Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with ABNOW google rediction


  • This topic is locked This topic is locked
34 replies to this topic

#1 Rokushi

Rokushi

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 06 April 2012 - 01:50 AM

I've been having this issue for a while and it is about to make me spazz. I just can't seem to get rid of this problem. The only real issues I see are Google redirection and my CPU always being at about 30% usage. Thank you for any help you are able to give. ^_^


I will openly post my logs if you'd like them in attachment format after this please let me know and I will be happy to do so! :D

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
Run by Justin Dailey at 19:07:23 on 2012-04-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6069.3521 [GMT -10:00]
.
AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Z:\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Windows\AsScrPro.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\Replay Media Catcher\FLVSrvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\servicing\TrustedInstaller.exe
\systemroot\assembly\tmp\U
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=102869&gct=hp
uDefault_Page_URL = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Steam] "Z:\Steam\steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [ManyCam] "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
mRun: [Ask and Record FLV Service] "C:\Program Files (x86)\Replay Media Catcher\FLVSrvc.exe" /run
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACTIVC~1.LNK - C:\Program Files (x86)\ActivIdentity\ActivClient\acsagent.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{44F145FB-0057-43E2-AB1E-4EB6205398ED} : DhcpNameServer = 211.246.100.20 211.219.86.1
TCP: Interfaces\{77D07E5C-6575-44C4-97D9-6F3EB6485F5E} : DhcpNameServer = 164.124.101.2 203.248.252.2
TCP: Interfaces\{BE09F04A-F9B0-417F-8CAB-81D8DC7229E7} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{BE09F04A-F9B0-417F-8CAB-81D8DC7229E7}\2456C6B696E6E233630303 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{BE09F04A-F9B0-417F-8CAB-81D8DC7229E7}\2656C6B696E6E233836643 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{BE09F04A-F9B0-417F-8CAB-81D8DC7229E7}\2656C6B696E6E243834393 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{BE09F04A-F9B0-417F-8CAB-81D8DC7229E7}\4525F405943435D25374D27457563747 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BE09F04A-F9B0-417F-8CAB-81D8DC7229E7}\75962756C65637370254373616075637 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BE09F04A-F9B0-417F-8CAB-81D8DC7229E7}\7786164746166657B6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{BE09F04A-F9B0-417F-8CAB-81D8DC7229E7}\E456477656162737 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E9BCB1E0-3F08-4254-ABF0-4870AF925221} : NameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
mRun-x64: [Ask and Record FLV Service] "C:\Program Files (x86)\Replay Media Catcher\FLVSrvc.exe" /run
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Justin Dailey\AppData\Roaming\Mozilla\Firefox\Profiles\pbt3aetq.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://testing.thebleepweather.com/?where=96857&unit=f
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R?2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-6-3 277032]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-14 249648]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-19 652360]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-3 503080]
R2 RosettaStoneDaemon;RosettaStoneDaemon;C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2009-9-2 444224]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 tmpreflt;tmpreflt;C:\Windows\system32\DRIVERS\tmpreflt.sys --> C:\Windows\system32\DRIVERS\tmpreflt.sys [?]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-4 2314240]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872]
R3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
R3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-17 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-17 138576]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-10-4 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-10-4 79360]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 massfilter;Mass Storage Filter Driver;C:\Windows\system32\drivers\massfilter.sys --> C:\Windows\system32\drivers\massfilter.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 TmProxy;Trend Micro Proxy Service;C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2010-10-4 917768]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-6 118672]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 ZTEusbgps;ZTE GPS Port;C:\Windows\system32\DRIVERS\ZTEusbgps.sys --> C:\Windows\system32\DRIVERS\ZTEusbgps.sys [?]
S3 ZTEusbnmeaext;ZTE NMEAExt Port;C:\Windows\system32\DRIVERS\ZTEusbnmeaext.sys --> C:\Windows\system32\DRIVERS\ZTEusbnmeaext.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-05 08:25:53 -------- d-----w- C:\AMD
2012-04-05 07:02:05 -------- d-----w- C:\Users\Justin Dailey\riotsGamesLogs
2012-04-02 07:23:58 -------- d-----w- C:\Program Files (x86)\ESET
2012-03-30 04:36:22 -------- d-----w- C:\Program Files\iPod
2012-03-30 04:36:21 -------- d-----w- C:\Program Files\iTunes
2012-03-19 08:05:50 -------- d-----w- C:\ProgramData\Panda Security
2012-03-19 08:01:42 -------- d-----w- C:\Program Files (x86)\Panda USB Vaccine
2012-03-18 21:50:56 -------- d-----w- C:\Users\Justin Dailey\AppData\Local\{849F1E20-343D-4E08-A09B-76BF057AAC6C}
2012-03-18 09:50:32 -------- d-----w- C:\Users\Justin Dailey\AppData\Local\{DA716F3F-F651-414F-A240-384861C27B92}
2012-03-17 21:50:03 -------- d-----w- C:\Users\Justin Dailey\AppData\Local\{6F5F2640-32BD-4183-B429-28D0A412B1BA}
2012-03-17 09:49:36 -------- d-----w- C:\Users\Justin Dailey\AppData\Local\{9BF7D1D8-35F2-4728-B6C4-A67A814A42BD}
2012-03-16 18:19:37 -------- d-----w- C:\Users\Justin Dailey\AppData\Local\{388CB671-FDBD-4267-AC7F-4993E492CE17}
2012-03-16 18:19:19 -------- d-----w- C:\Users\Justin Dailey\AppData\Local\{B960DFE7-1182-4D33-814B-1E7726056048}
2012-03-16 06:19:00 -------- d-----w- C:\Users\Justin Dailey\AppData\Local\{0441C8D3-0DCD-4CD2-A8E0-67BF76838E63}
2012-03-15 18:18:35 -------- d-----w- C:\Users\Justin Dailey\AppData\Local\{CC27E247-3465-4CC9-B93C-3F2990242CDC}
2012-03-15 06:18:22 -------- d-----w- C:\Users\Justin Dailey\AppData\Local\{B6C795FB-37C7-4D01-B593-9E51EE899DE1}
2012-03-14 18:17:56 -------- d-----w- C:\Users\Justin Dailey\AppData\Local\{C086E9C6-1976-4E42-8FE3-A10DD9AA0F07}
2012-03-14 18:17:39 -------- d-----w- C:\Users\Justin Dailey\AppData\Local\{1FAAD12F-401D-4E51-9255-DF1EAC1660A1}
2012-03-14 13:03:58 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 13:03:56 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 13:03:55 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 06:17:19 -------- d-----w- C:\Users\Justin Dailey\AppData\Local\{8204DAE1-CF7C-4910-878D-562571A8AD9E}
2012-03-14 01:38:44 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 01:38:41 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 01:38:41 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 01:28:25 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 01:28:25 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 01:28:25 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 01:28:25 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 01:28:25 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 01:28:25 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 01:28:25 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-13 18:16:12 -------- d-----w- C:\Users\Justin Dailey\AppData\Local\{9CC94B4B-E09C-4529-8E16-47FDAD7C1EEB}
2012-03-13 18:15:57 -------- d-----w- C:\Users\Justin Dailey\AppData\Local\{ABBC602A-8887-4E13-8A10-01A8334182EA}
2012-03-13 09:14:48 -------- d-----w- C:\Users\Justin Dailey\AppData\Roaming\SUPERAntiSpyware.com
2012-03-13 09:14:06 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-03-13 09:14:06 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-03-13 01:04:30 -------- d-----w- C:\Users\Justin Dailey\AppData\Local\{BD0D7716-C54A-422B-9DD6-0AEF2C9D10BF}
2012-03-13 01:04:11 -------- d-----w- C:\Users\Justin Dailey\AppData\Local\{C23E8A7D-B2BC-48A4-BBB1-B45B8FE06465}
2012-03-12 08:55:32 -------- d-----w- C:\Users\Justin Dailey\AppData\Local\{3A8E60D5-A179-4E72-BB5D-3F73F56A7EB8}
2012-03-12 08:55:08 -------- d-----w- C:\Users\Justin Dailey\AppData\Local\{117DBA53-5A3F-44CE-919E-414312FCB53F}
2012-03-12 08:31:18 -------- d-----w- C:\avast! sandbox
2012-03-12 07:27:26 -------- d-----w- C:\ProgramData\AVAST Software
2012-03-12 07:27:26 -------- d-----w- C:\Program Files\AVAST Software
2012-03-11 23:42:33 -------- d--h--w- C:\ProgramData\CanonIJScan
2012-03-11 22:30:48 -------- d--h--w- C:\ProgramData\CanonIJSolutionMenuEX
2012-03-11 22:30:47 -------- d--h--w- C:\ProgramData\CanonIJEPPEX2
2012-03-11 22:30:47 -------- d--h--w- C:\ProgramData\CanonEPP
2012-03-11 22:30:46 -------- d--h--w- C:\ProgramData\CanonIJMyPrinter
2012-03-11 22:28:53 -------- d-----w- C:\ProgramData\CanonIJPLM
2012-03-11 22:27:14 361472 ----a-w- C:\Windows\System32\CNMXLMA9.DLL
2012-03-11 22:26:37 -------- d-----w- C:\ProgramData\CanonIJMSetup
2012-03-11 22:24:19 -------- d-----w- C:\Program Files\Common Files\CANON
2012-03-11 22:24:08 -------- d-----w- C:\ProgramData\CanonIJWSpt
2012-03-11 22:22:31 -------- d-----w- C:\Program Files\Canon
2012-03-11 22:19:58 -------- d-----w- C:\Program Files (x86)\Canon
2012-03-11 15:51:44 -------- d-----w- C:\Users\Justin Dailey\AppData\Local\{9E9DCD6F-E810-4077-AB58-DE6820A52A90}
2012-03-11 03:51:10 -------- d-----w- C:\Users\Justin Dailey\AppData\Local\{638FDC28-564A-4674-9378-231B67786958}
2012-03-10 15:50:36 -------- d-----w- C:\Users\Justin Dailey\AppData\Local\{BDE23AC8-DCBB-431A-8DA3-26B0837369FF}
2012-03-10 03:50:01 -------- d-----w- C:\Users\Justin Dailey\AppData\Local\{FACD0BE4-6D8C-45AB-9F0D-78746D31732A}
2012-03-09 22:58:53 0 --sha-w- C:\Windows\System32\dds_log_ad13.cmd
2012-03-09 15:49:25 -------- d-----w- C:\Users\Justin Dailey\AppData\Local\{068EF9A4-CC79-47D7-9F85-2DFE1099F2CD}
2012-03-09 03:48:02 -------- d-----w- C:\Users\Justin Dailey\AppData\Local\{46F1AB17-0564-400E-8D0D-1F2D2E0CA140}
2012-03-09 03:47:06 -------- d-----w- C:\Users\Justin Dailey\AppData\Local\{D5980A2F-8DB2-4C68-9481-DD7F05BD3CA7}
2012-03-07 06:49:16 -------- d-----w- C:\ProgramData\EA Logs
2012-03-07 06:43:32 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2012-03-07 06:43:27 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-03-07 05:18:10 -------- d-----w- C:\Program Files (x86)\Origin Games
2012-03-07 05:16:50 -------- d-----w- C:\Users\Justin Dailey\AppData\Local\Origin
2012-03-07 05:16:48 -------- d-----w- C:\Users\Justin Dailey\AppData\Roaming\Origin
2012-03-07 05:16:26 -------- d-----w- C:\ProgramData\Origin
2012-03-07 05:16:15 -------- d-----w- C:\Program Files (x86)\Origin
.
==================== Find3M ====================
.
2012-04-05 07:53:55 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2012-03-09 03:45:45 0 --sha-w- C:\Windows\System32\dds_log_trash.cmd
2012-03-04 06:57:18 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 21:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 21:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
.
============= FINISH: 19:10:48.96 ===============


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-05 20:43:07
Windows 6.1.7601 Service Pack 1
Running: 5wfs5qrt.exe


---- Files - GMER 1.0.15 ----

File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\entertainment021412-2[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\eurostiledemi_700.font[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\click-audit[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\click[1].ic 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\royalslider[1].css 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\ai_wvlp[1].gif 43 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\HTML-self-assessment[1].gif 2822 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\html5[1].js 3856 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\dental-insurance-options[1].aspx 62028 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\broker-config[1].js 629 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\sprite4-a67f741843ffc4220554c34bd01bb0bb[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\;ord=3529424785239949547[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\;ord=3862613125016488868[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\;ord=7795866959645228280[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\;ord=8090629652007344046[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\club_life_square[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\shadowbox[1].css 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\fancybox[1].css 8563 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\loadCallBack[1].js 1458 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\AdTag[4].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\ADTECH;loc=100;target=_blank;key=key1+key2+key3+key4;grp=[group];misc=1333691590826[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\Adult-Self-Assessment-Tool[1].aspx 49279 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\viewChannelModule[4].act 38409 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\visit[4].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\g[2].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\packed[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\getjs[3].aspx 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\getjs[4].aspx 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\getSegment[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\AuthenticationService[1].Authenticate 44 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\jquery.cycle.all.min[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\jquery.easing.1.3.min[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\jquery.fancybox-1.3.4.pack[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\B6394358[2].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\B6394358[3].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\travel_300x250[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\count[1].json 110 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\cta.calculate[1].gif 3466 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\cufon[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\reflection[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\rlid%253Dm2%2526utm_source%253DSourceKnowledge%2526utm_medium%253DCPC%2526utm_term%253D144x352388%2526utm_campaign%253DSpaceInvadersTEST[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\style[3].css 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\adsCARMSN8Z 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\adsCAUU0QVE 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\adsCAZNPQYZ 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\nk%2F5389%2F2306801%2F0%2F170%2FAdId%3D2450042%3BBnId%3D1%3Bitime%3D691667250%3Bkey%3Dkey1%2Bkey2%2Bkey3%2Bkey4%3Blink%3D;ord=6526485215[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\viewChannelModule[1].act 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\fm[3].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\fm[4].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\fm[5].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\fm[6].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\fm[7].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\bottomgraphic[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\play-free-flash-game-dueladventure[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\custom-contact-forms[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\dar_youknowbest_com[4].txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\dat-2011[1].css 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\datapair[2].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\fenicestd-light-webfont[1].eot 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\fergcorp_countdownTimer_java[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\scriptaculous[1].js 2664 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\script[3].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\searchsubmit[1].gif 1574 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\front[1].asp 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\r[4].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\surly[8].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95JVJMUO\tap[2].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\%7Bcommon,util%7D[1].js 54905 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\%7Bmarker%7D[1].js 19283 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\%7Bstats%7D[1].js 3311 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\01-10340-radar10.min[1].js 7753 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\STG_TB_WEB_COLOR_normal[1].jpg 2060 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\stumbleupon_16[1].png 1552 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\stumbleupon_32[1].png 1744 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\PB_031312_Summer_hawaiisweeps_728x90[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\PB_031612_Summer_rugs_728x90[1].jpg 28120 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\fp[2] 22762 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\blekko-two[1].php 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\ads[10].js 9787 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\ads[11].js 9773 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\search[2].txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\typography[1].css 2130 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\kh[1].jpg 15977 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\kh[2].jpg 11829 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\inc_news[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\inc_search[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\DataXu_Adult_Aligner_300x250[1].jpg 41535 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\DataXu_Adult_Shy_300x250[1].jpg 41678 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\7454[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\surly[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\surly[2].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\showAd[2].php 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\process[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\jquery.main[1].js 6028 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\jquery.min[1].js 84362 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\jquery[3].js 91363 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\zmpfc[1].js 30951 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\footer-reflection[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\fpi[3].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\fancy_shadow_e[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\fancy_shadow_nw[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\fancy_shadow_n[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\fb3[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\fb4[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\feature[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\feedback-tab[1].png 1657 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\ajs[2].php 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\AlignUIHelper[1].js 4479 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\bg-btn-blue[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\minimall[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\ddcCA28M7UF.htm 11861 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\ddcCA5T29V5.htm 11861 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\new-fb[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\pxabicm[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\quiz_personality[1].jpg 13200 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\r[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\sandbox[1].php 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\receiver[1].html 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\recent-tw[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\reset[1].css 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\st[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\st[1].php 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\ca[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\iframe2[1].js 19204 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\ddcCAZY12I9.htm 11861 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\games_jigsaw-puzzles[1].jpg 6564 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\generic_1329390699[1].js 15385 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\2731[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\adsCACUZL4S.js 9768 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\174510_100003470959771_1576404692_q[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\bullet_space-ship-invaders[1].jpg 692 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\bullet_sudoku[1].gif 435 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\bullet_super-stacker[1].jpg 751 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\bullet_topple[1].jpg 937 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\bullet_cats-vs-mice[1].jpg 977 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\bullet_classroom-hidden-alphabets[1].jpg 808 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\bullet_doggiedreams[1].gif 1405 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\bullet_dream-room-hidden-alphabets[1].jpg 784 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\bullet_fly-bunny-fly[1].jpg 833 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\bullet_games-shophunt[1].jpg 1247 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\bullet_jumping-jack[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\bullet_jungle-animals[1].jpg 933 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\bullet_keep-ups[1].jpg 567 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\bullet_lines[1].jpg 665 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\bullet_memory-girls-puzzle[1].jpg 1008 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\bullet_my-dog-quiz[1].jpg 844 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTPZOI22\logo-2[1].gif 3788 bytes

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:38 PM

Posted 07 April 2012 - 03:51 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Rokushi

Rokushi
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 07 April 2012 - 07:39 AM

Hello Gringo and thank you for taking the time to help me with this computer issue. :D

I have attempted to run Combofix Multiple times. The first box seems to extract itself and then nothing happens. I open up Task Manager to see if there are any changes but when I open Combofix with the Task Manager open Task Manager closes when Combofix finishes the extraction.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:38 PM

Posted 07 April 2012 - 10:43 AM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Rokushi

Rokushi
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 07 April 2012 - 04:47 PM

Running my computer in safe mode causes me to get a BSOD shortly after start-up, roughly one minute or so. I get the error code of 0x000000F4.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:38 PM

Posted 07 April 2012 - 05:50 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Rokushi

Rokushi
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 07 April 2012 - 07:03 PM

Hello! :D

Here are the logs you requested!


TDSS logs:
13:09:58.0977 7744 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
13:09:59.0788 7744 ============================================================
13:09:59.0788 7744 Current date / time: 2012/04/07 13:09:59.0788
13:09:59.0788 7744 SystemInfo:
13:09:59.0788 7744
13:09:59.0788 7744 OS Version: 6.1.7601 ServicePack: 1.0
13:09:59.0788 7744 Product type: Workstation
13:09:59.0788 7744 ComputerName: JUSTINDAILEY-PC
13:09:59.0789 7744 UserName: Justin Dailey
13:09:59.0789 7744 Windows directory: C:\Windows
13:09:59.0789 7744 System windows directory: C:\Windows
13:09:59.0789 7744 Running under WOW64
13:09:59.0789 7744 Processor architecture: Intel x64
13:09:59.0789 7744 Number of processors: 8
13:09:59.0789 7744 Page size: 0x1000
13:09:59.0789 7744 Boot type: Normal boot
13:09:59.0789 7744 ============================================================
13:10:00.0309 7744 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:10:00.0334 7744 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:10:00.0342 7744 \Device\Harddisk0\DR0:
13:10:00.0343 7744 MBR used
13:10:00.0343 7744 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0x4814643A
13:10:00.0343 7744 \Device\Harddisk1\DR1:
13:10:00.0343 7744 MBR used
13:10:00.0343 7744 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x30D40000
13:10:00.0343 7744 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x30D40800, BlocksNum 0x30D40000
13:10:00.0343 7744 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x61A80800, BlocksNum 0x12C85000
13:10:00.0685 7744 Initialize success
13:10:00.0685 7744 ============================================================
13:10:05.0103 5900 ============================================================
13:10:05.0103 5900 Scan started
13:10:05.0103 5900 Mode: Manual;
13:10:05.0103 5900 ============================================================
13:10:08.0209 5900 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
13:10:08.0213 5900 !SASCORE - ok
13:10:08.0348 5900 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:10:08.0353 5900 1394ohci - ok
13:10:08.0446 5900 ac.sharedstore (5e8efeb338deb1f485420b090fe6c85e) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
13:10:08.0448 5900 ac.sharedstore - ok
13:10:08.0553 5900 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:10:08.0559 5900 ACPI - ok
13:10:08.0625 5900 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:10:08.0627 5900 AcpiPmi - ok
13:10:08.0699 5900 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:10:08.0707 5900 adp94xx - ok
13:10:08.0763 5900 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:10:08.0769 5900 adpahci - ok
13:10:08.0933 5900 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:10:08.0937 5900 adpu320 - ok
13:10:08.0963 5900 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:10:08.0965 5900 AeLookupSvc - ok
13:10:09.0126 5900 AFBAgent (2d00d3dadc1d3326ba788eb071f2726e) C:\Windows\system32\FBAgent.exe
13:10:09.0133 5900 AFBAgent - ok
13:10:09.0189 5900 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:10:09.0197 5900 AFD - ok
13:10:09.0336 5900 AffinegyService (7e077309910ce334c3b2b7b8665a55c4) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
13:10:09.0352 5900 AffinegyService - ok
13:10:09.0452 5900 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:10:09.0454 5900 agp440 - ok
13:10:09.0510 5900 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:10:09.0512 5900 ALG - ok
13:10:09.0567 5900 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:10:09.0569 5900 aliide - ok
13:10:09.0631 5900 ALSysIO - ok
13:10:09.0743 5900 AMD External Events Utility (3298d088f050e0f9576f4910b7616253) C:\Windows\system32\atiesrxx.exe
13:10:09.0747 5900 AMD External Events Utility - ok
13:10:09.0815 5900 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:10:09.0818 5900 amdide - ok
13:10:09.0856 5900 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:10:09.0858 5900 AmdK8 - ok
13:10:10.0112 5900 amdkmdag (6abdeacf12a74374cac307bc045d4662) C:\Windows\system32\DRIVERS\atikmdag.sys
13:10:10.0275 5900 amdkmdag - ok
13:10:10.0456 5900 amdkmdap (dc24d6f38f17c0d643d9aa8a6852f8d0) C:\Windows\system32\DRIVERS\atikmpag.sys
13:10:10.0462 5900 amdkmdap - ok
13:10:10.0513 5900 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:10:10.0516 5900 AmdPPM - ok
13:10:10.0575 5900 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:10:10.0577 5900 amdsata - ok
13:10:10.0609 5900 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:10:10.0613 5900 amdsbs - ok
13:10:10.0638 5900 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:10:10.0640 5900 amdxata - ok
13:10:10.0715 5900 AmUStor (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS
13:10:10.0717 5900 AmUStor - ok
13:10:10.0850 5900 AnyDVD (aa10a90af32ba0682820a51fbc4ace90) C:\Windows\system32\Drivers\AnyDVD.sys
13:10:10.0853 5900 AnyDVD - ok
13:10:10.0939 5900 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:10:10.0942 5900 AppID - ok
13:10:10.0976 5900 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:10:10.0978 5900 AppIDSvc - ok
13:10:11.0025 5900 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:10:11.0028 5900 Appinfo - ok
13:10:11.0131 5900 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:10:11.0134 5900 Apple Mobile Device - ok
13:10:11.0259 5900 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:10:11.0261 5900 arc - ok
13:10:11.0294 5900 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:10:11.0296 5900 arcsas - ok
13:10:11.0355 5900 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
13:10:11.0357 5900 ASLDRService - ok
13:10:11.0388 5900 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
13:10:11.0390 5900 ASMMAP64 - ok
13:10:11.0512 5900 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:10:11.0551 5900 aspnet_state - ok
13:10:11.0659 5900 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:10:11.0661 5900 AsyncMac - ok
13:10:11.0720 5900 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:10:11.0722 5900 atapi - ok
13:10:11.0792 5900 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
13:10:11.0832 5900 athr - ok
13:10:11.0950 5900 AtiHdmiService (d481083348138b4933acfe95812db71c) C:\Windows\system32\drivers\AtiHdmi.sys
13:10:11.0953 5900 AtiHdmiService - ok
13:10:12.0167 5900 atikmdag (6abdeacf12a74374cac307bc045d4662) C:\Windows\system32\DRIVERS\atikmdag.sys
13:10:12.0203 5900 atikmdag - ok
13:10:12.0303 5900 ATKGFNEXSrv (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
13:10:12.0306 5900 ATKGFNEXSrv - ok
13:10:12.0413 5900 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:10:12.0434 5900 AudioEndpointBuilder - ok
13:10:12.0454 5900 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:10:12.0459 5900 AudioSrv - ok
13:10:12.0543 5900 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:10:12.0546 5900 AxInstSV - ok
13:10:12.0617 5900 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:10:12.0626 5900 b06bdrv - ok
13:10:12.0687 5900 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:10:12.0697 5900 b57nd60a - ok
13:10:12.0792 5900 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
13:10:12.0797 5900 BBSvc - ok
13:10:12.0846 5900 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
13:10:12.0851 5900 BBUpdate - ok
13:10:12.0933 5900 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:10:12.0936 5900 BDESVC - ok
13:10:12.0973 5900 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:10:12.0975 5900 Beep - ok
13:10:13.0030 5900 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
13:10:13.0056 5900 BITS - ok
13:10:13.0113 5900 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:10:13.0115 5900 blbdrive - ok
13:10:13.0189 5900 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
13:10:13.0197 5900 Bonjour Service - ok
13:10:13.0295 5900 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:10:13.0297 5900 bowser - ok
13:10:13.0352 5900 bpenum (f46dd257fad7d2d097ef32e72220a06c) C:\Windows\system32\DRIVERS\bpenum.sys
13:10:13.0354 5900 bpenum - ok
13:10:13.0418 5900 bpmp (e82060aed0f28ed8909f2b07fa276185) C:\Windows\system32\DRIVERS\bpmp.sys
13:10:13.0423 5900 bpmp - ok
13:10:13.0487 5900 bpusb (fc6313a5a45c1ae53d0491f0057d5a4d) C:\Windows\system32\Drivers\bpusb.sys
13:10:13.0490 5900 bpusb - ok
13:10:13.0589 5900 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:10:13.0591 5900 BrFiltLo - ok
13:10:13.0618 5900 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:10:13.0620 5900 BrFiltUp - ok
13:10:13.0686 5900 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:10:13.0688 5900 BridgeMP - ok
13:10:13.0754 5900 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:10:13.0758 5900 Browser - ok
13:10:13.0786 5900 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:10:13.0794 5900 Brserid - ok
13:10:13.0807 5900 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:10:13.0809 5900 BrSerWdm - ok
13:10:13.0827 5900 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:10:13.0829 5900 BrUsbMdm - ok
13:10:13.0843 5900 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:10:13.0844 5900 BrUsbSer - ok
13:10:13.0864 5900 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:10:13.0866 5900 BTHMODEM - ok
13:10:13.0898 5900 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:10:13.0901 5900 bthserv - ok
13:10:14.0044 5900 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:10:14.0046 5900 cdfs - ok
13:10:14.0121 5900 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
13:10:14.0126 5900 cdrom - ok
13:10:14.0251 5900 ceepwrsvc (a9e7a3fe06d451dd5dd1d3dcb060e467) C:\Windows\system32\helpsvc.dll
13:10:14.0253 5900 ceepwrsvc ( Backdoor.Multi.ZAccess.gen ) - infected
13:10:14.0253 5900 ceepwrsvc - detected Backdoor.Multi.ZAccess.gen (0)
13:10:14.0306 5900 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:10:14.0309 5900 CertPropSvc - ok
13:10:14.0360 5900 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:10:14.0362 5900 circlass - ok
13:10:14.0415 5900 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:10:14.0421 5900 CLFS - ok
13:10:14.0487 5900 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:10:14.0491 5900 clr_optimization_v2.0.50727_32 - ok
13:10:14.0526 5900 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:10:14.0530 5900 clr_optimization_v2.0.50727_64 - ok
13:10:14.0609 5900 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:10:14.0733 5900 clr_optimization_v4.0.30319_32 - ok
13:10:14.0859 5900 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:10:14.0915 5900 clr_optimization_v4.0.30319_64 - ok
13:10:15.0017 5900 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:10:15.0019 5900 CmBatt - ok
13:10:15.0088 5900 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:10:15.0090 5900 cmdide - ok
13:10:15.0159 5900 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:10:15.0167 5900 CNG - ok
13:10:15.0276 5900 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:10:15.0278 5900 Compbatt - ok
13:10:15.0337 5900 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:10:15.0339 5900 CompositeBus - ok
13:10:15.0375 5900 COMSysApp - ok
13:10:15.0397 5900 connctfy - ok
13:10:15.0419 5900 connctfyMP - ok
13:10:15.0447 5900 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:10:15.0449 5900 crcdisk - ok
13:10:15.0507 5900 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
13:10:15.0511 5900 Creative ALchemy AL6 Licensing Service - ok
13:10:15.0530 5900 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
13:10:15.0531 5900 Creative Audio Engine Licensing Service - ok
13:10:15.0641 5900 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
13:10:15.0647 5900 CryptSvc - ok
13:10:15.0768 5900 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
13:10:15.0774 5900 cvhsvc - ok
13:10:15.0878 5900 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:10:15.0888 5900 DcomLaunch - ok
13:10:15.0923 5900 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:10:15.0929 5900 defragsvc - ok
13:10:15.0991 5900 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:10:15.0994 5900 DfsC - ok
13:10:16.0050 5900 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:10:16.0056 5900 Dhcp - ok
13:10:16.0088 5900 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:10:16.0090 5900 discache - ok
13:10:16.0117 5900 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:10:16.0120 5900 Disk - ok
13:10:16.0194 5900 DMAgent (61458c120cddfe7514e2db125568ca59) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
13:10:16.0201 5900 DMAgent - ok
13:10:16.0301 5900 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:10:16.0305 5900 Dnscache - ok
13:10:16.0349 5900 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:10:16.0354 5900 dot3svc - ok
13:10:16.0401 5900 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:10:16.0406 5900 DPS - ok
13:10:16.0444 5900 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:10:16.0445 5900 drmkaud - ok
13:10:16.0501 5900 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:10:16.0527 5900 DXGKrnl - ok
13:10:16.0563 5900 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:10:16.0566 5900 EapHost - ok
13:10:16.0660 5900 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:10:16.0738 5900 ebdrv - ok
13:10:16.0829 5900 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:10:16.0832 5900 EFS - ok
13:10:16.0903 5900 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:10:16.0914 5900 ehRecvr - ok
13:10:16.0939 5900 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:10:16.0943 5900 ehSched - ok
13:10:17.0058 5900 ElbyCDIO (a71b453626de189a4ec29023a90047ee) C:\Windows\system32\Drivers\ElbyCDIO.sys
13:10:17.0060 5900 ElbyCDIO - ok
13:10:17.0102 5900 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:10:17.0110 5900 elxstor - ok
13:10:17.0192 5900 entertainment (a9e7a3fe06d451dd5dd1d3dcb060e467) C:\Windows\system32\se26nd5.dll
13:10:17.0196 5900 entertainment ( Backdoor.Multi.ZAccess.gen ) - infected
13:10:17.0196 5900 entertainment - detected Backdoor.Multi.ZAccess.gen (0)
13:10:17.0241 5900 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:10:17.0243 5900 ErrDev - ok
13:10:17.0281 5900 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:10:17.0288 5900 EventSystem - ok
13:10:17.0318 5900 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:10:17.0323 5900 exfat - ok
13:10:17.0345 5900 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:10:17.0350 5900 fastfat - ok
13:10:17.0408 5900 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:10:17.0419 5900 Fax - ok
13:10:17.0437 5900 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:10:17.0439 5900 fdc - ok
13:10:17.0460 5900 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:10:17.0462 5900 fdPHost - ok
13:10:17.0475 5900 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:10:17.0478 5900 FDResPub - ok
13:10:17.0492 5900 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:10:17.0494 5900 FileInfo - ok
13:10:17.0508 5900 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:10:17.0510 5900 Filetrace - ok
13:10:17.0544 5900 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:10:17.0547 5900 flpydisk - ok
13:10:17.0594 5900 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:10:17.0600 5900 FltMgr - ok
13:10:17.0656 5900 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:10:17.0698 5900 FontCache - ok
13:10:17.0760 5900 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:10:17.0761 5900 FontCache3.0.0.0 - ok
13:10:17.0802 5900 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:10:17.0805 5900 FsDepends - ok
13:10:17.0858 5900 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
13:10:17.0860 5900 fssfltr - ok
13:10:17.0960 5900 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
13:10:18.0002 5900 fsssvc - ok
13:10:18.0113 5900 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:10:18.0116 5900 Fs_Rec - ok
13:10:18.0182 5900 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:10:18.0186 5900 fvevol - ok
13:10:18.0224 5900 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:10:18.0226 5900 gagp30kx - ok
13:10:18.0287 5900 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:10:18.0289 5900 GEARAspiWDM - ok
13:10:18.0350 5900 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:10:18.0371 5900 gpsvc - ok
13:10:18.0393 5900 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:10:18.0395 5900 hcw85cir - ok
13:10:18.0509 5900 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:10:18.0516 5900 HdAudAddService - ok
13:10:18.0585 5900 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:10:18.0588 5900 HDAudBus - ok
13:10:18.0640 5900 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
13:10:18.0642 5900 HECIx64 - ok
13:10:18.0680 5900 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:10:18.0682 5900 HidBatt - ok
13:10:18.0713 5900 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:10:18.0716 5900 HidBth - ok
13:10:18.0752 5900 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:10:18.0754 5900 HidIr - ok
13:10:18.0800 5900 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:10:18.0803 5900 hidserv - ok
13:10:18.0865 5900 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:10:18.0867 5900 HidUsb - ok
13:10:18.0909 5900 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:10:18.0913 5900 hkmsvc - ok
13:10:18.0977 5900 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:10:18.0983 5900 HomeGroupListener - ok
13:10:19.0005 5900 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:10:19.0010 5900 HomeGroupProvider - ok
13:10:19.0061 5900 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:10:19.0064 5900 HpSAMD - ok
13:10:19.0123 5900 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:10:19.0144 5900 HTTP - ok
13:10:19.0187 5900 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:10:19.0188 5900 hwpolicy - ok
13:10:19.0248 5900 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:10:19.0251 5900 i8042prt - ok
13:10:19.0285 5900 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
13:10:19.0288 5900 iaStor - ok
13:10:19.0339 5900 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:10:19.0346 5900 iaStorV - ok
13:10:19.0422 5900 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:10:19.0443 5900 idsvc - ok
13:10:19.0498 5900 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:10:19.0500 5900 iirsp - ok
13:10:19.0611 5900 IJPLMSVC (ad5df6f4fbbc798636edc66bfec7d0de) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
13:10:19.0614 5900 IJPLMSVC - ok
13:10:19.0726 5900 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:10:19.0747 5900 IKEEXT - ok
13:10:19.0878 5900 IntcAzAudAddService (028e40182a6f0374978c755f85b9f07c) C:\Windows\system32\drivers\RTKVHD64.sys
13:10:19.0960 5900 IntcAzAudAddService - ok
13:10:20.0056 5900 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:10:20.0058 5900 intelide - ok
13:10:20.0111 5900 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:10:20.0113 5900 intelppm - ok
13:10:20.0210 5900 iPAHelper.exe (bccac0016c1fb70cf48765dc342cfc5e) C:\Program Files (x86)\iPod Access for Windows\iPAHelper.exe
13:10:20.0242 5900 iPAHelper.exe - ok
13:10:20.0324 5900 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:10:20.0328 5900 IPBusEnum - ok
13:10:20.0378 5900 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:10:20.0381 5900 IpFilterDriver - ok
13:10:20.0445 5900 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:10:20.0455 5900 iphlpsvc - ok
13:10:20.0503 5900 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:10:20.0506 5900 IPMIDRV - ok
13:10:20.0556 5900 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:10:20.0558 5900 IPNAT - ok
13:10:20.0670 5900 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
13:10:20.0694 5900 iPod Service - ok
13:10:20.0792 5900 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:10:20.0795 5900 IRENUM - ok
13:10:20.0844 5900 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:10:20.0846 5900 isapnp - ok
13:10:20.0885 5900 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:10:20.0891 5900 iScsiPrt - ok
13:10:20.0928 5900 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:10:20.0931 5900 kbdclass - ok
13:10:20.0965 5900 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:10:20.0968 5900 kbdhid - ok
13:10:21.0016 5900 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
13:10:21.0018 5900 kbfiltr - ok
13:10:21.0073 5900 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:10:21.0074 5900 KeyIso - ok
13:10:21.0187 5900 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:10:21.0189 5900 KSecDD - ok
13:10:21.0227 5900 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:10:21.0231 5900 KSecPkg - ok
13:10:21.0277 5900 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:10:21.0279 5900 ksthunk - ok
13:10:21.0374 5900 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:10:21.0381 5900 KtmRm - ok
13:10:21.0434 5900 L1C (9ddc68b87a9b837736a2b193ee14a4a5) C:\Windows\system32\DRIVERS\L1C62x64.sys
13:10:21.0437 5900 L1C - ok
13:10:21.0494 5900 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
13:10:21.0500 5900 LanmanServer - ok
13:10:21.0649 5900 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:10:21.0653 5900 LanmanWorkstation - ok
13:10:21.0713 5900 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
13:10:21.0715 5900 LGBusEnum - ok
13:10:21.0758 5900 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
13:10:21.0758 5900 LGVirHid - ok
13:10:21.0793 5900 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:10:21.0795 5900 lltdio - ok
13:10:21.0835 5900 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:10:21.0842 5900 lltdsvc - ok
13:10:21.0856 5900 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:10:21.0858 5900 lmhosts - ok
13:10:21.0942 5900 LMS (a1c148801b4af64847aeb9f3ad9594ef) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
13:10:21.0947 5900 LMS - ok
13:10:22.0037 5900 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:10:22.0039 5900 LSI_FC - ok
13:10:22.0068 5900 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:10:22.0070 5900 LSI_SAS - ok
13:10:22.0111 5900 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:10:22.0114 5900 LSI_SAS2 - ok
13:10:22.0147 5900 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:10:22.0150 5900 LSI_SCSI - ok
13:10:22.0192 5900 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:10:22.0194 5900 luafv - ok
13:10:22.0262 5900 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
13:10:22.0264 5900 ManyCam - ok
13:10:22.0319 5900 massfilter (36efc8c32829a27baf0e63bfdbd5ee90) C:\Windows\system32\drivers\massfilter.sys
13:10:22.0320 5900 massfilter - ok
13:10:22.0396 5900 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
13:10:22.0398 5900 MBAMProtector - ok
13:10:22.0498 5900 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:10:22.0519 5900 MBAMService - ok
13:10:22.0605 5900 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
13:10:22.0610 5900 McComponentHostService - ok
13:10:22.0701 5900 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:10:22.0705 5900 Mcx2Svc - ok
13:10:22.0749 5900 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:10:22.0751 5900 megasas - ok
13:10:22.0776 5900 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:10:22.0782 5900 MegaSR - ok
13:10:22.0817 5900 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:10:22.0820 5900 MMCSS - ok
13:10:22.0837 5900 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:10:22.0839 5900 Modem - ok
13:10:22.0868 5900 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:10:22.0869 5900 monitor - ok
13:10:22.0913 5900 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:10:22.0916 5900 mouclass - ok
13:10:22.0957 5900 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:10:22.0960 5900 mouhid - ok
13:10:23.0007 5900 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:10:23.0010 5900 mountmgr - ok
13:10:23.0053 5900 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:10:23.0057 5900 mpio - ok
13:10:23.0071 5900 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:10:23.0074 5900 mpsdrv - ok
13:10:23.0122 5900 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:10:23.0126 5900 MRxDAV - ok
13:10:23.0171 5900 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:10:23.0175 5900 mrxsmb - ok
13:10:23.0217 5900 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:10:23.0223 5900 mrxsmb10 - ok
13:10:23.0248 5900 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:10:23.0251 5900 mrxsmb20 - ok
13:10:23.0296 5900 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:10:23.0298 5900 msahci - ok
13:10:23.0322 5900 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:10:23.0326 5900 msdsm - ok
13:10:23.0354 5900 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:10:23.0359 5900 MSDTC - ok
13:10:23.0394 5900 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:10:23.0397 5900 Msfs - ok
13:10:23.0424 5900 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:10:23.0426 5900 mshidkmdf - ok
13:10:23.0468 5900 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:10:23.0470 5900 msisadrv - ok
13:10:23.0500 5900 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:10:23.0505 5900 MSiSCSI - ok
13:10:23.0513 5900 msiserver - ok
13:10:23.0547 5900 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:10:23.0549 5900 MSKSSRV - ok
13:10:23.0569 5900 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:10:23.0571 5900 MSPCLOCK - ok
13:10:23.0591 5900 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:10:23.0593 5900 MSPQM - ok
13:10:23.0642 5900 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:10:23.0648 5900 MsRPC - ok
13:10:23.0695 5900 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:10:23.0695 5900 mssmbios - ok
13:10:23.0735 5900 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:10:23.0738 5900 MSTEE - ok
13:10:23.0754 5900 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:10:23.0757 5900 MTConfig - ok
13:10:23.0800 5900 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
13:10:23.0802 5900 MTsensor - ok
13:10:23.0831 5900 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:10:23.0833 5900 Mup - ok
13:10:23.0880 5900 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:10:23.0889 5900 napagent - ok
13:10:23.0929 5900 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:10:23.0935 5900 NativeWifiP - ok
13:10:24.0026 5900 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe
13:10:24.0034 5900 NAUpdate - ok
13:10:24.0152 5900 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:10:24.0187 5900 NDIS - ok
13:10:24.0235 5900 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:10:24.0237 5900 NdisCap - ok
13:10:24.0286 5900 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:10:24.0288 5900 NdisTapi - ok
13:10:24.0342 5900 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:10:24.0344 5900 Ndisuio - ok
13:10:24.0407 5900 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:10:24.0411 5900 NdisWan - ok
13:10:24.0466 5900 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:10:24.0469 5900 NDProxy - ok
13:10:24.0537 5900 Netaapl (307bc83250fc8e3b2878d81e7d760299) C:\Windows\system32\DRIVERS\netaapl64.sys
13:10:24.0538 5900 Netaapl - ok
13:10:24.0587 5900 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:10:24.0590 5900 NetBIOS - ok
13:10:24.0662 5900 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:10:24.0667 5900 NetBT - ok
13:10:24.0711 5900 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:10:24.0712 5900 Netlogon - ok
13:10:24.0777 5900 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:10:24.0785 5900 Netman - ok
13:10:24.0884 5900 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:10:24.0908 5900 NetMsmqActivator - ok
13:10:24.0912 5900 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:10:24.0913 5900 NetPipeActivator - ok
13:10:24.0999 5900 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:10:25.0008 5900 netprofm - ok
13:10:25.0100 5900 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:10:25.0101 5900 NetTcpActivator - ok
13:10:25.0107 5900 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:10:25.0108 5900 NetTcpPortSharing - ok
13:10:25.0320 5900 NETw5s64 (18555f48844c2861d9dce8f2b7223ae5) C:\Windows\system32\DRIVERS\NETw5s64.sys
13:10:25.0477 5900 NETw5s64 - ok
13:10:25.0581 5900 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:10:25.0583 5900 nfrd960 - ok
13:10:25.0647 5900 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:10:25.0654 5900 NlaSvc - ok
13:10:25.0673 5900 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:10:25.0675 5900 Npfs - ok
13:10:25.0702 5900 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:10:25.0705 5900 nsi - ok
13:10:25.0721 5900 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:10:25.0721 5900 nsiproxy - ok
13:10:25.0792 5900 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:10:25.0834 5900 Ntfs - ok
13:10:25.0847 5900 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:10:25.0848 5900 Null - ok
13:10:25.0901 5900 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:10:25.0905 5900 nvraid - ok
13:10:25.0943 5900 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:10:25.0947 5900 nvstor - ok
13:10:25.0984 5900 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:10:25.0987 5900 nv_agp - ok
13:10:26.0005 5900 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:10:26.0008 5900 ohci1394 - ok
13:10:26.0105 5900 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:10:26.0109 5900 ose - ok
13:10:26.0244 5900 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:10:26.0369 5900 osppsvc - ok
13:10:26.0470 5900 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:10:26.0478 5900 p2pimsvc - ok
13:10:26.0506 5900 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:10:26.0514 5900 p2psvc - ok
13:10:26.0542 5900 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:10:26.0545 5900 Parport - ok
13:10:26.0587 5900 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:10:26.0590 5900 partmgr - ok
13:10:26.0621 5900 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:10:26.0627 5900 PcaSvc - ok
13:10:26.0670 5900 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:10:26.0674 5900 pci - ok
13:10:26.0693 5900 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:10:26.0695 5900 pciide - ok
13:10:26.0730 5900 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:10:26.0736 5900 pcmcia - ok
13:10:26.0753 5900 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:10:26.0756 5900 pcw - ok
13:10:26.0781 5900 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:10:26.0802 5900 PEAUTH - ok
13:10:26.0855 5900 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:10:26.0858 5900 PerfHost - ok
13:10:26.0931 5900 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:10:26.0964 5900 pla - ok
13:10:27.0056 5900 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:10:27.0064 5900 PlugPlay - ok
13:10:27.0099 5900 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:10:27.0102 5900 PNRPAutoReg - ok
13:10:27.0128 5900 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:10:27.0131 5900 PNRPsvc - ok
13:10:27.0179 5900 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:10:27.0188 5900 PolicyAgent - ok
13:10:27.0221 5900 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:10:27.0226 5900 Power - ok
13:10:27.0286 5900 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:10:27.0289 5900 PptpMiniport - ok
13:10:27.0331 5900 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:10:27.0333 5900 Processor - ok
13:10:27.0372 5900 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
13:10:27.0378 5900 ProfSvc - ok
13:10:27.0413 5900 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:10:27.0415 5900 ProtectedStorage - ok
13:10:27.0481 5900 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:10:27.0484 5900 Psched - ok
13:10:27.0612 5900 ptilink (a9e7a3fe06d451dd5dd1d3dcb060e467) C:\Windows\system32\avg7rsxp.dll
13:10:27.0614 5900 ptilink ( Backdoor.Multi.ZAccess.gen ) - infected
13:10:27.0614 5900 ptilink - detected Backdoor.Multi.ZAccess.gen (0)
13:10:27.0660 5900 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:10:27.0692 5900 ql2300 - ok
13:10:27.0710 5900 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:10:27.0713 5900 ql40xx - ok
13:10:27.0750 5900 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:10:27.0756 5900 QWAVE - ok
13:10:27.0776 5900 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:10:27.0777 5900 QWAVEdrv - ok
13:10:27.0794 5900 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:10:27.0796 5900 RasAcd - ok
13:10:27.0831 5900 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:10:27.0834 5900 RasAgileVpn - ok
13:10:27.0867 5900 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:10:27.0871 5900 RasAuto - ok
13:10:27.0932 5900 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:10:27.0935 5900 Rasl2tp - ok
13:10:28.0017 5900 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:10:28.0024 5900 RasMan - ok
13:10:28.0071 5900 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:10:28.0074 5900 RasPppoe - ok
13:10:28.0098 5900 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:10:28.0101 5900 RasSstp - ok
13:10:28.0144 5900 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:10:28.0150 5900 rdbss - ok
13:10:28.0163 5900 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:10:28.0165 5900 rdpbus - ok
13:10:28.0181 5900 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:10:28.0181 5900 RDPCDD - ok
13:10:28.0218 5900 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:10:28.0218 5900 RDPENCDD - ok
13:10:28.0240 5900 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:10:28.0241 5900 RDPREFMP - ok
13:10:28.0293 5900 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
13:10:28.0297 5900 RDPWD - ok
13:10:28.0360 5900 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:10:28.0365 5900 rdyboost - ok
13:10:28.0410 5900 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:10:28.0414 5900 RemoteAccess - ok
13:10:28.0440 5900 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:10:28.0447 5900 RemoteRegistry - ok
13:10:28.0526 5900 RosettaStoneDaemon (182deb193d2f7b785086af4f081540fc) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
13:10:28.0534 5900 RosettaStoneDaemon - ok
13:10:28.0614 5900 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:10:28.0617 5900 RpcEptMapper - ok
13:10:28.0653 5900 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:10:28.0656 5900 RpcLocator - ok
13:10:28.0703 5900 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:10:28.0708 5900 RpcSs - ok
13:10:28.0755 5900 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:10:28.0758 5900 rspndr - ok
13:10:28.0832 5900 s3twistr (a9e7a3fe06d451dd5dd1d3dcb060e467) C:\Windows\system32\UpdateCenterService.dll
13:10:28.0836 5900 s3twistr ( Backdoor.Multi.ZAccess.gen ) - infected
13:10:28.0836 5900 s3twistr - detected Backdoor.Multi.ZAccess.gen (0)
13:10:28.0872 5900 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:10:28.0874 5900 SamSs - ok
13:10:28.0954 5900 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
13:10:28.0958 5900 SASDIFSV - ok
13:10:28.0983 5900 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
13:10:28.0984 5900 SASKUTIL - ok
13:10:29.0079 5900 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:10:29.0082 5900 sbp2port - ok
13:10:29.0121 5900 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:10:29.0126 5900 SCardSvr - ok
13:10:29.0172 5900 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:10:29.0174 5900 scfilter - ok
13:10:29.0232 5900 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:10:29.0262 5900 Schedule - ok
13:10:29.0309 5900 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:10:29.0310 5900 SCPolicySvc - ok
13:10:29.0348 5900 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:10:29.0353 5900 SDRSVC - ok
13:10:29.0410 5900 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:10:29.0412 5900 secdrv - ok
13:10:29.0449 5900 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:10:29.0452 5900 seclogon - ok
13:10:29.0477 5900 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
13:10:29.0480 5900 SENS - ok
13:10:29.0499 5900 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:10:29.0502 5900 SensrSvc - ok
13:10:29.0550 5900 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:10:29.0552 5900 Serenum - ok
13:10:29.0573 5900 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:10:29.0576 5900 Serial - ok
13:10:29.0617 5900 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:10:29.0619 5900 sermouse - ok
13:10:29.0677 5900 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:10:29.0681 5900 SessionEnv - ok
13:10:29.0765 5900 SfCtlCom (7251169d5676396840911f64bb4bc3b2) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
13:10:29.0787 5900 SfCtlCom - ok
13:10:29.0873 5900 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:10:29.0874 5900 sffdisk - ok
13:10:29.0903 5900 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:10:29.0905 5900 sffp_mmc - ok
13:10:29.0944 5900 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:10:29.0946 5900 sffp_sd - ok
13:10:29.0990 5900 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:10:29.0992 5900 sfloppy - ok
13:10:30.0070 5900 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
13:10:30.0092 5900 Sftfs - ok
13:10:30.0185 5900 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
13:10:30.0193 5900 sftlist - ok
13:10:30.0285 5900 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
13:10:30.0291 5900 Sftplay - ok
13:10:30.0360 5900 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
13:10:30.0362 5900 Sftredir - ok
13:10:30.0411 5900 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
13:10:30.0413 5900 Sftvol - ok
13:10:30.0504 5900 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
13:10:30.0509 5900 sftvsa - ok
13:10:30.0624 5900 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:10:30.0631 5900 SharedAccess - ok
13:10:30.0679 5900 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:10:30.0687 5900 ShellHWDetection - ok
13:10:30.0731 5900 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
13:10:30.0733 5900 SiSGbeLH - ok
13:10:30.0755 5900 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:10:30.0757 5900 SiSRaid2 - ok
13:10:30.0777 5900 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:10:30.0780 5900 SiSRaid4 - ok
13:10:30.0798 5900 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:10:30.0801 5900 Smb - ok
13:10:30.0840 5900 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:10:30.0843 5900 SNMPTRAP - ok
13:10:30.0906 5900 SNP2UVC (7aec460dbdd193680f0e77724e40e7b6) C:\Windows\system32\DRIVERS\snp2uvc.sys
13:10:30.0947 5900 SNP2UVC - ok
13:10:31.0060 5900 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:10:31.0062 5900 spldr - ok
13:10:31.0119 5900 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:10:31.0141 5900 Spooler - ok
13:10:31.0247 5900 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:10:31.0342 5900 sppsvc - ok
13:10:31.0368 5900 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:10:31.0372 5900 sppuinotify - ok
13:10:31.0430 5900 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:10:31.0438 5900 srv - ok
13:10:31.0485 5900 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:10:31.0493 5900 srv2 - ok
13:10:31.0530 5900 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:10:31.0534 5900 srvnet - ok
13:10:31.0569 5900 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:10:31.0575 5900 SSDPSRV - ok
13:10:31.0595 5900 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:10:31.0599 5900 SstpSvc - ok
13:10:31.0635 5900 Steam Client Service - ok
13:10:31.0673 5900 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:10:31.0675 5900 stexstor - ok
13:10:31.0735 5900 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:10:31.0756 5900 stisvc - ok
13:10:31.0800 5900 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:10:31.0801 5900 swenum - ok
13:10:31.0837 5900 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:10:31.0847 5900 swprv - ok
13:10:31.0917 5900 SynTP (01a658167619075baad31c96074c0b38) C:\Windows\system32\DRIVERS\SynTP.sys
13:10:31.0923 5900 SynTP - ok
13:10:31.0991 5900 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:10:32.0033 5900 SysMain - ok
13:10:32.0077 5900 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:10:32.0081 5900 TabletInputService - ok
13:10:32.0138 5900 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
13:10:32.0140 5900 taphss - ok
13:10:32.0163 5900 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:10:32.0170 5900 TapiSrv - ok
13:10:32.0198 5900 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:10:32.0201 5900 TBS - ok
13:10:32.0295 5900 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
13:10:32.0348 5900 Tcpip - ok
13:10:32.0469 5900 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
13:10:32.0481 5900 TCPIP6 - ok
13:10:32.0576 5900 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:10:32.0578 5900 tcpipreg - ok
13:10:32.0634 5900 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:10:32.0636 5900 TDPIPE - ok
13:10:32.0686 5900 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:10:32.0688 5900 TDTCP - ok
13:10:32.0740 5900 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:10:32.0743 5900 tdx - ok
13:10:32.0794 5900 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:10:32.0796 5900 TermDD - ok
13:10:32.0857 5900 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:10:32.0878 5900 TermService - ok
13:10:32.0910 5900 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:10:32.0914 5900 Themes - ok
13:10:32.0949 5900 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:10:32.0950 5900 THREADORDER - ok
13:10:33.0028 5900 TMBMServer (963c903e5176c5cdcae321d48635b21f) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
13:10:33.0037 5900 TMBMServer - ok
13:10:33.0110 5900 tmpreflt (803ee35df92815ea5d41cee7410c8cc1) C:\Windows\system32\DRIVERS\tmpreflt.sys
13:10:33.0112 5900 tmpreflt - ok
13:10:33.0155 5900 TmProxy (3ae913b4fbf06ee49831ff9db2330830) C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
13:10:33.0189 5900 TmProxy - ok
13:10:33.0280 5900 tmtdi (21cc12b7f8b44e91d03ead5b17aaf0b2) C:\Windows\system32\DRIVERS\tmtdi.sys
13:10:33.0282 5900 tmtdi - ok
13:10:33.0341 5900 tmxpflt (9bd32132a3470cefb3cbea5fa492bd6f) C:\Windows\system32\DRIVERS\tmxpflt.sys
13:10:33.0347 5900 tmxpflt - ok
13:10:33.0393 5900 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:10:33.0398 5900 TrkWks - ok
13:10:33.0446 5900 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:10:33.0450 5900 TrustedInstaller - ok
13:10:33.0493 5900 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:10:33.0495 5900 tssecsrv - ok
13:10:33.0551 5900 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:10:33.0553 5900 TsUsbFlt - ok
13:10:33.0609 5900 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:10:33.0612 5900 tunnel - ok
13:10:33.0649 5900 TurboB (c45a3e051c65106a28982caed125f855) C:\Windows\system32\DRIVERS\TurboB.sys
13:10:33.0652 5900 TurboB - ok
13:10:33.0684 5900 TurboBoost (baef86ebeaece76573fa822dea256f6c) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
13:10:33.0687 5900 TurboBoost - ok
13:10:33.0753 5900 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:10:33.0757 5900 uagp35 - ok
13:10:33.0812 5900 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:10:33.0818 5900 udfs - ok
13:10:33.0867 5900 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:10:33.0871 5900 UI0Detect - ok
13:10:33.0920 5900 UimBus (a9e7a3fe06d451dd5dd1d3dcb060e467) C:\Windows\system32\SlNtHal.dll
13:10:33.0924 5900 UimBus ( Backdoor.Multi.ZAccess.gen ) - infected
13:10:33.0924 5900 UimBus - detected Backdoor.Multi.ZAccess.gen (0)
13:10:33.0957 5900 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:10:33.0959 5900 uliagpkx - ok
13:10:34.0012 5900 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
13:10:34.0014 5900 umbus - ok
13:10:34.0057 5900 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:10:34.0059 5900 UmPass - ok
13:10:34.0156 5900 UNS (41118d920b2b268c0adc36421248cdcf) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
13:10:34.0170 5900 UNS - ok
13:10:34.0255 5900 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:10:34.0263 5900 upnphost - ok
13:10:34.0313 5900 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
13:10:34.0316 5900 USBAAPL64 - ok
13:10:34.0382 5900 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
13:10:34.0385 5900 usbaudio - ok
13:10:34.0425 5900 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:10:34.0428 5900 usbccgp - ok
13:10:34.0469 5900 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:10:34.0472 5900 usbcir - ok
13:10:34.0510 5900 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
13:10:34.0512 5900 usbehci - ok
13:10:34.0545 5900 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:10:34.0551 5900 usbhub - ok
13:10:34.0571 5900 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
13:10:34.0573 5900 usbohci - ok
13:10:34.0608 5900 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:10:34.0611 5900 usbprint - ok
13:10:34.0660 5900 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:10:34.0662 5900 usbscan - ok
13:10:34.0721 5900 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:10:34.0724 5900 USBSTOR - ok
13:10:34.0756 5900 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:10:34.0758 5900 usbuhci - ok
13:10:34.0814 5900 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
13:10:34.0819 5900 usbvideo - ok
13:10:34.0847 5900 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:10:34.0850 5900 UxSms - ok
13:10:34.0894 5900 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:10:34.0895 5900 VaultSvc - ok
13:10:34.0957 5900 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:10:34.0959 5900 vdrvroot - ok
13:10:35.0002 5900 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:10:35.0022 5900 vds - ok
13:10:35.0061 5900 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:10:35.0064 5900 vga - ok
13:10:35.0078 5900 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:10:35.0080 5900 VgaSave - ok
13:10:35.0124 5900 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:10:35.0129 5900 vhdmp - ok
13:10:35.0171 5900 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:10:35.0173 5900 viaide - ok
13:10:35.0187 5900 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:10:35.0189 5900 volmgr - ok
13:10:35.0254 5900 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:10:35.0261 5900 volmgrx - ok
13:10:35.0280 5900 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:10:35.0286 5900 volsnap - ok
13:10:35.0344 5900 vsapint (b01ce1f5a44126892240d179a6dbd43f) C:\Windows\system32\DRIVERS\vsapint.sys
13:10:35.0386 5900 vsapint - ok
13:10:35.0485 5900 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:10:35.0489 5900 vsmraid - ok
13:10:35.0554 5900 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:10:35.0596 5900 VSS - ok
13:10:35.0635 5900 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:10:35.0637 5900 vwifibus - ok
13:10:35.0656 5900 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:10:35.0659 5900 vwififlt - ok
13:10:35.0689 5900 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
13:10:35.0691 5900 vwifimp - ok
13:10:35.0797 5900 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:10:35.0804 5900 W32Time - ok
13:10:35.0828 5900 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:10:35.0831 5900 WacomPen - ok
13:10:35.0891 5900 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:10:35.0894 5900 WANARP - ok
13:10:35.0907 5900 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:10:35.0908 5900 Wanarpv6 - ok
13:10:35.0999 5900 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:10:36.0031 5900 WatAdminSvc - ok
13:10:36.0104 5900 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:10:36.0137 5900 wbengine - ok
13:10:36.0172 5900 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:10:36.0178 5900 WbioSrvc - ok
13:10:36.0222 5900 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:10:36.0230 5900 wcncsvc - ok
13:10:36.0245 5900 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:10:36.0249 5900 WcsPlugInService - ok
13:10:36.0279 5900 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:10:36.0281 5900 Wd - ok
13:10:36.0306 5900 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:10:36.0315 5900 Wdf01000 - ok
13:10:36.0331 5900 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:10:36.0335 5900 WdiServiceHost - ok
13:10:36.0339 5900 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:10:36.0341 5900 WdiSystemHost - ok
13:10:36.0384 5900 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:10:36.0391 5900 WebClient - ok
13:10:36.0414 5900 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:10:36.0420 5900 Wecsvc - ok
13:10:36.0455 5900 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:10:36.0459 5900 wercplsupport - ok
13:10:36.0478 5900 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:10:36.0481 5900 WerSvc - ok
13:10:36.0530 5900 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:10:36.0532 5900 WfpLwf - ok
13:10:36.0601 5900 WiMAXAppSrv (8686e96e13f41ac9806a79ca8004feee) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
13:10:36.0623 5900 WiMAXAppSrv - ok
13:10:36.0719 5900 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
13:10:36.0723 5900 WimFltr - ok
13:10:36.0763 5900 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:10:36.0765 5900 WIMMount - ok
13:10:36.0794 5900 WinDefend - ok
13:10:36.0811 5900 WinHttpAutoProxySvc - ok
13:10:36.0890 5900 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:10:36.0895 5900 Winmgmt - ok
13:10:36.0972 5900 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:10:37.0014 5900 WinRM - ok
13:10:37.0096 5900 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
13:10:37.0099 5900 WinUsb - ok
13:10:37.0131 5900 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:10:37.0156 5900 Wlansvc - ok
13:10:37.0260 5900 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:10:37.0262 5900 wlcrasvc - ok
13:10:37.0344 5900 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:10:37.0427 5900 wlidsvc - ok
13:10:37.0525 5900 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:10:37.0528 5900 WmiAcpi - ok
13:10:37.0602 5900 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:10:37.0606 5900 wmiApSrv - ok
13:10:37.0652 5900 WMPNetworkSvc - ok
13:10:37.0744 5900 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:10:37.0748 5900 WPCSvc - ok
13:10:37.0794 5900 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:10:37.0799 5900 WPDBusEnum - ok
13:10:37.0828 5900 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:10:37.0829 5900 ws2ifsl - ok
13:10:37.0872 5900 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
13:10:37.0876 5900 wscsvc - ok
13:10:37.0885 5900 WSearch - ok
13:10:37.0963 5900 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
13:10:38.0057 5900 wuauserv - ok
13:10:38.0118 5900 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:10:38.0121 5900 WudfPf - ok
13:10:38.0149 5900 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:10:38.0153 5900 WUDFRd - ok
13:10:38.0202 5900 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:10:38.0206 5900 wudfsvc - ok
13:10:38.0287 5900 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:10:38.0295 5900 WwanSvc - ok
13:10:38.0364 5900 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
13:10:38.0375 5900 xnacc - ok
13:10:38.0432 5900 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
13:10:38.0434 5900 xusb21 - ok
13:10:38.0475 5900 ZTEusbgps (d6959a4fc3b56afd9e31b0e71377c05f) C:\Windows\system32\DRIVERS\ZTEusbgps.sys
13:10:38.0478 5900 ZTEusbgps - ok
13:10:38.0492 5900 ZTEusbmdm6k (d6959a4fc3b56afd9e31b0e71377c05f) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
13:10:38.0495 5900 ZTEusbmdm6k - ok
13:10:38.0512 5900 ZTEusbnmea (d6959a4fc3b56afd9e31b0e71377c05f) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
13:10:38.0515 5900 ZTEusbnmea - ok
13:10:38.0532 5900 ZTEusbnmeaext (d6959a4fc3b56afd9e31b0e71377c05f) C:\Windows\system32\DRIVERS\ZTEusbnmeaext.sys
13:10:38.0535 5900 ZTEusbnmeaext - ok
13:10:38.0557 5900 ZTEusbser6k (d6959a4fc3b56afd9e31b0e71377c05f) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
13:10:38.0560 5900 ZTEusbser6k - ok
13:10:38.0712 5900 {eda5f5d3-9e0f-4f4d-8a13-1d1cf469c9cc} (a9e7a3fe06d451dd5dd1d3dcb060e467) C:\Windows\system32\CAM1210.dll
13:10:38.0714 5900 {eda5f5d3-9e0f-4f4d-8a13-1d1cf469c9cc} ( Backdoor.Multi.ZAccess.gen ) - infected
13:10:38.0714 5900 {eda5f5d3-9e0f-4f4d-8a13-1d1cf469c9cc} - detected Backdoor.Multi.ZAccess.gen (0)
13:10:38.0731 5900 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:10:38.0826 5900 \Device\Harddisk0\DR0 - ok
13:10:38.0861 5900 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
13:10:38.0863 5900 \Device\Harddisk1\DR1 - ok
13:10:38.0867 5900 Boot (0x1200) (8500983105223e359ab974b106fcaefc) \Device\Harddisk0\DR0\Partition0
13:10:38.0873 5900 \Device\Harddisk0\DR0\Partition0 - ok
13:10:38.0880 5900 Boot (0x1200) (f52337e5b93d775035fa58e117f7c77a) \Device\Harddisk1\DR1\Partition0
13:10:38.0881 5900 \Device\Harddisk1\DR1\Partition0 - ok
13:10:38.0902 5900 Boot (0x1200) (03db72240ffc358e990a7fd62b87dd8b) \Device\Harddisk1\DR1\Partition1
13:10:38.0903 5900 \Device\Harddisk1\DR1\Partition1 - ok
13:10:38.0922 5900 Boot (0x1200) (868644e35c9ef5ae2fc20cd7cbf6ebc9) \Device\Harddisk1\DR1\Partition2
13:10:38.0923 5900 \Device\Harddisk1\DR1\Partition2 - ok
13:10:38.0924 5900 ============================================================
13:10:38.0924 5900 Scan finished
13:10:38.0924 5900 ============================================================
13:10:38.0938 4880 Detected object count: 6
13:10:38.0938 4880 Actual detected object count: 6
13:11:28.0490 4880 C:\Windows\system32\helpsvc.dll - copied to quarantine
13:11:28.0491 4880 HKLM\SYSTEM\ControlSet001\services\ceepwrsvc - will be deleted on reboot
13:11:28.0522 4880 HKLM\SYSTEM\ControlSet002\services\ceepwrsvc - will be deleted on reboot
13:11:28.0706 4880 C:\Windows\system32\helpsvc.dll - will be deleted on reboot
13:11:28.0706 4880 ceepwrsvc ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
13:11:28.0802 4880 C:\Windows\system32\se26nd5.dll - copied to quarantine
13:11:28.0802 4880 HKLM\SYSTEM\ControlSet001\services\entertainment - will be deleted on reboot
13:11:28.0811 4880 HKLM\SYSTEM\ControlSet002\services\entertainment - will be deleted on reboot
13:11:28.0816 4880 C:\Windows\system32\se26nd5.dll - will be deleted on reboot
13:11:28.0816 4880 entertainment ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
13:11:28.0862 4880 C:\Windows\system32\avg7rsxp.dll - copied to quarantine
13:11:28.0863 4880 HKLM\SYSTEM\ControlSet001\services\ptilink - will be deleted on reboot
13:11:28.0873 4880 HKLM\SYSTEM\ControlSet002\services\ptilink - will be deleted on reboot
13:11:28.0878 4880 C:\Windows\system32\avg7rsxp.dll - will be deleted on reboot
13:11:28.0878 4880 ptilink ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
13:11:28.0923 4880 C:\Windows\system32\UpdateCenterService.dll - copied to quarantine
13:11:28.0924 4880 HKLM\SYSTEM\ControlSet001\services\s3twistr - will be deleted on reboot
13:11:28.0938 4880 HKLM\SYSTEM\ControlSet002\services\s3twistr - will be deleted on reboot
13:11:28.0943 4880 C:\Windows\system32\UpdateCenterService.dll - will be deleted on reboot
13:11:28.0943 4880 s3twistr ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
13:11:28.0996 4880 C:\Windows\system32\SlNtHal.dll - copied to quarantine
13:11:28.0996 4880 HKLM\SYSTEM\ControlSet001\services\UimBus - will be deleted on reboot
13:11:29.0067 4880 HKLM\SYSTEM\ControlSet002\services\UimBus - will be deleted on reboot
13:11:29.0072 4880 C:\Windows\system32\SlNtHal.dll - will be deleted on reboot
13:11:29.0072 4880 UimBus ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
13:11:29.0338 4880 C:\Windows\system32\CAM1210.dll - copied to quarantine
13:11:29.0339 4880 HKLM\SYSTEM\ControlSet001\services\{eda5f5d3-9e0f-4f4d-8a13-1d1cf469c9cc} - will be deleted on reboot
13:11:29.0339 4880 HKLM\SYSTEM\ControlSet002\services\{eda5f5d3-9e0f-4f4d-8a13-1d1cf469c9cc} - will be deleted on reboot
13:11:29.0344 4880 C:\Windows\system32\CAM1210.dll - will be deleted on reboot
13:11:29.0344 4880 {eda5f5d3-9e0f-4f4d-8a13-1d1cf469c9cc} ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
13:15:00.0849 8076 Deinitialize success


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

MBR Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-07 13:19:04
-----------------------------
13:19:04.514 OS Version: Windows x64 6.1.7601 Service Pack 1
13:19:04.514 Number of processors: 8 586 0x1E05
13:19:04.515 ComputerName: JUSTINDAILEY-PC UserName: Justin Dailey
13:19:25.942 Initialize success
13:20:26.555 AVAST engine defs: 12040701
13:20:32.126 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:20:32.131 Disk 0 Vendor: ST964032 0002 Size: 610480MB BusType: 3
13:20:32.136 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
13:20:32.142 Disk 1 Vendor: SAMSUNG_ 2AR1 Size: 953869MB BusType: 3
13:20:32.277 Disk 0 MBR read successfully
13:20:32.282 Disk 0 MBR scan
13:20:32.288 Disk 0 Windows 7 default MBR code
13:20:32.293 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 20002 MB offset 63
13:20:32.308 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 590476 MB offset 40965750
13:20:32.352 Disk 0 scanning C:\Windows\system32\drivers
13:20:51.932 Service scanning
13:21:26.713 Modules scanning
13:21:26.730 Disk 0 trace - called modules:
13:21:26.756 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
13:21:26.764 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065df790]
13:21:26.770 3 CLASSPNP.SYS[fffff88001bc343f] -> nt!IofCallDriver -> [0xfffffa80063a0d20]
13:21:26.777 5 ACPI.sys[fffff88000f9b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80063a3050]
13:21:31.223 AVAST engine scan C:\Windows
13:21:41.644 AVAST engine scan C:\Windows\system32
13:21:42.136 File: C:\Windows\system32\3c1807pd.dll **INFECTED** Win64:Sirefef-E [Trj]
13:21:58.001 File: C:\Windows\system32\CiscoVpnInstallService.dll **INFECTED** Win64:Sirefef-E [Trj]
13:21:58.520 File: C:\Windows\system32\cmdagent.dll **INFECTED** Win64:Sirefef-E [Trj]
13:22:01.572 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-JQ [Trj]
13:22:42.597 File: C:\Windows\system32\ichaud.dll **INFECTED** Win64:Sirefef-E [Trj]
13:22:57.404 File: C:\Windows\system32\LRMINIPORT.dll **INFECTED** Win64:Sirefef-E [Trj]
13:24:28.127 File: C:\Windows\system32\transactional.dll **INFECTED** Win64:Sirefef-E [Trj]
13:25:27.392 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
13:25:33.857 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
13:27:44.908 File: C:\Windows\assembly\tmp\loader.tlb **SUSPICIOUS**
13:27:44.984 File: C:\Windows\assembly\tmp\U\00000001.@ **SUSPICIOUS**
13:27:45.038 File: C:\Windows\assembly\tmp\U\000000c0.@ **SUSPICIOUS**
13:27:45.091 File: C:\Windows\assembly\tmp\U\000000cb.@ **SUSPICIOUS**
13:27:45.166 File: C:\Windows\assembly\tmp\U\000000cf.@ **SUSPICIOUS**
13:27:45.230 File: C:\Windows\assembly\tmp\U\80000000.@ **SUSPICIOUS**
13:27:45.273 File: C:\Windows\assembly\tmp\U\800000c0.@ **SUSPICIOUS**
13:27:45.303 File: C:\Windows\assembly\tmp\U\800000c0.@ **INFECTED** Win32:Sirefef-PL [Rtk]
13:27:45.355 File: C:\Windows\assembly\tmp\U\800000cb.@ **SUSPICIOUS**
13:27:45.421 File: C:\Windows\assembly\tmp\U\800000cf.@ **SUSPICIOUS**
13:27:45.445 File: C:\Windows\assembly\tmp\U\800000cf.@ **INFECTED** Win32:Malware-gen
13:27:45.481 File: C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6} **SUSPICIOUS**
13:27:46.662 AVAST engine scan C:\Windows\system32\drivers
13:28:07.902 AVAST engine scan C:\Users\Justin Dailey
13:46:09.031 AVAST engine scan C:\ProgramData
13:48:21.091 Scan finished successfully
13:58:21.411 Disk 0 MBR has been saved successfully to "C:\Users\Justin Dailey\Desktop\MBR.dat"
13:58:21.417 The log file has been saved successfully to "C:\Users\Justin Dailey\Desktop\aswMBR.txt"



I look forward to your next reply! :] Thanks for the quick responses too!

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:38 PM

Posted 07 April 2012 - 08:25 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Rokushi

Rokushi
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 09 April 2012 - 06:16 PM

Hello!

Just wanted to let you know I have not had the time to do this next step but I am about to start soon. Sometimes my job requires me to work for 24 hours or more and it did the other day. I apologize for the delay greatly.

#10 Rokushi

Rokushi
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 09 April 2012 - 06:54 PM

Hello!
Here is the log that you requested!


Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 09-04-2012 13:39:11
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [] [x]
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2085160 2010-03-04] (Synaptics Incorporated)
HKLM\...\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" [415816 2010-08-02] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE [4725320 2010-08-02] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2412616 2010-08-02] (Logitech Inc.)
HKLM\...\Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash [1441792 2010-06-08] (Intel® Corporation)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2726728 2010-03-24] (CANON INC.)
HKLM\...\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [483880 2009-06-03] (ActivIdentity)
HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440 2010-04-26] ()
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-07-11] (Nullsoft, Inc.)
HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r [237693 2008-12-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [249064 2010-10-28] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-10-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-23] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2012-01-13] (Malwarebytes Corporation)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup [1485208 2010-07-28] (Affinegy, Inc.)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6806144 2010-06-24] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-03] (ASUS)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe [3058304 2010-10-04] (ASUS)
HKLM-x32\...\Run: [Ask and Record FLV Service] "C:\Program Files (x86)\Replay Media Catcher\FLVSrvc.exe" /run [156672 2009-09-22] (Applian Technologies, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKU\Justin Dailey\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4785536 2012-03-07] (SUPERAntiSpyware.com)
HKU\Justin Dailey\...\Run: [Steam] "Z:\Steam\steam.exe" -silent [x]
HKU\Justin Dailey\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [17351304 2011-10-12] (Skype Technologies S.A.)
HKU\Justin Dailey\...\Run: [ManyCam] "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent [1756232 2011-05-12] (ManyCam LLC)
HKU\Justin Dailey\...\Policies\system: [disableregistrytools] 0
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{E9BCB1E0-3F08-4254-ABF0-4870AF925221}: [NameServer]192.168.2.1
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 aalogger; C:\Windows\System32\rtport.dll [5120 2009-07-13] (Iomega)
2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
2 ADIDTSFiltService; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation)
2 ADIDTSFiltService; \\.\globalrootC:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
2 AffinegyService; "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe" [569752 2010-07-28] (Affinegy, Inc.)
2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
4 aslm75; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation)
4 aslm75; \\.\globalrootC:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)
2 BBUpdate; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [249648 2011-06-15] (Microsoft Corporation)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 carboncopyscheduler; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation)
2 carboncopyscheduler; \\.\globalrootC:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
2 CdaC15BA; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation)
2 CdaC15BA; \\.\globalrootC:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
2 DMAgent; "C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe" [408576 2010-06-07] (Red Bend Ltd.)
2 hmonitor; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation)
2 hmonitor; \\.\globalrootC:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
4 iPAHelper.exe; C:\Program Files (x86)\iPod Access for Windows\iPAHelper.exe [1562381 2008-08-30] ()
2 klblmain; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation)
2 klblmain; \\.\globalrootC:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
4 kmixer; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation)
4 kmixer; \\.\globalrootC:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-13] (Malwarebytes Corporation)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 RosettaStoneDaemon; "C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe" [444224 2009-09-02] (Rosetta Stone Ltd.)
2 SfCtlCom; "C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe" [859712 2010-10-09] (Trend Micro Inc.)
3 TMBMServer; "C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service [570632 2010-02-23] (Trend Micro Inc.)
3 TmProxy; "C:\Program Files\Trend Micro\Internet Security\TmProxy.exe" [917768 2010-02-23] (Trend Micro Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2314240 2009-09-30] (Intel Corporation)
2 WiMAXAppSrv; "C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe" [911872 2010-06-07] (Intel® Corporation)
2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [125888 2010-09-14] (SlySoft, Inc.)
3 AnyDVD; C:\Windows\SysWow64\Drivers\AnyDVD.sys [125888 2010-09-14] (SlySoft, Inc.)
2 ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [15416 2009-07-02] (ASUS)
3 bpenum; C:\Windows\System32\Drivers\bpenum.sys [71168 2010-05-16] (Intel Corporation)
3 bpmp; C:\Windows\System32\Drivers\bpmp.sys [175104 2010-05-16] (Intel Corporation)
3 bpusb; C:\Windows\System32\Drivers\bpusb.sys [81920 2010-05-16] (Intel Corporation)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
3 LGBusEnum; C:\Windows\System32\Drivers\LGBusEnum.sys [22408 2009-11-23] (Logitech Inc.)
3 LGVirHid; C:\Windows\System32\Drivers\LGVirHid.sys [16008 2009-11-23] (Logitech Inc.)
3 ManyCam; C:\Windows\System32\DRIVERS\ManyCam_x64.sys [27136 2008-03-12] (ManyCam LLC.)
3 massfilter; C:\Windows\System32\Drivers\massfilter.sys [11776 2008-04-15] (MBB Incorporated)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)
3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2010-04-19] (Apple Inc.)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SNP2UVC; C:\Windows\System32\Drivers\SNP2UVC.sys [1806400 2009-06-05] ()
3 taphss; C:\Windows\System32\Drivers\taphss.sys [37888 2010-09-22] (AnchorFree Inc)
2 tmpreflt; C:\Windows\System32\Drivers\tmpreflt.sys [42576 2010-07-30] (Trend Micro Inc.)
1 tmtdi; C:\Windows\System32\Drivers\tmtdi.sys [107536 2010-02-23] (Trend Micro Inc.)
2 tmxpflt; C:\Windows\System32\Drivers\tmxpflt.sys [309840 2010-07-30] (Trend Micro Inc.)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-08-06] ()
2 vsapint; C:\Windows\System32\Drivers\vsapint.sys [1988176 2010-07-30] (Trend Micro Inc.)
3 ZTEusbgps; C:\Windows\System32\Drivers\ZTEusbgps.sys [121344 2008-04-15] (ZTE Incorporated)
3 ZTEusbmdm6k; C:\Windows\System32\Drivers\ZTEusbmdm6k.sys [121344 2008-04-15] (ZTE Incorporated)
3 ZTEusbnmea; C:\Windows\System32\Drivers\ZTEusbnmea.sys [121344 2008-04-15] (ZTE Incorporated)
3 ZTEusbnmeaext; C:\Windows\System32\Drivers\ZTEusbnmeaext.sys [121344 2008-04-15] (ZTE Incorporated)
3 ZTEusbser6k; C:\Windows\System32\Drivers\ZTEusbser6k.sys [121344 2008-04-15] (ZTE Incorporated)
3 ALSysIO; \??\C:\Users\JUSTIN~1\AppData\Local\Temp\ALSysIO64.sys [x]
3 connctfy; C:\Windows\System32\DRIVERS\connctfy.sys [x]
3 connctfyMP; C:\Windows\System32\DRIVERS\connctfy.sys [x]
3 tmlwf; [x]
3 tmwfp; [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: entertainment
NETSVC: s3twistr
NETSVC: aalogger
NETSVC: ptilink
NETSVC: {eda5f5d3-9e0f-4f4d-8a13-1d1cf469c9cc}
NETSVC: UimBus

============ One Month Created Files and Folders ==============

2012-04-09 13:39 - 2012-04-09 13:39 - 0000000 ____D C:\FRST

2012-04-07 16:23 - 2012-04-07 16:23 - 7430712 ____A (Glarysoft Ltd ) C:\Users\Justin Dailey\Downloads\gusetup.exe
2012-04-07 15:58 - 2012-04-07 15:58 - 0003922 ____A C:\Users\Justin Dailey\Desktop\aswMBR.txt
2012-04-07 15:58 - 2012-04-07 15:58 - 0000512 ____A C:\Users\Justin Dailey\Desktop\MBR.dat
2012-04-07 15:18 - 2012-04-07 15:18 - 4731392 ____A (AVAST Software) C:\Users\Justin Dailey\Downloads\aswMBR.exe
2012-04-07 15:11 - 2012-04-07 15:11 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-07 15:09 - 2012-04-07 15:15 - 0149430 ____A C:\TDSSKiller.2.7.26.0_07.04.2012_13.09.58_log.txt
2012-04-07 15:08 - 2012-04-07 15:08 - 2073136 ____A (Kaspersky Lab ZAO) C:\Users\Justin Dailey\Downloads\tdsskiller.exe
2012-04-07 13:36 - 2012-04-07 13:36 - 0271920 ____A C:\Windows\Minidump\040712-22464-01.dmp
2012-04-07 13:33 - 2012-04-07 13:33 - 0271920 ____A C:\Windows\Minidump\040712-24102-01.dmp
2012-04-07 05:00 - 2012-04-07 05:00 - 9602565 ____A C:\Users\Justin Dailey\Desktop\Mario Bros vs Wright Bros. Epic Rap Battles of History Seaso.mp4
2012-04-07 05:00 - 2012-04-07 05:00 - 11845039 ____A C:\Users\Justin Dailey\Desktop\Master Chief vs Leonidas. Epic Rap Battles of History Season.mp4
2012-04-07 04:59 - 2012-04-07 05:00 - 11943811 ____A C:\Users\Justin Dailey\Desktop\Michael Jackson VS Elvis Presley. Epic Rap Battles of Histor.mp4
2012-04-06 03:19 - 2012-04-06 03:19 - 0600792 ____A C:\Users\Justin Dailey\Downloads\2398.jpg
2012-04-06 00:18 - 2012-04-06 00:18 - 55558278 ____A C:\Users\Justin Dailey\Desktop\Super Mario Brothers - Frustration.mp4
2012-04-05 22:43 - 2012-04-05 22:43 - 0040807 ____A C:\Users\Justin Dailey\Desktop\GMERlog.log
2012-04-05 22:43 - 2012-04-05 22:43 - 0032419 ____A C:\Users\Justin Dailey\Desktop\DDS.txt
2012-04-05 22:43 - 2012-04-05 22:43 - 0020820 ____A C:\Users\Justin Dailey\Desktop\Attach.txt
2012-04-05 21:15 - 2012-04-05 21:15 - 0302592 ____A C:\Users\Justin Dailey\Downloads\5wfs5qrt.exe
2012-04-05 21:07 - 2012-04-05 21:07 - 0607260 ___RA (Swearware) C:\Users\Justin Dailey\Downloads\dds.scr
2012-04-05 19:39 - 2012-03-04 20:48 - 0002146 ____A C:\Users\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk
2012-04-05 19:02 - 2012-04-05 19:02 - 0271920 ____A C:\Windows\Minidump\040512-24039-01.dmp
2012-04-05 18:33 - 2012-04-05 18:33 - 0006730 ____A C:\Users\Justin Dailey\Documents\Uninstall Mass Effect 2.log
2012-04-05 18:23 - 2012-04-05 18:23 - 4450553 ____R (Swearware) C:\Users\Justin Dailey\Desktop\ComboFix.exe
2012-04-05 18:19 - 2012-04-05 18:22 - 0000361 ____A C:\rkill.log
2012-04-05 18:18 - 2012-04-05 18:18 - 1008141 ____A C:\Users\Justin Dailey\Downloads\rkill.scr
2012-04-05 00:25 - 2012-04-05 00:25 - 0000000 ____D C:\AMD
2012-04-04 23:25 - 2012-04-04 23:26 - 0792704 ____A (AMD) C:\Users\Justin Dailey\Downloads\amddriverdownloader.exe
2012-04-04 23:02 - 2012-04-09 02:44 - 0000000 ____D C:\Users\Justin Dailey\riotsGamesLogs
2012-04-04 21:47 - 2012-04-04 21:47 - 2288128 ____A C:\Users\Justin Dailey\Downloads\LeagueofLegends.exe
2012-04-01 23:23 - 2012-04-01 23:23 - 0000000 ____D C:\Program Files (x86)\ESET
2012-04-01 23:19 - 2012-04-01 23:19 - 0003434 ____A C:\Users\Justin Dailey\Downloads\OTL.Txt
2012-04-01 23:05 - 2012-04-01 23:06 - 0271920 ____A C:\Windows\Minidump\040112-21169-01.dmp
2012-03-31 23:00 - 2012-03-31 23:00 - 0106734 ____A C:\Users\Justin Dailey\Downloads\72085457.jpg
2012-03-31 22:58 - 2012-03-31 22:58 - 0694216 ____A C:\Users\Justin Dailey\Downloads\25yearsofd21143.jpg
2012-03-29 20:36 - 2012-03-29 20:36 - 0000000 ____D C:\Program Files\iTunes
2012-03-29 20:36 - 2012-03-29 20:36 - 0000000 ____D C:\Program Files\iPod
2012-03-19 00:05 - 2012-03-19 00:05 - 0000000 ____D C:\Users\All Users\Panda Security
2012-03-19 00:03 - 2012-03-19 00:03 - 0276520 ____A C:\Windows\Minidump\031812-27050-01.dmp
2012-03-19 00:01 - 2012-03-19 00:01 - 0000000 ____D C:\Program Files (x86)\Panda USB Vaccine
2012-03-18 13:50 - 2012-03-18 13:51 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{849F1E20-343D-4E08-A09B-76BF057AAC6C}
2012-03-18 01:50 - 2012-03-18 01:50 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{DA716F3F-F651-414F-A240-384861C27B92}
2012-03-17 13:50 - 2012-03-17 13:50 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{6F5F2640-32BD-4183-B429-28D0A412B1BA}
2012-03-17 01:49 - 2012-03-17 01:49 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{9BF7D1D8-35F2-4728-B6C4-A67A814A42BD}
2012-03-16 10:19 - 2012-03-18 13:50 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{B960DFE7-1182-4D33-814B-1E7726056048}
2012-03-16 10:19 - 2012-03-16 10:19 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{388CB671-FDBD-4267-AC7F-4993E492CE17}
2012-03-15 22:19 - 2012-03-15 22:19 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{0441C8D3-0DCD-4CD2-A8E0-67BF76838E63}
2012-03-15 10:18 - 2012-03-15 10:18 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{CC27E247-3465-4CC9-B93C-3F2990242CDC}
2012-03-14 22:18 - 2012-03-14 22:18 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{B6C795FB-37C7-4D01-B593-9E51EE899DE1}
2012-03-14 10:17 - 2012-03-15 22:19 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{1FAAD12F-401D-4E51-9255-DF1EAC1660A1}
2012-03-14 10:17 - 2012-03-14 10:18 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{C086E9C6-1976-4E42-8FE3-A10DD9AA0F07}
2012-03-14 05:03 - 2011-11-19 07:20 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-14 05:03 - 2011-11-19 06:50 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-14 05:03 - 2011-11-19 06:50 - 3913584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-13 22:17 - 2012-03-13 22:17 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{8204DAE1-CF7C-4910-878D-562571A8AD9E}
2012-03-13 17:38 - 2012-02-09 22:36 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-13 17:38 - 2012-02-09 21:38 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-13 17:38 - 2012-02-02 20:34 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-13 17:28 - 2012-02-16 22:38 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-13 17:28 - 2012-02-16 21:34 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-13 17:28 - 2012-02-16 20:58 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-13 17:28 - 2012-02-16 20:57 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-13 17:28 - 2012-01-24 22:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-13 17:28 - 2012-01-24 22:38 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-13 17:28 - 2012-01-24 22:33 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-03-13 10:16 - 2012-03-13 10:16 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{9CC94B4B-E09C-4529-8E16-47FDAD7C1EEB}
2012-03-13 10:15 - 2012-03-13 22:17 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{ABBC602A-8887-4E13-8A10-01A8334182EA}
2012-03-13 10:12 - 2012-03-13 10:12 - 0271920 ____A C:\Windows\Minidump\031312-26192-01.dmp
2012-03-13 01:14 - 2012-03-13 01:14 - 0000000 ____D C:\Users\Justin Dailey\AppData\Roaming\SUPERAntiSpyware.com
2012-03-13 01:14 - 2012-03-13 01:14 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-03-13 01:14 - 2012-03-13 01:14 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-03-13 01:06 - 2012-03-13 01:06 - 0271920 ____A C:\Windows\Minidump\031212-28376-01.dmp
2012-03-13 01:04 - 2012-03-13 01:04 - 0271920 ____A C:\Windows\Minidump\031212-24960-01.dmp
2012-03-12 17:04 - 2012-03-12 17:04 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{C23E8A7D-B2BC-48A4-BBB1-B45B8FE06465}
2012-03-12 17:04 - 2012-03-12 17:04 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{BD0D7716-C54A-422B-9DD6-0AEF2C9D10BF}
2012-03-12 00:55 - 2012-03-12 00:55 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{3A8E60D5-A179-4E72-BB5D-3F73F56A7EB8}
2012-03-12 00:55 - 2012-03-12 00:55 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{117DBA53-5A3F-44CE-919E-414312FCB53F}
2012-03-12 00:52 - 2012-03-12 00:52 - 0271920 ____A C:\Windows\Minidump\031212-28345-01.dmp
2012-03-12 00:31 - 2012-03-12 00:31 - 0000000 ____D C:\avast! sandbox
2012-03-11 23:27 - 2012-03-11 23:28 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-03-11 23:27 - 2012-03-11 23:28 - 0000000 ____D C:\ProgramData\AVAST Software
2012-03-11 23:27 - 2012-03-11 23:28 - 0000000 ____D C:\Program Files\AVAST Software
2012-03-11 16:24 - 2012-03-11 16:24 - 0276520 ____A C:\Windows\Minidump\031112-38438-01.dmp
2012-03-11 15:42 - 2012-03-11 15:42 - 0000000 ___HD C:\Users\All Users\CanonIJScan
2012-03-11 15:42 - 2012-03-11 15:42 - 0000000 ___HD C:\ProgramData\CanonIJScan
2012-03-11 15:42 - 2012-03-11 15:42 - 0000000 ____A C:\Users\Justin Dailey\Sti_Trace.log
2012-03-11 15:37 - 2012-03-11 15:42 - 0000000 ____D C:\Users\Justin Dailey\AppData\Roaming\Canon
2012-03-11 14:30 - 2012-03-11 14:30 - 0000000 ___HD C:\Users\All Users\CanonIJSolutionMenuEX
2012-03-11 14:30 - 2012-03-11 14:30 - 0000000 ___HD C:\Users\All Users\CanonIJMyPrinter
2012-03-11 14:30 - 2012-03-11 14:30 - 0000000 ___HD C:\Users\All Users\CanonIJEPPEX2
2012-03-11 14:30 - 2012-03-11 14:30 - 0000000 ___HD C:\Users\All Users\CanonEPP
2012-03-11 14:30 - 2012-03-11 14:30 - 0000000 ___HD C:\ProgramData\CanonIJSolutionMenuEX
2012-03-11 14:30 - 2012-03-11 14:30 - 0000000 ___HD C:\ProgramData\CanonIJMyPrinter
2012-03-11 14:30 - 2012-03-11 14:30 - 0000000 ___HD C:\ProgramData\CanonIJEPPEX2
2012-03-11 14:30 - 2012-03-11 14:30 - 0000000 ___HD C:\ProgramData\CanonEPP
2012-03-11 14:28 - 2012-04-01 23:02 - 0000000 ____D C:\Users\All Users\CanonIJPLM
2012-03-11 14:28 - 2012-04-01 23:02 - 0000000 ____D C:\ProgramData\CanonIJPLM
2012-03-11 14:27 - 2010-08-25 02:00 - 0361472 ____A (CANON INC.) C:\Windows\System32\CNMXLMA9.DLL
2012-03-11 14:26 - 2012-03-11 14:26 - 0000000 ____D C:\Users\All Users\CanonIJMSetup
2012-03-11 14:26 - 2012-03-11 14:26 - 0000000 ____D C:\ProgramData\CanonIJMSetup
2012-03-11 14:24 - 2012-03-11 14:24 - 0000000 ____D C:\Users\All Users\CanonIJWSpt
2012-03-11 14:24 - 2012-03-11 14:24 - 0000000 ____D C:\ProgramData\CanonIJWSpt
2012-03-11 14:24 - 2012-03-11 14:24 - 0000000 ____D C:\Program Files\Common Files\CANON
2012-03-11 14:22 - 2012-03-11 14:22 - 0000000 ____D C:\Program Files\Canon
2012-03-11 14:21 - 2012-03-11 14:21 - 0000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information
2012-03-11 14:21 - 2012-03-11 14:21 - 0000000 ___HD C:\Users\All Users\CanonBJ
2012-03-11 14:21 - 2012-03-11 14:21 - 0000000 ___HD C:\ProgramData\CanonBJ
2012-03-11 14:21 - 2012-03-11 14:21 - 0000000 ___HD C:\Program Files\CanonBJ
2012-03-11 14:21 - 2012-03-11 14:21 - 0000000 ____D C:\Windows\System32\STRING
2012-03-11 14:21 - 2010-08-25 02:00 - 0361472 ____A (CANON INC.) C:\Windows\System32\CNMLMA9.DLL
2012-03-11 14:21 - 2010-06-03 07:12 - 0103424 ____A (Canon Inc.) C:\Windows\System32\CNC495O.dll
2012-03-11 14:21 - 2010-03-18 16:26 - 0348672 ____A (CANON INC.) C:\Windows\System32\CNC495L.dll
2012-03-11 14:21 - 2010-03-18 16:25 - 0307200 ____A (CANON INC.) C:\Windows\SysWOW64\CNC495L.dll
2012-03-11 14:21 - 2010-03-18 14:13 - 1354240 ____A (CANON INC.) C:\Windows\System32\CNC495C.dll
2012-03-11 14:21 - 2010-03-18 14:13 - 0112128 ____A (CANON INC.) C:\Windows\System32\CNC495I.dll
2012-03-11 14:21 - 2010-03-18 14:11 - 0106496 ____A (CANON INC.) C:\Windows\SysWOW64\CNC495U.dll
2012-03-11 14:21 - 2010-03-10 23:57 - 0248320 ____A (CANON INC.) C:\Windows\System32\CNMIUA9.DLL
2012-03-11 14:21 - 2010-02-05 01:37 - 0327680 ____A (CANON INC.) C:\Windows\System32\CNMN6PPM.DLL
2012-03-11 14:21 - 2010-02-05 01:37 - 0037376 ____A (CANON INC.) C:\Windows\System32\CNMN6UI.DLL
2012-03-11 14:21 - 2009-11-13 11:35 - 0012800 ____A C:\Windows\SysWOW64\CNC1747D.TBL
2012-03-11 14:21 - 2009-11-13 11:35 - 0012800 ____A C:\Windows\System32\CNC1747D.TBL
2012-03-11 14:21 - 2008-08-25 15:02 - 0017920 ____A (CANON INC.) C:\Windows\System32\CNHMCA6.dll
2012-03-11 14:21 - 2008-08-25 15:02 - 0015872 ____A (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2012-03-11 14:19 - 2012-03-11 14:26 - 0000000 ____D C:\Program Files (x86)\Canon
2012-03-11 07:51 - 2012-03-11 07:51 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{9E9DCD6F-E810-4077-AB58-DE6820A52A90}
2012-03-10 19:51 - 2012-03-10 19:51 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{638FDC28-564A-4674-9378-231B67786958}
2012-03-10 07:50 - 2012-03-10 07:50 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{BDE23AC8-DCBB-431A-8DA3-26B0837369FF}


============ 3 Months Modified Files and Folders =============

2012-04-09 15:35 - 2010-12-24 14:54 - 0000000 ____D C:\Users\Justin Dailey\AppData\Roaming\Skype
2012-04-09 15:35 - 2010-10-04 13:00 - 1154886 ____A C:\Windows\WindowsUpdate.log
2012-04-09 15:32 - 2012-04-09 15:32 - 1385843 ____A C:\Users\Justin Dailey\Downloads\FRST64.exe
2012-04-09 15:32 - 2009-07-13 20:51 - 0122524 ____A C:\Windows\setupact.log
2012-04-09 13:39 - 2012-04-09 13:39 - 0000000 ____D C:\FRST
2012-04-09 04:48 - 2011-07-28 22:08 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\PMB Files
2012-04-09 04:48 - 2011-07-28 22:08 - 0000000 ____D C:\Users\All Users\PMB Files
2012-04-09 04:48 - 2011-07-28 22:08 - 0000000 ____D C:\ProgramData\PMB Files
2012-04-09 04:23 - 2011-02-25 08:41 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\FLVService
2012-04-09 02:44 - 2012-04-04 23:02 - 0000000 ____D C:\Users\Justin Dailey\riotsGamesLogs
2012-04-08 21:46 - 2011-02-11 22:20 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\Last.fm
2012-04-08 02:09 - 2009-07-13 20:45 - 0010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-08 02:09 - 2009-07-13 20:45 - 0010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-08 02:00 - 2011-05-29 04:27 - 0000340 ____A C:\Windows\Tasks\GlaryInitialize.job
2012-04-08 02:00 - 2010-11-19 08:22 - 0045056 ____A C:\Windows\System32\acovcnt.exe
2012-04-08 01:59 - 2012-03-09 14:58 - 0000000 __ASH C:\Windows\System32\dds_log_ad13.cmd
2012-04-08 01:59 - 2010-11-20 11:14 - 477532160 __ASH C:\hiberfil.sys
2012-04-08 01:59 - 2010-10-04 13:26 - 0000050 ____A C:\Windows\System32\SupplicantTest.log
2012-04-08 01:59 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-07 16:23 - 2012-04-07 16:23 - 7430712 ____A (Glarysoft Ltd ) C:\Users\Justin Dailey\Downloads\gusetup.exe
2012-04-07 15:58 - 2012-04-07 15:58 - 0003922 ____A C:\Users\Justin Dailey\Desktop\aswMBR.txt
2012-04-07 15:58 - 2012-04-07 15:58 - 0000512 ____A C:\Users\Justin Dailey\Desktop\MBR.dat
2012-04-07 15:18 - 2012-04-07 15:18 - 4731392 ____A (AVAST Software) C:\Users\Justin Dailey\Downloads\aswMBR.exe
2012-04-07 15:15 - 2012-04-07 15:09 - 0149430 ____A C:\TDSSKiller.2.7.26.0_07.04.2012_13.09.58_log.txt
2012-04-07 15:11 - 2012-04-07 15:11 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-07 15:08 - 2012-04-07 15:08 - 2073136 ____A (Kaspersky Lab ZAO) C:\Users\Justin Dailey\Downloads\tdsskiller.exe
2012-04-07 13:36 - 2012-04-07 13:36 - 0271920 ____A C:\Windows\Minidump\040712-22464-01.dmp
2012-04-07 13:36 - 2011-04-24 11:24 - 330872364 ____A C:\Windows\MEMORY.DMP
2012-04-07 13:36 - 2011-04-24 11:24 - 0000000 ____D C:\Windows\Minidump
2012-04-07 13:34 - 2011-11-26 23:03 - 3172006 ____A C:\Windows\ntbtlog.txt
2012-04-07 13:33 - 2012-04-07 13:33 - 0271920 ____A C:\Windows\Minidump\040712-24102-01.dmp
2012-04-07 13:31 - 2012-03-04 23:48 - 0000000 ___SD C:\32788R22FWJFW
2012-04-07 05:00 - 2012-04-07 05:00 - 9602565 ____A C:\Users\Justin Dailey\Desktop\Mario Bros vs Wright Bros. Epic Rap Battles of History Seaso.mp4
2012-04-07 05:00 - 2012-04-07 05:00 - 11845039 ____A C:\Users\Justin Dailey\Desktop\Master Chief vs Leonidas. Epic Rap Battles of History Season.mp4
2012-04-07 05:00 - 2012-04-07 04:59 - 11943811 ____A C:\Users\Justin Dailey\Desktop\Michael Jackson VS Elvis Presley. Epic Rap Battles of Histor.mp4
2012-04-07 04:32 - 2012-03-12 01:01 - 4452287 ___RA (Swearware) C:\Users\Justin Dailey\Downloads\ComboFix.exe
2012-04-06 03:19 - 2012-04-06 03:19 - 0600792 ____A C:\Users\Justin Dailey\Downloads\2398.jpg
2012-04-06 00:18 - 2012-04-06 00:18 - 55558278 ____A C:\Users\Justin Dailey\Desktop\Super Mario Brothers - Frustration.mp4
2012-04-05 22:43 - 2012-04-05 22:43 - 0040807 ____A C:\Users\Justin Dailey\Desktop\GMERlog.log
2012-04-05 22:43 - 2012-04-05 22:43 - 0032419 ____A C:\Users\Justin Dailey\Desktop\DDS.txt
2012-04-05 22:43 - 2012-04-05 22:43 - 0020820 ____A C:\Users\Justin Dailey\Desktop\Attach.txt
2012-04-05 21:15 - 2012-04-05 21:15 - 0302592 ____A C:\Users\Justin Dailey\Downloads\5wfs5qrt.exe
2012-04-05 21:07 - 2012-04-05 21:07 - 0607260 ___RA (Swearware) C:\Users\Justin Dailey\Downloads\dds.scr
2012-04-05 19:29 - 2011-01-30 04:34 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\ElevatedDiagnostics
2012-04-05 19:13 - 2012-03-13 01:14 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-04-05 19:06 - 2011-03-25 08:05 - 0105984 __ASH C:\Users\Justin Dailey\Documents\Thumbs.db
2012-04-05 19:02 - 2012-04-05 19:02 - 0271920 ____A C:\Windows\Minidump\040512-24039-01.dmp
2012-04-05 19:00 - 2010-10-04 13:36 - 0039810 ____A C:\Windows\PFRO.log
2012-04-05 18:46 - 2012-03-04 23:46 - 0000000 ____D C:\Windows\pss
2012-04-05 18:33 - 2012-04-05 18:33 - 0006730 ____A C:\Users\Justin Dailey\Documents\Uninstall Mass Effect 2.log
2012-04-05 18:23 - 2012-04-05 18:23 - 4450553 ____R (Swearware) C:\Users\Justin Dailey\Desktop\ComboFix.exe
2012-04-05 18:22 - 2012-04-05 18:19 - 0000361 ____A C:\rkill.log
2012-04-05 18:18 - 2012-04-05 18:18 - 1008141 ____A C:\Users\Justin Dailey\Downloads\rkill.scr
2012-04-05 18:06 - 2009-07-13 21:13 - 0780156 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-05 00:25 - 2012-04-05 00:25 - 0000000 ____D C:\AMD
2012-04-04 23:26 - 2012-04-04 23:25 - 0792704 ____A (AMD) C:\Users\Justin Dailey\Downloads\amddriverdownloader.exe
2012-04-04 23:02 - 2010-11-19 08:21 - 0000000 ____D C:\users\Justin Dailey
2012-04-04 21:47 - 2012-04-04 21:47 - 2288128 ____A C:\Users\Justin Dailey\Downloads\LeagueofLegends.exe
2012-04-02 00:54 - 2011-09-23 05:55 - 0000000 ____D C:\Users\Justin Dailey\Downloads\imalwayslastremnant-ch
2012-04-02 00:53 - 2011-09-11 23:46 - 0000000 ____D C:\Users\Justin Dailey\Downloads\exes
2012-04-02 00:41 - 2010-11-25 06:41 - 0000000 ____D C:\Users\Justin Dailey\Documents\Vuze Downloads
2012-04-02 00:01 - 2011-10-26 18:19 - 0000000 ____D C:\Program Files (x86)\Cheat Engine 6.1
2012-04-01 23:45 - 2011-03-03 20:06 - 0000000 ____D C:\CCProxy
2012-04-01 23:23 - 2012-04-01 23:23 - 0000000 ____D C:\Program Files (x86)\ESET
2012-04-01 23:19 - 2012-04-01 23:19 - 0003434 ____A C:\Users\Justin Dailey\Downloads\OTL.Txt
2012-04-01 23:06 - 2012-04-01 23:05 - 0271920 ____A C:\Windows\Minidump\040112-21169-01.dmp
2012-04-01 23:02 - 2012-03-11 14:28 - 0000000 ____D C:\Users\All Users\CanonIJPLM
2012-04-01 23:02 - 2012-03-11 14:28 - 0000000 ____D C:\ProgramData\CanonIJPLM
2012-04-01 22:59 - 2009-07-13 21:08 - 0032594 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-01 20:30 - 2010-11-19 08:21 - 0000000 ____D C:\Users\Justin Dailey\AppData\LocalLow
2012-03-31 23:00 - 2012-03-31 23:00 - 0106734 ____A C:\Users\Justin Dailey\Downloads\72085457.jpg
2012-03-31 22:58 - 2012-03-31 22:58 - 0694216 ____A C:\Users\Justin Dailey\Downloads\25yearsofd21143.jpg
2012-03-29 20:36 - 2012-03-29 20:36 - 0000000 ____D C:\Program Files\iTunes
2012-03-29 20:36 - 2012-03-29 20:36 - 0000000 ____D C:\Program Files\iPod
2012-03-29 20:36 - 2010-12-16 18:47 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-03-28 20:48 - 2012-03-28 20:48 - 0007647 ____A C:\Users\Justin Dailey\Downloads\480163_411865618842897_2071225716_n.jpg
2012-03-26 02:09 - 2012-03-04 00:36 - 0000000 ____D C:\Users\Justin Dailey\AppData\Roaming\Synthesia
2012-03-25 21:23 - 2010-11-25 06:34 - 0000000 ____D C:\Users\Justin Dailey\AppData\Roaming\Azureus
2012-03-19 00:05 - 2012-03-19 00:05 - 0000000 ____D C:\Users\All Users\Panda Security
2012-03-19 00:05 - 2012-03-19 00:05 - 0000000 ____D C:\ProgramData\Panda Security
2012-03-19 00:03 - 2012-03-19 00:03 - 0276520 ____A C:\Windows\Minidump\031812-27050-01.dmp
2012-03-19 00:01 - 2012-03-19 00:01 - 0000000 ____D C:\Program Files (x86)\Panda USB Vaccine
2012-03-18 13:51 - 2012-03-18 13:50 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{849F1E20-343D-4E08-A09B-76BF057AAC6C}
2012-03-18 13:50 - 2012-03-16 10:19 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{B960DFE7-1182-4D33-814B-1E7726056048}
2012-03-18 13:50 - 2012-02-26 18:14 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\Windows Live
2012-03-18 01:50 - 2012-03-18 01:50 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{DA716F3F-F651-414F-A240-384861C27B92}
2012-03-17 13:50 - 2012-03-17 13:50 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{6F5F2640-32BD-4183-B429-28D0A412B1BA}
2012-03-17 01:49 - 2012-03-17 01:49 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{9BF7D1D8-35F2-4728-B6C4-A67A814A42BD}
2012-03-16 10:19 - 2012-03-16 10:19 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{388CB671-FDBD-4267-AC7F-4993E492CE17}
2012-03-16 07:07 - 2011-02-26 20:52 - 0000000 ____D C:\Users\Justin Dailey\Tracing
2012-03-16 07:07 - 2010-11-19 10:15 - 0000000 ____D C:\Users\Justin Dailey\AppData\Roaming\Apple Computer
2012-03-16 07:04 - 2011-01-10 17:20 - 0000000 ____D C:\Program Files (x86)\IDoser v4
2012-03-15 22:19 - 2012-03-15 22:19 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{0441C8D3-0DCD-4CD2-A8E0-67BF76838E63}
2012-03-15 22:19 - 2012-03-14 10:17 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{1FAAD12F-401D-4E51-9255-DF1EAC1660A1}
2012-03-15 18:23 - 2011-07-31 07:03 - 0001245 ____A C:\Windows\System32\mapisvc.inf
2012-03-15 10:18 - 2012-03-15 10:18 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{CC27E247-3465-4CC9-B93C-3F2990242CDC}
2012-03-14 22:18 - 2012-03-14 22:18 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{B6C795FB-37C7-4D01-B593-9E51EE899DE1}
2012-03-14 10:18 - 2012-03-14 10:17 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{C086E9C6-1976-4E42-8FE3-A10DD9AA0F07}
2012-03-14 05:21 - 2009-07-13 20:45 - 0274320 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-14 05:01 - 2011-08-21 00:51 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-13 22:17 - 2012-03-13 22:17 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{8204DAE1-CF7C-4910-878D-562571A8AD9E}
2012-03-13 22:17 - 2012-03-13 10:15 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{ABBC602A-8887-4E13-8A10-01A8334182EA}
2012-03-13 10:16 - 2012-03-13 10:16 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{9CC94B4B-E09C-4529-8E16-47FDAD7C1EEB}
2012-03-13 10:14 - 2010-10-04 13:32 - 0001677 ____A C:\Windows\System32\ServiceFilter.ini
2012-03-13 10:12 - 2012-03-13 10:12 - 0271920 ____A C:\Windows\Minidump\031312-26192-01.dmp
2012-03-13 01:14 - 2012-03-13 01:14 - 0000000 ____D C:\Users\Justin Dailey\AppData\Roaming\SUPERAntiSpyware.com
2012-03-13 01:14 - 2012-03-13 01:14 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-03-13 01:14 - 2012-03-13 01:14 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-03-13 01:06 - 2012-03-13 01:06 - 0271920 ____A C:\Windows\Minidump\031212-28376-01.dmp
2012-03-13 01:04 - 2012-03-13 01:04 - 0271920 ____A C:\Windows\Minidump\031212-24960-01.dmp
2012-03-12 17:04 - 2012-03-12 17:04 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{C23E8A7D-B2BC-48A4-BBB1-B45B8FE06465}
2012-03-12 17:04 - 2012-03-12 17:04 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{BD0D7716-C54A-422B-9DD6-0AEF2C9D10BF}
2012-03-12 03:51 - 2010-10-04 13:31 - 0000000 ____D C:\Users\All Users\P4G
2012-03-12 03:51 - 2010-10-04 13:31 - 0000000 ____D C:\ProgramData\P4G
2012-03-12 03:50 - 2011-08-18 02:48 - 0000000 ____D C:\Users\All Users\McAfee Security Scan
2012-03-12 03:50 - 2011-08-18 02:48 - 0000000 ____D C:\ProgramData\McAfee Security Scan
2012-03-12 03:50 - 2011-05-29 04:27 - 0000000 ____D C:\Program Files (x86)\Glary Utilities
2012-03-12 03:50 - 2011-05-28 06:30 - 0000000 ____D C:\Program Files\Core Temp
2012-03-12 03:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-03-12 01:10 - 2011-03-27 00:00 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-12 00:55 - 2012-03-12 00:55 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{3A8E60D5-A179-4E72-BB5D-3F73F56A7EB8}
2012-03-12 00:55 - 2012-03-12 00:55 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{117DBA53-5A3F-44CE-919E-414312FCB53F}
2012-03-12 00:52 - 2012-03-12 00:52 - 0271920 ____A C:\Windows\Minidump\031212-28345-01.dmp
2012-03-12 00:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-03-12 00:31 - 2012-03-12 00:31 - 0000000 ____D C:\avast! sandbox
2012-03-12 00:04 - 2012-02-11 20:06 - 0000000 __SHD C:\Users\Justin Dailey\AppData\Local\9a9652f1
2012-03-11 23:28 - 2012-03-11 23:27 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-03-11 23:28 - 2012-03-11 23:27 - 0000000 ____D C:\ProgramData\AVAST Software
2012-03-11 23:28 - 2012-03-11 23:27 - 0000000 ____D C:\Program Files\AVAST Software
2012-03-11 16:25 - 2010-10-04 13:32 - 0002493 ____A C:\Windows\System32\AutoRunFilter.ini
2012-03-11 16:24 - 2012-03-11 16:24 - 0276520 ____A C:\Windows\Minidump\031112-38438-01.dmp
2012-03-11 15:42 - 2012-03-11 15:42 - 0000000 ___HD C:\Users\All Users\CanonIJScan
2012-03-11 15:42 - 2012-03-11 15:42 - 0000000 ___HD C:\ProgramData\CanonIJScan
2012-03-11 15:42 - 2012-03-11 15:42 - 0000000 ____A C:\Users\Justin Dailey\Sti_Trace.log
2012-03-11 15:42 - 2012-03-11 15:37 - 0000000 ____D C:\Users\Justin Dailey\AppData\Roaming\Canon
2012-03-11 14:30 - 2012-03-11 14:30 - 0000000 ___HD C:\Users\All Users\CanonIJSolutionMenuEX
2012-03-11 14:30 - 2012-03-11 14:30 - 0000000 ___HD C:\Users\All Users\CanonIJMyPrinter
2012-03-11 14:30 - 2012-03-11 14:30 - 0000000 ___HD C:\Users\All Users\CanonIJEPPEX2
2012-03-11 14:30 - 2012-03-11 14:30 - 0000000 ___HD C:\Users\All Users\CanonEPP
2012-03-11 14:30 - 2012-03-11 14:30 - 0000000 ___HD C:\ProgramData\CanonIJSolutionMenuEX
2012-03-11 14:30 - 2012-03-11 14:30 - 0000000 ___HD C:\ProgramData\CanonIJMyPrinter
2012-03-11 14:30 - 2012-03-11 14:30 - 0000000 ___HD C:\ProgramData\CanonIJEPPEX2
2012-03-11 14:30 - 2012-03-11 14:30 - 0000000 ___HD C:\ProgramData\CanonEPP
2012-03-11 14:26 - 2012-03-11 14:26 - 0000000 ____D C:\Users\All Users\CanonIJMSetup
2012-03-11 14:26 - 2012-03-11 14:26 - 0000000 ____D C:\ProgramData\CanonIJMSetup
2012-03-11 14:26 - 2012-03-11 14:19 - 0000000 ____D C:\Program Files (x86)\Canon
2012-03-11 14:26 - 2009-07-13 19:20 - 0000000 __RSD C:\Windows\Media
2012-03-11 14:24 - 2012-03-11 14:24 - 0000000 ____D C:\Users\All Users\CanonIJWSpt
2012-03-11 14:24 - 2012-03-11 14:24 - 0000000 ____D C:\ProgramData\CanonIJWSpt
2012-03-11 14:24 - 2012-03-11 14:24 - 0000000 ____D C:\Program Files\Common Files\CANON
2012-03-11 14:22 - 2012-03-11 14:22 - 0000000 ____D C:\Program Files\Canon
2012-03-11 14:21 - 2012-03-11 14:21 - 0000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information
2012-03-11 14:21 - 2012-03-11 14:21 - 0000000 ___HD C:\Users\All Users\CanonBJ
2012-03-11 14:21 - 2012-03-11 14:21 - 0000000 ___HD C:\ProgramData\CanonBJ
2012-03-11 14:21 - 2012-03-11 14:21 - 0000000 ___HD C:\Program Files\CanonBJ
2012-03-11 14:21 - 2012-03-11 14:21 - 0000000 ____D C:\Windows\System32\STRING
2012-03-11 13:22 - 2010-12-13 15:57 - 0000000 ____D C:\Users\Justin Dailey\Downloads\anime(manga)
2012-03-11 07:51 - 2012-03-11 07:51 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{9E9DCD6F-E810-4077-AB58-DE6820A52A90}
2012-03-11 07:51 - 2012-03-08 19:47 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{D5980A2F-8DB2-4C68-9481-DD7F05BD3CA7}
2012-03-10 19:51 - 2012-03-10 19:51 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{638FDC28-564A-4674-9378-231B67786958}
2012-03-10 07:50 - 2012-03-10 07:50 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{BDE23AC8-DCBB-431A-8DA3-26B0837369FF}
2012-03-09 19:50 - 2012-03-09 19:50 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{FACD0BE4-6D8C-45AB-9F0D-78746D31732A}
2012-03-09 07:49 - 2012-03-09 07:49 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{068EF9A4-CC79-47D7-9F85-2DFE1099F2CD}
2012-03-08 19:49 - 2012-03-08 19:48 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{46F1AB17-0564-400E-8D0D-1F2D2E0CA140}
2012-03-08 19:45 - 2012-02-12 14:48 - 0000000 __ASH C:\Windows\System32\dds_log_trash.cmd
2012-03-08 19:42 - 2012-03-08 19:42 - 0000000 ____D C:\Program Files\DIFX
2012-03-08 19:42 - 2010-10-04 13:23 - 0017072 ____A C:\Windows\DPINST.LOG
2012-03-08 17:59 - 2012-03-06 22:49 - 0000000 ____D C:\Users\All Users\EA Logs
2012-03-08 17:59 - 2012-03-06 22:49 - 0000000 ____D C:\ProgramData\EA Logs
2012-03-06 22:49 - 2011-02-17 02:11 - 0000000 ____D C:\Users\Justin Dailey\Documents\BioWare
2012-03-06 22:48 - 2012-03-06 21:16 - 0000000 ____D C:\Users\All Users\Origin
2012-03-06 22:48 - 2012-03-06 21:16 - 0000000 ____D C:\ProgramData\Origin
2012-03-06 22:43 - 2012-03-06 22:43 - 0000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-03-06 22:42 - 2010-10-04 13:09 - 0471206 ____A C:\Windows\DirectX.log
2012-03-06 22:00 - 2012-03-06 21:18 - 0000000 ____D C:\Program Files (x86)\Origin Games
2012-03-06 21:40 - 2012-03-06 21:16 - 0000000 ____D C:\Users\Justin Dailey\AppData\Roaming\Origin
2012-03-06 21:40 - 2012-03-06 21:16 - 0000000 ____D C:\Program Files (x86)\Origin
2012-03-06 21:39 - 2012-03-06 21:16 - 0001048 ____A C:\Windows\KB893803v2.log
2012-03-06 21:16 - 2012-03-06 21:16 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\Origin
2012-03-05 00:35 - 2011-05-23 06:38 - 0000000 ____D C:\Users\Justin Dailey\Downloads\Gravitation
2012-03-05 00:14 - 2012-03-05 00:14 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{AB358840-5B99-47CD-890D-86B721213560}
2012-03-05 00:14 - 2012-03-05 00:14 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{63FADC84-6827-42BE-A8B3-E0224BEA498C}
2012-03-05 00:08 - 2012-03-05 00:04 - 0000000 ___SD C:\ComboFix
2012-03-04 23:53 - 2012-03-04 23:53 - 0271920 ____A C:\Windows\Minidump\030512-29218-01.dmp
2012-03-04 23:30 - 2012-03-04 23:30 - 0000000 ____D C:\Users\Justin Dailey\Downloads\Embodiment of Scarlet Devil
2012-03-04 20:48 - 2012-04-05 19:39 - 0002146 ____A C:\Users\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk
2012-03-04 20:48 - 2012-03-04 20:48 - 0000000 ____D C:\Program Files\Common Files\ActivIdentity
2012-03-04 20:48 - 2012-03-04 20:48 - 0000000 ____D C:\Program Files\ActivIdentity
2012-03-04 20:48 - 2012-03-04 20:48 - 0000000 ____D C:\Program Files (x86)\ActivIdentity
2012-03-04 20:45 - 2012-03-04 20:41 - 15587840 ____A C:\Users\Justin Dailey\Downloads\ActivClient CAC x64 62050.msi
2012-03-04 19:29 - 2012-03-04 19:29 - 0203348 ____A C:\Users\Justin Dailey\Downloads\Embodiment of Scarlet Devil.zip
2012-03-04 15:21 - 2010-11-19 08:23 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\Deployment
2012-03-04 15:19 - 2012-03-04 15:19 - 0271920 ____A C:\Windows\Minidump\030412-24991-01.dmp
2012-03-04 15:17 - 2012-03-04 15:17 - 0271920 ____A C:\Windows\Minidump\030412-25864-01.dmp
2012-03-04 15:12 - 2012-03-04 15:10 - 0000000 __ASH C:\Windows\muzuki.exc
2012-03-04 15:10 - 2011-09-15 05:10 - 0000000 ____D C:\Qoobox
2012-03-04 01:07 - 2011-04-17 00:06 - 0774372 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-03-03 23:57 - 2012-03-03 23:57 - 0000000 ____D C:\Users\Justin Dailey\Documents\Synthesia Music
2012-03-03 23:57 - 2012-03-03 23:56 - 0000000 ____D C:\Program Files (x86)\Synthesia
2012-03-03 23:09 - 2012-03-03 23:09 - 0000000 ____D C:\Users\Justin Dailey\Downloads\AC_6.2.0.119_x64_FIXS1105002
2012-03-03 23:08 - 2012-03-03 23:08 - 5151066 ____A C:\Users\Justin Dailey\Downloads\AC_6.2.0.119_x64_FIXS1105002.zip
2012-03-03 22:57 - 2011-08-18 03:20 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-03-03 01:19 - 2012-03-03 00:00 - 0000000 ____D C:\Users\Justin Dailey\Documents\Zero no Tsukaima 3
2012-02-26 19:02 - 2012-02-26 19:02 - 6907787 ____A C:\Users\Justin Dailey\Documents\Jumping with the Locals.wmv
2012-02-26 18:38 - 2012-02-26 18:37 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{8CCE41C0-40D1-40E7-9D06-F81A01878740}
2012-02-26 18:37 - 2012-02-26 18:37 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\{2505B5F2-EA0B-4A80-9685-65D54CBEB291}
2012-02-26 18:28 - 2012-02-26 18:28 - 0000000 ____D C:\Windows\en
2012-02-26 18:28 - 2010-10-04 13:08 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-02-26 18:17 - 2010-10-04 13:10 - 0000000 ____D C:\Program Files\Windows Live
2012-02-26 18:17 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-02-25 14:02 - 2012-02-25 14:02 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
2012-02-25 14:01 - 2010-10-04 13:05 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-02-25 13:59 - 2012-02-25 13:59 - 0000000 ____D C:\Program Files (x86)\EmvSmartCardReader
2012-02-25 13:58 - 2012-02-25 13:58 - 0000000 ____D C:\Windows\Downloaded Installations
2012-02-25 13:57 - 2012-02-25 13:57 - 11212804 ____A C:\Users\Justin Dailey\Downloads\GSR201_v1.7.20.13.zip
2012-02-25 02:02 - 2011-08-28 09:10 - 0000000 ____D C:\Users\Justin Dailey\Downloads\lazy
2012-02-23 18:00 - 2010-11-19 08:21 - 0000174 ___SH C:\Users\Justin Dailey\Start Menu\Programs\Startup\desktop.ini
2012-02-23 18:00 - 2010-11-19 08:21 - 0000174 ___SH C:\Users\Justin Dailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-22 14:00 - 2010-10-04 13:10 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-22 09:37 - 2011-05-09 05:33 - 0000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-02-18 00:44 - 2010-10-04 13:26 - 0000000 ____D C:\Windows\System32\Service
2012-02-17 15:25 - 2012-02-17 15:25 - 1701872 ____A C:\Windows\Minidump\021712-37752-01.dmp
2012-02-16 22:38 - 2012-03-13 17:28 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-13 17:28 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-13 17:28 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-13 17:28 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-16 15:52 - 2011-12-02 23:14 - 0000000 ____D C:\Users\Justin Dailey\Documents\Rockstar Games
2012-02-16 15:51 - 2012-02-16 15:51 - 0000000 ____D C:\Program Files (x86)\Rockstar Games
2012-02-15 13:01 - 2012-02-15 13:01 - 4547944 ____A (Apple, Inc.) C:\Windows\System32\usbaaplrc.dll
2012-02-15 13:01 - 2012-02-15 13:01 - 0052736 ____A (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl64.sys
2012-02-11 20:13 - 2010-11-19 08:21 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\VirtualStore
2012-02-11 20:05 - 2012-02-11 20:05 - 0000000 ____D C:\Program Files (x86)\iPod PC Transfer Photo
2012-02-11 20:04 - 2010-11-25 06:05 - 0000000 ____D C:\Program Files (x86)\iPod PC Transfer
2012-02-11 20:03 - 2012-02-11 19:59 - 0000271 ____A C:\Users\Justin Dailey\AppData\Roaming\iPod Access v4 Prefs
2012-02-11 20:00 - 2012-02-11 19:57 - 0000000 ____D C:\Program Files (x86)\iPod Access for Windows
2012-02-11 19:59 - 2012-02-11 19:59 - 0000042 ___AH C:\Users\Justin Dailey\AppData\Roaming\iPodAccessv4_OwnerName
2012-02-11 19:59 - 2012-02-11 19:59 - 0000042 ___AH C:\Users\All Users\iPodAccessv4_OwnerName
2012-02-11 19:59 - 2012-02-11 19:59 - 0000042 ___AH C:\ProgramData\iPodAccessv4_OwnerName
2012-02-11 19:59 - 2012-02-11 19:59 - 0000000 ____D C:\Users\All Users\eSellerate
2012-02-11 19:59 - 2012-02-11 19:59 - 0000000 ____D C:\ProgramData\eSellerate
2012-02-11 19:57 - 2012-02-11 19:57 - 0000010 ___AH C:\Users\Justin Dailey\AppData\Roaming\iPodAccess_Time
2012-02-11 19:57 - 2012-02-11 19:57 - 0000000 ____D C:\Users\All Users\Findley Designs
2012-02-11 19:57 - 2012-02-11 19:57 - 0000000 ____D C:\ProgramData\Findley Designs
2012-02-11 13:50 - 2010-11-19 08:30 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-02-09 22:36 - 2012-03-13 17:38 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-03-13 17:38 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-07 15:29 - 2012-02-07 15:29 - 0193172 ____A C:\Users\Justin Dailey\Documents\Direct Deposit Authorization.pdf
2012-02-06 14:02 - 2012-02-06 14:02 - 0037572 __ASH C:\Users\Justin Dailey\Downloads\Folder.jpg
2012-02-06 14:02 - 2012-02-06 14:02 - 0008741 __ASH C:\Users\Justin Dailey\Downloads\AlbumArtSmall.jpg
2012-02-06 14:02 - 2012-02-06 13:59 - 6545536 ____A C:\Users\Justin Dailey\Downloads\U.N. Owen was her -Long-.mp3
2012-02-04 17:18 - 2012-01-12 19:43 - 0000000 ____D C:\Users\Justin Dailey\AppData\Roaming\Mp3tag
2012-02-03 21:55 - 2012-02-03 21:53 - 24274952 ____A (SAMSUNG Electronics Co., Ltd.) C:\Users\Justin Dailey\Downloads\Samsung_USB_Driver_for_Moblie_Phones_v1_4_6_0.exe
2012-02-02 20:34 - 2012-03-13 17:38 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-24 22:38 - 2012-03-13 17:28 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 22:38 - 2012-03-13 17:28 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 22:33 - 2012-03-13 17:28 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-16 12:38 - 2012-01-14 05:46 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\Wings of Prey
2012-01-16 01:19 - 2011-09-11 23:42 - 0000000 ____D C:\Users\Justin Dailey\Downloads\dirx7
2012-01-14 05:42 - 2012-01-14 05:42 - 0000000 ____D C:\Users\Justin Dailey\AppData\Local\WOP
2012-01-14 05:42 - 2012-01-14 05:42 - 0000000 ____D C:\Users\All Users\WOP
2012-01-14 05:42 - 2012-01-14 05:42 - 0000000 ____D C:\ProgramData\WOP
2012-01-14 05:42 - 2011-01-08 16:36 - 0000000 ____D C:\Users\Justin Dailey\Documents\My Games
2012-01-12 19:43 - 2012-01-12 19:43 - 0000000 ____D C:\Program Files (x86)\Mp3tag
2012-01-12 09:31 - 2012-01-12 09:31 - 0002892 ____A C:\Users\Justin Dailey\photorec.cfg
2012-01-12 02:35 - 2012-01-12 01:54 - 0005303 ____A C:\Users\Justin Dailey\Downloads\? ??? ?? (4).txt
2012-01-12 01:44 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-01-11 04:21 - 2010-11-25 05:51 - 0000000 ____D C:\Users\Justin Dailey\AppData\Roaming\Winamp

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 6068.55 MB
Available physical RAM: 5381.74 MB
Total Pagefile: 6066.7 MB
Available Pagefile: 5366.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:576.64 GB) (Free:256.85 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (Games) (Fixed) (Total:390.62 GB) (Free:97.08 GB) NTFS
3 Drive e: (Media) (Fixed) (Total:390.62 GB) (Free:212.86 GB) NTFS
4 Drive f: (???) (Fixed) (Total:150.26 GB) (Free:88.33 GB) NTFS
6 Drive h: (UDISK) (Removable) (Total:3.81 GB) (Free:3.81 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 Online 931 GB 1024 KB
Disk 2 Online 3915 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 19 GB 31 KB
Partition 2 Primary 576 GB 19 GB

======================================================================================================

Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 576 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 390 GB 1024 KB
Partition 2 Primary 390 GB 390 GB
Partition 3 Primary 150 GB 781 GB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D Games NTFS Partition 390 GB Healthy

======================================================================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Media NTFS Partition 390 GB Healthy

======================================================================================================

Disk: 1
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F ??? NTFS Partition 150 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3913 MB 1380 KB

======================================================================================================

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H UDISK FAT32 Removable 3913 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-20 15:40

======================= End Of Log ==========================

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:38 PM

Posted 09 April 2012 - 07:18 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ==> ZeroAccess
2 aalogger; C:\Windows\System32\rtport.dll [5120 2009-07-13] (Iomega)
C:\Windows\System32\rtport.dll
NETSVC: aalogger

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Rokushi

Rokushi
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 10 April 2012 - 12:49 AM

Hello!

Here is the log you requested:

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-04-09 19:44:07 R:1
Running from H:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
aalogger service deleted successfully.
C:\Windows\System32\rtport.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs aalogger Deleted successfully.

==== End of Fixlog ====

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:38 PM

Posted 10 April 2012 - 05:44 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
C:\Windows\assembly\tmp\U

File::
C:\Windows\system32\3c1807pd.dll
C:\Windows\system32\CiscoVpnInstallService.dll
C:\Windows\system32\cmdagent.dll
C:\Windows\system32\consrv.dll
C:\Windows\system32\ichaud.dll
C:\Windows\system32\LRMINIPORT.dll
C:\Windows\system32\transactional.dll
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\assembly\tmp\loader.tlb

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Rokushi

Rokushi
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 11 April 2012 - 03:26 AM

Hello again!

Progress but no cake! Combo fix starts, unpacks, creates a System Restore Point, then it begins to look for infected files and then closes shortly thereafter. I don't know if this is normal so after waiting about 20 minutes I restarted and started Combofix again. This time after it closed I left it alone for about 2 hours or so. Nothing popped up, no logs, or any form of activity from Combofox. I am no longer getting redirected via search tools but my processor is still being used by something while my system is idling.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:38 PM

Posted 11 April 2012 - 08:14 AM

Hello


I want to rerun these now


tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users