Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.Boot.Pihar.b help.


  • This topic is locked This topic is locked
20 replies to this topic

#1 Gemmy1082

Gemmy1082

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 04 April 2012 - 10:44 PM

My brother gave me his computer to fix. He said that he have tried reformatting but even after formatting, he notice that the computer is still off so he asked me to work on it. I Downloaded TDSSKiller last night and ran that program and it found

[InfectedObject]
Verdict: Rootkit.Boot.Pihar.b


so I cleaned that. Then a ran Malwarebyte and it found trojan svchost.exe which I quarantined. Then I ran Avast and it found
MBR;Alureon-M [Rtk]
Win32DNScharger-VJ [Trj]
Win32:Alureon-MJ@mbr [Rtk]
Win32Malware-gen
MBR:Alureon-M [Rtk]
MBR:Alureon-B [Rtk]
Win32-Alureon-ANW [Rtk]
Which my brother deleted as I left it running as I went to bed.

Today, I ran the TDSSKiller again changing the parameters to included "detect TDLFS file system" and it found

[InfectedObject]
Verdict: TDSS File System
Name: \Device\Harddisk0\DR0

Which I tried to quarantine, but I got some popups from my Antivirus program saying something about it had blocked the intrusion.

So at this point I'm not sure what to do as the system still acts up and I just did a bit of research into Boot.Pihar.b and it seems like a pretty nasty thing and figure I needed help with the removal. I just hope that I didn't do anything that I wasn't suppose to do and cause more problems. I'm sorry if i have.

anyways, here are the logs


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by peter at 20:02:09 on 2012-04-04
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3002.1306 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\werfault.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.prospector.metrolist.net/
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=e525&r=273603120715l03e4z125r49722343
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=e525&r=273603120715l03e4z125r49722343
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=e525&r=273603120715l03e4z125r49722343
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - C:\ProgramData\Partner\Partner.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5AFA072E-BE8F-40DF-A867-0EE8CC7B7033} : DhcpNameServer = 192.168.1.1
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\hteo6244.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-4-3 44768]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [2009-11-5 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-17 144640]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-11-5 240160]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-3 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-3 136176]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-17 50432]
S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2009-11-5 332272]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-5 225280]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-05 01:01:28 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2012-04-05 00:58:08 -------- d-----w- C:\Users\peter\AppData\Local\Comodo
2012-04-05 00:58:00 -------- d-----w- C:\ProgramData\CPA_VA
2012-04-05 00:54:25 -------- d-----w- C:\ProgramData\Comodo
2012-04-05 00:54:22 -------- d-----w- C:\Program Files\COMODO
2012-04-05 00:54:17 -------- d-----w- C:\Program Files (x86)\Comodo
2012-04-05 00:54:15 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-04-05 00:54:15 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2012-04-05 00:54:15 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2012-04-04 18:10:39 995328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2012-04-04 18:09:30 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2012-04-04 06:24:39 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-04-04 06:24:38 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-04-04 06:24:37 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-04-04 06:23:20 41184 ----a-w- C:\Windows\avastSS.scr
2012-04-04 06:23:05 -------- d-----w- C:\ProgramData\AVAST Software
2012-04-04 06:23:05 -------- d-----w- C:\Program Files\AVAST Software
2012-04-04 05:59:43 -------- d-----w- C:\Windows\SysWow64\Wat
2012-04-04 05:59:43 -------- d-----w- C:\Windows\System32\Wat
2012-04-04 05:43:49 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2012-04-04 05:43:48 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2012-04-04 05:34:48 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2012-04-04 05:34:48 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2012-04-04 05:34:48 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2012-04-04 05:34:48 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-04-04 05:34:48 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-04-04 05:34:48 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2012-04-04 05:34:48 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2012-04-04 05:34:48 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-04-04 05:34:48 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-04-04 05:34:48 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2012-04-04 05:20:14 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-04 05:18:05 -------- d-----w- C:\Users\peter\AppData\Roaming\Malwarebytes
2012-04-04 05:17:25 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-04 05:17:24 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-04 05:17:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-03 08:15:02 714752 ----a-w- C:\Windows\System32\kerberos.dll
2012-04-03 08:15:02 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-04-03 08:13:54 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2012-04-03 08:12:52 1975296 ----a-w- C:\Windows\System32\CertEnroll.dll
2012-04-03 08:12:52 1320960 ----a-w- C:\Windows\SysWow64\CertEnroll.dll
2012-04-03 08:12:32 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-04-03 08:12:13 2080256 ----a-w- C:\Program Files\Windows Mail\msoe.dll
2012-04-03 08:12:13 1619968 ----a-w- C:\Program Files (x86)\Windows Mail\msoe.dll
2012-04-03 08:12:07 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2012-04-03 08:10:56 52224 ----a-w- C:\Windows\System32\rtutils.dll
2012-04-03 08:09:56 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-04-03 08:08:39 1877504 ----a-w- C:\Windows\System32\msxml3.dll
2012-04-03 08:08:39 1233920 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-04-03 08:08:08 603976 ----a-w- C:\Windows\System32\winload.exe
2012-04-03 08:08:08 518160 ----a-w- C:\Windows\System32\winresume.exe
2012-04-03 08:08:07 640896 ----a-w- C:\Windows\System32\winload.efi
2012-04-03 08:08:07 556928 ----a-w- C:\Windows\System32\winresume.efi
2012-04-03 08:08:07 20352 ----a-w- C:\Windows\System32\kdusb.dll
2012-04-03 08:08:07 19328 ----a-w- C:\Windows\System32\kd1394.dll
2012-04-03 08:08:07 17792 ----a-w- C:\Windows\System32\kdcom.dll
2012-04-03 08:08:03 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2012-04-03 08:08:03 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2012-04-03 08:06:52 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-04-03 08:06:52 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-04-03 08:06:30 720896 ----a-w- C:\Windows\System32\odbc32.dll
2012-04-03 08:06:30 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2012-04-03 08:06:30 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2012-04-03 08:06:30 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2012-04-03 08:06:30 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2012-04-03 08:06:30 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-04-03 08:06:29 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-04-03 08:06:29 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2012-04-03 08:06:29 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2012-04-03 08:06:29 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2012-04-03 07:52:00 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2012-04-03 07:52:00 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2012-04-03 07:51:59 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-04-03 07:51:59 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-04-03 07:51:43 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-03 07:51:42 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-03 07:51:42 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-03 07:50:31 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BC65CC63-BA87-44C2-A26B-749D8646665A}\mpengine.dll
2012-04-03 07:50:31 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-04-03 07:44:26 -------- d-----w- C:\Users\peter\AppData\Local\Diagnostics
2012-04-03 07:34:03 -------- d-----w- C:\Users\peter\AppData\Local\Google
2012-04-01 06:13:57 -------- d-----w- C:\Windows\NAPP_Dism_Log
2012-04-01 05:32:26 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2012-04-01 05:32:26 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2012-04-01 05:32:08 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-04-01 05:31:28 -------- d-----w- C:\Program Files (x86)\Microsoft
2012-04-01 05:31:14 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
2012-04-01 05:30:35 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\908193c11cd0fc8\DSETUP.dll
2012-04-01 05:30:35 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\908193c11cd0fc8\DXSETUP.exe
2012-04-01 05:30:35 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\908193c11cd0fc8\dsetup32.dll
2012-04-01 05:30:15 141402440 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlcF8B0.tmp
2012-04-01 05:30:10 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2012-04-01 05:29:18 -------- d-----w- C:\Program Files\Apoint2K
2012-04-01 05:29:11 98816 ----a-w- C:\Windows\System32\Vxdif.dll
2012-04-01 05:29:10 245296 ----a-w- C:\Windows\System32\drivers\Apfiltr.sys
2012-04-01 05:29:09 1919968 ----a-w- C:\Windows\System32\WdfCoInstaller01005.dll
2012-04-01 05:28:29 -------- d-----w- C:\Windows\SysWow64\Atheros_L1e
2012-04-01 05:27:33 -------- d---a-w- C:\book
2012-04-01 05:27:04 -------- d-----w- C:\Users\peter\AppData\Local\VirtualStore
2012-04-01 05:25:49 -------- d-----w- C:\Program Files (x86)\OEM
2012-04-01 05:25:11 -------- d-----w- C:\ProgramData\OEM_E471269A730D
2012-04-01 05:18:43 -------- d-----w- C:\Windows\SysWow64\x64
2012-04-01 05:18:43 -------- d-----w- C:\Windows\SysWow64\Lang
2012-04-01 05:18:41 948760 ----a-w- C:\Windows\SysWow64\igxpun.exe
2012-03-12 04:13:42 577824 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2012-03-12 04:13:42 43248 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2012-03-12 04:13:40 22696 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2012-03-12 04:13:22 41200 ----a-w- C:\Windows\System32\cmdcsr.dll
2012-03-12 04:13:20 301224 ----a-w- C:\Windows\SysWow64\guard32.dll
2012-03-12 04:13:18 389840 ----a-w- C:\Windows\System32\guard64.dll
.
==================== Find3M ====================
.
2012-04-04 18:09:30 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2012-04-01 05:19:56 6 ----a-w- C:\Windows\System32\PLD_Framework.cmd
2012-02-15 06:27:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-15 05:44:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-15 04:47:21 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-15 04:46:59 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:18:10 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 06:17:55 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-10 06:17:54 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-10 06:17:54 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-10 06:17:54 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-10 05:41:38 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-10 05:41:20 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41:20 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-10 05:41:20 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-10 05:41:19 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-01-25 06:27:11 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:27:11 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:20:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 20:07:58.88 ===============

As for the GMER program for some reason when I open it on the right hand side, all the check boxes are grey out except for "service" "Registry" "File" and "ADS" it wont let me check the other boxes. Not sure if I should still use the scanner since I can't check the other box. Please let me know what I should do. Thanks

Attached Files


Edited by Gemmy1082, 04 April 2012 - 10:46 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:23 PM

Posted 07 April 2012 - 11:52 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Gemmy1082

Gemmy1082
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 08 April 2012 - 03:15 PM

sorry, took me a while to get it to boot in Advance Boot Options. Heres the log

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by peter at 08-04-2012 13:06:24
Running from E:\
(X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

========================== Registry (Whitelisted) =============

HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit] [x]
HKLM\...\Winlogon: [Shell]
HKLM-x32\...\Winlogon: [Shell] [x ] ()

==================== Services (Whitelisted) ======


========================== Drivers (Whitelisted) =============


========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-08 13:06 - 2012-04-08 13:06 - 0000000 ____D C:\FRST
2012-04-08 13:03 - 2012-04-08 13:05 - 0161564 ____A C:\Windows\ntbtlog.txt
2012-04-04 20:42 - 2012-04-04 20:42 - 0003011 ____A C:\Users\peter\Desktop\ark.txt
2012-04-04 20:26 - 2012-04-04 20:26 - 0000000 ____D C:\Users\peter\Desktop\gmer
2012-04-04 20:23 - 2012-04-04 20:23 - 0021147 ____A C:\Users\peter\Desktop\DDS.txt
2012-04-04 20:23 - 2012-04-04 20:23 - 0000747 ____A C:\Users\peter\Desktop\Attach.txt
2012-04-04 20:08 - 2012-04-04 20:11 - 0003028 ____A C:\TDSSKiller.2.7.25.0_04.04.2012_20.08.49_log.txt
2012-04-04 19:49 - 2012-04-04 19:49 - 0294216 ____A C:\Users\peter\Desktop\gmer.zip
2012-04-04 19:47 - 2012-04-04 19:48 - 0607260 ____R (Swearware) C:\Users\peter\Desktop\dds.scr
2012-04-04 18:53 - 2012-04-04 18:53 - 0000156 ____A C:\Users\peter\Desktop\bd_immunizer.log
2012-04-04 18:35 - 2012-04-04 18:35 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-04-04 18:20 - 2012-04-04 18:20 - 0739856 ____A (Google Inc.) C:\Users\peter\Downloads\ChromeSetup.exe
2012-04-04 18:03 - 2012-04-04 18:59 - 0468134 ____A C:\TDSSKiller.2.7.25.0_04.04.2012_18.03.17_log.txt
2012-04-04 18:01 - 2012-04-04 18:01 - 0001092 ____A C:\Users\peter\Desktop\SpywareBlaster.lnk
2012-04-04 18:01 - 2012-04-04 18:01 - 0000000 ____D C:\Program Files (x86)\SpywareBlaster
2012-04-04 17:58 - 2012-04-04 17:58 - 0000000 ____D C:\Users\peter\AppData\Local\Comodo
2012-04-04 17:58 - 2012-04-04 17:58 - 0000000 ____D C:\Users\All Users\CPA_VA
2012-04-04 17:58 - 2012-04-04 17:58 - 0000000 ____D C:\ProgramData\CPA_VA
2012-04-04 17:54 - 2012-04-04 17:58 - 0000000 ____D C:\Program Files (x86)\Comodo
2012-04-04 17:54 - 2012-04-04 17:56 - 0000000 ____D C:\Users\All Users\Comodo
2012-04-04 17:54 - 2012-04-04 17:56 - 0000000 ____D C:\ProgramData\Comodo
2012-04-04 17:54 - 2012-04-04 17:54 - 1700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2012-04-04 17:54 - 2012-04-04 17:54 - 1060864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2012-04-04 17:54 - 2012-04-04 17:54 - 0348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-04-04 17:54 - 2012-04-04 17:54 - 0001846 ____A C:\Users\Public\Desktop\COMODO Firewall.lnk
2012-04-04 17:54 - 2012-04-04 17:54 - 0000000 ____D C:\Program Files\COMODO
2012-04-04 17:43 - 2012-04-04 17:43 - 0001143 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-04-04 17:43 - 2012-04-04 17:43 - 0000000 ____D C:\Users\peter\AppData\Roaming\Mozilla
2012-04-04 17:43 - 2012-04-04 17:43 - 0000000 ____D C:\Users\peter\AppData\Local\Mozilla
2012-04-04 17:43 - 2012-04-04 17:43 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-04 11:10 - 2012-04-04 11:10 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-04-04 11:10 - 2012-04-04 11:10 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-04-04 11:10 - 2012-04-04 11:10 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-04 11:10 - 2012-04-04 11:10 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-04 11:10 - 2012-04-04 11:10 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-04 11:10 - 2012-04-04 11:10 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-04 11:10 - 2012-04-04 11:10 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-04-04 11:10 - 2012-04-04 11:10 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-04-04 11:10 - 2012-04-04 11:10 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-04-04 11:10 - 2012-04-04 11:10 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-04-04 11:10 - 2012-04-04 11:10 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-04-04 11:10 - 2012-04-04 11:10 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-04-04 11:10 - 2012-04-04 11:10 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-04-04 11:10 - 2012-04-04 11:10 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-04-04 11:10 - 2012-04-04 11:10 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-04-04 11:10 - 2012-04-04 11:10 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-04-04 11:10 - 2012-04-04 11:10 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-04-04 11:10 - 2012-04-04 11:10 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-04-04 11:10 - 2012-04-04 11:10 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-04-04 11:10 - 2012-04-04 11:10 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-04-04 11:10 - 2012-04-04 11:10 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-04-04 11:10 - 2012-04-04 11:10 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-04-04 11:10 - 2012-04-04 11:10 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-04-04 11:10 - 2012-04-04 11:10 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-04-04 11:10 - 2012-04-04 11:10 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-04-04 11:10 - 2012-04-04 11:10 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-04-04 11:10 - 2012-04-04 11:10 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-04-04 11:10 - 2012-04-04 11:10 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-04-04 11:09 - 2012-04-04 11:09 - 4068864 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2012-04-04 11:09 - 2012-04-04 11:09 - 3181568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2012-04-04 11:09 - 2012-04-04 11:09 - 1888256 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2012-04-04 11:09 - 2012-04-04 11:09 - 1863680 ____A (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2012-04-04 11:09 - 2012-04-04 11:09 - 1619456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2012-04-04 11:09 - 2012-04-04 11:09 - 1495040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2012-04-04 11:09 - 2012-04-04 11:09 - 1133568 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-04-04 11:09 - 2012-04-04 11:09 - 0982912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2012-04-04 11:09 - 2012-04-04 11:09 - 0662528 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-04-04 11:09 - 2012-04-04 11:09 - 0470016 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-04-04 11:09 - 2012-04-04 11:09 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2012-04-04 11:09 - 2012-04-04 11:09 - 0283648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2012-04-04 11:09 - 2012-04-04 11:09 - 0265088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2012-04-04 11:09 - 2012-04-04 11:09 - 0257024 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-04-04 11:09 - 2012-04-04 11:09 - 0229888 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2012-04-04 11:09 - 2012-04-04 11:09 - 0206848 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
2012-04-04 11:09 - 2012-04-04 11:09 - 0196608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2012-04-04 11:09 - 2012-04-04 11:09 - 0144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2012-04-04 11:09 - 2012-04-04 11:09 - 0135168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2012-04-03 23:24 - 2012-04-08 12:59 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-03 23:24 - 2012-04-08 12:36 - 0000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-03 23:24 - 2012-04-03 23:24 - 0001850 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-04-03 23:24 - 2012-04-03 23:24 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2012-04-03 23:24 - 2012-03-06 16:15 - 0258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-04-03 23:24 - 2012-03-06 16:04 - 0819032 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-04-03 23:24 - 2012-03-06 16:04 - 0337240 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-04-03 23:24 - 2012-03-06 16:02 - 0053080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-04-03 23:24 - 2012-03-06 16:01 - 0069976 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-04-03 23:24 - 2012-03-06 16:01 - 0059224 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-04-03 23:24 - 2012-03-06 16:01 - 0024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-04-03 23:23 - 2012-04-03 23:23 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-04-03 23:23 - 2012-04-03 23:23 - 0000000 ____D C:\ProgramData\AVAST Software
2012-04-03 23:23 - 2012-04-03 23:23 - 0000000 ____D C:\Program Files\AVAST Software
2012-04-03 23:23 - 2012-03-06 16:15 - 0201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-04-03 23:23 - 2012-03-06 16:15 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-04-03 23:05 - 2012-04-03 23:09 - 0116408 ____A C:\TDSSKiller.2.7.25.0_03.04.2012_23.05.03_log.txt
2012-04-03 22:43 - 2009-09-09 23:28 - 0311808 ____A (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2012-04-03 22:43 - 2009-09-09 22:52 - 0257024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2012-04-03 22:34 - 2009-11-25 12:47 - 1942856 ____A (Microsoft Corporation) C:\Windows\System32\dfshim.dll
2012-04-03 22:34 - 2009-11-25 12:47 - 1130824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2012-04-03 22:34 - 2009-11-25 12:47 - 0444752 ____A (Microsoft Corporation) C:\Windows\System32\mscoree.dll
2012-04-03 22:34 - 2009-11-25 12:47 - 0320352 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
2012-04-03 22:34 - 2009-11-25 12:47 - 0297808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2012-04-03 22:34 - 2009-11-25 12:47 - 0295264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2012-04-03 22:34 - 2009-11-25 12:47 - 0109912 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHostProxy.dll
2012-04-03 22:34 - 2009-11-25 12:47 - 0099176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2012-04-03 22:34 - 2009-11-25 12:47 - 0049472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2012-04-03 22:34 - 2009-11-25 12:47 - 0048960 ____A (Microsoft Corporation) C:\Windows\System32\netfxperf.dll
2012-04-03 22:33 - 2012-04-04 11:11 - 0007701 ____A C:\Windows\IE9_main.log
2012-04-03 22:30 - 2012-04-03 22:30 - 0001144 ____A C:\Users\Public\Desktop\Microsoft Works.lnk
2012-04-03 22:30 - 2012-04-03 22:30 - 0000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-04-03 22:30 - 2012-04-03 22:30 - 0000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2012-04-03 22:20 - 2012-04-04 18:42 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-03 22:18 - 2012-04-03 22:18 - 0000000 ____D C:\Users\peter\AppData\Roaming\Malwarebytes
2012-04-03 22:17 - 2012-04-03 22:17 - 0001122 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-03 22:17 - 2012-04-03 22:17 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-03 22:17 - 2012-04-03 22:17 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-03 22:17 - 2012-04-03 22:17 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-03 22:17 - 2011-12-10 15:24 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 22:15 - 2012-04-03 22:21 - 0118910 ____A C:\TDSSKiller.2.7.25.0_03.04.2012_22.15.23_log.txt
2012-04-03 22:10 - 2012-04-03 22:10 - 0388608 ____A (Trend Micro Inc.) C:\Users\peter\Desktop\HijackThis.exe
2012-04-03 13:43 - 2012-04-03 22:15 - 2072112 ____A (Kaspersky Lab ZAO) C:\Users\peter\Desktop\TDSSKiller.exe
2012-04-03 01:15 - 2010-12-17 23:11 - 0714752 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-04-03 01:15 - 2010-12-17 22:29 - 0541184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-04-03 01:14 - 2011-10-25 22:22 - 1572864 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-04-03 01:14 - 2011-10-25 22:22 - 0366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-04-03 01:14 - 2011-10-25 21:28 - 1328640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2012-04-03 01:14 - 2011-10-25 21:28 - 0514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-04-03 01:14 - 2011-06-15 02:58 - 0212992 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll
2012-04-03 01:14 - 2011-06-15 02:58 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll
2012-04-03 01:14 - 2011-06-15 02:58 - 0106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll
2012-04-03 01:14 - 2011-06-15 02:58 - 0106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll
2012-04-03 01:14 - 2011-06-15 02:04 - 0319488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2012-04-03 01:14 - 2011-06-15 02:04 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2012-04-03 01:14 - 2011-06-15 02:04 - 0122880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2012-04-03 01:14 - 2011-06-15 02:04 - 0086016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2012-04-03 01:14 - 2011-06-15 02:04 - 0081920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2012-04-03 01:14 - 2011-04-26 19:57 - 0102400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys
2012-04-03 01:14 - 2011-04-08 23:58 - 0142336 ____A (Microsoft Corporation) C:\Windows\System32\poqexec.exe
2012-04-03 01:14 - 2011-04-08 22:56 - 0123904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2012-04-03 01:14 - 2010-12-22 23:07 - 1118720 ____A (Microsoft Corporation) C:\Windows\System32\sbe.dll
2012-04-03 01:14 - 2010-12-22 23:07 - 0961024 ____A (Microsoft Corporation) C:\Windows\System32\CPFilters.dll
2012-04-03 01:14 - 2010-12-22 23:02 - 0259072 ____A (Microsoft Corporation) C:\Windows\System32\mpg2splt.ax
2012-04-03 01:14 - 2010-12-22 22:28 - 0850432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2012-04-03 01:14 - 2010-12-22 22:28 - 0642048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2012-04-03 01:14 - 2010-12-22 22:24 - 0199680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2012-04-03 01:14 - 2010-08-25 22:27 - 0148992 ____A (Microsoft Corporation) C:\Windows\System32\t2embed.dll
2012-04-03 01:14 - 2010-08-25 21:39 - 0109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2012-04-03 01:14 - 2010-03-05 00:52 - 0084992 ____A (Microsoft Corporation) C:\Windows\System32\asycfilt.dll
2012-04-03 01:14 - 2010-03-05 00:42 - 0067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2012-04-03 01:13 - 2011-11-17 00:17 - 0152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-04-03 01:13 - 2011-11-17 00:17 - 0095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-04-03 01:13 - 2011-11-17 00:15 - 0460296 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-04-03 01:13 - 2011-11-17 00:12 - 0395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-04-03 01:13 - 2011-11-17 00:11 - 0136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-04-03 01:13 - 2011-11-17 00:11 - 0028672 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-04-03 01:13 - 2011-11-17 00:11 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-04-03 01:13 - 2011-11-17 00:10 - 0340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-04-03 01:13 - 2011-11-17 00:08 - 1446912 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-04-03 01:13 - 2011-11-17 00:05 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-04-03 01:13 - 2011-11-16 22:39 - 0314368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2012-04-03 01:13 - 2011-11-16 22:39 - 0224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-04-03 01:13 - 2011-11-16 22:39 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-04-03 01:13 - 2011-11-16 22:35 - 0096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-04-03 01:13 - 2011-07-08 19:44 - 0287744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2012-04-03 01:13 - 2011-05-03 19:51 - 0157696 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2012-04-03 01:13 - 2011-05-03 19:51 - 0126464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2012-04-03 01:13 - 2010-11-01 22:18 - 0524288 ____A (Microsoft Corporation) C:\Windows\System32\wmicmiplugin.dll
2012-04-03 01:13 - 2010-11-01 22:17 - 1169408 ____A (Microsoft Corporation) C:\Windows\System32\taskschd.dll
2012-04-03 01:13 - 2010-11-01 22:17 - 0473600 ____A (Microsoft Corporation) C:\Windows\System32\taskcomp.dll
2012-04-03 01:13 - 2010-11-01 22:16 - 1114624 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
2012-04-03 01:13 - 2010-11-01 22:10 - 0464384 ____A (Microsoft Corporation) C:\Windows\System32\taskeng.exe
2012-04-03 01:13 - 2010-11-01 22:10 - 0285696 ____A (Microsoft Corporation) C:\Windows\System32\schtasks.exe
2012-04-03 01:13 - 2010-11-01 21:40 - 0496128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2012-04-03 01:13 - 2010-11-01 21:40 - 0305152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2012-04-03 01:13 - 2010-11-01 21:34 - 0192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2012-04-03 01:13 - 2010-11-01 21:34 - 0179712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2012-04-03 01:13 - 2010-06-28 22:39 - 2085376 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll
2012-04-03 01:13 - 2010-06-28 22:02 - 1413632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2012-04-03 01:13 - 2010-05-05 00:37 - 0483840 ____A (Microsoft Corporation) C:\Windows\System32\StructuredQuery.dll
2012-04-03 01:13 - 2010-05-04 23:46 - 0363520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2012-04-03 01:12 - 2012-02-02 21:16 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-04-03 01:12 - 2011-10-25 22:19 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2012-04-03 01:12 - 2010-07-27 07:59 - 14162944 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-04-03 01:12 - 2010-07-27 07:03 - 12867584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-04-03 01:12 - 2009-09-03 00:36 - 1975296 ____A (Microsoft Corporation) C:\Windows\System32\CertEnroll.dll
2012-04-03 01:12 - 2009-09-03 00:04 - 1320960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2012-04-03 01:11 - 2012-02-09 23:18 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-04-03 01:11 - 2012-02-09 23:17 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-04-03 01:11 - 2012-02-09 23:17 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-04-03 01:11 - 2012-02-09 23:17 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-04-03 01:11 - 2012-02-09 23:17 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-04-03 01:11 - 2012-02-09 22:41 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-04-03 01:11 - 2012-02-09 22:41 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-04-03 01:11 - 2012-02-09 22:41 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-04-03 01:11 - 2012-02-09 22:41 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-04-03 01:11 - 2012-02-09 22:41 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-04-03 01:11 - 2011-09-29 09:24 - 1897328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-04-03 01:11 - 2011-03-10 23:19 - 1395712 ____A (Microsoft Corporation) C:\Windows\System32\mfc42.dll
2012-04-03 01:11 - 2011-03-10 23:19 - 1359872 ____A (Microsoft Corporation) C:\Windows\System32\mfc42u.dll
2012-04-03 01:11 - 2011-03-10 22:40 - 1164288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2012-04-03 01:11 - 2011-03-10 22:40 - 1137664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2012-04-03 01:11 - 2010-08-20 23:31 - 0633856 ____A (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2012-04-03 01:11 - 2010-08-20 22:33 - 0530432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2012-04-03 01:11 - 2009-10-30 23:34 - 2870272 ____A (Microsoft Corporation) C:\Windows\explorer.exe
2012-04-03 01:11 - 2009-10-30 22:45 - 2614272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2012-04-03 01:11 - 2009-10-27 23:24 - 0389632 ____A (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2012-04-03 01:10 - 2011-04-28 20:13 - 0461312 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2012-04-03 01:10 - 2011-04-28 20:12 - 0399872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2012-04-03 01:10 - 2011-04-28 20:12 - 0161792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2012-04-03 01:10 - 2011-03-02 23:17 - 0356352 ____A (Microsoft Corporation) C:\Windows\System32\dnsapi.dll
2012-04-03 01:10 - 2011-03-02 23:17 - 0182272 ____A (Microsoft Corporation) C:\Windows\System32\dnsrslvr.dll
2012-04-03 01:10 - 2011-03-02 23:14 - 0030208 ____A (Microsoft Corporation) C:\Windows\System32\dnscacheugc.exe
2012-04-03 01:10 - 2011-03-02 22:29 - 0269824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2012-04-03 01:10 - 2011-03-02 22:27 - 0028672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2012-04-03 01:10 - 2011-02-18 23:36 - 0046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-04-03 01:10 - 2011-02-18 22:32 - 0034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-04-03 01:10 - 2011-02-18 21:13 - 0367104 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-04-03 01:10 - 2011-02-18 20:37 - 0294912 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-04-03 01:10 - 2010-08-20 23:38 - 1024512 ____A (Microsoft Corporation) C:\Windows\System32\wmpmde.dll
2012-04-03 01:10 - 2010-08-20 23:29 - 0558592 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-04-03 01:10 - 2010-08-20 22:36 - 0738816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2012-04-03 01:10 - 2010-07-28 23:30 - 0082944 ____A (Radius Inc.) C:\Windows\SysWOW64\iccvid.dll
2012-04-03 01:10 - 2010-06-18 23:53 - 0052224 ____A (Microsoft Corporation) C:\Windows\System32\rtutils.dll
2012-04-03 01:10 - 2010-06-18 23:23 - 0037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rtutils.dll
2012-04-03 01:10 - 2009-12-19 02:50 - 0014848 ____A (Microsoft Corporation) C:\Windows\System32\tsbyuv.dll
2012-04-03 01:10 - 2009-12-19 02:47 - 0038912 ____A (Microsoft Corporation) C:\Windows\System32\msvidc32.dll
2012-04-03 01:10 - 2009-12-19 02:47 - 0025088 ____A (Microsoft Corporation) C:\Windows\System32\msyuv.dll
2012-04-03 01:10 - 2009-12-19 02:47 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\msrle32.dll
2012-04-03 01:10 - 2009-12-19 02:46 - 0054272 ____A (Microsoft Corporation) C:\Windows\System32\iyuv_32.dll
2012-04-03 01:10 - 2009-12-19 02:02 - 0091648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\avifil32.dll
2012-04-03 01:10 - 2009-12-19 02:02 - 0084480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mciavi32.dll
2012-04-03 01:10 - 2009-12-19 02:02 - 0050176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iyuv_32.dll
2012-04-03 01:10 - 2009-12-19 02:02 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvidc32.dll
2012-04-03 01:10 - 2009-12-19 02:02 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msyuv.dll
2012-04-03 01:10 - 2009-12-19 02:02 - 0013312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrle32.dll
2012-04-03 01:10 - 2009-12-19 02:02 - 0012288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsbyuv.dll
2012-04-03 01:10 - 2009-10-19 07:46 - 0100864 ____A (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2012-04-03 01:10 - 2009-10-19 07:10 - 0070656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2012-04-03 01:09 - 2011-12-27 20:59 - 0499200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-04-03 01:09 - 2011-08-16 22:32 - 0613888 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2012-04-03 01:09 - 2011-08-16 22:27 - 0288256 ____A (Microsoft Corporation) C:\Windows\System32\MSNP.ax
2012-04-03 01:09 - 2011-08-16 22:27 - 0108032 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2012-04-03 01:09 - 2011-08-16 22:27 - 0104960 ____A (Microsoft Corporation) C:\Windows\System32\Mpeg2Data.ax
2012-04-03 01:09 - 2011-08-16 22:27 - 0075776 ____A (Microsoft Corporation) C:\Windows\System32\MSDvbNP.ax
2012-04-03 01:09 - 2011-08-16 21:26 - 0465408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2012-04-03 01:09 - 2011-08-16 21:22 - 0204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSNP.ax
2012-04-03 01:09 - 2011-08-16 21:22 - 0075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2012-04-03 01:09 - 2011-08-16 21:22 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax
2012-04-03 01:09 - 2011-08-16 21:22 - 0059904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax
2012-04-03 01:08 - 2011-02-05 05:41 - 0640896 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
2012-04-03 01:08 - 2011-02-05 05:41 - 0556928 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
2012-04-03 01:08 - 2011-02-05 05:41 - 0020352 ____A (Microsoft Corporation) C:\Windows\System32\kdusb.dll
2012-04-03 01:08 - 2011-02-05 05:41 - 0019328 ____A (Microsoft Corporation) C:\Windows\System32\kd1394.dll
2012-04-03 01:08 - 2011-02-05 05:41 - 0017792 ____A (Microsoft Corporation) C:\Windows\System32\kdcom.dll
2012-04-03 01:08 - 2011-02-05 05:39 - 0603976 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2012-04-03 01:08 - 2011-02-05 05:39 - 0518160 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2012-04-03 01:08 - 2010-08-30 21:32 - 0954752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc40.dll
2012-04-03 01:08 - 2010-08-30 21:32 - 0954288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc40u.dll
2012-04-03 01:08 - 2010-06-07 23:02 - 1233920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-04-03 01:08 - 2010-06-07 22:36 - 1877504 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-04-03 01:07 - 2011-12-16 01:42 - 0634368 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-04-03 01:07 - 2011-12-16 00:59 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-04-03 01:07 - 2011-10-14 23:25 - 0723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2012-04-03 01:07 - 2011-10-14 22:48 - 0534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2012-04-03 01:07 - 2011-08-26 22:40 - 0861184 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2012-04-03 01:07 - 2011-08-26 22:40 - 0331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2012-04-03 01:07 - 2011-08-26 21:43 - 0571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2012-04-03 01:07 - 2011-08-26 21:43 - 0233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2012-04-03 01:07 - 2011-07-15 22:26 - 0362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-04-03 01:07 - 2011-07-15 22:26 - 0243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-04-03 01:07 - 2011-07-15 22:26 - 0214528 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-04-03 01:07 - 2011-07-15 22:26 - 0013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-04-03 01:07 - 2011-07-15 22:24 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-04-03 01:07 - 2011-07-15 22:21 - 1162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-04-03 01:07 - 2011-07-15 22:21 - 0422400 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-04-03 01:07 - 2011-07-15 22:17 - 0338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-04-03 01:07 - 2011-07-15 22:04 - 0006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 22:04 - 0005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 22:04 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 22:04 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 22:04 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 22:04 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 22:04 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 22:04 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 22:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 22:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 22:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 22:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 22:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 22:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 22:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 22:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 22:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 22:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 22:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 22:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 22:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 22:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 22:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 22:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 22:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 22:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 22:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 22:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 21:36 - 0014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-04-03 01:07 - 2011-07-15 21:31 - 0025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-04-03 01:07 - 2011-07-15 21:30 - 1048576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-04-03 01:07 - 2011-07-15 21:30 - 0272384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-04-03 01:07 - 2011-07-15 21:30 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-04-03 01:07 - 2011-07-15 21:19 - 0005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 21:19 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 21:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 21:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 21:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 21:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 21:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 21:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 21:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 21:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 21:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 21:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 21:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 21:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 21:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 21:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 21:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 21:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 21:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 21:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 21:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 21:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 21:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 21:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 19:26 - 0007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-04-03 01:07 - 2011-07-15 19:26 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-04-03 01:07 - 2011-07-15 19:21 - 0006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 19:21 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 19:21 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-04-03 01:07 - 2011-07-15 19:21 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-04-03 01:07 - 2011-05-24 04:21 - 0404992 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
2012-04-03 01:07 - 2011-05-24 03:34 - 0145920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2012-04-03 01:07 - 2011-05-24 03:34 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2012-04-03 01:07 - 2011-05-24 03:34 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2012-04-03 01:07 - 2011-05-24 03:32 - 0252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2012-04-03 01:07 - 2011-05-02 22:21 - 0976896 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2012-04-03 01:07 - 2011-05-02 21:50 - 0740864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2012-04-03 01:07 - 2011-02-22 22:15 - 0090624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
2012-04-03 01:07 - 2011-02-11 23:14 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\FXSCOVER.exe
2012-04-03 01:07 - 2010-12-17 23:12 - 3138048 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2012-04-03 01:07 - 2010-12-17 23:08 - 1097216 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2012-04-03 01:07 - 2010-12-17 22:30 - 2690560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2012-04-03 01:07 - 2010-12-17 22:26 - 1034240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2012-04-03 01:07 - 2010-10-15 22:23 - 0112000 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2012-04-03 01:07 - 2010-08-31 22:21 - 14627840 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll
2012-04-03 01:07 - 2010-08-31 22:12 - 12625920 ____A (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2012-04-03 01:07 - 2010-08-31 21:29 - 11406848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2012-04-03 01:07 - 2010-08-31 21:23 - 12625408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2012-04-03 01:07 - 2009-08-29 00:50 - 0046592 ____A (Microsoft Corporation) C:\Windows\System32\msasn1.dll
2012-04-03 01:07 - 2009-08-28 23:57 - 0034816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msasn1.dll
2012-04-03 01:06 - 2011-11-04 22:17 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-04-03 01:06 - 2011-11-04 21:30 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-04-03 01:06 - 2010-10-15 22:17 - 0720896 ____A (Microsoft Corporation) C:\Windows\System32\odbc32.dll
2012-04-03 01:06 - 2010-10-15 21:34 - 0573440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbc32.dll
2012-04-03 00:52 - 2010-08-26 23:14 - 0236032 ____A (Microsoft Corporation) C:\Windows\System32\srvsvc.dll
2012-04-03 00:52 - 2010-08-26 22:46 - 0009728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2012-04-03 00:51 - 2011-11-17 00:14 - 1739160 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-04-03 00:51 - 2011-11-16 22:41 - 1292592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2012-04-03 00:51 - 2011-06-22 22:29 - 5507968 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-03 00:51 - 2011-06-22 21:38 - 3957120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-04-03 00:51 - 2011-06-22 21:38 - 3902336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-03 00:50 - 2012-02-23 09:18 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-04-03 00:47 - 2012-02-14 23:27 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-04-03 00:47 - 2012-02-14 22:44 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-04-03 00:47 - 2012-02-14 21:47 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-03 00:47 - 2012-02-14 21:46 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-04-03 00:47 - 2012-01-24 23:27 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-03 00:47 - 2012-01-24 23:27 - 0076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-03 00:47 - 2012-01-24 23:20 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-03 00:47 - 2011-11-19 08:07 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-04-03 00:47 - 2011-11-19 07:06 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2012-04-03 00:47 - 2010-01-09 00:19 - 0139264 ____A (Microsoft Corporation) C:\Windows\System32\cabview.dll
2012-04-03 00:47 - 2010-01-08 23:52 - 0132608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cabview.dll
2012-04-03 00:47 - 2009-12-29 01:03 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-03 00:47 - 2009-12-28 23:55 - 0172032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-03 00:34 - 2012-04-04 18:42 - 0000000 ____D C:\Users\peter\AppData\Local\Google
2012-04-03 00:34 - 2012-04-03 00:34 - 0000000 ____D C:\Users\peter\AppData\Roaming\Google
2012-04-03 00:34 - 2012-04-03 00:34 - 0000000 ____D C:\Users\peter\AppData\Roaming\Adobe
2012-03-31 23:15 - 2012-03-31 23:13 - 0011453 ____A C:\Windows\ChangeLang_Done.tag
2012-03-31 23:13 - 2012-03-31 23:13 - 0000000 ____D C:\Windows\NAPP_Dism_Log
2012-03-31 22:32 - 2012-03-31 22:32 - 0031362 ____A C:\Windows\DirectX.log
2012-03-31 22:32 - 2012-03-31 22:32 - 0000020 ____A C:\Windows\$˘B
2012-03-31 22:32 - 2012-03-31 22:32 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-03-31 22:32 - 2006-11-29 13:06 - 4398360 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
2012-03-31 22:32 - 2006-11-29 13:06 - 3426072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2012-03-31 22:31 - 2012-03-31 22:31 - 0000000 ____D C:\Program Files (x86)\Windows Live SkyDrive
2012-03-31 22:30 - 2012-03-31 22:33 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-03-31 22:29 - 2012-03-31 22:29 - 0004886 ____A C:\Windows\DPINST.LOG
2012-03-31 22:29 - 2012-03-31 22:29 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_Apfiltr_01005.Wdf
2012-03-31 22:29 - 2012-03-31 22:29 - 0000000 ____D C:\Program Files\Apoint2K
2012-03-31 22:29 - 2009-06-15 03:03 - 0245296 ____A (Alps Electric Co., Ltd.) C:\Windows\System32\Drivers\Apfiltr.sys
2012-03-31 22:29 - 2009-05-07 23:47 - 0098816 ____A (Alps Electric Co., Ltd.) C:\Windows\System32\Vxdif.dll
2012-03-31 22:29 - 2006-11-01 17:04 - 1919968 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01005.dll
2012-03-31 22:28 - 2012-03-31 22:28 - 0000000 ____D C:\Windows\SysWOW64\Atheros_L1e
2012-03-31 22:27 - 2012-04-03 23:03 - 0000174 ___SH C:\Users\peter\Start Menu\Programs\Startup\desktop.ini
2012-03-31 22:27 - 2012-04-03 23:03 - 0000174 ___SH C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-03-31 22:27 - 2012-04-03 22:11 - 0000000 ____D C:\Users\peter\AppData\Local\VirtualStore
2012-03-31 22:27 - 2012-03-31 22:27 - 0000000 ___AD C:\book
2012-03-31 22:27 - 2012-03-31 22:27 - 0000000 ____D C:\Users\peter\AppData\Roaming\Macromedia
2012-03-31 22:25 - 2012-03-31 22:46 - 0079152 ____A C:\Users\peter\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-31 22:25 - 2012-03-31 22:25 - 0002609 ____A C:\Users\Public\Desktop\eBay.lnk
2012-03-31 22:25 - 2012-03-31 22:25 - 0002117 ____A C:\Users\Public\Desktop\Netflix.lnk
2012-03-31 22:25 - 2012-03-31 22:25 - 0000000 ____D C:\Users\Public\Symantec
2012-03-31 22:25 - 2012-03-31 22:25 - 0000000 ____D C:\Users\All Users\OEM_E471269A730D
2012-03-31 22:25 - 2012-03-31 22:25 - 0000000 ____D C:\ProgramData\OEM_E471269A730D
2012-03-31 22:25 - 2012-03-31 22:25 - 0000000 ____D C:\Program Files (x86)\OEM
2012-03-31 22:24 - 2012-04-03 00:34 - 0000000 ____D C:\Users\peter\AppData\LocalLow
2012-03-31 22:24 - 2012-03-31 22:27 - 0000000 ____D C:\users\peter
2012-03-31 22:24 - 2012-03-31 22:24 - 0014450 ____A C:\Windows\System32\results.xml
2012-03-31 22:24 - 2012-03-31 22:24 - 0000020 ___SH C:\Users\peter\ntuser.ini
2012-03-31 22:24 - 2012-03-31 22:24 - 0000000 __SHD C:\Users\peter\Templates
2012-03-31 22:24 - 2012-03-31 22:24 - 0000000 __SHD C:\Users\peter\Start Menu
2012-03-31 22:24 - 2012-03-31 22:24 - 0000000 __SHD C:\Users\peter\PrintHood
2012-03-31 22:24 - 2012-03-31 22:24 - 0000000 __SHD C:\Users\peter\NetHood
2012-03-31 22:24 - 2012-03-31 22:24 - 0000000 __SHD C:\Users\peter\My Documents
2012-03-31 22:24 - 2012-03-31 22:24 - 0000000 __SHD C:\Users\peter\Documents\My Videos
2012-03-31 22:24 - 2012-03-31 22:24 - 0000000 __SHD C:\Users\peter\Documents\My Pictures
2012-03-31 22:24 - 2012-03-31 22:24 - 0000000 __SHD C:\Users\peter\Documents\My Music
2012-03-31 22:24 - 2012-03-31 22:24 - 0000000 __SHD C:\Users\peter\AppData\Local\Temporary Internet Files
2012-03-31 22:24 - 2012-03-31 22:24 - 0000000 __SHD C:\Users\peter\AppData\Local\History
2012-03-31 22:24 - 2012-03-31 22:24 - 0000000 __SHD C:\Recovery
2012-03-31 22:24 - 2009-07-14 00:44 - 0000000 ____D C:\Users\peter\AppData\Roaming\Media Center Programs
2012-03-31 22:19 - 2012-04-05 05:46 - 1711438 ____A C:\Windows\WindowsUpdate.log
2012-03-31 22:18 - 2012-03-31 22:18 - 0000000 ____D C:\Windows\SysWOW64\x64
2012-03-31 22:18 - 2012-03-31 22:18 - 0000000 ____D C:\Windows\SysWOW64\Lang
2012-03-31 22:18 - 2010-08-25 19:45 - 0948760 ____A (Intel Corporation) C:\Windows\SysWOW64\igxpun.exe
2012-03-31 22:18 - 2009-11-05 10:48 - 0681508 ____A C:\Windows\System32\oem6.inf
2012-03-31 22:16 - 2012-04-08 13:03 - 2360856576 __ASH C:\hiberfil.sys
2012-03-11 21:13 - 2012-03-11 21:13 - 0577824 ____A (COMODO) C:\Windows\System32\Drivers\cmdGuard.sys
2012-03-11 21:13 - 2012-03-11 21:13 - 0389840 ____A (COMODO) C:\Windows\System32\guard64.dll
2012-03-11 21:13 - 2012-03-11 21:13 - 0301224 ____A (COMODO) C:\Windows\SysWOW64\guard32.dll
2012-03-11 21:13 - 2012-03-11 21:13 - 0043248 ____A (COMODO) C:\Windows\System32\Drivers\cmdhlp.sys
2012-03-11 21:13 - 2012-03-11 21:13 - 0041200 ____A (COMODO) C:\Windows\System32\cmdcsr.dll
2012-03-11 21:13 - 2012-03-11 21:13 - 0022696 ____A (COMODO) C:\Windows\System32\Drivers\cmderd.sys

============ 3 Months Modified Files and Folders =============

2012-04-08 13:06 - 2012-04-08 13:06 - 0000000 ____D C:\FRST
2012-04-08 13:05 - 2012-04-08 13:03 - 0161564 ____A C:\Windows\ntbtlog.txt
2012-04-08 13:05 - 2009-07-13 22:13 - 0713888 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-08 13:03 - 2012-03-31 22:16 - 2360856576 __ASH C:\hiberfil.sys
2012-04-08 12:59 - 2012-04-03 23:24 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-08 12:58 - 2009-07-13 22:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-08 12:58 - 2009-07-13 21:51 - 0047785 ____A C:\Windows\setupact.log
2012-04-08 12:36 - 2012-04-03 23:24 - 0000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-05 05:46 - 2012-03-31 22:19 - 1711438 ____A C:\Windows\WindowsUpdate.log
2012-04-04 20:42 - 2012-04-04 20:42 - 0003011 ____A C:\Users\peter\Desktop\ark.txt
2012-04-04 20:26 - 2012-04-04 20:26 - 0000000 ____D C:\Users\peter\Desktop\gmer
2012-04-04 20:23 - 2012-04-04 20:23 - 0021147 ____A C:\Users\peter\Desktop\DDS.txt
2012-04-04 20:23 - 2012-04-04 20:23 - 0000747 ____A C:\Users\peter\Desktop\Attach.txt
2012-04-04 20:11 - 2012-04-04 20:08 - 0003028 ____A C:\TDSSKiller.2.7.25.0_04.04.2012_20.08.49_log.txt
2012-04-04 19:49 - 2012-04-04 19:49 - 0294216 ____A C:\Users\peter\Desktop\gmer.zip
2012-04-04 19:49 - 2009-07-13 21:45 - 0009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-04 19:49 - 2009-07-13 21:45 - 0009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-04 19:48 - 2012-04-04 19:47 - 0607260 ____R (Swearware) C:\Users\peter\Desktop\dds.scr
2012-04-04 19:41 - 2009-11-05 11:17 - 0207494 ____A C:\Windows\PFRO.log
2012-04-04 18:59 - 2012-04-04 18:03 - 0468134 ____A C:\TDSSKiller.2.7.25.0_04.04.2012_18.03.17_log.txt
2012-04-04 18:53 - 2012-04-04 18:53 - 0000156 ____A C:\Users\peter\Desktop\bd_immunizer.log
2012-04-04 18:42 - 2012-04-03 22:20 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-04 18:42 - 2012-04-03 00:34 - 0000000 ____D C:\Users\peter\AppData\Local\Google
2012-04-04 18:40 - 2011-06-07 21:14 - 4675584 ____A (BitDefender LLC) C:\Users\peter\Desktop\BDUSBImmunizer.exe
2012-04-04 18:35 - 2012-04-04 18:35 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-04-04 18:20 - 2012-04-04 18:20 - 0739856 ____A (Google Inc.) C:\Users\peter\Downloads\ChromeSetup.exe
2012-04-04 18:01 - 2012-04-04 18:01 - 0001092 ____A C:\Users\peter\Desktop\SpywareBlaster.lnk
2012-04-04 18:01 - 2012-04-04 18:01 - 0000000 ____D C:\Program Files (x86)\SpywareBlaster
2012-04-04 17:58 - 2012-04-04 17:58 - 0000000 ____D C:\Users\peter\AppData\Local\Comodo
2012-04-04 17:58 - 2012-04-04 17:58 - 0000000 ____D C:\Users\All Users\CPA_VA
2012-04-04 17:58 - 2012-04-04 17:58 - 0000000 ____D C:\ProgramData\CPA_VA
2012-04-04 17:58 - 2012-04-04 17:54 - 0000000 ____D C:\Program Files (x86)\Comodo
2012-04-04 17:56 - 2012-04-04 17:54 - 0000000 ____D C:\Users\All Users\Comodo
2012-04-04 17:56 - 2012-04-04 17:54 - 0000000 ____D C:\ProgramData\Comodo
2012-04-04 17:54 - 2012-04-04 17:54 - 1700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2012-04-04 17:54 - 2012-04-04 17:54 - 1060864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2012-04-04 17:54 - 2012-04-04 17:54 - 0348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-04-04 17:54 - 2012-04-04 17:54 - 0001846 ____A C:\Users\Public\Desktop\COMODO Firewall.lnk
2012-04-04 17:54 - 2012-04-04 17:54 - 0000000 ____D C:\Program Files\COMODO
2012-04-04 17:43 - 2012-04-04 17:43 - 0001143 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-04-04 17:43 - 2012-04-04 17:43 - 0000000 ____D C:\Users\peter\AppData\Roaming\Mozilla
2012-04-04 17:43 - 2012-04-04 17:43 - 0000000 ____D C:\Users\peter\AppData\Local\Mozilla
2012-04-04 17:43 - 2012-04-04 17:43 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-04 17:31 - 2009-07-13 20:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-04-04 11:11 - 2012-04-03 22:33 - 0007701 ____A C:\Windows\IE9_main.log
2012-04-04 11:10 - 2012-04-04 11:10 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-04-04 11:10 - 2012-04-04 11:10 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-04-04 11:10 - 2012-04-04 11:10 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-04 11:10 - 2012-04-04 11:10 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-04 11:10 - 2012-04-04 11:10 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-04 11:10 - 2012-04-04 11:10 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-04 11:10 - 2012-04-04 11:10 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-04-04 11:10 - 2012-04-04 11:10 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-04-04 11:10 - 2012-04-04 11:10 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-04-04 11:10 - 2012-04-04 11:10 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-04-04 11:10 - 2012-04-04 11:10 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-04-04 11:10 - 2012-04-04 11:10 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-04-04 11:10 - 2012-04-04 11:10 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-04-04 11:10 - 2012-04-04 11:10 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-04-04 11:10 - 2012-04-04 11:10 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-04-04 11:10 - 2012-04-04 11:10 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-04-04 11:10 - 2012-04-04 11:10 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-04-04 11:10 - 2012-04-04 11:10 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-04-04 11:10 - 2012-04-04 11:10 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-04-04 11:10 - 2012-04-04 11:10 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-04-04 11:10 - 2012-04-04 11:10 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-04-04 11:10 - 2012-04-04 11:10 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-04-04 11:10 - 2012-04-04 11:10 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-04-04 11:10 - 2012-04-04 11:10 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-04-04 11:10 - 2012-04-04 11:10 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-04-04 11:10 - 2012-04-04 11:10 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-04-04 11:10 - 2012-04-04 11:10 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-04-04 11:10 - 2012-04-04 11:10 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-04-04 11:10 - 2012-04-04 11:10 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-04-04 11:09 - 2012-04-04 11:09 - 4068864 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2012-04-04 11:09 - 2012-04-04 11:09 - 3181568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2012-04-04 11:09 - 2012-04-04 11:09 - 1888256 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2012-04-04 11:09 - 2012-04-04 11:09 - 1863680 ____A (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2012-04-04 11:09 - 2012-04-04 11:09 - 1619456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2012-04-04 11:09 - 2012-04-04 11:09 - 1495040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2012-04-04 11:09 - 2012-04-04 11:09 - 1133568 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-04-04 11:09 - 2012-04-04 11:09 - 0982912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2012-04-04 11:09 - 2012-04-04 11:09 - 0662528 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-04-04 11:09 - 2012-04-04 11:09 - 0470016 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-04-04 11:09 - 2012-04-04 11:09 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2012-04-04 11:09 - 2012-04-04 11:09 - 0283648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2012-04-04 11:09 - 2012-04-04 11:09 - 0265088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2012-04-04 11:09 - 2012-04-04 11:09 - 0257024 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-04-04 11:09 - 2012-04-04 11:09 - 0229888 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2012-04-04 11:09 - 2012-04-04 11:09 - 0206848 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
2012-04-04 11:09 - 2012-04-04 11:09 - 0196608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2012-04-04 11:09 - 2012-04-04 11:09 - 0144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2012-04-04 11:09 - 2012-04-04 11:09 - 0135168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2012-04-04 11:08 - 2009-11-05 10:58 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-04-04 11:08 - 2009-11-05 10:58 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-04-03 23:24 - 2012-04-03 23:24 - 0001850 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-04-03 23:24 - 2012-04-03 23:24 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2012-04-03 23:24 - 2009-11-05 11:10 - 0000000 ____D C:\Program Files (x86)\Google
2012-04-03 23:23 - 2012-04-03 23:23 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-04-03 23:23 - 2012-04-03 23:23 - 0000000 ____D C:\ProgramData\AVAST Software
2012-04-03 23:23 - 2012-04-03 23:23 - 0000000 ____D C:\Program Files\AVAST Software
2012-04-03 23:15 - 2009-11-05 11:15 - 0000000 ____D C:\Users\All Users\Norton
2012-04-03 23:15 - 2009-11-05 11:15 - 0000000 ____D C:\ProgramData\Norton
2012-04-03 23:09 - 2012-04-03 23:05 - 0116408 ____A C:\TDSSKiller.2.7.25.0_03.04.2012_23.05.03_log.txt
2012-04-03 23:03 - 2012-03-31 22:27 - 0000174 ___SH C:\Users\peter\Start Menu\Programs\Startup\desktop.ini
2012-04-03 23:03 - 2012-03-31 22:27 - 0000174 ___SH C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-04-03 23:01 - 2009-07-13 21:45 - 0343552 ____A C:\Windows\System32\FNTCACHE.DAT
2012-04-03 22:59 - 2009-07-13 20:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-04-03 22:30 - 2012-04-03 22:30 - 0001144 ____A C:\Users\Public\Desktop\Microsoft Works.lnk
2012-04-03 22:30 - 2012-04-03 22:30 - 0000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-04-03 22:30 - 2012-04-03 22:30 - 0000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2012-04-03 22:30 - 2009-11-05 11:00 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
2012-04-03 22:27 - 2009-11-05 11:05 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-04-03 22:21 - 2012-04-03 22:15 - 0118910 ____A C:\TDSSKiller.2.7.25.0_03.04.2012_22.15.23_log.txt
2012-04-03 22:18 - 2012-04-03 22:18 - 0000000 ____D C:\Users\peter\AppData\Roaming\Malwarebytes
2012-04-03 22:17 - 2012-04-03 22:17 - 0001122 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-03 22:17 - 2012-04-03 22:17 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-03 22:17 - 2012-04-03 22:17 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-03 22:17 - 2012-04-03 22:17 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-03 22:15 - 2012-04-03 13:43 - 2072112 ____A (Kaspersky Lab ZAO) C:\Users\peter\Desktop\TDSSKiller.exe
2012-04-03 22:11 - 2012-03-31 22:27 - 0000000 ____D C:\Users\peter\AppData\Local\VirtualStore
2012-04-03 22:10 - 2012-04-03 22:10 - 0388608 ____A (Trend Micro Inc.) C:\Users\peter\Desktop\HijackThis.exe
2012-04-03 00:49 - 2009-07-13 22:08 - 0006618 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-03 00:34 - 2012-04-03 00:34 - 0000000 ____D C:\Users\peter\AppData\Roaming\Google
2012-04-03 00:34 - 2012-04-03 00:34 - 0000000 ____D C:\Users\peter\AppData\Roaming\Adobe
2012-04-03 00:34 - 2012-03-31 22:24 - 0000000 ____D C:\Users\peter\AppData\LocalLow
2012-04-03 00:33 - 2009-07-13 20:20 - 0000000 __RHD C:\Users\Public\Libraries
2012-03-31 23:13 - 2012-03-31 23:15 - 0011453 ____A C:\Windows\ChangeLang_Done.tag
2012-03-31 23:13 - 2012-03-31 23:13 - 0000000 ____D C:\Windows\NAPP_Dism_Log
2012-03-31 23:12 - 2009-07-13 22:38 - 0025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2012-03-31 23:12 - 2009-07-13 22:32 - 0028672 ____A C:\Windows\System32\config\BCD-Template
2012-03-31 22:46 - 2012-03-31 22:25 - 0079152 ____A C:\Users\peter\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-31 22:44 - 2009-11-05 11:19 - 0013701 ____A C:\Windows\Patch.log
2012-03-31 22:44 - 2009-11-05 10:34 - 0000000 ___HD C:\OEM
2012-03-31 22:36 - 2009-07-13 20:20 - 0000000 ____D C:\Windows\Help
2012-03-31 22:33 - 2012-03-31 22:30 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-03-31 22:32 - 2012-03-31 22:32 - 0031362 ____A C:\Windows\DirectX.log
2012-03-31 22:32 - 2012-03-31 22:32 - 0000020 ____A C:\Windows\$˘B
2012-03-31 22:32 - 2012-03-31 22:32 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-03-31 22:31 - 2012-03-31 22:31 - 0000000 ____D C:\Program Files (x86)\Windows Live SkyDrive
2012-03-31 22:30 - 2009-07-13 20:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-03-31 22:29 - 2012-03-31 22:29 - 0004886 ____A C:\Windows\DPINST.LOG
2012-03-31 22:29 - 2012-03-31 22:29 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_Apfiltr_01005.Wdf
2012-03-31 22:29 - 2012-03-31 22:29 - 0000000 ____D C:\Program Files\Apoint2K
2012-03-31 22:28 - 2012-03-31 22:28 - 0000000 ____D C:\Windows\SysWOW64\Atheros_L1e
2012-03-31 22:28 - 2009-11-05 10:43 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-03-31 22:28 - 2009-10-05 13:30 - 0000000 ___AD C:\Windows\DeployWinRE2
2012-03-31 22:28 - 2009-07-13 22:32 - 0000000 ____D C:\Windows\System32\restore
2012-03-31 22:27 - 2012-03-31 22:27 - 0000000 ___AD C:\book
2012-03-31 22:27 - 2012-03-31 22:27 - 0000000 ____D C:\Users\peter\AppData\Roaming\Macromedia
2012-03-31 22:27 - 2012-03-31 22:24 - 0000000 ____D C:\users\peter
2012-03-31 22:27 - 2009-11-05 10:50 - 0000287 ____A C:\Windows\preload.log
2012-03-31 22:27 - 2009-07-13 20:18 - 0000000 __SHD C:\$Recycle.Bin
2012-03-31 22:25 - 2012-03-31 22:25 - 0002609 ____A C:\Users\Public\Desktop\eBay.lnk
2012-03-31 22:25 - 2012-03-31 22:25 - 0002117 ____A C:\Users\Public\Desktop\Netflix.lnk
2012-03-31 22:25 - 2012-03-31 22:25 - 0000000 ____D C:\Users\Public\Symantec
2012-03-31 22:25 - 2012-03-31 22:25 - 0000000 ____D C:\Users\All Users\OEM_E471269A730D
2012-03-31 22:25 - 2012-03-31 22:25 - 0000000 ____D C:\ProgramData\OEM_E471269A730D
2012-03-31 22:25 - 2012-03-31 22:25 - 0000000 ____D C:\Program Files (x86)\OEM
2012-03-31 22:25 - 2009-11-05 11:08 - 0000000 ____D C:\Users\All Users\OEM
2012-03-31 22:25 - 2009-11-05 11:08 - 0000000 ____D C:\ProgramData\OEM
2012-03-31 22:25 - 2009-07-13 20:20 - 0000000 ___RD C:\users\Public
2012-03-31 22:25 - 2009-07-13 20:20 - 0000000 ____D C:\Windows\rescache
2012-03-31 22:24 - 2012-03-31 22:24 - 0014450 ____A C:\Windows\System32\results.xml
2012-03-31 22:24 - 2012-03-31 22:24 - 0000020 ___SH C:\Users\peter\ntuser.ini
2012-03-31 22:24 - 2012-03-31 22:24 - 0000000 __SHD C:\Users\peter\Templates
2012-03-31 22:24 - 2012-03-31 22:24 - 0000000 __SHD C:\Users\peter\Start Menu
2012-03-31 22:24 - 2012-03-31 22:24 - 0000000 __SHD C:\Users\peter\PrintHood
2012-03-31 22:24 - 2012-03-31 22:24 - 0000000 __SHD C:\Users\peter\NetHood
2012-03-31 22:24 - 2012-03-31 22:24 - 0000000 __SHD C:\Users\peter\My Documents
2012-03-31 22:24 - 2012-03-31 22:24 - 0000000 __SHD C:\Users\peter\Documents\My Videos
2012-03-31 22:24 - 2012-03-31 22:24 - 0000000 __SHD C:\Users\peter\Documents\My Pictures
2012-03-31 22:24 - 2012-03-31 22:24 - 0000000 __SHD C:\Users\peter\Documents\My Music
2012-03-31 22:24 - 2012-03-31 22:24 - 0000000 __SHD C:\Users\peter\AppData\Local\Temporary Internet Files
2012-03-31 22:24 - 2012-03-31 22:24 - 0000000 __SHD C:\Users\peter\AppData\Local\History
2012-03-31 22:24 - 2012-03-31 22:24 - 0000000 __SHD C:\Recovery
2012-03-31 22:24 - 2009-12-07 02:35 - 0000000 ____D C:\Windows\Panther
2012-03-31 22:24 - 2009-07-13 20:20 - 0000000 ____D C:\Windows\System32\Recovery
2012-03-31 22:23 - 2009-07-13 22:01 - 0039252 ____A C:\Windows\SysWOW64\license.rtf
2012-03-31 22:23 - 2009-07-13 22:01 - 0039252 ____A C:\Windows\System32\license.rtf
2012-03-31 22:19 - 2009-11-05 10:57 - 0000006 ____A C:\Windows\System32\PLD_Framework.cmd
2012-03-31 22:18 - 2012-03-31 22:18 - 0000000 ____D C:\Windows\SysWOW64\x64
2012-03-31 22:18 - 2012-03-31 22:18 - 0000000 ____D C:\Windows\SysWOW64\Lang
2012-03-31 22:18 - 2009-11-05 10:39 - 0003540 ____A C:\Windows\TSSysprep.log
2012-03-31 22:18 - 2009-07-13 21:46 - 0002790 ____A C:\Windows\DtcInstall.log
2012-03-11 21:13 - 2012-03-11 21:13 - 0577824 ____A (COMODO) C:\Windows\System32\Drivers\cmdGuard.sys
2012-03-11 21:13 - 2012-03-11 21:13 - 0389840 ____A (COMODO) C:\Windows\System32\guard64.dll
2012-03-11 21:13 - 2012-03-11 21:13 - 0301224 ____A (COMODO) C:\Windows\SysWOW64\guard32.dll
2012-03-11 21:13 - 2012-03-11 21:13 - 0043248 ____A (COMODO) C:\Windows\System32\Drivers\cmdhlp.sys
2012-03-11 21:13 - 2012-03-11 21:13 - 0041200 ____A (COMODO) C:\Windows\System32\cmdcsr.dll
2012-03-11 21:13 - 2012-03-11 21:13 - 0022696 ____A (COMODO) C:\Windows\System32\Drivers\cmderd.sys
2012-03-06 16:15 - 2012-04-03 23:24 - 0258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-03-06 16:15 - 2012-04-03 23:23 - 0201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-03-06 16:15 - 2012-04-03 23:23 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-03-06 16:04 - 2012-04-03 23:24 - 0819032 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-03-06 16:04 - 2012-04-03 23:24 - 0337240 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-03-06 16:02 - 2012-04-03 23:24 - 0053080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-03-06 16:01 - 2012-04-03 23:24 - 0069976 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-03-06 16:01 - 2012-04-03 23:24 - 0059224 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-03-06 16:01 - 2012-04-03 23:24 - 0024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-02-23 09:18 - 2012-04-03 00:50 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-14 23:27 - 2012-04-03 00:47 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-14 22:44 - 2012-04-03 00:47 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-14 21:47 - 2012-04-03 00:47 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-14 21:46 - 2012-04-03 00:47 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-09 23:18 - 2012-04-03 01:11 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 23:17 - 2012-04-03 01:11 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-02-09 23:17 - 2012-04-03 01:11 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-02-09 23:17 - 2012-04-03 01:11 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-02-09 23:17 - 2012-04-03 01:11 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-02-09 22:41 - 2012-04-03 01:11 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-02-09 22:41 - 2012-04-03 01:11 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-09 22:41 - 2012-04-03 01:11 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-02-09 22:41 - 2012-04-03 01:11 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-02-09 22:41 - 2012-04-03 01:11 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-02-03 19:27 - 2012-02-03 19:27 - 0093200 ____A (COMODO) C:\Windows\System32\Drivers\inspect.sys
2012-02-02 21:16 - 2012-04-03 01:12 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-24 23:27 - 2012-04-03 00:47 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 23:27 - 2012-04-03 00:47 - 0076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 23:20 - 2012-04-03 00:47 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 25%
Total physical RAM: 3001.98 MB
Available physical RAM: 2250.38 MB
Total Pagefile: 6002.11 MB
Available Pagefile: 5247.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

======================= Partitions =========================

1 Drive c: (eMachines) (Fixed) (Total:220.78 GB) (Free:189.95 GB) NTFS
3 Drive e: () (Removable) (Total:0.48 GB) (Free:0.34 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 488 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 12 GB 31 KB
Partition 2 Primary 101 MB 12 GB
Partition 3 Primary 220 GB 12 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 PQSERVICE NTFS Partition 12 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 SYSTEM RESE NTFS Partition 101 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C eMachines NTFS Partition 220 GB Healthy Boot

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 488 MB 116 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E FAT32 Removable 488 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-04 00:28

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:23 PM

Posted 08 April 2012 - 03:55 PM

Hello

that looks like it was done in safe mode can you try it once more and see if you are in the recovery environment or safe mode


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Gemmy1082

Gemmy1082
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 08 April 2012 - 04:15 PM

I'm sorry, I guess I somehow maneuvered to safe mode instead. sorry about that.

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 08-04-2012 14:04:55
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [301056 2009-06-11] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [9569096 2012-03-11] (COMODO)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1157128 2009-08-18] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [588648 2009-07-24] (Symantec Corporation)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4241512 2012-03-06] (AVAST Software)
HKU\peter\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-11-05] (Google Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
AppInit_DLLs: C:\Windows\system32\guard64.dll

==================== Services (Whitelisted) ======

2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44768 2012-03-06] (AVAST Software)
2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [2815496 2012-03-11] (COMODO)
2 ePowerSvc; C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [844320 2009-09-30] (Acer Incorporated)
3 GameConsoleService; "C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe" [250616 2009-05-22] (WildTangent, Inc.)
2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [240160 2009-07-03] (Acer)

========================== Drivers (Whitelisted) =============

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2012-03-06] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [69976 2012-03-06] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [53080 2012-03-06] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [819032 2012-03-06] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337240 2012-03-06] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59224 2012-03-06] (AVAST Software)
1 cmdGuard; C:\Windows\System32\Drivers\cmdGuard.sys [577824 2012-03-11] (COMODO)
1 cmdHlp; C:\Windows\System32\Drivers\cmdHlp.sys [43248 2012-03-11] (COMODO)
1 inspect; C:\Windows\System32\Drivers\inspect.sys [93200 2012-02-03] (COMODO)
3 NTIDrvr; C:\Windows\System32\Drivers\NTIDrvr.sys [18432 2009-05-05] (NewTech Infosystems, Inc.)
3 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [16896 2009-05-05] (NewTech Infosystems Corporation)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-08 12:06 - 2012-04-08 14:05 - 0000000 ____D C:\FRST
2012-04-08 12:03 - 2012-04-08 12:07 - 0161728 ____A C:\Windows\ntbtlog.txt
2012-04-04 19:42 - 2012-04-04 19:42 - 0003011 ____A C:\Users\peter\Desktop\ark.txt
2012-04-04 19:26 - 2012-04-04 19:26 - 0000000 ____D C:\Users\peter\Desktop\gmer
2012-04-04 19:23 - 2012-04-04 19:23 - 0021147 ____A C:\Users\peter\Desktop\DDS.txt
2012-04-04 19:23 - 2012-04-04 19:23 - 0000747 ____A C:\Users\peter\Desktop\Attach.txt
2012-04-04 19:08 - 2012-04-04 19:11 - 0003028 ____A C:\TDSSKiller.2.7.25.0_04.04.2012_20.08.49_log.txt
2012-04-04 18:47 - 2012-04-04 18:48 - 0607260 ____R (Swearware) C:\Users\peter\Desktop\dds.scr
2012-04-04 17:53 - 2012-04-04 17:53 - 0000156 ____A C:\Users\peter\Desktop\bd_immunizer.log
2012-04-04 17:35 - 2012-04-04 17:35 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-04-04 17:20 - 2012-04-04 17:20 - 0739856 ____A (Google Inc.) C:\Users\peter\Downloads\ChromeSetup.exe
2012-04-04 17:03 - 2012-04-04 17:59 - 0468134 ____A C:\TDSSKiller.2.7.25.0_04.04.2012_18.03.17_log.txt
2012-04-04 17:01 - 2012-04-04 17:01 - 0001092 ____A C:\Users\peter\Desktop\SpywareBlaster.lnk
2012-04-04 17:01 - 2012-04-04 17:01 - 0000000 ____D C:\Program Files (x86)\SpywareBlaster
2012-04-04 16:58 - 2012-04-04 16:58 - 0000000 ____D C:\Users\peter\AppData\Local\Comodo
2012-04-04 16:58 - 2012-04-04 16:58 - 0000000 ____D C:\Users\All Users\CPA_VA
2012-04-04 16:58 - 2012-04-04 16:58 - 0000000 ____D C:\ProgramData\CPA_VA
2012-04-04 16:54 - 2012-04-04 16:58 - 0000000 ____D C:\Program Files (x86)\Comodo
2012-04-04 16:54 - 2012-04-04 16:56 - 0000000 ____D C:\Users\All Users\Comodo
2012-04-04 16:54 - 2012-04-04 16:56 - 0000000 ____D C:\ProgramData\Comodo
2012-04-04 16:54 - 2012-04-04 16:54 - 1700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2012-04-04 16:54 - 2012-04-04 16:54 - 1060864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2012-04-04 16:54 - 2012-04-04 16:54 - 0348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-04-04 16:54 - 2012-04-04 16:54 - 0001846 ____A C:\Users\Public\Desktop\COMODO Firewall.lnk
2012-04-04 16:54 - 2012-04-04 16:54 - 0000000 ____D C:\Program Files\COMODO
2012-04-04 16:43 - 2012-04-04 16:43 - 0001143 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-04-04 16:43 - 2012-04-04 16:43 - 0000000 ____D C:\Users\peter\AppData\Roaming\Mozilla
2012-04-04 16:43 - 2012-04-04 16:43 - 0000000 ____D C:\Users\peter\AppData\Local\Mozilla
2012-04-04 16:43 - 2012-04-04 16:43 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-04 10:10 - 2012-04-04 10:10 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-04-04 10:10 - 2012-04-04 10:10 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-04-04 10:10 - 2012-04-04 10:10 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-04 10:10 - 2012-04-04 10:10 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-04 10:10 - 2012-04-04 10:10 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-04 10:10 - 2012-04-04 10:10 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-04 10:10 - 2012-04-04 10:10 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-04-04 10:10 - 2012-04-04 10:10 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-04-04 10:10 - 2012-04-04 10:10 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-04-04 10:10 - 2012-04-04 10:10 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-04-04 10:10 - 2012-04-04 10:10 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-04-04 10:10 - 2012-04-04 10:10 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-04-04 10:10 - 2012-04-04 10:10 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-04-04 10:10 - 2012-04-04 10:10 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-04-04 10:10 - 2012-04-04 10:10 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-04-04 10:10 - 2012-04-04 10:10 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-04-04 10:10 - 2012-04-04 10:10 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-04-04 10:10 - 2012-04-04 10:10 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-04-04 10:10 - 2012-04-04 10:10 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-04-04 10:10 - 2012-04-04 10:10 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-04-04 10:10 - 2012-04-04 10:10 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-04-04 10:10 - 2012-04-04 10:10 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-04-04 10:10 - 2012-04-04 10:10 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-04-04 10:10 - 2012-04-04 10:10 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-04-04 10:10 - 2012-04-04 10:10 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-04-04 10:10 - 2012-04-04 10:10 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-04-04 10:10 - 2012-04-04 10:10 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-04-04 10:10 - 2012-04-04 10:10 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-04-04 10:09 - 2012-04-04 10:09 - 4068864 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2012-04-04 10:09 - 2012-04-04 10:09 - 3181568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2012-04-04 10:09 - 2012-04-04 10:09 - 1888256 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2012-04-04 10:09 - 2012-04-04 10:09 - 1863680 ____A (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2012-04-04 10:09 - 2012-04-04 10:09 - 1619456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2012-04-04 10:09 - 2012-04-04 10:09 - 1495040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2012-04-04 10:09 - 2012-04-04 10:09 - 1133568 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-04-04 10:09 - 2012-04-04 10:09 - 0982912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2012-04-04 10:09 - 2012-04-04 10:09 - 0662528 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-04-04 10:09 - 2012-04-04 10:09 - 0470016 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-04-04 10:09 - 2012-04-04 10:09 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2012-04-04 10:09 - 2012-04-04 10:09 - 0283648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2012-04-04 10:09 - 2012-04-04 10:09 - 0265088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2012-04-04 10:09 - 2012-04-04 10:09 - 0257024 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-04-04 10:09 - 2012-04-04 10:09 - 0229888 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2012-04-04 10:09 - 2012-04-04 10:09 - 0206848 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
2012-04-04 10:09 - 2012-04-04 10:09 - 0196608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2012-04-04 10:09 - 2012-04-04 10:09 - 0144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2012-04-04 10:09 - 2012-04-04 10:09 - 0135168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2012-04-03 22:24 - 2012-04-08 13:00 - 0000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-03 22:24 - 2012-04-08 12:10 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-03 22:24 - 2012-04-03 22:24 - 0001850 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-04-03 22:24 - 2012-04-03 22:24 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2012-04-03 22:24 - 2012-03-06 15:15 - 0258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-04-03 22:24 - 2012-03-06 15:04 - 0819032 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-04-03 22:24 - 2012-03-06 15:04 - 0337240 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-04-03 22:24 - 2012-03-06 15:02 - 0053080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-04-03 22:24 - 2012-03-06 15:01 - 0069976 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-04-03 22:24 - 2012-03-06 15:01 - 0059224 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-04-03 22:24 - 2012-03-06 15:01 - 0024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-04-03 22:23 - 2012-04-03 22:23 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-04-03 22:23 - 2012-04-03 22:23 - 0000000 ____D C:\ProgramData\AVAST Software
2012-04-03 22:23 - 2012-04-03 22:23 - 0000000 ____D C:\Program Files\AVAST Software
2012-04-03 22:23 - 2012-03-06 15:15 - 0201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-04-03 22:23 - 2012-03-06 15:15 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-04-03 22:05 - 2012-04-03 22:09 - 0116408 ____A C:\TDSSKiller.2.7.25.0_03.04.2012_23.05.03_log.txt
2012-04-03 21:43 - 2009-09-09 22:28 - 0311808 ____A (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2012-04-03 21:43 - 2009-09-09 21:52 - 0257024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2012-04-03 21:34 - 2009-11-25 11:47 - 1942856 ____A (Microsoft Corporation) C:\Windows\System32\dfshim.dll
2012-04-03 21:34 - 2009-11-25 11:47 - 1130824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2012-04-03 21:34 - 2009-11-25 11:47 - 0444752 ____A (Microsoft Corporation) C:\Windows\System32\mscoree.dll
2012-04-03 21:34 - 2009-11-25 11:47 - 0320352 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
2012-04-03 21:34 - 2009-11-25 11:47 - 0297808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2012-04-03 21:34 - 2009-11-25 11:47 - 0295264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2012-04-03 21:34 - 2009-11-25 11:47 - 0109912 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHostProxy.dll
2012-04-03 21:34 - 2009-11-25 11:47 - 0099176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2012-04-03 21:34 - 2009-11-25 11:47 - 0049472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2012-04-03 21:34 - 2009-11-25 11:47 - 0048960 ____A (Microsoft Corporation) C:\Windows\System32\netfxperf.dll
2012-04-03 21:33 - 2012-04-04 10:11 - 0007701 ____A C:\Windows\IE9_main.log
2012-04-03 21:30 - 2012-04-03 21:30 - 0001144 ____A C:\Users\Public\Desktop\Microsoft Works.lnk
2012-04-03 21:30 - 2012-04-03 21:30 - 0000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-04-03 21:30 - 2012-04-03 21:30 - 0000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2012-04-03 21:20 - 2012-04-04 17:42 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-03 21:18 - 2012-04-03 21:18 - 0000000 ____D C:\Users\peter\AppData\Roaming\Malwarebytes
2012-04-03 21:17 - 2012-04-03 21:17 - 0001122 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-03 21:17 - 2012-04-03 21:17 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-03 21:17 - 2012-04-03 21:17 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-03 21:17 - 2012-04-03 21:17 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-03 21:17 - 2011-12-10 14:24 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 21:15 - 2012-04-03 21:21 - 0118910 ____A C:\TDSSKiller.2.7.25.0_03.04.2012_22.15.23_log.txt
2012-04-03 21:10 - 2012-04-03 21:10 - 0388608 ____A (Trend Micro Inc.) C:\Users\peter\Desktop\HijackThis.exe
2012-04-03 12:43 - 2012-04-03 21:15 - 2072112 ____A (Kaspersky Lab ZAO) C:\Users\peter\Desktop\TDSSKiller.exe
2012-04-03 00:15 - 2010-12-17 22:11 - 0714752 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-04-03 00:15 - 2010-12-17 21:29 - 0541184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-04-03 00:14 - 2011-10-25 21:22 - 1572864 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-04-03 00:14 - 2011-10-25 21:22 - 0366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-04-03 00:14 - 2011-10-25 20:28 - 1328640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2012-04-03 00:14 - 2011-10-25 20:28 - 0514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-04-03 00:14 - 2011-06-15 01:58 - 0212992 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll
2012-04-03 00:14 - 2011-06-15 01:58 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll
2012-04-03 00:14 - 2011-06-15 01:58 - 0106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll
2012-04-03 00:14 - 2011-06-15 01:58 - 0106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll
2012-04-03 00:14 - 2011-06-15 01:04 - 0319488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2012-04-03 00:14 - 2011-06-15 01:04 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2012-04-03 00:14 - 2011-06-15 01:04 - 0122880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2012-04-03 00:14 - 2011-06-15 01:04 - 0086016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2012-04-03 00:14 - 2011-06-15 01:04 - 0081920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2012-04-03 00:14 - 2011-04-26 18:57 - 0102400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys
2012-04-03 00:14 - 2011-04-08 22:58 - 0142336 ____A (Microsoft Corporation) C:\Windows\System32\poqexec.exe
2012-04-03 00:14 - 2011-04-08 21:56 - 0123904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2012-04-03 00:14 - 2010-12-22 22:07 - 1118720 ____A (Microsoft Corporation) C:\Windows\System32\sbe.dll
2012-04-03 00:14 - 2010-12-22 22:07 - 0961024 ____A (Microsoft Corporation) C:\Windows\System32\CPFilters.dll
2012-04-03 00:14 - 2010-12-22 22:02 - 0259072 ____A (Microsoft Corporation) C:\Windows\System32\mpg2splt.ax
2012-04-03 00:14 - 2010-12-22 21:28 - 0850432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2012-04-03 00:14 - 2010-12-22 21:28 - 0642048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2012-04-03 00:14 - 2010-12-22 21:24 - 0199680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2012-04-03 00:14 - 2010-08-25 21:27 - 0148992 ____A (Microsoft Corporation) C:\Windows\System32\t2embed.dll
2012-04-03 00:14 - 2010-08-25 20:39 - 0109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2012-04-03 00:14 - 2010-03-04 23:52 - 0084992 ____A (Microsoft Corporation) C:\Windows\System32\asycfilt.dll
2012-04-03 00:14 - 2010-03-04 23:42 - 0067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2012-04-03 00:13 - 2011-11-16 23:17 - 0152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-04-03 00:13 - 2011-11-16 23:17 - 0095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-04-03 00:13 - 2011-11-16 23:15 - 0460296 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-04-03 00:13 - 2011-11-16 23:12 - 0395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-04-03 00:13 - 2011-11-16 23:11 - 0136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-04-03 00:13 - 2011-11-16 23:11 - 0028672 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-04-03 00:13 - 2011-11-16 23:11 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-04-03 00:13 - 2011-11-16 23:10 - 0340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-04-03 00:13 - 2011-11-16 23:08 - 1446912 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-04-03 00:13 - 2011-11-16 23:05 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-04-03 00:13 - 2011-11-16 21:39 - 0314368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2012-04-03 00:13 - 2011-11-16 21:39 - 0224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-04-03 00:13 - 2011-11-16 21:39 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-04-03 00:13 - 2011-11-16 21:35 - 0096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-04-03 00:13 - 2011-07-08 18:44 - 0287744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2012-04-03 00:13 - 2011-05-03 18:51 - 0157696 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2012-04-03 00:13 - 2011-05-03 18:51 - 0126464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2012-04-03 00:13 - 2010-11-01 21:18 - 0524288 ____A (Microsoft Corporation) C:\Windows\System32\wmicmiplugin.dll
2012-04-03 00:13 - 2010-11-01 21:17 - 1169408 ____A (Microsoft Corporation) C:\Windows\System32\taskschd.dll
2012-04-03 00:13 - 2010-11-01 21:17 - 0473600 ____A (Microsoft Corporation) C:\Windows\System32\taskcomp.dll
2012-04-03 00:13 - 2010-11-01 21:16 - 1114624 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
2012-04-03 00:13 - 2010-11-01 21:10 - 0464384 ____A (Microsoft Corporation) C:\Windows\System32\taskeng.exe
2012-04-03 00:13 - 2010-11-01 21:10 - 0285696 ____A (Microsoft Corporation) C:\Windows\System32\schtasks.exe
2012-04-03 00:13 - 2010-11-01 20:40 - 0496128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2012-04-03 00:13 - 2010-11-01 20:40 - 0305152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2012-04-03 00:13 - 2010-11-01 20:34 - 0192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2012-04-03 00:13 - 2010-11-01 20:34 - 0179712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2012-04-03 00:13 - 2010-06-28 21:39 - 2085376 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll
2012-04-03 00:13 - 2010-06-28 21:02 - 1413632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2012-04-03 00:13 - 2010-05-04 23:37 - 0483840 ____A (Microsoft Corporation) C:\Windows\System32\StructuredQuery.dll
2012-04-03 00:13 - 2010-05-04 22:46 - 0363520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2012-04-03 00:12 - 2012-02-02 20:16 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-04-03 00:12 - 2011-10-25 21:19 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2012-04-03 00:12 - 2010-07-27 06:59 - 14162944 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-04-03 00:12 - 2010-07-27 06:03 - 12867584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-04-03 00:12 - 2009-09-02 23:36 - 1975296 ____A (Microsoft Corporation) C:\Windows\System32\CertEnroll.dll
2012-04-03 00:12 - 2009-09-02 23:04 - 1320960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2012-04-03 00:11 - 2012-02-09 22:18 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-04-03 00:11 - 2012-02-09 22:17 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-04-03 00:11 - 2012-02-09 22:17 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-04-03 00:11 - 2012-02-09 22:17 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-04-03 00:11 - 2012-02-09 22:17 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-04-03 00:11 - 2012-02-09 21:41 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-04-03 00:11 - 2012-02-09 21:41 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-04-03 00:11 - 2012-02-09 21:41 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-04-03 00:11 - 2012-02-09 21:41 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-04-03 00:11 - 2012-02-09 21:41 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-04-03 00:11 - 2011-09-29 08:24 - 1897328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-04-03 00:11 - 2011-03-10 22:19 - 1395712 ____A (Microsoft Corporation) C:\Windows\System32\mfc42.dll
2012-04-03 00:11 - 2011-03-10 22:19 - 1359872 ____A (Microsoft Corporation) C:\Windows\System32\mfc42u.dll
2012-04-03 00:11 - 2011-03-10 21:40 - 1164288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2012-04-03 00:11 - 2011-03-10 21:40 - 1137664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2012-04-03 00:11 - 2010-08-20 22:31 - 0633856 ____A (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2012-04-03 00:11 - 2010-08-20 21:33 - 0530432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2012-04-03 00:11 - 2009-10-30 22:34 - 2870272 ____A (Microsoft Corporation) C:\Windows\explorer.exe
2012-04-03 00:11 - 2009-10-30 21:45 - 2614272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2012-04-03 00:11 - 2009-10-27 22:24 - 0389632 ____A (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2012-04-03 00:10 - 2011-04-28 19:13 - 0461312 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2012-04-03 00:10 - 2011-04-28 19:12 - 0399872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2012-04-03 00:10 - 2011-04-28 19:12 - 0161792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2012-04-03 00:10 - 2011-03-02 22:17 - 0356352 ____A (Microsoft Corporation) C:\Windows\System32\dnsapi.dll
2012-04-03 00:10 - 2011-03-02 22:17 - 0182272 ____A (Microsoft Corporation) C:\Windows\System32\dnsrslvr.dll
2012-04-03 00:10 - 2011-03-02 22:14 - 0030208 ____A (Microsoft Corporation) C:\Windows\System32\dnscacheugc.exe
2012-04-03 00:10 - 2011-03-02 21:29 - 0269824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2012-04-03 00:10 - 2011-03-02 21:27 - 0028672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2012-04-03 00:10 - 2011-02-18 22:36 - 0046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-04-03 00:10 - 2011-02-18 21:32 - 0034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-04-03 00:10 - 2011-02-18 20:13 - 0367104 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-04-03 00:10 - 2011-02-18 19:37 - 0294912 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-04-03 00:10 - 2010-08-20 22:38 - 1024512 ____A (Microsoft Corporation) C:\Windows\System32\wmpmde.dll
2012-04-03 00:10 - 2010-08-20 22:29 - 0558592 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-04-03 00:10 - 2010-08-20 21:36 - 0738816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2012-04-03 00:10 - 2010-07-28 22:30 - 0082944 ____A (Radius Inc.) C:\Windows\SysWOW64\iccvid.dll
2012-04-03 00:10 - 2010-06-18 22:53 - 0052224 ____A (Microsoft Corporation) C:\Windows\System32\rtutils.dll
2012-04-03 00:10 - 2010-06-18 22:23 - 0037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rtutils.dll
2012-04-03 00:10 - 2009-12-19 01:50 - 0014848 ____A (Microsoft Corporation) C:\Windows\System32\tsbyuv.dll
2012-04-03 00:10 - 2009-12-19 01:47 - 0038912 ____A (Microsoft Corporation) C:\Windows\System32\msvidc32.dll
2012-04-03 00:10 - 2009-12-19 01:47 - 0025088 ____A (Microsoft Corporation) C:\Windows\System32\msyuv.dll
2012-04-03 00:10 - 2009-12-19 01:47 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\msrle32.dll
2012-04-03 00:10 - 2009-12-19 01:46 - 0054272 ____A (Microsoft Corporation) C:\Windows\System32\iyuv_32.dll
2012-04-03 00:10 - 2009-12-19 01:02 - 0091648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\avifil32.dll
2012-04-03 00:10 - 2009-12-19 01:02 - 0084480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mciavi32.dll
2012-04-03 00:10 - 2009-12-19 01:02 - 0050176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iyuv_32.dll
2012-04-03 00:10 - 2009-12-19 01:02 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvidc32.dll
2012-04-03 00:10 - 2009-12-19 01:02 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msyuv.dll
2012-04-03 00:10 - 2009-12-19 01:02 - 0013312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrle32.dll
2012-04-03 00:10 - 2009-12-19 01:02 - 0012288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsbyuv.dll
2012-04-03 00:10 - 2009-10-19 06:46 - 0100864 ____A (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2012-04-03 00:10 - 2009-10-19 06:10 - 0070656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2012-04-03 00:09 - 2011-12-27 19:59 - 0499200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-04-03 00:09 - 2011-08-16 21:32 - 0613888 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2012-04-03 00:09 - 2011-08-16 21:27 - 0288256 ____A (Microsoft Corporation) C:\Windows\System32\MSNP.ax
2012-04-03 00:09 - 2011-08-16 21:27 - 0108032 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2012-04-03 00:09 - 2011-08-16 21:27 - 0104960 ____A (Microsoft Corporation) C:\Windows\System32\Mpeg2Data.ax
2012-04-03 00:09 - 2011-08-16 21:27 - 0075776 ____A (Microsoft Corporation) C:\Windows\System32\MSDvbNP.ax
2012-04-03 00:09 - 2011-08-16 20:26 - 0465408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2012-04-03 00:09 - 2011-08-16 20:22 - 0204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSNP.ax
2012-04-03 00:09 - 2011-08-16 20:22 - 0075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2012-04-03 00:09 - 2011-08-16 20:22 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax
2012-04-03 00:09 - 2011-08-16 20:22 - 0059904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax
2012-04-03 00:08 - 2011-02-05 04:41 - 0640896 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
2012-04-03 00:08 - 2011-02-05 04:41 - 0556928 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
2012-04-03 00:08 - 2011-02-05 04:41 - 0020352 ____A (Microsoft Corporation) C:\Windows\System32\kdusb.dll
2012-04-03 00:08 - 2011-02-05 04:41 - 0019328 ____A (Microsoft Corporation) C:\Windows\System32\kd1394.dll
2012-04-03 00:08 - 2011-02-05 04:41 - 0017792 ____A (Microsoft Corporation) C:\Windows\System32\kdcom.dll
2012-04-03 00:08 - 2011-02-05 04:39 - 0603976 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2012-04-03 00:08 - 2011-02-05 04:39 - 0518160 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2012-04-03 00:08 - 2010-08-30 20:32 - 0954752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc40.dll
2012-04-03 00:08 - 2010-08-30 20:32 - 0954288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc40u.dll
2012-04-03 00:08 - 2010-06-07 22:02 - 1233920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-04-03 00:08 - 2010-06-07 21:36 - 1877504 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-04-03 00:07 - 2011-12-16 00:42 - 0634368 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-04-03 00:07 - 2011-12-15 23:59 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-04-03 00:07 - 2011-10-14 22:25 - 0723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2012-04-03 00:07 - 2011-10-14 21:48 - 0534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2012-04-03 00:07 - 2011-08-26 21:40 - 0861184 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2012-04-03 00:07 - 2011-08-26 21:40 - 0331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2012-04-03 00:07 - 2011-08-26 20:43 - 0571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2012-04-03 00:07 - 2011-08-26 20:43 - 0233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2012-04-03 00:07 - 2011-07-15 21:26 - 0362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-04-03 00:07 - 2011-07-15 21:26 - 0243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-04-03 00:07 - 2011-07-15 21:26 - 0214528 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-04-03 00:07 - 2011-07-15 21:26 - 0013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-04-03 00:07 - 2011-07-15 21:24 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-04-03 00:07 - 2011-07-15 21:21 - 1162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-04-03 00:07 - 2011-07-15 21:21 - 0422400 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-04-03 00:07 - 2011-07-15 21:17 - 0338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-04-03 00:07 - 2011-07-15 21:04 - 0006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 21:04 - 0005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 21:04 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 21:04 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 21:04 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 21:04 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 21:04 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 21:04 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 21:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 21:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 21:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 21:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 21:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 21:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 21:04 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 21:04 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 20:36 - 0014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-04-03 00:07 - 2011-07-15 20:31 - 0025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-04-03 00:07 - 2011-07-15 20:30 - 1048576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-04-03 00:07 - 2011-07-15 20:30 - 0272384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-04-03 00:07 - 2011-07-15 20:30 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-04-03 00:07 - 2011-07-15 20:19 - 0005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 20:19 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 20:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 20:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 20:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 20:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 20:19 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 20:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 20:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 20:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 20:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 20:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 20:19 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 20:19 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 18:26 - 0007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-04-03 00:07 - 2011-07-15 18:26 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-04-03 00:07 - 2011-07-15 18:21 - 0006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 18:21 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 18:21 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-04-03 00:07 - 2011-07-15 18:21 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-04-03 00:07 - 2011-05-24 03:21 - 0404992 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
2012-04-03 00:07 - 2011-05-24 02:34 - 0145920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2012-04-03 00:07 - 2011-05-24 02:34 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2012-04-03 00:07 - 2011-05-24 02:34 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2012-04-03 00:07 - 2011-05-24 02:32 - 0252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2012-04-03 00:07 - 2011-05-02 21:21 - 0976896 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2012-04-03 00:07 - 2011-05-02 20:50 - 0740864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2012-04-03 00:07 - 2011-02-22 21:15 - 0090624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
2012-04-03 00:07 - 2011-02-11 22:14 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\FXSCOVER.exe
2012-04-03 00:07 - 2010-12-17 22:12 - 3138048 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2012-04-03 00:07 - 2010-12-17 22:08 - 1097216 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2012-04-03 00:07 - 2010-12-17 21:30 - 2690560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2012-04-03 00:07 - 2010-12-17 21:26 - 1034240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2012-04-03 00:07 - 2010-10-15 21:23 - 0112000 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2012-04-03 00:07 - 2010-08-31 21:21 - 14627840 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll
2012-04-03 00:07 - 2010-08-31 21:12 - 12625920 ____A (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2012-04-03 00:07 - 2010-08-31 20:29 - 11406848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2012-04-03 00:07 - 2010-08-31 20:23 - 12625408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2012-04-03 00:07 - 2009-08-28 23:50 - 0046592 ____A (Microsoft Corporation) C:\Windows\System32\msasn1.dll
2012-04-03 00:07 - 2009-08-28 22:57 - 0034816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msasn1.dll
2012-04-03 00:06 - 2011-11-04 21:17 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-04-03 00:06 - 2011-11-04 20:30 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-04-03 00:06 - 2010-10-15 21:17 - 0720896 ____A (Microsoft Corporation) C:\Windows\System32\odbc32.dll
2012-04-03 00:06 - 2010-10-15 20:34 - 0573440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbc32.dll
2012-04-02 23:52 - 2010-08-26 22:14 - 0236032 ____A (Microsoft Corporation) C:\Windows\System32\srvsvc.dll
2012-04-02 23:52 - 2010-08-26 21:46 - 0009728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2012-04-02 23:51 - 2011-11-16 23:14 - 1739160 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-04-02 23:51 - 2011-11-16 21:41 - 1292592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2012-04-02 23:51 - 2011-06-22 21:29 - 5507968 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-02 23:51 - 2011-06-22 20:38 - 3957120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-04-02 23:51 - 2011-06-22 20:38 - 3902336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-02 23:50 - 2012-02-23 08:18 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-04-02 23:47 - 2012-02-14 22:27 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-04-02 23:47 - 2012-02-14 21:44 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-04-02 23:47 - 2012-02-14 20:47 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-02 23:47 - 2012-02-14 20:46 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-04-02 23:47 - 2012-01-24 22:27 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-02 23:47 - 2012-01-24 22:27 - 0076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-02 23:47 - 2012-01-24 22:20 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-02 23:47 - 2011-11-19 07:07 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-04-02 23:47 - 2011-11-19 06:06 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2012-04-02 23:47 - 2010-01-08 23:19 - 0139264 ____A (Microsoft Corporation) C:\Windows\System32\cabview.dll
2012-04-02 23:47 - 2010-01-08 22:52 - 0132608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cabview.dll
2012-04-02 23:47 - 2009-12-29 00:03 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-02 23:47 - 2009-12-28 22:55 - 0172032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-02 23:34 - 2012-04-04 17:42 - 0000000 ____D C:\Users\peter\AppData\Local\Google
2012-04-02 23:34 - 2012-04-02 23:34 - 0000000 ____D C:\Users\peter\AppData\Roaming\Google
2012-04-02 23:34 - 2012-04-02 23:34 - 0000000 ____D C:\Users\peter\AppData\Roaming\Adobe
2012-03-31 22:15 - 2012-03-31 22:13 - 0011453 ____A C:\Windows\ChangeLang_Done.tag
2012-03-31 22:13 - 2012-03-31 22:13 - 0000000 ____D C:\Windows\NAPP_Dism_Log
2012-03-31 21:32 - 2012-03-31 21:32 - 0031362 ____A C:\Windows\DirectX.log
2012-03-31 21:32 - 2012-03-31 21:32 - 0000020 ____A C:\Windows\$˘B
2012-03-31 21:32 - 2012-03-31 21:32 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-03-31 21:32 - 2006-11-29 12:06 - 4398360 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
2012-03-31 21:32 - 2006-11-29 12:06 - 3426072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2012-03-31 21:31 - 2012-03-31 21:31 - 0000000 ____D C:\Program Files (x86)\Windows Live SkyDrive
2012-03-31 21:30 - 2012-03-31 21:33 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-03-31 21:29 - 2012-03-31 21:29 - 0004886 ____A C:\Windows\DPINST.LOG
2012-03-31 21:29 - 2012-03-31 21:29 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_Apfiltr_01005.Wdf
2012-03-31 21:29 - 2012-03-31 21:29 - 0000000 ____D C:\Program Files\Apoint2K
2012-03-31 21:29 - 2009-06-15 02:03 - 0245296 ____A (Alps Electric Co., Ltd.) C:\Windows\System32\Drivers\Apfiltr.sys
2012-03-31 21:29 - 2009-05-07 22:47 - 0098816 ____A (Alps Electric Co., Ltd.) C:\Windows\System32\Vxdif.dll
2012-03-31 21:29 - 2006-11-01 16:04 - 1919968 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01005.dll
2012-03-31 21:28 - 2012-03-31 21:28 - 0000000 ____D C:\Windows\SysWOW64\Atheros_L1e
2012-03-31 21:27 - 2012-04-03 22:03 - 0000174 ___SH C:\Users\peter\Start Menu\Programs\Startup\desktop.ini
2012-03-31 21:27 - 2012-04-03 22:03 - 0000174 ___SH C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-03-31 21:27 - 2012-04-03 21:11 - 0000000 ____D C:\Users\peter\AppData\Local\VirtualStore
2012-03-31 21:27 - 2012-03-31 21:27 - 0000000 ___AD C:\book
2012-03-31 21:27 - 2012-03-31 21:27 - 0000000 ____D C:\Users\peter\AppData\Roaming\Macromedia
2012-03-31 21:25 - 2012-03-31 21:46 - 0079152 ____A C:\Users\peter\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-31 21:25 - 2012-03-31 21:25 - 0002609 ____A C:\Users\Public\Desktop\eBay.lnk
2012-03-31 21:25 - 2012-03-31 21:25 - 0002117 ____A C:\Users\Public\Desktop\Netflix.lnk
2012-03-31 21:25 - 2012-03-31 21:25 - 0000000 ____D C:\Users\Public\Symantec
2012-03-31 21:25 - 2012-03-31 21:25 - 0000000 ____D C:\Users\All Users\OEM_E471269A730D
2012-03-31 21:25 - 2012-03-31 21:25 - 0000000 ____D C:\ProgramData\OEM_E471269A730D
2012-03-31 21:25 - 2012-03-31 21:25 - 0000000 ____D C:\Program Files (x86)\OEM
2012-03-31 21:24 - 2012-04-02 23:34 - 0000000 ____D C:\Users\peter\AppData\LocalLow
2012-03-31 21:24 - 2012-03-31 21:27 - 0000000 ____D C:\users\peter
2012-03-31 21:24 - 2012-03-31 21:24 - 0014450 ____A C:\Windows\System32\results.xml
2012-03-31 21:24 - 2012-03-31 21:24 - 0000020 ___SH C:\Users\peter\ntuser.ini
2012-03-31 21:24 - 2012-03-31 21:24 - 0000000 __SHD C:\Users\peter\Templates
2012-03-31 21:24 - 2012-03-31 21:24 - 0000000 __SHD C:\Users\peter\Start Menu
2012-03-31 21:24 - 2012-03-31 21:24 - 0000000 __SHD C:\Users\peter\PrintHood
2012-03-31 21:24 - 2012-03-31 21:24 - 0000000 __SHD C:\Users\peter\NetHood
2012-03-31 21:24 - 2012-03-31 21:24 - 0000000 __SHD C:\Users\peter\My Documents
2012-03-31 21:24 - 2012-03-31 21:24 - 0000000 __SHD C:\Users\peter\Documents\My Videos
2012-03-31 21:24 - 2012-03-31 21:24 - 0000000 __SHD C:\Users\peter\Documents\My Pictures
2012-03-31 21:24 - 2012-03-31 21:24 - 0000000 __SHD C:\Users\peter\Documents\My Music
2012-03-31 21:24 - 2012-03-31 21:24 - 0000000 __SHD C:\Users\peter\AppData\Local\Temporary Internet Files
2012-03-31 21:24 - 2012-03-31 21:24 - 0000000 __SHD C:\Users\peter\AppData\Local\History
2012-03-31 21:24 - 2012-03-31 21:24 - 0000000 __SHD C:\Recovery
2012-03-31 21:24 - 2009-07-13 23:44 - 0000000 ____D C:\Users\peter\AppData\Roaming\Media Center Programs
2012-03-31 21:19 - 2012-04-08 12:14 - 1720185 ____A C:\Windows\WindowsUpdate.log
2012-03-31 21:18 - 2012-03-31 21:18 - 0000000 ____D C:\Windows\SysWOW64\x64
2012-03-31 21:18 - 2012-03-31 21:18 - 0000000 ____D C:\Windows\SysWOW64\Lang
2012-03-31 21:18 - 2010-08-25 18:45 - 0948760 ____A (Intel Corporation) C:\Windows\SysWOW64\igxpun.exe
2012-03-31 21:18 - 2009-11-05 09:48 - 0681508 ____A C:\Windows\System32\oem6.inf
2012-03-31 21:16 - 2012-04-08 12:09 - 2360856576 __ASH C:\hiberfil.sys
2012-03-11 20:13 - 2012-03-11 20:13 - 0577824 ____A (COMODO) C:\Windows\System32\Drivers\cmdGuard.sys
2012-03-11 20:13 - 2012-03-11 20:13 - 0389840 ____A (COMODO) C:\Windows\System32\guard64.dll
2012-03-11 20:13 - 2012-03-11 20:13 - 0301224 ____A (COMODO) C:\Windows\SysWOW64\guard32.dll
2012-03-11 20:13 - 2012-03-11 20:13 - 0043248 ____A (COMODO) C:\Windows\System32\Drivers\cmdhlp.sys
2012-03-11 20:13 - 2012-03-11 20:13 - 0041200 ____A (COMODO) C:\Windows\System32\cmdcsr.dll
2012-03-11 20:13 - 2012-03-11 20:13 - 0022696 ____A (COMODO) C:\Windows\System32\Drivers\cmderd.sys

============ 3 Months Modified Files and Folders =============

2012-04-08 14:05 - 2012-04-08 12:06 - 0000000 ____D C:\FRST
2012-04-08 13:00 - 2012-04-03 22:24 - 0000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-08 12:59 - 2009-07-13 21:13 - 0713888 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-08 12:18 - 2009-07-13 20:45 - 0009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-08 12:18 - 2009-07-13 20:45 - 0009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-08 12:14 - 2012-03-31 21:19 - 1720185 ____A C:\Windows\WindowsUpdate.log
2012-04-08 12:12 - 2009-07-13 20:51 - 0048635 ____A C:\Windows\setupact.log
2012-04-08 12:10 - 2012-04-03 22:24 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-08 12:10 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-08 12:09 - 2012-03-31 21:16 - 2360856576 __ASH C:\hiberfil.sys
2012-04-08 12:07 - 2012-04-08 12:03 - 0161728 ____A C:\Windows\ntbtlog.txt
2012-04-04 19:42 - 2012-04-04 19:42 - 0003011 ____A C:\Users\peter\Desktop\ark.txt
2012-04-04 19:26 - 2012-04-04 19:26 - 0000000 ____D C:\Users\peter\Desktop\gmer
2012-04-04 19:23 - 2012-04-04 19:23 - 0021147 ____A C:\Users\peter\Desktop\DDS.txt
2012-04-04 19:23 - 2012-04-04 19:23 - 0000747 ____A C:\Users\peter\Desktop\Attach.txt
2012-04-04 19:11 - 2012-04-04 19:08 - 0003028 ____A C:\TDSSKiller.2.7.25.0_04.04.2012_20.08.49_log.txt
2012-04-04 18:48 - 2012-04-04 18:47 - 0607260 ____R (Swearware) C:\Users\peter\Desktop\dds.scr
2012-04-04 18:41 - 2009-11-05 10:17 - 0207494 ____A C:\Windows\PFRO.log
2012-04-04 17:59 - 2012-04-04 17:03 - 0468134 ____A C:\TDSSKiller.2.7.25.0_04.04.2012_18.03.17_log.txt
2012-04-04 17:53 - 2012-04-04 17:53 - 0000156 ____A C:\Users\peter\Desktop\bd_immunizer.log
2012-04-04 17:42 - 2012-04-03 21:20 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-04 17:42 - 2012-04-02 23:34 - 0000000 ____D C:\Users\peter\AppData\Local\Google
2012-04-04 17:40 - 2011-06-07 20:14 - 4675584 ____A (BitDefender LLC) C:\Users\peter\Desktop\BDUSBImmunizer.exe
2012-04-04 17:35 - 2012-04-04 17:35 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-04-04 17:20 - 2012-04-04 17:20 - 0739856 ____A (Google Inc.) C:\Users\peter\Downloads\ChromeSetup.exe
2012-04-04 17:01 - 2012-04-04 17:01 - 0001092 ____A C:\Users\peter\Desktop\SpywareBlaster.lnk
2012-04-04 17:01 - 2012-04-04 17:01 - 0000000 ____D C:\Program Files (x86)\SpywareBlaster
2012-04-04 16:58 - 2012-04-04 16:58 - 0000000 ____D C:\Users\peter\AppData\Local\Comodo
2012-04-04 16:58 - 2012-04-04 16:58 - 0000000 ____D C:\Users\All Users\CPA_VA
2012-04-04 16:58 - 2012-04-04 16:58 - 0000000 ____D C:\ProgramData\CPA_VA
2012-04-04 16:58 - 2012-04-04 16:54 - 0000000 ____D C:\Program Files (x86)\Comodo
2012-04-04 16:56 - 2012-04-04 16:54 - 0000000 ____D C:\Users\All Users\Comodo
2012-04-04 16:56 - 2012-04-04 16:54 - 0000000 ____D C:\ProgramData\Comodo
2012-04-04 16:54 - 2012-04-04 16:54 - 1700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2012-04-04 16:54 - 2012-04-04 16:54 - 1060864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2012-04-04 16:54 - 2012-04-04 16:54 - 0348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-04-04 16:54 - 2012-04-04 16:54 - 0001846 ____A C:\Users\Public\Desktop\COMODO Firewall.lnk
2012-04-04 16:54 - 2012-04-04 16:54 - 0000000 ____D C:\Program Files\COMODO
2012-04-04 16:43 - 2012-04-04 16:43 - 0001143 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-04-04 16:43 - 2012-04-04 16:43 - 0000000 ____D C:\Users\peter\AppData\Roaming\Mozilla
2012-04-04 16:43 - 2012-04-04 16:43 - 0000000 ____D C:\Users\peter\AppData\Local\Mozilla
2012-04-04 16:43 - 2012-04-04 16:43 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-04 16:31 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-04-04 10:11 - 2012-04-03 21:33 - 0007701 ____A C:\Windows\IE9_main.log
2012-04-04 10:10 - 2012-04-04 10:10 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-04-04 10:10 - 2012-04-04 10:10 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-04-04 10:10 - 2012-04-04 10:10 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-04 10:10 - 2012-04-04 10:10 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-04 10:10 - 2012-04-04 10:10 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-04 10:10 - 2012-04-04 10:10 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-04 10:10 - 2012-04-04 10:10 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-04-04 10:10 - 2012-04-04 10:10 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-04-04 10:10 - 2012-04-04 10:10 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-04-04 10:10 - 2012-04-04 10:10 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-04-04 10:10 - 2012-04-04 10:10 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-04-04 10:10 - 2012-04-04 10:10 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-04-04 10:10 - 2012-04-04 10:10 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-04-04 10:10 - 2012-04-04 10:10 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-04-04 10:10 - 2012-04-04 10:10 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-04-04 10:10 - 2012-04-04 10:10 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-04-04 10:10 - 2012-04-04 10:10 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-04-04 10:10 - 2012-04-04 10:10 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-04-04 10:10 - 2012-04-04 10:10 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-04-04 10:10 - 2012-04-04 10:10 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-04-04 10:10 - 2012-04-04 10:10 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-04-04 10:10 - 2012-04-04 10:10 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-04-04 10:10 - 2012-04-04 10:10 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-04-04 10:10 - 2012-04-04 10:10 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-04-04 10:10 - 2012-04-04 10:10 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-04-04 10:10 - 2012-04-04 10:10 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-04-04 10:10 - 2012-04-04 10:10 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-04-04 10:10 - 2012-04-04 10:10 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-04-04 10:10 - 2012-04-04 10:10 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-04-04 10:09 - 2012-04-04 10:09 - 4068864 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2012-04-04 10:09 - 2012-04-04 10:09 - 3181568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2012-04-04 10:09 - 2012-04-04 10:09 - 1888256 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2012-04-04 10:09 - 2012-04-04 10:09 - 1863680 ____A (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2012-04-04 10:09 - 2012-04-04 10:09 - 1619456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2012-04-04 10:09 - 2012-04-04 10:09 - 1495040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2012-04-04 10:09 - 2012-04-04 10:09 - 1133568 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-04-04 10:09 - 2012-04-04 10:09 - 0982912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2012-04-04 10:09 - 2012-04-04 10:09 - 0662528 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-04-04 10:09 - 2012-04-04 10:09 - 0470016 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-04-04 10:09 - 2012-04-04 10:09 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2012-04-04 10:09 - 2012-04-04 10:09 - 0283648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2012-04-04 10:09 - 2012-04-04 10:09 - 0265088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2012-04-04 10:09 - 2012-04-04 10:09 - 0257024 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-04-04 10:09 - 2012-04-04 10:09 - 0229888 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2012-04-04 10:09 - 2012-04-04 10:09 - 0206848 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
2012-04-04 10:09 - 2012-04-04 10:09 - 0196608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2012-04-04 10:09 - 2012-04-04 10:09 - 0144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2012-04-04 10:09 - 2012-04-04 10:09 - 0135168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2012-04-04 10:08 - 2009-11-05 09:58 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-04-04 10:08 - 2009-11-05 09:58 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-04-03 22:24 - 2012-04-03 22:24 - 0001850 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-04-03 22:24 - 2012-04-03 22:24 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2012-04-03 22:24 - 2009-11-05 10:10 - 0000000 ____D C:\Program Files (x86)\Google
2012-04-03 22:23 - 2012-04-03 22:23 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-04-03 22:23 - 2012-04-03 22:23 - 0000000 ____D C:\ProgramData\AVAST Software
2012-04-03 22:23 - 2012-04-03 22:23 - 0000000 ____D C:\Program Files\AVAST Software
2012-04-03 22:15 - 2009-11-05 10:15 - 0000000 ____D C:\Users\All Users\Norton
2012-04-03 22:15 - 2009-11-05 10:15 - 0000000 ____D C:\ProgramData\Norton
2012-04-03 22:09 - 2012-04-03 22:05 - 0116408 ____A C:\TDSSKiller.2.7.25.0_03.04.2012_23.05.03_log.txt
2012-04-03 22:03 - 2012-03-31 21:27 - 0000174 ___SH C:\Users\peter\Start Menu\Programs\Startup\desktop.ini
2012-04-03 22:03 - 2012-03-31 21:27 - 0000174 ___SH C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-04-03 22:01 - 2009-07-13 20:45 - 0343552 ____A C:\Windows\System32\FNTCACHE.DAT
2012-04-03 21:59 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-04-03 21:30 - 2012-04-03 21:30 - 0001144 ____A C:\Users\Public\Desktop\Microsoft Works.lnk
2012-04-03 21:30 - 2012-04-03 21:30 - 0000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-04-03 21:30 - 2012-04-03 21:30 - 0000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2012-04-03 21:30 - 2009-11-05 10:00 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
2012-04-03 21:27 - 2009-11-05 10:05 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-04-03 21:21 - 2012-04-03 21:15 - 0118910 ____A C:\TDSSKiller.2.7.25.0_03.04.2012_22.15.23_log.txt
2012-04-03 21:18 - 2012-04-03 21:18 - 0000000 ____D C:\Users\peter\AppData\Roaming\Malwarebytes
2012-04-03 21:17 - 2012-04-03 21:17 - 0001122 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-03 21:17 - 2012-04-03 21:17 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-03 21:17 - 2012-04-03 21:17 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-03 21:17 - 2012-04-03 21:17 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-03 21:15 - 2012-04-03 12:43 - 2072112 ____A (Kaspersky Lab ZAO) C:\Users\peter\Desktop\TDSSKiller.exe
2012-04-03 21:11 - 2012-03-31 21:27 - 0000000 ____D C:\Users\peter\AppData\Local\VirtualStore
2012-04-03 21:10 - 2012-04-03 21:10 - 0388608 ____A (Trend Micro Inc.) C:\Users\peter\Desktop\HijackThis.exe
2012-04-02 23:49 - 2009-07-13 21:08 - 0006866 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-02 23:34 - 2012-04-02 23:34 - 0000000 ____D C:\Users\peter\AppData\Roaming\Google
2012-04-02 23:34 - 2012-04-02 23:34 - 0000000 ____D C:\Users\peter\AppData\Roaming\Adobe
2012-04-02 23:34 - 2012-03-31 21:24 - 0000000 ____D C:\Users\peter\AppData\LocalLow
2012-04-02 23:33 - 2009-07-13 19:20 - 0000000 __RHD C:\Users\Public\Libraries
2012-03-31 22:13 - 2012-03-31 22:15 - 0011453 ____A C:\Windows\ChangeLang_Done.tag
2012-03-31 22:13 - 2012-03-31 22:13 - 0000000 ____D C:\Windows\NAPP_Dism_Log
2012-03-31 22:12 - 2009-07-13 21:38 - 0025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2012-03-31 22:12 - 2009-07-13 21:32 - 0028672 ____A C:\Windows\System32\config\BCD-Template
2012-03-31 21:46 - 2012-03-31 21:25 - 0079152 ____A C:\Users\peter\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-31 21:44 - 2009-11-05 10:19 - 0013701 ____A C:\Windows\Patch.log
2012-03-31 21:44 - 2009-11-05 09:34 - 0000000 ___HD C:\OEM
2012-03-31 21:36 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Help
2012-03-31 21:33 - 2012-03-31 21:30 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-03-31 21:32 - 2012-03-31 21:32 - 0031362 ____A C:\Windows\DirectX.log
2012-03-31 21:32 - 2012-03-31 21:32 - 0000020 ____A C:\Windows\$˘B
2012-03-31 21:32 - 2012-03-31 21:32 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-03-31 21:31 - 2012-03-31 21:31 - 0000000 ____D C:\Program Files (x86)\Windows Live SkyDrive
2012-03-31 21:30 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-03-31 21:29 - 2012-03-31 21:29 - 0004886 ____A C:\Windows\DPINST.LOG
2012-03-31 21:29 - 2012-03-31 21:29 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_Apfiltr_01005.Wdf
2012-03-31 21:29 - 2012-03-31 21:29 - 0000000 ____D C:\Program Files\Apoint2K
2012-03-31 21:28 - 2012-03-31 21:28 - 0000000 ____D C:\Windows\SysWOW64\Atheros_L1e
2012-03-31 21:28 - 2009-11-05 09:43 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-03-31 21:28 - 2009-10-05 12:30 - 0000000 ___AD C:\Windows\DeployWinRE2
2012-03-31 21:28 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\restore
2012-03-31 21:27 - 2012-03-31 21:27 - 0000000 ___AD C:\book
2012-03-31 21:27 - 2012-03-31 21:27 - 0000000 ____D C:\Users\peter\AppData\Roaming\Macromedia
2012-03-31 21:27 - 2012-03-31 21:24 - 0000000 ____D C:\users\peter
2012-03-31 21:27 - 2009-11-05 09:50 - 0000287 ____A C:\Windows\preload.log
2012-03-31 21:27 - 2009-07-13 19:18 - 0000000 __SHD C:\$Recycle.Bin
2012-03-31 21:25 - 2012-03-31 21:25 - 0002609 ____A C:\Users\Public\Desktop\eBay.lnk
2012-03-31 21:25 - 2012-03-31 21:25 - 0002117 ____A C:\Users\Public\Desktop\Netflix.lnk
2012-03-31 21:25 - 2012-03-31 21:25 - 0000000 ____D C:\Users\Public\Symantec
2012-03-31 21:25 - 2012-03-31 21:25 - 0000000 ____D C:\Users\All Users\OEM_E471269A730D
2012-03-31 21:25 - 2012-03-31 21:25 - 0000000 ____D C:\ProgramData\OEM_E471269A730D
2012-03-31 21:25 - 2012-03-31 21:25 - 0000000 ____D C:\Program Files (x86)\OEM
2012-03-31 21:25 - 2009-11-05 10:08 - 0000000 ____D C:\Users\All Users\OEM
2012-03-31 21:25 - 2009-11-05 10:08 - 0000000 ____D C:\ProgramData\OEM
2012-03-31 21:25 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-03-31 21:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-03-31 21:24 - 2012-03-31 21:24 - 0014450 ____A C:\Windows\System32\results.xml
2012-03-31 21:24 - 2012-03-31 21:24 - 0000020 ___SH C:\Users\peter\ntuser.ini
2012-03-31 21:24 - 2012-03-31 21:24 - 0000000 __SHD C:\Users\peter\Templates
2012-03-31 21:24 - 2012-03-31 21:24 - 0000000 __SHD C:\Users\peter\Start Menu
2012-03-31 21:24 - 2012-03-31 21:24 - 0000000 __SHD C:\Users\peter\PrintHood
2012-03-31 21:24 - 2012-03-31 21:24 - 0000000 __SHD C:\Users\peter\NetHood
2012-03-31 21:24 - 2012-03-31 21:24 - 0000000 __SHD C:\Users\peter\My Documents
2012-03-31 21:24 - 2012-03-31 21:24 - 0000000 __SHD C:\Users\peter\Documents\My Videos
2012-03-31 21:24 - 2012-03-31 21:24 - 0000000 __SHD C:\Users\peter\Documents\My Pictures
2012-03-31 21:24 - 2012-03-31 21:24 - 0000000 __SHD C:\Users\peter\Documents\My Music
2012-03-31 21:24 - 2012-03-31 21:24 - 0000000 __SHD C:\Users\peter\AppData\Local\Temporary Internet Files
2012-03-31 21:24 - 2012-03-31 21:24 - 0000000 __SHD C:\Users\peter\AppData\Local\History
2012-03-31 21:24 - 2012-03-31 21:24 - 0000000 __SHD C:\Recovery
2012-03-31 21:24 - 2009-12-07 01:35 - 0000000 ____D C:\Windows\Panther
2012-03-31 21:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Recovery
2012-03-31 21:23 - 2009-07-13 21:01 - 0039252 ____A C:\Windows\SysWOW64\license.rtf
2012-03-31 21:23 - 2009-07-13 21:01 - 0039252 ____A C:\Windows\System32\license.rtf
2012-03-31 21:19 - 2009-11-05 09:57 - 0000006 ____A C:\Windows\System32\PLD_Framework.cmd
2012-03-31 21:18 - 2012-03-31 21:18 - 0000000 ____D C:\Windows\SysWOW64\x64
2012-03-31 21:18 - 2012-03-31 21:18 - 0000000 ____D C:\Windows\SysWOW64\Lang
2012-03-31 21:18 - 2009-11-05 09:39 - 0003540 ____A C:\Windows\TSSysprep.log
2012-03-31 21:18 - 2009-07-13 20:46 - 0002790 ____A C:\Windows\DtcInstall.log
2012-03-11 20:13 - 2012-03-11 20:13 - 0577824 ____A (COMODO) C:\Windows\System32\Drivers\cmdGuard.sys
2012-03-11 20:13 - 2012-03-11 20:13 - 0389840 ____A (COMODO) C:\Windows\System32\guard64.dll
2012-03-11 20:13 - 2012-03-11 20:13 - 0301224 ____A (COMODO) C:\Windows\SysWOW64\guard32.dll
2012-03-11 20:13 - 2012-03-11 20:13 - 0043248 ____A (COMODO) C:\Windows\System32\Drivers\cmdhlp.sys
2012-03-11 20:13 - 2012-03-11 20:13 - 0041200 ____A (COMODO) C:\Windows\System32\cmdcsr.dll
2012-03-11 20:13 - 2012-03-11 20:13 - 0022696 ____A (COMODO) C:\Windows\System32\Drivers\cmderd.sys
2012-03-06 15:15 - 2012-04-03 22:24 - 0258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-03-06 15:15 - 2012-04-03 22:23 - 0201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-03-06 15:15 - 2012-04-03 22:23 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-03-06 15:04 - 2012-04-03 22:24 - 0819032 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-03-06 15:04 - 2012-04-03 22:24 - 0337240 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-03-06 15:02 - 2012-04-03 22:24 - 0053080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-03-06 15:01 - 2012-04-03 22:24 - 0069976 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-03-06 15:01 - 2012-04-03 22:24 - 0059224 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-03-06 15:01 - 2012-04-03 22:24 - 0024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-02-23 08:18 - 2012-04-02 23:50 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-14 22:27 - 2012-04-02 23:47 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-14 21:44 - 2012-04-02 23:47 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-14 20:47 - 2012-04-02 23:47 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-14 20:46 - 2012-04-02 23:47 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-09 22:18 - 2012-04-03 00:11 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 22:17 - 2012-04-03 00:11 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-02-09 22:17 - 2012-04-03 00:11 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-02-09 22:17 - 2012-04-03 00:11 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-02-09 22:17 - 2012-04-03 00:11 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-02-09 21:41 - 2012-04-03 00:11 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-02-09 21:41 - 2012-04-03 00:11 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-09 21:41 - 2012-04-03 00:11 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-02-09 21:41 - 2012-04-03 00:11 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-02-09 21:41 - 2012-04-03 00:11 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-02-03 18:27 - 2012-02-03 18:27 - 0093200 ____A (COMODO) C:\Windows\System32\Drivers\inspect.sys
2012-02-02 20:16 - 2012-04-03 00:12 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-24 22:27 - 2012-04-02 23:47 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 22:27 - 2012-04-02 23:47 - 0076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 22:20 - 2012-04-02 23:47 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 20%
Total physical RAM: 3001.98 MB
Available physical RAM: 2383.9 MB
Total Pagefile: 3000.13 MB
Available Pagefile: 2372.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (eMachines) (Fixed) (Total:220.78 GB) (Free:189.02 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:12 GB) (Free:2.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: () (Removable) (Total:0.48 GB) (Free:0.34 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 488 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 12 GB 31 KB
Partition 2 Primary 101 MB 12 GB
Partition 3 Primary 220 GB 12 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 12 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 101 MB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C eMachines NTFS Partition 220 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 488 MB 116 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 488 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-03 23:28

======================= End Of Log ==========================

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:23 PM

Posted 08 April 2012 - 09:01 PM

Hello

that looks good the infection I was looking for is not active


Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Gemmy1082

Gemmy1082
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 08 April 2012 - 10:33 PM

So I ran combofix as told. I didn't experience any problems however the runtime was a bit long, but I think thats most likely normal. During the entire process my CPU was clocking in at 100% not sure if that matters at all.

The PC seems to be running well. As this PC is my brothers, I don't really know what is considered normal, however I have noticed that when it was given to me to fix, after some time, the CPU would constantly clock in at 100% usage. Never going down. Now its fluctuating up and down, but so far hasn't stayed constantly at 100% so I'm guessing so far so good.

anyways here's the log from ComboFix

ComboFix 12-04-08.01 - peter 04/08/2012 19:15:28.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3002.1473 [GMT -7:00]
Running from: c:\users\peter\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))
.
.
2012-04-09 02:53 . 2012-04-09 02:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-09 02:07 . 2012-03-20 10:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FDB8A957-E497-4565-9C67-9A34B2FA5346}\mpengine.dll
2012-04-08 20:06 . 2012-04-08 22:07 -------- d-----w- C:\FRST
2012-04-05 01:01 . 2012-04-05 01:01 -------- d-----w- c:\program files (x86)\SpywareBlaster
2012-04-05 00:58 . 2012-04-05 00:58 -------- d-----w- c:\programdata\CPA_VA
2012-04-05 00:54 . 2012-04-05 00:56 -------- d-----w- c:\programdata\Comodo
2012-04-05 00:54 . 2012-04-05 00:54 -------- d-----w- c:\program files\COMODO
2012-04-05 00:54 . 2012-04-05 00:58 -------- d-----w- c:\program files (x86)\Comodo
2012-04-05 00:54 . 2012-04-05 00:54 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-04-05 00:54 . 2012-04-05 00:54 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-04-05 00:54 . 2012-04-05 00:54 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2012-04-04 18:09 . 2012-04-04 18:09 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-04-04 06:24 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-04 06:24 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-04 06:24 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-04 06:24 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-04 06:24 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-04 06:24 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-04 06:24 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-04-04 06:23 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-04 06:23 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-04-04 06:23 . 2012-04-04 06:23 -------- d-----w- c:\programdata\AVAST Software
2012-04-04 06:23 . 2012-04-04 06:23 -------- d-----w- c:\program files\AVAST Software
2012-04-04 05:59 . 2012-04-04 05:59 -------- d-----w- c:\windows\SysWow64\Wat
2012-04-04 05:59 . 2012-04-04 05:59 -------- d-----w- c:\windows\system32\Wat
2012-04-04 05:43 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2012-04-04 05:43 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2012-04-04 05:34 . 2009-11-25 19:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-04-04 05:34 . 2009-11-25 19:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-04-04 05:34 . 2009-11-25 19:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-04-04 05:34 . 2009-11-25 19:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-04-04 05:34 . 2009-11-25 19:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-04-04 05:34 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-04-04 05:34 . 2009-11-25 19:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-04-04 05:34 . 2009-11-25 19:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-04-04 05:34 . 2009-11-25 19:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-04-04 05:34 . 2009-11-25 19:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-04-04 05:30 . 2012-04-04 05:30 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-04-04 05:20 . 2012-04-05 01:42 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-04 05:17 . 2012-04-04 05:17 -------- d-----w- c:\programdata\Malwarebytes
2012-04-04 05:17 . 2012-04-04 05:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-04 05:17 . 2011-12-10 22:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:15 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll
2012-04-03 08:15 . 2010-12-18 05:29 541184 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-04-03 08:13 . 2010-06-29 05:35 4582912 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2012-04-03 08:12 . 2009-09-03 07:36 1975296 ----a-w- c:\windows\system32\CertEnroll.dll
2012-04-03 08:12 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\SysWow64\CertEnroll.dll
2012-04-03 08:12 . 2012-02-03 04:16 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-04-03 08:12 . 2010-03-04 07:57 2080256 ----a-w- c:\program files\Windows Mail\msoe.dll
2012-04-03 08:12 . 2010-03-04 07:33 1619968 ----a-w- c:\program files (x86)\Windows Mail\msoe.dll
2012-04-03 08:12 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-04-03 08:10 . 2010-06-19 06:53 52224 ----a-w- c:\windows\system32\rtutils.dll
2012-04-03 08:09 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-04-03 08:08 . 2010-06-08 06:02 1233920 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-04-03 08:08 . 2010-06-08 05:36 1877504 ----a-w- c:\windows\system32\msxml3.dll
2012-04-03 08:08 . 2011-02-05 12:39 603976 ----a-w- c:\windows\system32\winload.exe
2012-04-03 08:08 . 2011-02-05 12:39 518160 ----a-w- c:\windows\system32\winresume.exe
2012-04-03 08:08 . 2011-02-05 12:41 556928 ----a-w- c:\windows\system32\winresume.efi
2012-04-03 08:08 . 2011-02-05 12:41 640896 ----a-w- c:\windows\system32\winload.efi
2012-04-03 08:08 . 2011-02-05 12:41 20352 ----a-w- c:\windows\system32\kdusb.dll
2012-04-03 08:08 . 2011-02-05 12:41 19328 ----a-w- c:\windows\system32\kd1394.dll
2012-04-03 08:08 . 2011-02-05 12:41 17792 ----a-w- c:\windows\system32\kdcom.dll
2012-04-03 08:08 . 2010-08-31 04:32 954752 ----a-w- c:\windows\SysWow64\mfc40.dll
2012-04-03 08:08 . 2010-08-31 04:32 954288 ----a-w- c:\windows\SysWow64\mfc40u.dll
2012-04-03 08:06 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2012-04-03 08:06 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-04-03 08:06 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2012-04-03 08:06 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-04-03 08:06 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-04-03 08:06 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-04-03 08:06 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-04-03 08:06 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2012-04-03 08:06 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-04-03 08:06 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-04-03 08:06 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-04-03 08:06 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-04-03 07:52 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
2012-04-03 07:52 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2012-04-03 07:51 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-04-03 07:51 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-04-03 07:51 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-03 07:51 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-03 07:51 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-03 07:50 . 2012-02-23 16:18 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-04-01 06:13 . 2012-04-01 06:13 -------- d-----w- c:\windows\NAPP_Dism_Log
2012-04-01 05:32 . 2006-11-29 20:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-04-01 05:32 . 2006-11-29 20:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2012-04-01 05:32 . 2012-04-01 05:32 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-04-01 05:31 . 2012-04-01 05:31 -------- d-----w- c:\program files (x86)\Microsoft
2012-04-01 05:31 . 2012-04-01 05:31 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
2012-04-01 05:30 . 2012-04-01 05:33 -------- d-----w- c:\program files (x86)\Windows Live
2012-04-01 05:30 . 2012-04-01 05:30 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2012-04-01 05:29 . 2012-04-01 05:29 -------- d-----w- c:\program files\Apoint2K
2012-04-01 05:29 . 2009-05-08 06:47 98816 ----a-w- c:\windows\system32\Vxdif.dll
2012-04-01 05:29 . 2009-06-15 10:03 245296 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2012-04-01 05:29 . 2006-11-02 00:04 1919968 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2012-04-01 05:28 . 2012-04-01 05:28 -------- d-----w- c:\windows\SysWow64\Atheros_L1e
2012-04-01 05:27 . 2012-04-01 05:27 -------- d---a-w- C:\book
2012-04-01 05:25 . 2012-04-01 05:25 -------- d-----w- c:\program files (x86)\OEM
2012-04-01 05:25 . 2012-04-01 05:25 -------- d-----w- c:\users\Public\Symantec
2012-04-01 05:25 . 2012-04-01 05:25 -------- d-----w- c:\programdata\OEM_E471269A730D
2012-04-01 05:24 . 2012-04-01 05:27 -------- d-----w- c:\users\peter
2012-04-01 05:24 . 2012-04-01 05:24 -------- d-----w- C:\Recovery
2012-04-01 05:18 . 2012-04-01 05:18 -------- d-----w- c:\windows\SysWow64\x64
2012-04-01 05:18 . 2012-04-01 05:18 -------- d-----w- c:\windows\SysWow64\Lang
2012-04-01 05:18 . 2010-08-26 02:45 948760 ----a-w- c:\windows\SysWow64\igxpun.exe
2012-03-12 04:13 . 2012-03-12 04:13 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-12 04:13 . 2012-03-12 04:13 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-12 04:13 . 2012-03-12 04:13 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-12 04:13 . 2012-03-12 04:13 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-12 04:13 . 2012-03-12 04:13 301224 ----a-w- c:\windows\SysWow64\guard32.dll
2012-03-12 04:13 . 2012-03-12 04:13 389840 ----a-w- c:\windows\system32\guard64.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-01 05:19 . 2009-11-05 17:57 6 ----a-w- c:\windows\system32\PLD_Framework.cmd
2012-02-04 02:27 . 2012-02-04 02:27 93200 ----a-w- c:\windows\system32\drivers\inspect.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-11-05 18:10 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-05 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-04 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-04 136176]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2009-11-05 332272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-04 06:24]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-04 06:24]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-11-05 18:10 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2009-09-30 823840]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-06-11 301056]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-12 9569096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.prospector.metrolist.net/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=e525&r=273603120715l03e4z125r49722343
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\hteo6244.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2012-04-08 20:21:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-09 03:21
.
Pre-Run: 202,731,601,920 bytes free
Post-Run: 202,032,472,064 bytes free
.
- - End Of File - - EF269DCD65CE961CB29A6A535A9394D7

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:23 PM

Posted 08 April 2012 - 10:35 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Gemmy1082

Gemmy1082
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 08 April 2012 - 10:56 PM

The log from TDSSKiller:
20:42:47.0844 4812 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
20:42:48.0374 4812 ============================================================
20:42:48.0374 4812 Current date / time: 2012/04/08 20:42:48.0374
20:42:48.0374 4812 SystemInfo:
20:42:48.0374 4812
20:42:48.0374 4812 OS Version: 6.1.7600 ServicePack: 0.0
20:42:48.0374 4812 Product type: Workstation
20:42:48.0374 4812 ComputerName: PETER-PC
20:42:48.0374 4812 UserName: peter
20:42:48.0374 4812 Windows directory: C:\Windows
20:42:48.0374 4812 System windows directory: C:\Windows
20:42:48.0374 4812 Running under WOW64
20:42:48.0374 4812 Processor architecture: Intel x64
20:42:48.0374 4812 Number of processors: 1
20:42:48.0374 4812 Page size: 0x1000
20:42:48.0374 4812 Boot type: Normal boot
20:42:48.0374 4812 ============================================================
20:42:48.0936 4812 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:42:48.0936 4812 Drive \Device\Harddisk1\DR1 - Size: 0x1E8BE000 (0.48 Gb), SectorSize: 0x200, Cylinders: 0x3E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:42:48.0936 4812 \Device\Harddisk0\DR0:
20:42:48.0936 4812 MBR used
20:42:48.0936 4812 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD
20:42:48.0936 4812 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x1B990244
20:42:48.0936 4812 \Device\Harddisk1\DR1:
20:42:48.0936 4812 MBR used
20:42:48.0936 4812 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0xE9, BlocksNum 0xF4117
20:42:48.0967 4812 Initialize success
20:42:48.0967 4812 ============================================================
20:43:03.0179 4180 ============================================================
20:43:03.0179 4180 Scan started
20:43:03.0179 4180 Mode: Manual;
20:43:03.0179 4180 ============================================================
20:43:04.0317 4180 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
20:43:04.0333 4180 1394ohci - ok
20:43:04.0692 4180 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
20:43:04.0692 4180 ACPI - ok
20:43:05.0035 4180 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
20:43:05.0035 4180 AcpiPmi - ok
20:43:05.0394 4180 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:43:05.0409 4180 adp94xx - ok
20:43:05.0768 4180 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:43:05.0784 4180 adpahci - ok
20:43:06.0158 4180 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:43:06.0174 4180 adpu320 - ok
20:43:06.0486 4180 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:43:06.0486 4180 AeLookupSvc - ok
20:43:06.0829 4180 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
20:43:06.0845 4180 AFD - ok
20:43:07.0172 4180 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
20:43:07.0188 4180 agp440 - ok
20:43:07.0453 4180 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:43:07.0453 4180 ALG - ok
20:43:07.0827 4180 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
20:43:07.0843 4180 aliide - ok
20:43:08.0186 4180 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
20:43:08.0186 4180 amdide - ok
20:43:08.0529 4180 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:43:08.0529 4180 AmdK8 - ok
20:43:08.0904 4180 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:43:08.0904 4180 AmdPPM - ok
20:43:09.0263 4180 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
20:43:09.0263 4180 amdsata - ok
20:43:09.0653 4180 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:43:09.0653 4180 amdsbs - ok
20:43:10.0011 4180 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
20:43:10.0011 4180 amdxata - ok
20:43:10.0370 4180 ApfiltrService (c79c86a0395689045710e24d64e5e086) C:\Windows\system32\DRIVERS\Apfiltr.sys
20:43:10.0370 4180 ApfiltrService - ok
20:43:10.0729 4180 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
20:43:10.0729 4180 AppID - ok
20:43:10.0979 4180 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:43:10.0994 4180 AppIDSvc - ok
20:43:11.0259 4180 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
20:43:11.0259 4180 Appinfo - ok
20:43:11.0665 4180 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:43:11.0665 4180 arc - ok
20:43:12.0024 4180 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:43:12.0024 4180 arcsas - ok
20:43:12.0383 4180 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
20:43:12.0398 4180 aswFsBlk - ok
20:43:12.0757 4180 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
20:43:12.0773 4180 aswMonFlt - ok
20:43:13.0147 4180 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
20:43:13.0147 4180 aswRdr - ok
20:43:13.0553 4180 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
20:43:13.0553 4180 aswSnx - ok
20:43:13.0896 4180 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
20:43:13.0911 4180 aswSP - ok
20:43:14.0255 4180 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
20:43:14.0270 4180 aswTdi - ok
20:43:14.0629 4180 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:43:14.0629 4180 AsyncMac - ok
20:43:15.0003 4180 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
20:43:15.0003 4180 atapi - ok
20:43:15.0284 4180 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
20:43:15.0300 4180 AudioEndpointBuilder - ok
20:43:15.0315 4180 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
20:43:15.0315 4180 AudioSrv - ok
20:43:15.0456 4180 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:43:15.0456 4180 avast! Antivirus - ok
20:43:15.0752 4180 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
20:43:15.0752 4180 AxInstSV - ok
20:43:16.0111 4180 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:43:16.0111 4180 b06bdrv - ok
20:43:16.0485 4180 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:43:16.0485 4180 b57nd60a - ok
20:43:16.0907 4180 BCM43XX (b44879610f2dc4a046b14befa3ae72de) C:\Windows\system32\DRIVERS\bcmwl664.sys
20:43:16.0985 4180 BCM43XX - ok
20:43:17.0219 4180 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:43:17.0219 4180 BDESVC - ok
20:43:17.0562 4180 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:43:17.0562 4180 Beep - ok
20:43:17.0843 4180 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
20:43:17.0858 4180 BFE - ok
20:43:18.0123 4180 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
20:43:18.0139 4180 BITS - ok
20:43:18.0482 4180 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:43:18.0482 4180 blbdrive - ok
20:43:18.0841 4180 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
20:43:18.0841 4180 bowser - ok
20:43:19.0184 4180 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:43:19.0184 4180 BrFiltLo - ok
20:43:19.0512 4180 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:43:19.0512 4180 BrFiltUp - ok
20:43:19.0886 4180 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:43:19.0886 4180 BridgeMP - ok
20:43:20.0151 4180 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
20:43:20.0151 4180 Browser - ok
20:43:20.0510 4180 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:43:20.0510 4180 Brserid - ok
20:43:20.0853 4180 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:43:20.0853 4180 BrSerWdm - ok
20:43:21.0212 4180 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:43:21.0212 4180 BrUsbMdm - ok
20:43:21.0540 4180 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:43:21.0540 4180 BrUsbSer - ok
20:43:21.0883 4180 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:43:21.0883 4180 BTHMODEM - ok
20:43:22.0148 4180 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:43:22.0148 4180 bthserv - ok
20:43:22.0491 4180 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:43:22.0507 4180 cdfs - ok
20:43:22.0866 4180 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
20:43:22.0866 4180 cdrom - ok
20:43:23.0147 4180 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
20:43:23.0147 4180 CertPropSvc - ok
20:43:23.0490 4180 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:43:23.0490 4180 circlass - ok
20:43:23.0739 4180 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:43:23.0755 4180 CLFS - ok
20:43:23.0911 4180 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:43:23.0911 4180 clr_optimization_v2.0.50727_32 - ok
20:43:24.0114 4180 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:43:24.0114 4180 clr_optimization_v2.0.50727_64 - ok
20:43:24.0488 4180 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:43:24.0488 4180 CmBatt - ok
20:43:24.0644 4180 cmdAgent (cee48ccc4d561ddb19c72f9fb55d28d5) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
20:43:24.0707 4180 cmdAgent - ok
20:43:25.0065 4180 cmdGuard (0599d5a458d4e0e37ab84e9d1c5c73e5) C:\Windows\system32\DRIVERS\cmdguard.sys
20:43:25.0065 4180 cmdGuard - ok
20:43:25.0409 4180 cmdHlp (2d3e08c7106f748f9eff3dec14142d3e) C:\Windows\system32\DRIVERS\cmdhlp.sys
20:43:25.0409 4180 cmdHlp - ok
20:43:25.0752 4180 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
20:43:25.0752 4180 cmdide - ok
20:43:26.0095 4180 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
20:43:26.0111 4180 CNG - ok
20:43:26.0454 4180 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:43:26.0454 4180 Compbatt - ok
20:43:26.0828 4180 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:43:26.0828 4180 CompositeBus - ok
20:43:27.0078 4180 COMSysApp - ok
20:43:27.0437 4180 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:43:27.0437 4180 crcdisk - ok
20:43:27.0717 4180 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
20:43:27.0717 4180 CryptSvc - ok
20:43:27.0983 4180 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
20:43:27.0998 4180 DcomLaunch - ok
20:43:28.0248 4180 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:43:28.0248 4180 defragsvc - ok
20:43:28.0607 4180 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
20:43:28.0607 4180 DfsC - ok
20:43:28.0887 4180 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
20:43:28.0887 4180 Dhcp - ok
20:43:29.0231 4180 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:43:29.0231 4180 discache - ok
20:43:29.0589 4180 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:43:29.0589 4180 Disk - ok
20:43:29.0870 4180 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\SysWOW64\Drivers\DKbFltr.sys
20:43:29.0870 4180 DKbFltr - ok
20:43:30.0151 4180 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
20:43:30.0151 4180 Dnscache - ok
20:43:30.0416 4180 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
20:43:30.0416 4180 dot3svc - ok
20:43:30.0666 4180 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
20:43:30.0681 4180 DPS - ok
20:43:31.0025 4180 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:43:31.0025 4180 drmkaud - ok
20:43:31.0399 4180 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
20:43:31.0399 4180 DXGKrnl - ok
20:43:31.0664 4180 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:43:31.0664 4180 EapHost - ok
20:43:32.0070 4180 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:43:32.0148 4180 ebdrv - ok
20:43:32.0413 4180 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
20:43:32.0413 4180 EFS - ok
20:43:32.0600 4180 ehRecvr (b91d81b3b54a54ccafc03733dbc2e29e) C:\Windows\ehome\ehRecvr.exe
20:43:32.0616 4180 ehRecvr - ok
20:43:32.0756 4180 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:43:32.0772 4180 ehSched - ok
20:43:33.0115 4180 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:43:33.0115 4180 elxstor - ok
20:43:33.0224 4180 ePowerSvc (fb67aa8ac61b9365add546139a21bed6) C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
20:43:33.0240 4180 ePowerSvc - ok
20:43:33.0583 4180 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
20:43:33.0583 4180 ErrDev - ok
20:43:33.0879 4180 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:43:33.0879 4180 EventSystem - ok
20:43:34.0238 4180 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:43:34.0238 4180 exfat - ok
20:43:34.0581 4180 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:43:34.0597 4180 fastfat - ok
20:43:34.0878 4180 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
20:43:34.0893 4180 Fax - ok
20:43:35.0221 4180 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:43:35.0221 4180 fdc - ok
20:43:35.0502 4180 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:43:35.0502 4180 fdPHost - ok
20:43:35.0783 4180 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:43:35.0783 4180 FDResPub - ok
20:43:36.0141 4180 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:43:36.0157 4180 FileInfo - ok
20:43:36.0500 4180 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:43:36.0500 4180 Filetrace - ok
20:43:36.0953 4180 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:43:36.0953 4180 flpydisk - ok
20:43:37.0312 4180 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
20:43:37.0312 4180 FltMgr - ok
20:43:37.0592 4180 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
20:43:37.0608 4180 FontCache - ok
20:43:37.0733 4180 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:43:37.0748 4180 FontCache3.0.0.0 - ok
20:43:38.0029 4180 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:43:38.0029 4180 FsDepends - ok
20:43:38.0419 4180 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:43:38.0419 4180 Fs_Rec - ok
20:43:38.0778 4180 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
20:43:38.0778 4180 fvevol - ok
20:43:39.0137 4180 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:43:39.0137 4180 gagp30kx - ok
20:43:39.0230 4180 GameConsoleService (c44d560e441f091ea3b72f778ec60de2) C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
20:43:39.0230 4180 GameConsoleService - ok
20:43:39.0511 4180 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
20:43:39.0527 4180 gpsvc - ok
20:43:39.0636 4180 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
20:43:39.0636 4180 Greg_Service - ok
20:43:39.0776 4180 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:43:39.0776 4180 gupdate - ok
20:43:39.0839 4180 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:43:39.0839 4180 gupdatem - ok
20:43:39.0948 4180 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:43:39.0948 4180 gusvc - ok
20:43:40.0291 4180 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:43:40.0291 4180 hcw85cir - ok
20:43:40.0681 4180 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
20:43:40.0681 4180 HdAudAddService - ok
20:43:41.0056 4180 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:43:41.0056 4180 HDAudBus - ok
20:43:41.0414 4180 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:43:41.0414 4180 HidBatt - ok
20:43:41.0758 4180 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:43:41.0758 4180 HidBth - ok
20:43:42.0101 4180 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:43:42.0101 4180 HidIr - ok
20:43:42.0335 4180 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
20:43:42.0350 4180 hidserv - ok
20:43:42.0725 4180 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
20:43:42.0725 4180 HidUsb - ok
20:43:42.0974 4180 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
20:43:42.0990 4180 hkmsvc - ok
20:43:43.0224 4180 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
20:43:43.0240 4180 HomeGroupListener - ok
20:43:43.0505 4180 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
20:43:43.0505 4180 HomeGroupProvider - ok
20:43:43.0848 4180 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:43:43.0848 4180 HpSAMD - ok
20:43:44.0207 4180 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
20:43:44.0207 4180 HTTP - ok
20:43:44.0566 4180 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
20:43:44.0566 4180 hwpolicy - ok
20:43:44.0924 4180 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:43:44.0924 4180 i8042prt - ok
20:43:45.0065 4180 IAANTMON (660bf3255a1eb18ed803fd2fba6ae400) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
20:43:45.0065 4180 IAANTMON - ok
20:43:45.0424 4180 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
20:43:45.0424 4180 iaStor - ok
20:43:45.0782 4180 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
20:43:45.0798 4180 iaStorV - ok
20:43:45.0954 4180 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:43:45.0970 4180 idsvc - ok
20:43:46.0578 4180 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:43:46.0812 4180 igfx - ok
20:43:47.0155 4180 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:43:47.0171 4180 iirsp - ok
20:43:47.0436 4180 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
20:43:47.0452 4180 IKEEXT - ok
20:43:47.0810 4180 inspect (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys
20:43:47.0810 4180 inspect - ok
20:43:48.0232 4180 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\Windows\system32\drivers\RTKVHD64.sys
20:43:48.0263 4180 IntcAzAudAddService - ok
20:43:48.0590 4180 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
20:43:48.0590 4180 intelide - ok
20:43:48.0980 4180 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:43:48.0980 4180 intelppm - ok
20:43:49.0246 4180 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:43:49.0246 4180 IPBusEnum - ok
20:43:49.0589 4180 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:43:49.0589 4180 IpFilterDriver - ok
20:43:49.0854 4180 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
20:43:49.0870 4180 iphlpsvc - ok
20:43:50.0197 4180 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:43:50.0197 4180 IPMIDRV - ok
20:43:50.0540 4180 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:43:50.0556 4180 IPNAT - ok
20:43:50.0930 4180 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:43:50.0946 4180 IRENUM - ok
20:43:51.0305 4180 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
20:43:51.0305 4180 isapnp - ok
20:43:51.0648 4180 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
20:43:51.0664 4180 iScsiPrt - ok
20:43:52.0022 4180 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:43:52.0022 4180 kbdclass - ok
20:43:52.0381 4180 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
20:43:52.0381 4180 kbdhid - ok
20:43:52.0646 4180 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:43:52.0662 4180 KeyIso - ok
20:43:53.0005 4180 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
20:43:53.0005 4180 KSecDD - ok
20:43:53.0364 4180 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
20:43:53.0364 4180 KSecPkg - ok
20:43:53.0723 4180 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:43:53.0723 4180 ksthunk - ok
20:43:53.0972 4180 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:43:53.0988 4180 KtmRm - ok
20:43:54.0347 4180 L1C (2377ec4cc3e356655b996f39b43486b6) C:\Windows\system32\DRIVERS\L1C62x64.sys
20:43:54.0347 4180 L1C - ok
20:43:54.0643 4180 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
20:43:54.0659 4180 LanmanServer - ok
20:43:54.0924 4180 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
20:43:54.0924 4180 LanmanWorkstation - ok
20:43:55.0283 4180 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:43:55.0298 4180 lltdio - ok
20:43:55.0548 4180 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:43:55.0548 4180 lltdsvc - ok
20:43:55.0813 4180 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:43:55.0813 4180 lmhosts - ok
20:43:56.0188 4180 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:43:56.0188 4180 LSI_FC - ok
20:43:56.0531 4180 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:43:56.0531 4180 LSI_SAS - ok
20:43:56.0905 4180 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:43:56.0905 4180 LSI_SAS2 - ok
20:43:57.0264 4180 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:43:57.0264 4180 LSI_SCSI - ok
20:43:57.0607 4180 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:43:57.0623 4180 luafv - ok
20:43:57.0872 4180 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
20:43:57.0888 4180 Mcx2Svc - ok
20:43:58.0231 4180 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:43:58.0231 4180 megasas - ok
20:43:58.0574 4180 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:43:58.0590 4180 MegaSR - ok
20:43:58.0855 4180 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:43:58.0855 4180 MMCSS - ok
20:43:59.0198 4180 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:43:59.0198 4180 Modem - ok
20:43:59.0573 4180 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:43:59.0573 4180 monitor - ok
20:43:59.0932 4180 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:43:59.0932 4180 mouclass - ok
20:44:00.0306 4180 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:44:00.0306 4180 mouhid - ok
20:44:00.0680 4180 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
20:44:00.0680 4180 mountmgr - ok
20:44:01.0024 4180 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
20:44:01.0024 4180 mpio - ok
20:44:01.0367 4180 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:44:01.0367 4180 mpsdrv - ok
20:44:01.0648 4180 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
20:44:01.0648 4180 MpsSvc - ok
20:44:01.0991 4180 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
20:44:01.0991 4180 MRxDAV - ok
20:44:02.0350 4180 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:44:02.0350 4180 mrxsmb - ok
20:44:02.0724 4180 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:44:02.0740 4180 mrxsmb10 - ok
20:44:03.0083 4180 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:44:03.0083 4180 mrxsmb20 - ok
20:44:03.0442 4180 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
20:44:03.0442 4180 msahci - ok
20:44:03.0800 4180 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
20:44:03.0800 4180 msdsm - ok
20:44:04.0066 4180 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:44:04.0066 4180 MSDTC - ok
20:44:04.0409 4180 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:44:04.0424 4180 Msfs - ok
20:44:04.0783 4180 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:44:04.0783 4180 mshidkmdf - ok
20:44:05.0111 4180 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
20:44:05.0111 4180 msisadrv - ok
20:44:05.0376 4180 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:44:05.0392 4180 MSiSCSI - ok
20:44:05.0610 4180 msiserver - ok
20:44:05.0969 4180 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:44:05.0969 4180 MSKSSRV - ok
20:44:06.0328 4180 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:44:06.0328 4180 MSPCLOCK - ok
20:44:06.0686 4180 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:44:06.0686 4180 MSPQM - ok
20:44:07.0061 4180 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
20:44:07.0061 4180 MsRPC - ok
20:44:07.0451 4180 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:44:07.0451 4180 mssmbios - ok
20:44:07.0825 4180 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:44:07.0825 4180 MSTEE - ok
20:44:08.0168 4180 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:44:08.0168 4180 MTConfig - ok
20:44:08.0527 4180 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:44:08.0527 4180 Mup - ok
20:44:08.0808 4180 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
20:44:08.0824 4180 napagent - ok
20:44:09.0182 4180 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:44:09.0182 4180 NativeWifiP - ok
20:44:09.0572 4180 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
20:44:09.0588 4180 NDIS - ok
20:44:09.0931 4180 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:44:09.0931 4180 NdisCap - ok
20:44:10.0290 4180 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:44:10.0290 4180 NdisTapi - ok
20:44:10.0649 4180 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
20:44:10.0649 4180 Ndisuio - ok
20:44:11.0008 4180 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:44:11.0008 4180 NdisWan - ok
20:44:11.0335 4180 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
20:44:11.0335 4180 NDProxy - ok
20:44:11.0756 4180 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:44:11.0756 4180 NetBIOS - ok
20:44:12.0100 4180 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
20:44:12.0100 4180 NetBT - ok
20:44:12.0365 4180 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:44:12.0365 4180 Netlogon - ok
20:44:12.0692 4180 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:44:12.0708 4180 Netman - ok
20:44:12.0973 4180 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:44:12.0973 4180 netprofm - ok
20:44:13.0129 4180 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:44:13.0129 4180 NetTcpPortSharing - ok
20:44:13.0410 4180 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:44:13.0410 4180 nfrd960 - ok
20:44:13.0675 4180 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
20:44:13.0675 4180 NlaSvc - ok
20:44:14.0034 4180 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:44:14.0034 4180 Npfs - ok
20:44:14.0284 4180 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:44:14.0299 4180 nsi - ok
20:44:14.0658 4180 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:44:14.0658 4180 nsiproxy - ok
20:44:15.0048 4180 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
20:44:15.0064 4180 Ntfs - ok
20:44:15.0251 4180 NTIBackupSvc (fd324cce1d4d5bb5af65f8e55b462c7e) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
20:44:15.0251 4180 NTIBackupSvc - ok
20:44:15.0610 4180 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
20:44:15.0610 4180 NTIDrvr - ok
20:44:15.0781 4180 NTISchedulerSvc (3f6268a2ec33cd38cf75c880af8ded42) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
20:44:15.0797 4180 NTISchedulerSvc - ok
20:44:16.0140 4180 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:44:16.0140 4180 Null - ok
20:44:16.0483 4180 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
20:44:16.0499 4180 nvraid - ok
20:44:16.0842 4180 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
20:44:16.0842 4180 nvstor - ok
20:44:17.0201 4180 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
20:44:17.0216 4180 nv_agp - ok
20:44:17.0310 4180 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:44:17.0326 4180 odserv - ok
20:44:17.0653 4180 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
20:44:17.0653 4180 ohci1394 - ok
20:44:17.0731 4180 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:44:17.0731 4180 ose - ok
20:44:17.0996 4180 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:44:18.0012 4180 p2pimsvc - ok
20:44:18.0277 4180 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:44:18.0277 4180 p2psvc - ok
20:44:18.0636 4180 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:44:18.0636 4180 Parport - ok
20:44:18.0979 4180 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
20:44:18.0979 4180 partmgr - ok
20:44:19.0042 4180 Partner Service (9665402b7fa59302d520ad845ddfc026) C:\ProgramData\Partner\Partner.exe
20:44:19.0042 4180 Partner Service - ok
20:44:19.0322 4180 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:44:19.0322 4180 PcaSvc - ok
20:44:19.0666 4180 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
20:44:19.0681 4180 pci - ok
20:44:20.0009 4180 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
20:44:20.0009 4180 pciide - ok
20:44:20.0368 4180 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:44:20.0368 4180 pcmcia - ok
20:44:20.0726 4180 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:44:20.0726 4180 pcw - ok
20:44:21.0085 4180 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:44:21.0101 4180 PEAUTH - ok
20:44:21.0350 4180 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:44:21.0350 4180 PerfHost - ok
20:44:21.0662 4180 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
20:44:21.0678 4180 pla - ok
20:44:21.0959 4180 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
20:44:21.0959 4180 PlugPlay - ok
20:44:22.0240 4180 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:44:22.0240 4180 PNRPAutoReg - ok
20:44:22.0505 4180 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:44:22.0505 4180 PNRPsvc - ok
20:44:22.0770 4180 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
20:44:22.0786 4180 PolicyAgent - ok
20:44:23.0051 4180 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:44:23.0051 4180 Power - ok
20:44:23.0394 4180 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
20:44:23.0410 4180 PptpMiniport - ok
20:44:23.0753 4180 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:44:23.0753 4180 Processor - ok
20:44:24.0018 4180 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
20:44:24.0018 4180 ProfSvc - ok
20:44:24.0283 4180 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:44:24.0299 4180 ProtectedStorage - ok
20:44:24.0658 4180 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
20:44:24.0658 4180 Psched - ok
20:44:25.0032 4180 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:44:25.0063 4180 ql2300 - ok
20:44:25.0391 4180 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:44:25.0391 4180 ql40xx - ok
20:44:25.0656 4180 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:44:25.0672 4180 QWAVE - ok
20:44:25.0999 4180 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:44:25.0999 4180 QWAVEdrv - ok
20:44:26.0342 4180 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:44:26.0342 4180 RasAcd - ok
20:44:26.0732 4180 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:44:26.0732 4180 RasAgileVpn - ok
20:44:26.0998 4180 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:44:27.0013 4180 RasAuto - ok
20:44:27.0356 4180 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:44:27.0356 4180 Rasl2tp - ok
20:44:27.0622 4180 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
20:44:27.0637 4180 RasMan - ok
20:44:27.0996 4180 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:44:27.0996 4180 RasPppoe - ok
20:44:28.0355 4180 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:44:28.0355 4180 RasSstp - ok
20:44:28.0714 4180 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
20:44:28.0714 4180 rdbss - ok
20:44:29.0057 4180 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:44:29.0072 4180 rdpbus - ok
20:44:29.0416 4180 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:44:29.0416 4180 RDPCDD - ok
20:44:29.0774 4180 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:44:29.0774 4180 RDPENCDD - ok
20:44:30.0133 4180 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:44:30.0133 4180 RDPREFMP - ok
20:44:30.0492 4180 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
20:44:30.0492 4180 RDPWD - ok
20:44:30.0866 4180 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
20:44:30.0866 4180 rdyboost - ok
20:44:31.0132 4180 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:44:31.0132 4180 RemoteAccess - ok
20:44:31.0397 4180 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:44:31.0397 4180 RemoteRegistry - ok
20:44:31.0678 4180 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:44:31.0678 4180 RpcEptMapper - ok
20:44:31.0927 4180 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:44:31.0927 4180 RpcLocator - ok
20:44:32.0208 4180 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
20:44:32.0224 4180 RpcSs - ok
20:44:32.0567 4180 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:44:32.0567 4180 rspndr - ok
20:44:32.0941 4180 RSUSBSTOR (db30aa4daa0d492fa5d7717d8181ffa1) C:\Windows\system32\Drivers\RtsUStor.sys
20:44:32.0941 4180 RSUSBSTOR - ok
20:44:33.0206 4180 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:44:33.0222 4180 SamSs - ok
20:44:33.0565 4180 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
20:44:33.0565 4180 sbp2port - ok
20:44:33.0830 4180 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:44:33.0846 4180 SCardSvr - ok
20:44:34.0189 4180 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
20:44:34.0189 4180 scfilter - ok
20:44:34.0470 4180 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
20:44:34.0486 4180 Schedule - ok
20:44:34.0751 4180 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
20:44:34.0751 4180 SCPolicySvc - ok
20:44:35.0063 4180 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
20:44:35.0078 4180 SDRSVC - ok
20:44:35.0437 4180 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:44:35.0437 4180 secdrv - ok
20:44:35.0687 4180 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
20:44:35.0687 4180 seclogon - ok
20:44:35.0952 4180 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
20:44:35.0952 4180 SENS - ok
20:44:36.0217 4180 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:44:36.0217 4180 SensrSvc - ok
20:44:36.0560 4180 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:44:36.0560 4180 Serenum - ok
20:44:36.0935 4180 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:44:36.0935 4180 Serial - ok
20:44:37.0325 4180 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:44:37.0325 4180 sermouse - ok
20:44:37.0606 4180 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
20:44:37.0606 4180 SessionEnv - ok
20:44:37.0949 4180 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
20:44:37.0964 4180 sffdisk - ok
20:44:38.0308 4180 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:44:38.0308 4180 sffp_mmc - ok
20:44:38.0651 4180 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:44:38.0651 4180 sffp_sd - ok
20:44:39.0010 4180 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:44:39.0025 4180 sfloppy - ok
20:44:39.0306 4180 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:44:39.0322 4180 SharedAccess - ok
20:44:39.0571 4180 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
20:44:39.0571 4180 ShellHWDetection - ok
20:44:39.0930 4180 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:44:39.0930 4180 SiSRaid2 - ok
20:44:40.0289 4180 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:44:40.0289 4180 SiSRaid4 - ok
20:44:40.0648 4180 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:44:40.0648 4180 Smb - ok
20:44:40.0928 4180 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:44:40.0928 4180 SNMPTRAP - ok
20:44:41.0287 4180 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:44:41.0287 4180 spldr - ok
20:44:41.0615 4180 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
20:44:41.0630 4180 Spooler - ok
20:44:41.0942 4180 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
20:44:42.0052 4180 sppsvc - ok
20:44:42.0301 4180 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:44:42.0317 4180 sppuinotify - ok
20:44:42.0676 4180 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
20:44:42.0691 4180 srv - ok
20:44:43.0034 4180 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
20:44:43.0034 4180 srv2 - ok
20:44:43.0393 4180 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
20:44:43.0409 4180 srvnet - ok
20:44:43.0674 4180 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:44:43.0690 4180 SSDPSRV - ok
20:44:43.0955 4180 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:44:43.0970 4180 SstpSvc - ok
20:44:44.0329 4180 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:44:44.0329 4180 stexstor - ok
20:44:44.0626 4180 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
20:44:44.0641 4180 stisvc - ok
20:44:44.0984 4180 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:44:44.0984 4180 swenum - ok
20:44:45.0250 4180 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:44:45.0265 4180 swprv - ok
20:44:45.0530 4180 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
20:44:45.0562 4180 SysMain - ok
20:44:45.0811 4180 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
20:44:45.0811 4180 TabletInputService - ok
20:44:46.0061 4180 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
20:44:46.0076 4180 TapiSrv - ok
20:44:46.0310 4180 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:44:46.0326 4180 TBS - ok
20:44:46.0716 4180 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
20:44:46.0747 4180 Tcpip - ok
20:44:47.0153 4180 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
20:44:47.0168 4180 TCPIP6 - ok
20:44:47.0543 4180 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
20:44:47.0543 4180 tcpipreg - ok
20:44:47.0917 4180 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:44:47.0917 4180 TDPIPE - ok
20:44:48.0276 4180 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
20:44:48.0276 4180 TDTCP - ok
20:44:48.0635 4180 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
20:44:48.0635 4180 tdx - ok
20:44:48.0994 4180 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
20:44:48.0994 4180 TermDD - ok
20:44:49.0274 4180 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
20:44:49.0290 4180 TermService - ok
20:44:49.0540 4180 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:44:49.0540 4180 Themes - ok
20:44:49.0789 4180 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:44:49.0789 4180 THREADORDER - ok
20:44:50.0070 4180 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:44:50.0070 4180 TrkWks - ok
20:44:50.0164 4180 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
20:44:50.0164 4180 TrustedInstaller - ok
20:44:50.0444 4180 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:44:50.0460 4180 tssecsrv - ok
20:44:50.0834 4180 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
20:44:50.0834 4180 tunnel - ok
20:44:51.0178 4180 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:44:51.0178 4180 uagp35 - ok
20:44:51.0536 4180 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
20:44:51.0536 4180 UBHelper - ok
20:44:51.0895 4180 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
20:44:51.0895 4180 udfs - ok
20:44:52.0160 4180 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:44:52.0176 4180 UI0Detect - ok
20:44:52.0550 4180 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:44:52.0550 4180 uliagpkx - ok
20:44:52.0894 4180 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
20:44:52.0909 4180 umbus - ok
20:44:53.0268 4180 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:44:53.0268 4180 UmPass - ok
20:44:53.0346 4180 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
20:44:53.0346 4180 Updater Service - ok
20:44:53.0611 4180 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:44:53.0627 4180 upnphost - ok
20:44:53.0986 4180 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
20:44:53.0986 4180 usbccgp - ok
20:44:54.0360 4180 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
20:44:54.0360 4180 usbcir - ok
20:44:54.0750 4180 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
20:44:54.0750 4180 usbehci - ok
20:44:55.0156 4180 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
20:44:55.0171 4180 usbhub - ok
20:44:55.0577 4180 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
20:44:55.0577 4180 usbohci - ok
20:44:55.0982 4180 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:44:55.0982 4180 usbprint - ok
20:44:56.0341 4180 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:44:56.0341 4180 USBSTOR - ok
20:44:56.0731 4180 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
20:44:56.0731 4180 usbuhci - ok
20:44:57.0106 4180 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
20:44:57.0106 4180 usbvideo - ok
20:44:57.0371 4180 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:44:57.0386 4180 UxSms - ok
20:44:57.0652 4180 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:44:57.0652 4180 VaultSvc - ok
20:44:58.0026 4180 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:44:58.0026 4180 vdrvroot - ok
20:44:58.0291 4180 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
20:44:58.0307 4180 vds - ok
20:44:58.0712 4180 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:44:58.0712 4180 vga - ok
20:44:59.0071 4180 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:44:59.0071 4180 VgaSave - ok
20:44:59.0430 4180 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
20:44:59.0430 4180 vhdmp - ok
20:44:59.0804 4180 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
20:44:59.0804 4180 viaide - ok
20:45:00.0148 4180 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
20:45:00.0148 4180 volmgr - ok
20:45:00.0506 4180 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
20:45:00.0506 4180 volmgrx - ok
20:45:00.0881 4180 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
20:45:00.0881 4180 volsnap - ok
20:45:01.0349 4180 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:45:01.0349 4180 vsmraid - ok
20:45:01.0692 4180 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
20:45:01.0786 4180 VSS - ok
20:45:02.0144 4180 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:45:02.0144 4180 vwifibus - ok
20:45:02.0519 4180 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:45:02.0519 4180 vwififlt - ok
20:45:02.0784 4180 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:45:02.0800 4180 W32Time - ok
20:45:03.0190 4180 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:45:03.0190 4180 WacomPen - ok
20:45:03.0564 4180 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:45:03.0564 4180 WANARP - ok
20:45:03.0611 4180 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:45:03.0611 4180 Wanarpv6 - ok
20:45:03.0938 4180 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:45:03.0954 4180 WatAdminSvc - ok
20:45:04.0235 4180 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
20:45:04.0266 4180 wbengine - ok
20:45:04.0516 4180 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:45:04.0516 4180 WbioSrvc - ok
20:45:04.0781 4180 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
20:45:04.0796 4180 wcncsvc - ok
20:45:05.0062 4180 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:45:05.0062 4180 WcsPlugInService - ok
20:45:05.0436 4180 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:45:05.0436 4180 Wd - ok
20:45:05.0826 4180 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:45:05.0826 4180 Wdf01000 - ok
20:45:06.0076 4180 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:45:06.0076 4180 WdiServiceHost - ok
20:45:06.0091 4180 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:45:06.0107 4180 WdiSystemHost - ok
20:45:06.0356 4180 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
20:45:06.0372 4180 WebClient - ok
20:45:06.0637 4180 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:45:06.0637 4180 Wecsvc - ok
20:45:06.0887 4180 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:45:06.0902 4180 wercplsupport - ok
20:45:07.0183 4180 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:45:07.0183 4180 WerSvc - ok
20:45:07.0558 4180 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:45:07.0558 4180 WfpLwf - ok
20:45:07.0916 4180 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:45:07.0916 4180 WIMMount - ok
20:45:07.0994 4180 WinDefend - ok
20:45:08.0010 4180 WinHttpAutoProxySvc - ok
20:45:08.0353 4180 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:45:08.0353 4180 Winmgmt - ok
20:45:08.0681 4180 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
20:45:08.0712 4180 WinRM - ok
20:45:08.0993 4180 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:45:09.0008 4180 Wlansvc - ok
20:45:09.0352 4180 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:45:09.0352 4180 WmiAcpi - ok
20:45:09.0710 4180 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:45:09.0710 4180 wmiApSrv - ok
20:45:09.0773 4180 WMPNetworkSvc - ok
20:45:10.0038 4180 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:45:10.0038 4180 WPCSvc - ok
20:45:10.0303 4180 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
20:45:10.0303 4180 WPDBusEnum - ok
20:45:10.0662 4180 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:45:10.0662 4180 ws2ifsl - ok
20:45:10.0927 4180 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
20:45:10.0943 4180 wscsvc - ok
20:45:11.0161 4180 WSearch - ok
20:45:11.0473 4180 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
20:45:11.0504 4180 wuauserv - ok
20:45:11.0863 4180 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
20:45:11.0863 4180 WudfPf - ok
20:45:12.0238 4180 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:45:12.0238 4180 WUDFRd - ok
20:45:12.0518 4180 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
20:45:12.0518 4180 wudfsvc - ok
20:45:12.0784 4180 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:45:12.0799 4180 WwanSvc - ok
20:45:12.0893 4180 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:45:12.0955 4180 \Device\Harddisk0\DR0 - ok
20:45:12.0955 4180 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1
20:45:12.0955 4180 \Device\Harddisk1\DR1 - ok
20:45:12.0971 4180 Boot (0x1200) (ce8b758f5288a19473a266b19aad5a8a) \Device\Harddisk0\DR0\Partition0
20:45:12.0971 4180 \Device\Harddisk0\DR0\Partition0 - ok
20:45:13.0002 4180 Boot (0x1200) (3fb914e72c02585cba0c32fd8f007deb) \Device\Harddisk0\DR0\Partition1
20:45:13.0002 4180 \Device\Harddisk0\DR0\Partition1 - ok
20:45:13.0002 4180 Boot (0x1200) (77a8545a67acb3464f098ed745f3fd61) \Device\Harddisk1\DR1\Partition0
20:45:13.0002 4180 \Device\Harddisk1\DR1\Partition0 - ok
20:45:13.0002 4180 ============================================================
20:45:13.0002 4180 Scan finished
20:45:13.0002 4180 ============================================================
20:45:13.0033 4876 Detected object count: 0
20:45:13.0033 4876 Actual detected object count: 0

When I started up aswMBR it didn't ask me to download extra definitions. I'm not sure if that makes any differences. anyways here's the log for aswMBR, let me know if you want me to rerun it again if I am able to figure out how to download additional updates.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-08 20:49:17
-----------------------------
20:49:17.366 OS Version: Windows x64 6.1.7600
20:49:17.382 Number of processors: 1 586 0x170A
20:49:17.382 ComputerName: PETER-PC UserName: peter
20:49:18.334 Initialize success
20:49:18.427 AVAST engine defs: 12040801
20:49:44.495 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:49:44.495 Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 3
20:49:44.495 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000069
20:49:44.495 Disk 1 Vendor: Size: 238475MB BusType: 0
20:49:44.510 Disk 0 MBR read successfully
20:49:44.510 Disk 0 MBR scan
20:49:44.526 Disk 0 Windows 7 default MBR code
20:49:44.526 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12291 MB offset 63
20:49:44.542 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 25173855
20:49:44.557 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 226080 MB offset 25382700
20:49:44.573 Disk 0 scanning C:\Windows\system32\drivers
20:49:51.281 Service scanning
20:50:21.826 Modules scanning
20:50:22.341 Disk 0 trace - called modules:
20:50:22.356 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
20:50:22.372 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003e4d060]
20:50:22.372 3 CLASSPNP.SYS[fffff880013ab43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002e64050]
20:50:23.105 AVAST engine scan C:\Windows
20:50:25.461 AVAST engine scan C:\Windows\system32
20:52:44.332 AVAST engine scan C:\Windows\system32\drivers
20:52:56.562 AVAST engine scan C:\Users\peter
20:54:23.969 AVAST engine scan C:\ProgramData
20:55:35.308 Scan finished successfully
20:56:03.108 Disk 0 MBR has been saved successfully to "C:\Users\peter\Desktop\MBR.dat"
20:56:03.123 The log file has been saved successfully to "C:\Users\peter\Desktop\aswMBR.txt"

Edited by Gemmy1082, 08 April 2012 - 10:57 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:23 PM

Posted 08 April 2012 - 11:15 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Gemmy1082

Gemmy1082
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 08 April 2012 - 11:44 PM

It definitely took a shorter amount of time to run Combofix this time around and the computer seems to be working well. Here is the log from ComboFix

ComboFix 12-04-08.01 - peter 04/08/2012 21:21:03.2.1 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3002.1518 [GMT -7:00]
Running from: c:\users\peter\Desktop\ComboFix.exe
Command switches used :: c:\users\peter\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))
.
.
2012-04-09 04:27 . 2012-04-09 04:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-09 02:07 . 2012-03-20 10:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FDB8A957-E497-4565-9C67-9A34B2FA5346}\mpengine.dll
2012-04-08 20:06 . 2012-04-08 22:07 -------- d-----w- C:\FRST
2012-04-05 01:01 . 2012-04-09 04:07 -------- d-----w- c:\program files (x86)\SpywareBlaster
2012-04-05 00:58 . 2012-04-05 00:58 -------- d-----w- c:\programdata\CPA_VA
2012-04-05 00:54 . 2012-04-05 00:56 -------- d-----w- c:\programdata\Comodo
2012-04-05 00:54 . 2012-04-05 00:54 -------- d-----w- c:\program files\COMODO
2012-04-05 00:54 . 2012-04-05 00:58 -------- d-----w- c:\program files (x86)\Comodo
2012-04-05 00:54 . 2012-04-05 00:54 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-04-05 00:54 . 2012-04-05 00:54 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-04-05 00:54 . 2012-04-05 00:54 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2012-04-04 18:09 . 2012-04-04 18:09 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-04-04 06:24 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-04 06:24 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-04 06:24 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-04 06:24 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-04 06:24 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-04 06:24 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-04 06:24 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-04-04 06:23 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-04 06:23 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-04-04 06:23 . 2012-04-04 06:23 -------- d-----w- c:\programdata\AVAST Software
2012-04-04 06:23 . 2012-04-04 06:23 -------- d-----w- c:\program files\AVAST Software
2012-04-04 05:59 . 2012-04-04 05:59 -------- d-----w- c:\windows\SysWow64\Wat
2012-04-04 05:59 . 2012-04-04 05:59 -------- d-----w- c:\windows\system32\Wat
2012-04-04 05:43 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2012-04-04 05:43 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2012-04-04 05:34 . 2009-11-25 19:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-04-04 05:34 . 2009-11-25 19:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-04-04 05:34 . 2009-11-25 19:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-04-04 05:34 . 2009-11-25 19:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-04-04 05:34 . 2009-11-25 19:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-04-04 05:34 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-04-04 05:34 . 2009-11-25 19:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-04-04 05:34 . 2009-11-25 19:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-04-04 05:34 . 2009-11-25 19:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-04-04 05:34 . 2009-11-25 19:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-04-04 05:30 . 2012-04-04 05:30 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-04-04 05:20 . 2012-04-05 01:42 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-04 05:17 . 2012-04-04 05:17 -------- d-----w- c:\programdata\Malwarebytes
2012-04-04 05:17 . 2012-04-04 05:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-04 05:17 . 2011-12-10 22:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:15 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll
2012-04-03 08:15 . 2010-12-18 05:29 541184 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-04-03 08:13 . 2010-06-29 05:35 4582912 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2012-04-03 08:12 . 2009-09-03 07:36 1975296 ----a-w- c:\windows\system32\CertEnroll.dll
2012-04-03 08:12 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\SysWow64\CertEnroll.dll
2012-04-03 08:12 . 2012-02-03 04:16 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-04-03 08:12 . 2010-03-04 07:57 2080256 ----a-w- c:\program files\Windows Mail\msoe.dll
2012-04-03 08:12 . 2010-03-04 07:33 1619968 ----a-w- c:\program files (x86)\Windows Mail\msoe.dll
2012-04-03 08:12 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-04-03 08:10 . 2010-06-19 06:53 52224 ----a-w- c:\windows\system32\rtutils.dll
2012-04-03 08:09 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-04-03 08:08 . 2010-06-08 06:02 1233920 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-04-03 08:08 . 2010-06-08 05:36 1877504 ----a-w- c:\windows\system32\msxml3.dll
2012-04-03 08:08 . 2011-02-05 12:39 603976 ----a-w- c:\windows\system32\winload.exe
2012-04-03 08:08 . 2011-02-05 12:39 518160 ----a-w- c:\windows\system32\winresume.exe
2012-04-03 08:08 . 2011-02-05 12:41 556928 ----a-w- c:\windows\system32\winresume.efi
2012-04-03 08:08 . 2011-02-05 12:41 640896 ----a-w- c:\windows\system32\winload.efi
2012-04-03 08:08 . 2011-02-05 12:41 20352 ----a-w- c:\windows\system32\kdusb.dll
2012-04-03 08:08 . 2011-02-05 12:41 19328 ----a-w- c:\windows\system32\kd1394.dll
2012-04-03 08:08 . 2011-02-05 12:41 17792 ----a-w- c:\windows\system32\kdcom.dll
2012-04-03 08:08 . 2010-08-31 04:32 954752 ----a-w- c:\windows\SysWow64\mfc40.dll
2012-04-03 08:08 . 2010-08-31 04:32 954288 ----a-w- c:\windows\SysWow64\mfc40u.dll
2012-04-03 08:06 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2012-04-03 08:06 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-04-03 08:06 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2012-04-03 08:06 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-04-03 08:06 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-04-03 08:06 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-04-03 08:06 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-04-03 08:06 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2012-04-03 08:06 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-04-03 08:06 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-04-03 08:06 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-04-03 08:06 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-04-03 07:52 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
2012-04-03 07:52 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2012-04-03 07:51 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-04-03 07:51 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-04-03 07:51 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-03 07:51 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-03 07:51 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-03 07:50 . 2012-02-23 16:18 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-04-01 06:13 . 2012-04-01 06:13 -------- d-----w- c:\windows\NAPP_Dism_Log
2012-04-01 05:32 . 2006-11-29 20:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-04-01 05:32 . 2006-11-29 20:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2012-04-01 05:32 . 2012-04-01 05:32 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-04-01 05:31 . 2012-04-01 05:31 -------- d-----w- c:\program files (x86)\Microsoft
2012-04-01 05:31 . 2012-04-01 05:31 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
2012-04-01 05:30 . 2012-04-01 05:33 -------- d-----w- c:\program files (x86)\Windows Live
2012-04-01 05:30 . 2012-04-01 05:30 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2012-04-01 05:29 . 2012-04-01 05:29 -------- d-----w- c:\program files\Apoint2K
2012-04-01 05:29 . 2009-05-08 06:47 98816 ----a-w- c:\windows\system32\Vxdif.dll
2012-04-01 05:29 . 2009-06-15 10:03 245296 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2012-04-01 05:29 . 2006-11-02 00:04 1919968 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2012-04-01 05:28 . 2012-04-01 05:28 -------- d-----w- c:\windows\SysWow64\Atheros_L1e
2012-04-01 05:27 . 2012-04-01 05:27 -------- d---a-w- C:\book
2012-04-01 05:25 . 2012-04-01 05:25 -------- d-----w- c:\program files (x86)\OEM
2012-04-01 05:25 . 2012-04-01 05:25 -------- d-----w- c:\users\Public\Symantec
2012-04-01 05:25 . 2012-04-01 05:25 -------- d-----w- c:\programdata\OEM_E471269A730D
2012-04-01 05:24 . 2012-04-01 05:27 -------- d-----w- c:\users\peter
2012-04-01 05:24 . 2012-04-01 05:24 -------- d-----w- C:\Recovery
2012-04-01 05:18 . 2012-04-01 05:18 -------- d-----w- c:\windows\SysWow64\x64
2012-04-01 05:18 . 2012-04-01 05:18 -------- d-----w- c:\windows\SysWow64\Lang
2012-04-01 05:18 . 2010-08-26 02:45 948760 ----a-w- c:\windows\SysWow64\igxpun.exe
2012-03-12 04:13 . 2012-03-12 04:13 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-12 04:13 . 2012-03-12 04:13 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-12 04:13 . 2012-03-12 04:13 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-12 04:13 . 2012-03-12 04:13 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-12 04:13 . 2012-03-12 04:13 301224 ----a-w- c:\windows\SysWow64\guard32.dll
2012-03-12 04:13 . 2012-03-12 04:13 389840 ----a-w- c:\windows\system32\guard64.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-01 05:19 . 2009-11-05 17:57 6 ----a-w- c:\windows\system32\PLD_Framework.cmd
2012-02-04 02:27 . 2012-02-04 02:27 93200 ----a-w- c:\windows\system32\drivers\inspect.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-09_02.57.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-04-09 04:31 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-09 02:58 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-05 17:49 . 2012-04-09 04:30 25234 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-09 04:30 38118 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2012-04-01 05:21 . 2012-04-08 21:10 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-04-01 05:21 . 2012-04-09 02:55 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-04-01 05:21 . 2012-04-08 21:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-04-01 05:21 . 2012-04-09 02:55 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-08 21:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-09 02:55 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-01 05:48 . 2012-04-09 04:30 4502 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1063562887-2142056348-3453344296-1000_UserData.bin
+ 2012-04-09 04:28 . 2012-04-09 04:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-09 02:55 . 2012-04-09 02:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-09 02:55 . 2012-04-09 02:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-09 04:28 . 2012-04-09 04:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-04-09 04:31 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-09 02:55 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:36 . 2012-04-09 02:07 615360 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-09 03:02 615360 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-09 03:02 103702 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-09 02:07 103702 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-04-09 02:54 305456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-09 04:28 305456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-04-05 12:46 . 2012-04-09 02:54 630020 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1063562887-2142056348-3453344296-1000-8192.dat
+ 2012-04-05 12:46 . 2012-04-09 04:28 630020 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1063562887-2142056348-3453344296-1000-8192.dat
- 2009-07-14 04:54 . 2012-04-09 02:55 1703936 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-09 04:31 1703936 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 02:34 . 2012-04-09 02:31 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-04-09 03:21 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-11-05 18:10 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-05 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-04 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-04 136176]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2009-11-05 332272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-04 06:24]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-04 06:24]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-11-05 18:10 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2009-09-30 823840]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-06-11 301056]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-12 9569096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.prospector.metrolist.net/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=e525&r=273603120715l03e4z125r49722343
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\hteo6244.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2012-04-08 21:35:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-09 04:35
.
Pre-Run: 200,578,015,232 bytes free
Post-Run: 200,513,835,008 bytes free
.
- - End Of File - - 353B2ACA2DA8F7A5AED30102DA567F85

Also just a quick question, about the previous step in running TDSSKiller, I actually ran it again after running it the first time, but didn't want to edit my msg just in case you happen to be replying at the same time I'm editing. But anyways I ran it again changing the parameters to include "detect TDLFS file system." and it found "TDSS File System \Device\Harddisk0\DR0" should I be worried about this or should I just leave it or delete it?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:23 PM

Posted 08 April 2012 - 11:50 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Gemmy1082

Gemmy1082
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 08 April 2012 - 11:57 PM

okay, here's the report. thanks

Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1 MUI
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
avast! Free Antivirus
Compatibility Pack for the 2007 Office system
eBay Worldwide
eMachines Games
eMachines Power Management
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
Google Toolbar for Internet Explorer
Google Update Helper
Identity Card
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
Norton Online Backup
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
SpywareBlaster 4.6
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Welcome Center
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:23 PM

Posted 09 April 2012 - 12:06 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.1 MUI [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop« Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop« Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Gemmy1082

Gemmy1082
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 09 April 2012 - 12:45 AM

You said to uninstall all previous versions of Adobe reader. Aside from "Adobe Reader 9.1 MUI" I don't see others. What is "Acrobat.com" should I uninstall that?

MBAM log:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.09.01

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
peter :: PETER-PC [administrator]

4/8/2012 10:32:14 PM
mbam-log-2012-04-08 (22-32-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194285
Time elapsed: 2 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

hijackthis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:41:18 PM, on 4/8/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.prospector.metrolist.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=e525&r=273603120715l03e4z125r49722343
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\Partner.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9015 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users