XviD-LOL
2012-02-17 19:59 - 2012-02-17 19:59 - 0000000 ____D C:\Users\Mitch\AppData\Local\{23C86AAA-DB9D-43F8-B2E8-D10C67640BA0}
2012-02-17 05:11 - 2012-02-17 05:11 - 0000000 ____D C:\Users\Mitch\AppData\Local\{D6728B4D-3F66-4A61-A13C-F0302E84E788}
2012-02-17 05:11 - 2012-02-17 05:10 - 0000000 ____D C:\Users\Mitch\AppData\Local\{F9C7A0A5-A8DF-4F56-A665-EF64CB6E39BB}
2012-02-16 22:38 - 2012-03-14 07:12 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-14 07:12 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-14 07:12 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-14 07:12 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-16 16:56 - 2012-02-16 16:56 - 0000000 ____D C:\Users\Mitch\AppData\Local\{395E9BCA-4681-45F0-9D36-0BC497B9CBDD}
2012-02-16 16:56 - 2012-02-16 16:56 - 0000000 ____D C:\Users\Mitch\AppData\Local\{22E357ED-549A-498B-90BE-6CE0CE9FF18B}
2012-02-16 09:29 - 2010-09-20 16:38 - 0000174 ___SH C:\Users\Mitch\Start Menu\Programs\Startup\desktop.ini
2012-02-16 09:29 - 2010-09-20 16:38 - 0000174 ___SH C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-16 09:27 - 2010-03-01 17:47 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-16 04:56 - 2012-02-16 04:56 - 0000000 ____D C:\Users\Mitch\AppData\Local\{64AA27E7-2F6B-4B52-BF4D-77531D8E1E1C}
2012-02-16 04:56 - 2012-02-16 04:56 - 0000000 ____D C:\Users\Mitch\AppData\Local\{2F2E47AB-2A2D-45BE-AEAF-7B75952433A9}
2012-02-15 18:00 - 2012-02-15 18:00 - 0733288 ____A (Google Inc.) C:\Users\Mitch\Downloads\GoogleVoiceAndVideoSetup.exe
2012-02-15 18:00 - 2010-09-20 16:48 - 0000000 ____D C:\Users\Mitch\AppData\Local\Google
2012-02-15 09:39 - 2010-09-22 19:28 - 0000000 ____D C:\Users\Mitch\Documents\Guild Wars
2012-02-15 07:58 - 2012-02-15 07:58 - 0000000 ____D C:\Users\Mitch\AppData\Local\{FD8C2871-44AF-436C-A7F0-FD75CFD09100}
2012-02-15 07:58 - 2012-02-15 07:58 - 0000000 ____D C:\Users\Mitch\AppData\Local\{3331524E-7B83-48AD-BC66-0AFC5BDB20ED}
2012-02-14 18:15 - 2012-02-14 18:15 - 0000000 ____D C:\Users\Mitch\AppData\Local\{777678BC-EC08-4391-A1E7-4CB276FAC0E2}
2012-02-14 18:15 - 2012-02-14 18:15 - 0000000 ____D C:\Users\Mitch\AppData\Local\{6B2A7C36-91BC-4755-A4F5-46EA0169492C}
2012-02-14 06:14 - 2012-02-14 06:14 - 0000000 ____D C:\Users\Mitch\AppData\Local\{8862F6E6-6224-404C-90C5-0D7179121B9B}
2012-02-14 06:14 - 2012-02-14 06:14 - 0000000 ____D C:\Users\Mitch\AppData\Local\{1ECF5220-FE01-40E8-B897-A1FBAF098B28}
2012-02-14 03:11 - 2011-01-04 03:10 - 0001228 _RASH C:\Users\mom.Mitch-PC\ntuser.pol
2012-02-13 17:07 - 2012-02-13 17:07 - 0000000 ____D C:\Users\Mitch\AppData\Local\{7E3D0AB5-A00C-4CC2-AF13-6187C805A6AA}
2012-02-13 17:07 - 2012-02-13 17:07 - 0000000 ____D C:\Users\Mitch\AppData\Local\{65A8AD51-9A2E-4677-8AE2-3FB3D75428AF}
2012-02-10 18:32 - 2012-02-10 05:24 - 0000000 ____D C:\Users\Mitch\AppData\Local\{ED14B6E1-3C4E-4753-B398-0BE14D6DFCC4}
2012-02-10 05:24 - 2012-02-10 05:24 - 0000000 ____D C:\Users\Mitch\AppData\Local\{4797B774-EF00-4BF7-81DD-63BB91577DF3}
2012-02-09 22:36 - 2012-03-14 07:15 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-03-14 07:15 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-09 10:18 - 2012-02-09 10:17 - 0000000 ____D C:\Users\Mitch\AppData\Local\{B4E9F6E0-43DE-4927-A448-279AEB590EB0}
2012-02-09 10:17 - 2012-02-09 10:17 - 0000000 ____D C:\Users\Mitch\AppData\Local\{1627D9AE-6BF4-42A1-BD53-B3FA5BB55682}
2012-02-08 15:51 - 2012-02-08 15:51 - 0000000 ____D C:\Users\Mitch\AppData\Local\{D73C7028-271B-4B46-BD56-32DBEEEA3427}
2012-02-08 15:51 - 2012-02-08 15:51 - 0000000 ____D C:\Users\Mitch\AppData\Local\{209A6325-68FA-4A2D-8DC6-85877584262F}
2012-02-07 17:34 - 2011-01-01 18:15 - 0000632 _RASH C:\Users\Mitch\ntuser.pol
2012-02-07 17:09 - 2012-02-07 17:09 - 12784694 ____A C:\Users\Mitch\Downloads\Shang-1.2-win32.zip
2012-02-07 16:04 - 2012-02-07 16:04 - 0000000 ____D C:\Users\Mitch\AppData\Local\{A4EFAEB6-9A80-42B6-A1CE-ACD08E8548B2}
2012-02-07 16:04 - 2012-02-07 16:04 - 0000000 ____D C:\Users\Mitch\AppData\Local\{72213EEF-079F-4816-8A65-E5416BCC68E3}
2012-02-06 09:01 - 2012-02-06 09:01 - 0000000 ____D C:\Users\Mitch\AppData\Local\{77C48F52-728D-4060-B20B-316668381CCF}
2012-02-06 09:01 - 2012-02-06 09:00 - 0000000 ____D C:\Users\Mitch\AppData\Local\{D9EFA234-986B-49CE-8C8F-6048ED65C639}
2012-02-05 14:25 - 2012-02-05 14:25 - 0000000 ____D C:\Users\Mitch\AppData\Local\{40D2613C-C882-4955-A22D-6375565CDDDD}
2012-02-05 14:25 - 2012-02-05 14:25 - 0000000 ____D C:\Users\Mitch\AppData\Local\{1045D62C-BD7A-4688-9B76-8DEACDAD40EE}
2012-02-03 18:09 - 2012-02-03 18:08 - 0000000 ____D C:\Users\Mitch\AppData\Local\{C529F2E2-6410-4C9C-B432-06D2065EED6D}
2012-02-03 18:08 - 2012-02-03 18:08 - 0000000 ____D C:\Users\Mitch\AppData\Local\{DD64BB69-E859-4EAF-9988-D8A44BD7DC93}
2012-02-03 16:57 - 2010-09-26 14:15 - 0000000 ____D C:\Program Files (x86)\Guild Wars
2012-02-02 20:34 - 2012-03-14 07:15 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-02 05:25 - 2012-02-02 05:25 - 0000000 ____D C:\Users\Mitch\AppData\Local\{C53FAE24-6299-4A39-B5DE-94D268726D85}
2012-02-02 05:25 - 2012-02-02 05:25 - 0000000 ____D C:\Users\Mitch\AppData\Local\{6C4A2500-DE41-455E-89BF-5618D31813BA}
2012-02-01 17:25 - 2012-02-01 17:25 - 0000000 ____D C:\Users\Mitch\AppData\Local\{84089861-8F2B-43A5-AD78-0FEBDDC839D1}
2012-02-01 17:25 - 2012-02-01 17:25 - 0000000 ____D C:\Users\Mitch\AppData\Local\{0031A499-3F75-468F-A32D-70B0B07449FA}
2012-01-31 17:53 - 2012-01-31 17:53 - 0010465 ____A C:\Users\Mitch\Documents\huck finn notes jan 31.docx
2012-01-29 08:13 - 2012-01-29 08:13 - 0000000 ____D C:\Users\Mitch\AppData\Local\{739DDE11-C236-4AE4-8573-A480ABCD6332}
2012-01-29 08:12 - 2012-01-29 08:12 - 0000000 ____D C:\Users\Mitch\AppData\Local\{7A1F6D61-DE9A-49FB-BE85-87CD29ABD34B}
2012-01-27 19:25 - 2012-01-27 19:25 - 0037723 ____A C:\Users\Mitch\Documents\OON final.docx
2012-01-26 06:21 - 2012-01-26 06:21 - 0000000 ____D C:\Users\Mitch\AppData\Local\{FDBFA176-49CF-43D8-A9E8-3CB572F9DA44}
2012-01-26 06:21 - 2012-01-26 06:21 - 0000000 ____D C:\Users\Mitch\AppData\Local\{62E30559-B2C7-4BF3-B98D-AAEA701F1B4F}
2012-01-25 17:16 - 2012-01-25 17:16 - 0000000 ____D C:\Users\Mitch\AppData\Local\{F88D8427-8A9B-43AB-A6F7-18328EE51D2A}
2012-01-25 17:16 - 2012-01-25 17:15 - 0000000 ____D C:\Users\Mitch\AppData\Local\{CE0E7F6E-5E17-4F5B-8AA5-E9ABFD87F9EB}
2012-01-25 05:15 - 2012-01-25 05:15 - 0000000 ____D C:\Users\Mitch\AppData\Local\{9E5F9016-4E0A-4417-A8C4-892498A7A02D}
2012-01-25 05:15 - 2012-01-25 05:15 - 0000000 ____D C:\Users\Mitch\AppData\Local\{1A04109F-60B8-4F86-ABE4-67FCF2D18F44}
2012-01-24 22:38 - 2012-03-14 07:12 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 22:38 - 2012-03-14 07:12 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 22:33 - 2012-03-14 07:12 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-24 17:34 - 2010-09-30 06:40 - 0000000 ____D C:\Users\Mitch\Downloads\Linear Algebra
2012-01-24 16:09 - 2012-01-24 15:59 - 154275929 ____A C:\Users\Mitch\Downloads\[M._Morris_Mano,_Michael_D._Ciletti]_Digital_Design.4E.Text.and.Solutions.zip
2012-01-24 12:53 - 2012-01-24 12:53 - 0000000 ____D C:\Users\Mitch\AppData\Local\{81F5C491-B9B1-4A9B-B5AB-CE8BE1762FA8}
2012-01-24 12:53 - 2012-01-24 12:52 - 0000000 ____D C:\Users\Mitch\AppData\Local\{7672383C-424B-43C8-860C-77A911377290}
2012-01-24 10:24 - 2012-01-24 10:23 - 36456121 ____A C:\Users\Mitch\Downloads\Numerical Analysis.pdf
2012-01-24 10:14 - 2012-01-24 10:14 - 0000000 ____D C:\Users\Mitch\AppData\Roaming\Help
2012-01-24 10:09 - 2012-01-24 10:09 - 0000000 ____D C:\Users\Mitch\AppData\Roaming\Sun
2012-01-22 16:09 - 2012-01-22 16:09 - 0000000 ____D C:\Users\Mitch\AppData\Local\{D99E3758-FE27-4350-B729-7E809F6A6898}
2012-01-22 16:09 - 2012-01-22 16:09 - 0000000 ____D C:\Users\Mitch\AppData\Local\{5FDA0A17-1484-4C3D-BDE7-A4A105A38FF2}
2012-01-21 15:45 - 2012-01-21 15:45 - 0000000 ____D C:\Users\Mitch\AppData\Local\{A11604A5-BB50-4BAB-B89F-AB65F4190203}
2012-01-21 15:45 - 2012-01-21 15:44 - 0000000 ____D C:\Users\Mitch\AppData\Local\{7454C000-8AB6-4AA6-9EB6-CEC6BD3C3F83}
2012-01-19 14:48 - 2012-01-19 14:48 - 0000000 ____D C:\Users\Mitch\AppData\Local\{B813EFA4-E6A6-4F21-AA92-5B9C8FC0386B}
2012-01-19 14:48 - 2012-01-19 14:47 - 0000000 ____D C:\Users\Mitch\AppData\Local\{AC8ABB2B-D12E-4406-A273-6D5DA606E5E4}
2012-01-18 08:52 - 2012-01-18 08:52 - 0000000 ____D C:\Users\Mitch\AppData\Local\{7F144ED1-3194-4222-A44D-EAAE79A7A33C}
2012-01-18 08:52 - 2012-01-18 08:52 - 0000000 ____D C:\Users\Mitch\AppData\Local\{54B187B3-222C-4C2C-AEA3-20F6F3432BBB}
2012-01-17 09:31 - 2012-01-17 09:31 - 0000000 ____D C:\Users\Mitch\AppData\Local\{244DB13A-0C3F-4D8E-B4F6-13202642B939}
2012-01-17 09:31 - 2012-01-17 09:31 - 0000000 ____D C:\Users\Mitch\AppData\Local\{156EAB31-39FC-4125-805A-A8FDDFA25C55}
2012-01-17 05:47 - 2012-01-17 05:47 - 0000000 ____D C:\Users\Mitch\AppData\Local\{9CDA4A51-17F9-49E8-AE2F-B618CF46B4D2}
2012-01-16 12:05 - 2012-01-16 12:04 - 0000000 ____D C:\Users\Mitch\AppData\Local\{1BD80FAE-66F6-4885-A6DC-208BA329FEFB}
2012-01-16 12:04 - 2012-01-16 12:04 - 0000000 ____D C:\Users\Mitch\AppData\Local\{83696111-91F1-48AA-8312-7899C121D2C0}
2012-01-15 07:10 - 2012-01-15 07:10 - 0000000 ____D C:\Users\Mitch\AppData\Local\{E3F14F70-FF4D-40D7-ABC6-119AD37FDDAA}
2012-01-15 07:10 - 2012-01-15 07:10 - 0000000 ____D C:\Users\Mitch\AppData\Local\{BC6D0674-C1CC-4658-B695-D6E466C2D712}
2012-01-14 19:10 - 2012-01-14 19:10 - 0000000 ____D C:\Users\Mitch\AppData\Local\{56483EEE-A067-478C-941F-D1D92E5B930F}
2012-01-14 19:10 - 2012-01-14 19:09 - 0000000 ____D C:\Users\Mitch\AppData\Local\{CC030756-6DB2-41C4-BAF0-C0A4FCA67258}
2012-01-14 07:09 - 2012-01-14 07:09 - 0000000 ____D C:\Users\Mitch\AppData\Local\{B8B67508-B440-4103-92F6-69EC0DF20DEA}
2012-01-14 07:09 - 2012-01-14 07:09 - 0000000 ____D C:\Users\Mitch\AppData\Local\{A3A0BBC5-0D36-45E7-B3D2-C54DD3642457}
2012-01-13 12:52 - 2012-01-13 12:52 - 0000000 ____D C:\Users\Mitch\AppData\Local\{9D22F282-E276-4079-BAAE-B955E769599F}
2012-01-13 12:52 - 2012-01-13 12:51 - 0000000 ____D C:\Users\Mitch\AppData\Local\{2C297BB6-DCEE-402F-A4B3-5EA79ED2443A}
2012-01-12 19:55 - 2012-01-12 19:55 - 0000000 ____D C:\Users\Mitch\AppData\Local\{D026B7E7-77CE-42BF-87C3-8D626DD3EFBE}
2012-01-12 19:54 - 2012-01-12 19:54 - 0000000 ____D C:\Users\Mitch\AppData\Local\{DB61796E-E4A2-431C-9BED-AA30EA937BB7}
2012-01-12 07:17 - 2012-01-12 07:16 - 0000000 ____D C:\Users\Mitch\AppData\Local\{A2386A6B-A351-4362-8BDB-4414AC89B455}
2012-01-12 07:16 - 2012-01-12 07:16 - 0000000 ____D C:\Users\Mitch\AppData\Local\{1D2BC42D-E7E2-4B52-B2C1-B98802B64155}
2012-01-11 15:46 - 2012-01-11 15:45 - 0000000 ____D C:\Users\Mitch\AppData\Local\{8CC05EF4-B98D-4695-A0D9-A0F7ECF6DA14}
2012-01-11 15:45 - 2012-01-11 15:45 - 0000000 ____D C:\Users\Mitch\AppData\Local\{D2C3DB89-2A75-47CC-83F8-7327C672B941}
2012-01-09 18:53 - 2012-01-09 18:53 - 0000000 ____D C:\Users\Mitch\AppData\Local\{54F87F36-9EB9-48C3-9319-7FA78EAFAE47}
2012-01-09 18:53 - 2012-01-09 18:53 - 0000000 ____D C:\Users\Mitch\AppData\Local\{17B0596F-8E6A-484F-8A8B-B4AE2FD72F00}
2012-01-07 15:55 - 2012-01-07 15:55 - 0000000 ____D C:\Users\Mitch\AppData\Local\{6119BF38-9A8B-4B63-A21B-B2C7B19A525C}

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 19%
Total physical RAM: 3893.86 MB
Available physical RAM: 3131.86 MB
Total Pagefile: 3892.01 MB
Available Pagefile: 3126.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:443.65 GB) (Free:243.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:21.81 GB) (Free:3.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
5 Drive h: (HANTROOPER) (Removable) (Total:3.67 GB) (Free:3.38 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 3768 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 443 GB 200 MB
Partition 3 Primary 21 GB 443 GB
Partition 4 Primary 103 MB 465 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 443 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 21 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3767 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H HANTROOPER FAT32 Removable 3767 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-10 14:45

======================= End Of Log ==========================

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 PM

Posted 05 April 2012 - 08:16 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
AtJob::
Folder::
c:\program files (x86)\ConduitEngine

File::
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
c:\windows\SysWow64\iemARkm2.com_
c:\windows\system32\dds_trash_log.cmd

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 mjawkins

mjawkins
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 05 April 2012 - 11:38 PM

Everything looks good now, no infections found on full system scans and all the windows/malware programs are up and running again.

here's the log from ComboFix:

ComboFix 12-04-05.09 - Mitch 05/04/2012 23:48:08.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3894.1920 [GMT -4:00]
Running from: c:\users\Mitch\Desktop\ComboFix.exe
Command switches used :: c:\users\Mitch\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\assembly\GAC_32\Desktop.ini"
"c:\windows\assembly\GAC_64\Desktop.ini"
"c:\windows\system32\dds_trash_log.cmd"
"c:\windows\SysWow64\iemARkm2.com_"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ConduitEngine
c:\program files (x86)\ConduitEngine\appContextMenu.xml
c:\program files (x86)\ConduitEngine\ConduitEngine.dll
c:\program files (x86)\ConduitEngine\ConduitEngineHelper.exe
c:\program files (x86)\ConduitEngine\ConduitEngineUninstall.exe
c:\program files (x86)\ConduitEngine\engineContextMenu.xml
c:\program files (x86)\ConduitEngine\EngineSettings.json
c:\program files (x86)\ConduitEngine\INSTALL.LOG
c:\program files (x86)\ConduitEngine\toolbar.cfg
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\dds_trash_log.cmd
c:\windows\SysWow64\iemARkm2.com_
c:\windows\Tasks\At10.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At8.job
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache86\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 )))))))))))))))))))))))))))))))
.
.
2012-04-06 03:58 . 2012-04-06 03:58 -------- d-----w- c:\users\mom\AppData\Local\temp
2012-04-06 03:58 . 2012-04-06 03:58 -------- d-----w- c:\users\mom.Mitch-PC\AppData\Local\temp
2012-04-06 03:58 . 2012-04-06 03:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-06 03:11 . 2012-04-06 03:13 -------- d-----w- C:\FRST
2012-04-03 16:16 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3A98FCF3-312E-4AF2-844C-D84524BC17DC}\mpengine.dll
2012-03-30 14:36 . 2012-03-30 14:36 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-03-29 21:05 . 2012-03-29 21:05 -------- d-----w- C:\_OTL
2012-03-29 20:08 . 2012-03-29 20:08 8767136 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-29 20:02 . 2012-03-29 20:08 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-29 19:59 . 2012-03-29 19:59 -------- d-----w- c:\users\Mitch\AppData\Local\Symantec
2012-03-29 17:43 . 2012-03-29 17:43 -------- d-----w- c:\users\Mitch\AppData\Roaming\Malwarebytes
2012-03-29 17:43 . 2012-03-29 17:43 -------- d-----w- c:\programdata\Malwarebytes
2012-03-29 17:43 . 2012-03-29 17:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-29 17:43 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 03:38 . 2012-04-06 03:09 -------- d-----w- c:\programdata\Recovery
2012-03-29 00:02 . 2012-03-29 00:02 -------- d-----w- c:\users\Mitch\AppData\Roaming\Tific
2012-03-28 23:56 . 2012-03-28 23:56 -------- d-----we c:\windows\system64
2012-03-27 03:17 . 2012-03-30 15:07 -------- d-----w- c:\users\Mitch\AppData\Local\NPE
2012-03-27 01:40 . 2012-03-31 16:07 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-03-26 21:51 . 2012-03-26 21:51 -------- d-----w- c:\program files (x86)\Rovio
2012-03-19 02:32 . 2012-03-19 02:32 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 02:32 . 2012-03-19 02:32 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-15 12:06 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 12:06 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 12:06 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 15:15 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 15:15 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 15:15 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 15:12 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 15:12 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 15:12 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 15:12 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 15:12 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 15:12 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 15:12 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-29 20:08 . 2011-06-13 22:39 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-24 00:33 . 2012-02-24 00:33 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-24 00:33 . 2012-02-24 00:33 1798656 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-24 00:33 . 2012-02-24 00:33 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-24 00:33 . 2012-02-24 00:33 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-24 00:33 . 2012-02-24 00:33 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-24 00:33 . 2012-02-24 00:33 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-24 00:33 . 2012-02-24 00:33 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-24 00:33 . 2012-02-24 00:33 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-24 00:33 . 2012-02-24 00:33 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-24 00:33 . 2012-02-24 00:33 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-24 00:33 . 2012-02-24 00:33 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-24 00:33 . 2012-02-24 00:33 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-24 00:33 . 2012-02-24 00:33 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-24 00:33 . 2012-02-24 00:33 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-24 00:33 . 2012-02-24 00:33 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-24 00:33 . 2012-02-24 00:33 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-24 00:33 . 2012-02-24 00:33 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-24 00:33 . 2012-02-24 00:33 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-24 00:33 . 2012-02-24 00:33 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-24 00:33 . 2012-02-24 00:33 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-24 00:33 . 2012-02-24 00:33 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-24 00:33 . 2012-02-24 00:33 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-24 00:33 . 2012-02-24 00:33 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-24 00:33 . 2012-02-24 00:33 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-24 00:33 . 2012-02-24 00:33 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-24 00:33 . 2012-02-24 00:33 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-24 00:33 . 2012-02-24 00:33 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-24 00:33 . 2012-02-24 00:33 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-24 00:33 . 2012-02-24 00:33 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-24 00:33 . 2012-02-24 00:33 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-24 00:33 . 2012-02-24 00:33 448512 ----a-w- c:\windows\system32\html.iec
2012-02-24 00:33 . 2012-02-24 00:33 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-24 00:33 . 2012-02-24 00:33 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-24 00:33 . 2012-02-24 00:33 2308096 ----a-w- c:\windows\system32\jscript9.dll
2012-02-24 00:33 . 2012-02-24 00:33 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-24 00:33 . 2012-02-24 00:33 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-24 00:33 . 2012-02-24 00:33 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-24 00:33 . 2012-02-24 00:33 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-24 00:33 . 2012-02-24 00:33 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-24 00:33 . 2012-02-24 00:33 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-24 00:33 . 2012-02-24 00:33 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-24 00:33 . 2012-02-24 00:33 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-23 13:18 . 2010-09-21 00:41 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-31_16.24.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-01 23:37 . 2012-03-31 16:37 49880 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-06 04:02 44726 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-22 02:02 . 2012-04-06 04:02 14944 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-470935310-1960509635-4070439341-1000_UserData.bin
+ 2010-03-01 23:37 . 2012-03-31 16:37 49880 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-06 04:02 44726 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-22 02:02 . 2012-04-06 04:02 14944 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-470935310-1960509635-4070439341-1000_UserData.bin
+ 2012-04-06 03:59 . 2012-04-06 03:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-31 16:23 . 2012-03-31 16:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-06 03:59 . 2012-04-06 03:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-31 16:23 . 2012-03-31 16:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-24 13:49 . 2012-04-03 16:05 316686 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-09-21 00:59 . 2012-04-06 03:27 608780 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-04-05 22:43 664992 c:\windows\system64\perfh009.dat
- 2009-07-14 02:36 . 2012-03-31 15:33 664992 c:\windows\system64\perfh009.dat
- 2009-07-14 02:36 . 2012-03-31 15:33 125696 c:\windows\system64\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-05 22:43 125696 c:\windows\system64\perfc009.dat
+ 2010-09-24 13:49 . 2012-04-03 16:05 316686 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-09-21 00:59 . 2012-04-06 03:27 608780 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-03-31 15:33 664992 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-05 22:43 664992 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-05 22:43 125696 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-31 15:33 125696 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-04-06 03:59 544832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-31 16:22 544832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-28 22:41 . 2012-04-06 03:59 2986664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-01-28 22:41 . 2012-03-31 16:22 2986664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-04-02 22:38 . 2012-04-02 22:38 8006656 c:\windows\Installer\1027578e.msi
+ 2010-09-22 00:00 . 2012-04-06 03:59 56852904 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-470935310-1960509635-4070439341-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-01-28 1712184]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-06-16 2736128]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-21 39408]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-01-02 395640]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-10 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Facebook Update"="c:\users\Mitch\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-11 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-04 3331944]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [BU]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"4Y3Y0C3AUF7W1VXVNTECSGW"="c:\recycle.bin\B6232F3ABBB.exe" [BU]
.
c:\users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-12-26 576000]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-12-12 117248]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-15 169624]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-04-16 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-02-08 338168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-04 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 17:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 20:08]
.
2012-04-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-470935310-1960509635-4070439341-1000Core.job
- c:\users\Mitch\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-11 16:15]
.
2012-04-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-470935310-1960509635-4070439341-1000UA.job
- c:\users\Mitch\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-11 16:15]
.
2012-04-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-09-21 17:59]
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-470935310-1960509635-4070439341-1000Core.job
- c:\users\Mitch\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-16 02:00]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-470935310-1960509635-4070439341-1000UA.job
- c:\users\Mitch\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-16 02:00]
.
2012-03-27 c:\windows\Tasks\HPCeeScheduleForMitch.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 11:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-20 107832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-02 172032]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2009-12-16 8192]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-04-16 487424]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 415256]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
sprtsvc_dellsupportcenter
.
------- Supplementary Scan -------
.
uStart Page = hxxp://easy-google-search.blogspot.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 24.226.1.93 24.226.10.193
FF - ProfilePath - c:\users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\i7gftcmw.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-5528014799800033:cevktqnfrvl&ie=ISO-8859-1&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files (x86)\ConduitEngine\ConduitEngine.dll
BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files (x86)\ConduitEngine\ConduitEngine.dll
AddRemove-conduitEngine - c:\progra~2\CONDUI~1\ConduitEngineUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:82,b7,1a,18,a4,0b,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-04-06 00:06:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-06 04:06
ComboFix2.txt 2012-03-31 16:30
ComboFix3.txt 2012-03-28 23:12
.
Pre-Run: 261,952,294,912 bytes free
Post-Run: 262,028,021,760 bytes free
.
- - End Of File - - 2FE1929B1582B230569FC52012F272EB

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 PM

Posted 05 April 2012 - 11:41 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.0
µTorrent
Conduit Engine
Java™ 6 Update 26
McAfee Security Scan Plus
uTorrentBar Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 PM

Posted 09 April 2012 - 12:03 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 PM

Posted 11 April 2012 - 11:18 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users