Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MSE: Sirefef.U/Y/B/P/AB and Alureon.FP detected


  • This topic is locked This topic is locked
25 replies to this topic

#1 Carahandoccå

Carahandoccå

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 07 April 2012 - 06:50 AM

Dear Sir/Mam,

Hi, this is Carah, this has been going on for maybe less than a week and cannot seem to fix problem. Please help!

In a nutshell:

- Random realizing one morning that Google search is not working properly (Redirecting, random tabs opening, random Facebook CEO messages that looks like spam)

- Start realizing a really really unstable internet in game where I go up to 60k pins. (Hella Abnormal)

- Chrome does not allow me to go into Gmail.com

- All the Browsers (Chrome, FF, IE) I have do the same thing as Chrome does. But I am allow to log onto Gmail on IE.

- Searched for some Malware Removing Programs such as Superanti..., Spy-bot, Malwarebytes, Comview (which crashed my system after running) and successfully removed SOME but not all viruses. And some remained after "Romoved Successfully" (Show up again after reboot and rescan) Something like HK...\ numbers...\ words numbers.............\...\.....\....\....#shell is detected and cannot be deleted; and trojans and backdoors were found and got deleted. (I hope; I think)

- Downloaded MSE, AVG, and GooredFix (didn't work I don't think) and MSE and AVG found and deleted successfully everything. But laptop fails booting into Windows afterward.

- MSE seems to have blocked the redirects, but sometimes internet get disabled randomly.

- Cannot turn fire wall on. Error Code - 0x80070424

- System restored several times after failure of booting into Windows. Viruses remained. Deleted Anti-Malware softwares come back and cannot be uninstalled "Error reading uninstall data" "Message File Missing"




.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Joshua at 3:56:41 on 2012-04-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4026.2137 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\HP\HP Photosmart Plus B210 series\bin\HPNetworkCommunicator.exe
C:\Users\Joshua\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Users\Joshua\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRAM FILES (X86)\AIM\AIM.EXE
C:\PROGRAM FILES (X86)\COMMON FILES\AOL\1309252485\EE\AOLSOFTWARE.EXE
C:\PROGRAM FILES (X86)\LAUNCH MANAGER\LMANAGER.EXE
C:\PROGRAM FILES\REALTEK\AUDIO\HDA\RAVCPL64.EXE
C:\PROGRAM FILES\GATEWAY\GATEWAY POWER MANAGEMENT\EPOWERTRAY.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273605104535l03h4z1h5a4842v24p
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273605104535l03h4z1h5a4842v24p
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273605104535l03h4z1h5a4842v24p
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Joshua\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 172.16.2.1
TCP: Interfaces\{EEF70C3E-589D-4098-9E73-2481002600FB} : DhcpNameServer = 172.16.2.1
TCP: Interfaces\{EEF70C3E-589D-4098-9E73-2481002600FB}\74275656E60234F60797 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
mRun-x64: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]
R1 SbTis;SbTis;C:\Windows\system32\drivers\sbtis.sys --> C:\Windows\system32\drivers\sbtis.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-8-17 913752]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-11-2 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-1 652360]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-1-19 3027840]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 akkpyesi;akkpyesi;\??\C:\Windows\system32\drivers\akkpyesi.sys --> C:\Windows\system32\drivers\akkpyesi.sys [?]
S1 ebebnwgf;ebebnwgf;\??\C:\Windows\system32\drivers\ebebnwgf.sys --> C:\Windows\system32\drivers\ebebnwgf.sys [?]
S1 hvmvzivr;hvmvzivr;\??\C:\Windows\system32\drivers\hvmvzivr.sys --> C:\Windows\system32\drivers\hvmvzivr.sys [?]
S1 koclyvye;koclyvye;\??\C:\Windows\system32\drivers\koclyvye.sys --> C:\Windows\system32\drivers\koclyvye.sys [?]
S1 szcbhvgp;szcbhvgp;\??\C:\Windows\system32\drivers\szcbhvgp.sys --> C:\Windows\system32\drivers\szcbhvgp.sys [?]
S1 tsuqrfep;tsuqrfep;\??\C:\Windows\system32\drivers\tsuqrfep.sys --> C:\Windows\system32\drivers\tsuqrfep.sys [?]
S1 vucnbvrj;vucnbvrj;\??\C:\Windows\system32\drivers\vucnbvrj.sys --> C:\Windows\system32\drivers\vucnbvrj.sys [?]
S1 xpihkrvj;xpihkrvj;\??\C:\Windows\system32\drivers\xpihkrvj.sys --> C:\Windows\system32\drivers\xpihkrvj.sys [?]
S1 xzdxuqxm;xzdxuqxm;\??\C:\Windows\system32\drivers\xzdxuqxm.sys --> C:\Windows\system32\drivers\xzdxuqxm.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-27 135664]
S2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-9-24 62720]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-4-3 1153368]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 253600]
S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2010-11-26 401920]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-27 135664]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
S3 npggsvc;nProtect GameGuard Service; [x]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]
S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-2 225280]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?]
S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 ts_arusb;[CommView] Atheros Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\ts_arusbx.sys --> C:\Windows\system32\DRIVERS\ts_arusbx.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2012-04-07 10:48:57 50000 ----a-w- C:\Windows\System32\drivers\xzdxuqxm.sys
2012-04-07 10:42:13 50000 ----a-w- C:\Windows\System32\drivers\szcbhvgp.sys
2012-04-07 10:32:58 50000 ----a-w- C:\Windows\System32\drivers\vucnbvrj.sys
2012-04-07 10:27:19 50000 ----a-w- C:\Windows\System32\drivers\tsuqrfep.sys
2012-04-07 10:17:03 50000 ----a-w- C:\Windows\System32\drivers\ebebnwgf.sys
2012-04-07 10:00:56 50000 ----a-w- C:\Windows\System32\drivers\koclyvye.sys
2012-04-07 09:45:01 50000 ----a-w- C:\Windows\System32\drivers\hvmvzivr.sys
2012-04-07 09:23:10 50000 ----a-w- C:\Windows\System32\drivers\akkpyesi.sys
2012-04-07 09:12:55 50000 ----a-w- C:\Windows\System32\drivers\xpihkrvj.sys
2012-04-07 09:02:22 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{71E23DC7-0B3B-471E-ADE6-2E7011240D43}\offreg.dll
2012-04-07 08:54:43 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6B51EC6C-6683-45A0-807A-AFD07CCA650C}\gapaengine.dll
2012-04-07 08:54:36 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{71E23DC7-0B3B-471E-ADE6-2E7011240D43}\mpengine.dll
2012-04-06 08:53:06 -------- d--h--w- C:\ProgramData\Common Files
2012-04-06 08:51:29 -------- d--h--w- C:\$AVG
2012-04-06 08:51:29 -------- d-----w- C:\ProgramData\AVG2012
2012-04-06 08:50:30 -------- d-----w- C:\Program Files (x86)\AVG
2012-04-06 08:44:45 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-04-06 08:44:36 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-04-06 08:36:10 -------- d-----w- C:\ProgramData\MFAData
2012-04-04 04:31:29 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-04-04 04:31:29 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-04-04 04:26:41 94296 ----a-w- C:\Windows\System32\drivers\sbtis.sys
2012-04-04 04:26:41 60504 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2012-04-04 04:26:28 84568 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys
2012-04-04 04:26:28 253528 ----a-w- C:\Windows\System32\drivers\SbFw.sys
2012-04-04 01:20:14 126312 ----a-r- C:\Windows\System32\GEARAspi64.dll
2012-04-04 01:20:14 107368 ----a-r- C:\Windows\SysWow64\GEARAspi.dll
2012-04-04 01:20:13 34152 ----a-r- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-04-03 22:37:36 -------- d-----w- C:\Program Files (x86)\GUM3285.tmp
2012-04-01 08:38:31 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-01 04:36:06 8738464 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-01 03:50:09 -------- d-----we C:\Windows\system64
2012-03-31 20:07:26 -------- d-----w- C:\MGtools
2012-03-31 10:54:05 -------- d-----w- C:\Users\Joshua\AppData\Roaming\Malwarebytes
2012-03-31 10:54:00 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-31 10:53:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-31 10:22:28 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-03-31 10:03:42 -------- d-----w- C:\Program Files (x86)\YouTube Downloader Toolbar
2012-03-31 10:03:42 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2012-03-31 07:39:40 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-30 09:33:42 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-03-28 02:20:48 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CF7CEE6A-580F-43A6-9A1F-E6FDCA0CF623}\mpengine.dll
2012-03-27 04:43:45 -------- d-----w- C:\Windows\SysWow64\Adobe
2012-03-25 00:34:49 -------- d-----w- C:\Users\Joshua\AppData\Local\{8E7A66C0-D503-4C77-A4C4-444C8A3A19B0}
2012-03-23 06:55:16 -------- d-----w- C:\ProgramData\TamoSoft
2012-03-23 06:41:00 -------- d-----w- C:\Program Files (x86)\CommViewWiFi
2012-03-23 06:12:19 1206248 ----a-w- C:\Windows\System32\drivers\ts_arusbx.sys
2012-03-22 11:08:14 -------- d-----w- C:\Program Files (x86)\Kismet
2012-03-22 11:07:19 -------- d-----w- C:\Program Files (x86)\CACE Technologies
2012-03-21 20:48:15 -------- d-----w- C:\Program Files (x86)\GUMC368.tmp
2012-03-21 10:08:19 -------- d-----w- C:\Program Files (x86)\GUME241.tmp
2012-03-14 10:06:27 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 10:06:26 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 10:06:26 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 04:59:33 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 04:59:32 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 04:59:32 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 04:54:44 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 04:54:44 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 04:54:44 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 04:54:43 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 04:54:43 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 04:54:43 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 04:54:43 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-09 15:22:08 -------- d-----w- C:\Users\Joshua\AppData\Local\{1E54CF58-9B94-4DAA-9896-DC8AC85092F6}
2012-03-09 15:21:49 -------- d-----w- C:\Users\Joshua\AppData\Local\{0D5C667B-3F44-42DA-8CC4-2FB1378521C2}
2012-03-09 12:39:15 11137024 ----a-w- C:\Windows\SysWow64\libmfxsw32.dll
.
==================== Find3M ====================
.
2012-04-05 07:46:11 925184 ----a-w- C:\Windows\expstart.exe
2012-04-01 04:36:12 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 21:24:50 24408 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2012-02-20 04:39:15 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-12 16:08:41 26728 ----a-w- C:\Windows\System32\drivers\TsLwWfF.sys
.
============= FINISH: 3:58:14.49 ===============





Hope those information help.
Thank you very much for your time!

PS: Am I allow to still use my computer during the fixing process for homework and internet? (Sorry if this sounded stupid, need to know just in case..)

Attached Files



BC AdBot (Login to Remove)

 


#2 Carahandoccå

Carahandoccå
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 07 April 2012 - 06:55 AM

And Sirefef.J and Sirefef.W is also detected - forgot to put them up there as well..

#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:53 PM

Posted 07 April 2012 - 03:20 PM

Hi,

Please do the following:

  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.


NEXT


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Delete is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#4 Carahandoccå

Carahandoccå
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 08 April 2012 - 12:05 AM

Hi again, thanks for the reply!!~

Anyways here is the log from aswMBR and TDSSKiller.



aswMBR Log:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-07 21:06:06
-----------------------------
21:06:06.212 OS Version: Windows x64 6.1.7601 Service Pack 1
21:06:06.212 Number of processors: 2 586 0x170A
21:06:06.213 ComputerName: JOSHUA-PC UserName: Joshua
21:06:07.862 Initialize success
21:11:45.827 AVAST engine defs: 12040701
21:14:51.770 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:14:51.772 Disk 0 Vendor: WDC_WD5000BEVT-00A0RT0 01.01A01 Size: 476940MB BusType: 11
21:14:51.779 Disk 0 MBR read successfully
21:14:51.782 Disk 0 MBR scan
21:14:51.850 Disk 0 Windows 7 default MBR code
21:14:51.855 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 2048
21:14:51.952 Disk 0 scanning C:\Windows\system32\drivers
21:15:07.477 Service scanning
21:15:49.302 Modules scanning
21:15:49.311 Disk 0 trace - called modules:
21:15:49.324 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:15:49.329 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c4e060]
21:15:49.333 3 CLASSPNP.SYS[fffff88001bae43f] -> nt!IofCallDriver -> [0xfffffa80047901e0]
21:15:49.666 5 ACPI.sys[fffff88000ef27a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80047eb060]
21:15:51.379 AVAST engine scan C:\Windows
21:15:55.717 AVAST engine scan C:\Windows\system32
21:20:34.718 AVAST engine scan C:\Windows\system32\drivers
21:20:52.718 AVAST engine scan C:\Users\Joshua
21:30:38.729 AVAST engine scan C:\ProgramData
21:35:59.272 Scan finished successfully
21:48:38.631 Disk 0 MBR has been saved successfully to "C:\Users\Joshua\Desktop\MBR.dat"
21:48:38.691 The log file has been saved successfully to "C:\Users\Joshua\Desktop\aswMBR.txt"


TFDDKiller Log:

21:49:19.0141 2804 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
21:49:19.0201 2804 ============================================================
21:49:19.0201 2804 Current date / time: 2012/04/07 21:49:19.0201
21:49:19.0201 2804 SystemInfo:
21:49:19.0201 2804
21:49:19.0201 2804 OS Version: 6.1.7601 ServicePack: 1.0
21:49:19.0201 2804 Product type: Workstation
21:49:19.0201 2804 ComputerName: JOSHUA-PC
21:49:19.0201 2804 UserName: Joshua
21:49:19.0201 2804 Windows directory: C:\Windows
21:49:19.0201 2804 System windows directory: C:\Windows
21:49:19.0201 2804 Running under WOW64
21:49:19.0201 2804 Processor architecture: Intel x64
21:49:19.0201 2804 Number of processors: 2
21:49:19.0201 2804 Page size: 0x1000
21:49:19.0201 2804 Boot type: Normal boot
21:49:19.0201 2804 ============================================================
21:49:20.0701 2804 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:49:20.0741 2804 \Device\Harddisk0\DR0:
21:49:20.0741 2804 MBR used
21:49:20.0741 2804 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
21:49:20.0771 2804 Initialize success
21:49:20.0771 2804 ============================================================
21:49:28.0292 2004 ============================================================
21:49:28.0292 2004 Scan started
21:49:28.0292 2004 Mode: Manual;
21:49:28.0292 2004 ============================================================
21:49:29.0182 2004 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
21:49:29.0182 2004 !SASCORE - ok
21:49:29.0282 2004 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:49:29.0292 2004 1394ohci - ok
21:49:29.0292 2004 Scan interrupted by user!
21:49:29.0292 2004 Scan interrupted by user!
21:49:29.0292 2004 Scan interrupted by user!
21:49:29.0292 2004 ============================================================
21:49:29.0292 2004 Scan finished
21:49:29.0292 2004 ============================================================
21:49:29.0302 2496 Detected object count: 0
21:49:29.0302 2496 Actual detected object count: 0
21:49:52.0395 3668 ============================================================
21:49:52.0395 3668 Scan started
21:49:52.0395 3668 Mode: Manual; TDLFS;
21:49:52.0395 3668 ============================================================
21:49:52.0755 3668 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
21:49:52.0755 3668 !SASCORE - ok
21:49:52.0865 3668 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:49:52.0865 3668 1394ohci - ok
21:49:52.0885 3668 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:49:52.0895 3668 ACPI - ok
21:49:52.0935 3668 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:49:52.0935 3668 AcpiPmi - ok
21:49:52.0975 3668 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
21:49:52.0975 3668 adfs - ok
21:49:53.0065 3668 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:49:53.0065 3668 AdobeARMservice - ok
21:49:53.0145 3668 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:49:53.0145 3668 AdobeFlashPlayerUpdateSvc - ok
21:49:53.0235 3668 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:49:53.0245 3668 adp94xx - ok
21:49:53.0295 3668 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:49:53.0295 3668 adpahci - ok
21:49:53.0345 3668 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:49:53.0345 3668 adpu320 - ok
21:49:53.0465 3668 AdvancedSystemCareService5 (b11c71b29fa69e4586f9b65560e6604d) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
21:49:53.0475 3668 AdvancedSystemCareService5 - ok
21:49:53.0545 3668 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:49:53.0545 3668 AeLookupSvc - ok
21:49:53.0585 3668 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:49:53.0595 3668 AFD - ok
21:49:53.0635 3668 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:49:53.0635 3668 agp440 - ok
21:49:53.0755 3668 akkpyesi (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\akkpyesi.sys
21:49:53.0755 3668 akkpyesi - ok
21:49:53.0805 3668 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:49:53.0805 3668 ALG - ok
21:49:53.0855 3668 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:49:53.0865 3668 aliide - ok
21:49:53.0965 3668 Amazon Download Agent (ff6f0f6a2d72065ae4300426fa414693) C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
21:49:53.0965 3668 Amazon Download Agent - ok
21:49:54.0065 3668 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:49:54.0065 3668 amdide - ok
21:49:54.0105 3668 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:49:54.0115 3668 AmdK8 - ok
21:49:54.0125 3668 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:49:54.0125 3668 AmdPPM - ok
21:49:54.0175 3668 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:49:54.0175 3668 amdsata - ok
21:49:54.0185 3668 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:49:54.0185 3668 amdsbs - ok
21:49:54.0205 3668 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:49:54.0205 3668 amdxata - ok
21:49:54.0315 3668 AOL ACS (85180cf88c5ebad73b452a43a004ca51) C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
21:49:54.0315 3668 AOL ACS - ok
21:49:54.0415 3668 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:49:54.0425 3668 AppID - ok
21:49:54.0455 3668 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:49:54.0455 3668 AppIDSvc - ok
21:49:54.0495 3668 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:49:54.0495 3668 Appinfo - ok
21:49:54.0595 3668 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:49:54.0595 3668 Apple Mobile Device - ok
21:49:54.0695 3668 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:49:54.0695 3668 arc - ok
21:49:54.0705 3668 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:49:54.0705 3668 arcsas - ok
21:49:54.0825 3668 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:49:54.0825 3668 aspnet_state - ok
21:49:54.0895 3668 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:49:54.0895 3668 AsyncMac - ok
21:49:54.0935 3668 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:49:54.0935 3668 atapi - ok
21:49:54.0985 3668 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
21:49:55.0005 3668 athr - ok
21:49:55.0055 3668 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:49:55.0065 3668 AudioEndpointBuilder - ok
21:49:55.0075 3668 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:49:55.0075 3668 AudioSrv - ok
21:49:55.0125 3668 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:49:55.0125 3668 AxInstSV - ok
21:49:55.0185 3668 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:49:55.0185 3668 b06bdrv - ok
21:49:55.0245 3668 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:49:55.0245 3668 b57nd60a - ok
21:49:55.0285 3668 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:49:55.0285 3668 BDESVC - ok
21:49:55.0325 3668 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:49:55.0325 3668 Beep - ok
21:49:55.0385 3668 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
21:49:55.0395 3668 BITS - ok
21:49:55.0445 3668 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:49:55.0445 3668 blbdrive - ok
21:49:55.0525 3668 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:49:55.0525 3668 Bonjour Service - ok
21:49:55.0625 3668 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:49:55.0625 3668 bowser - ok
21:49:55.0665 3668 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:49:55.0665 3668 BrFiltLo - ok
21:49:55.0705 3668 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:49:55.0715 3668 BrFiltUp - ok
21:49:55.0755 3668 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:49:55.0755 3668 Browser - ok
21:49:55.0765 3668 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:49:55.0775 3668 Brserid - ok
21:49:55.0785 3668 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:49:55.0785 3668 BrSerWdm - ok
21:49:55.0795 3668 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:49:55.0795 3668 BrUsbMdm - ok
21:49:55.0805 3668 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:49:55.0805 3668 BrUsbSer - ok
21:49:55.0815 3668 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:49:55.0815 3668 BTHMODEM - ok
21:49:55.0845 3668 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:49:55.0845 3668 bthserv - ok
21:49:55.0885 3668 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
21:49:55.0895 3668 CAXHWAZL - ok
21:49:55.0975 3668 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:49:55.0975 3668 cdfs - ok
21:49:56.0005 3668 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:49:56.0005 3668 cdrom - ok
21:49:56.0055 3668 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:49:56.0055 3668 CertPropSvc - ok
21:49:56.0105 3668 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:49:56.0105 3668 circlass - ok
21:49:56.0155 3668 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:49:56.0155 3668 CLFS - ok
21:49:56.0225 3668 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:49:56.0225 3668 clr_optimization_v2.0.50727_32 - ok
21:49:56.0285 3668 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:49:56.0285 3668 clr_optimization_v2.0.50727_64 - ok
21:49:56.0345 3668 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:49:56.0345 3668 clr_optimization_v4.0.30319_32 - ok
21:49:56.0365 3668 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:49:56.0375 3668 clr_optimization_v4.0.30319_64 - ok
21:49:56.0435 3668 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:49:56.0435 3668 CmBatt - ok
21:49:56.0505 3668 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:49:56.0505 3668 cmdide - ok
21:49:56.0555 3668 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:49:56.0555 3668 CNG - ok
21:49:56.0575 3668 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:49:56.0585 3668 Compbatt - ok
21:49:56.0615 3668 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:49:56.0625 3668 CompositeBus - ok
21:49:56.0635 3668 COMSysApp - ok
21:49:56.0706 3668 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
21:49:56.0716 3668 cpudrv64 - ok
21:49:56.0806 3668 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:49:56.0806 3668 crcdisk - ok
21:49:56.0856 3668 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:49:56.0856 3668 CryptSvc - ok
21:49:56.0926 3668 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:49:56.0926 3668 DcomLaunch - ok
21:49:56.0966 3668 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:49:56.0966 3668 defragsvc - ok
21:49:57.0016 3668 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:49:57.0016 3668 DfsC - ok
21:49:57.0066 3668 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:49:57.0066 3668 Dhcp - ok
21:49:57.0106 3668 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:49:57.0106 3668 discache - ok
21:49:57.0136 3668 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:49:57.0136 3668 Disk - ok
21:49:57.0186 3668 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\syswow64\Drivers\DKbFltr.sys
21:49:57.0186 3668 DKbFltr - ok
21:49:57.0236 3668 DlinkUDSMBus (651dff519abf9464cedaf8f1f0913e39) C:\Windows\syswow64\Drivers\DlinkUDSMBus.sys
21:49:57.0236 3668 DlinkUDSMBus - ok
21:49:57.0286 3668 DlinkUDSTcpBus (ca1c992760eabb6e5f5511d88745c4a3) C:\Windows\syswow64\Drivers\DlinkUDSTcpBus.sys
21:49:57.0286 3668 DlinkUDSTcpBus - ok
21:49:57.0356 3668 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:49:57.0356 3668 Dnscache - ok
21:49:57.0396 3668 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:49:57.0396 3668 dot3svc - ok
21:49:57.0436 3668 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:49:57.0446 3668 DPS - ok
21:49:57.0496 3668 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:49:57.0496 3668 drmkaud - ok
21:49:57.0506 3668 dump_wmimmc - ok
21:49:57.0586 3668 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:49:57.0596 3668 DXGKrnl - ok
21:49:57.0606 3668 EagleX64 - ok
21:49:57.0646 3668 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:49:57.0646 3668 EapHost - ok
21:49:57.0766 3668 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:49:57.0856 3668 ebdrv - ok
21:49:57.0986 3668 ebebnwgf (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\ebebnwgf.sys
21:49:57.0986 3668 ebebnwgf - ok
21:49:58.0026 3668 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:49:58.0026 3668 EFS - ok
21:49:58.0086 3668 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:49:58.0096 3668 ehRecvr - ok
21:49:58.0126 3668 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:49:58.0126 3668 ehSched - ok
21:49:58.0196 3668 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
21:49:58.0196 3668 ElbyCDIO - ok
21:49:58.0256 3668 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:49:58.0256 3668 elxstor - ok
21:49:58.0326 3668 ePowerSvc (fb67aa8ac61b9365add546139a21bed6) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
21:49:58.0346 3668 ePowerSvc - ok
21:49:58.0438 3668 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:49:58.0438 3668 ErrDev - ok
21:49:58.0518 3668 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:49:58.0518 3668 EventSystem - ok
21:49:58.0588 3668 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:49:58.0588 3668 exfat - ok
21:49:58.0618 3668 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:49:58.0618 3668 fastfat - ok
21:49:58.0718 3668 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:49:58.0728 3668 Fax - ok
21:49:58.0778 3668 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:49:58.0778 3668 fdc - ok
21:49:58.0818 3668 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:49:58.0818 3668 fdPHost - ok
21:49:58.0838 3668 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:49:58.0838 3668 FDResPub - ok
21:49:58.0858 3668 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:49:58.0858 3668 FileInfo - ok
21:49:58.0878 3668 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:49:58.0878 3668 Filetrace - ok
21:49:58.0978 3668 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:49:58.0988 3668 FLEXnet Licensing Service - ok
21:49:59.0078 3668 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:49:59.0078 3668 flpydisk - ok
21:49:59.0118 3668 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:49:59.0128 3668 FltMgr - ok
21:49:59.0188 3668 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:49:59.0228 3668 FontCache - ok
21:49:59.0328 3668 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:49:59.0328 3668 FontCache3.0.0.0 - ok
21:49:59.0378 3668 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:49:59.0378 3668 FsDepends - ok
21:49:59.0398 3668 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:49:59.0398 3668 Fs_Rec - ok
21:49:59.0448 3668 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:49:59.0448 3668 fvevol - ok
21:49:59.0488 3668 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:49:59.0498 3668 gagp30kx - ok
21:49:59.0588 3668 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
21:49:59.0588 3668 GamesAppService - ok
21:49:59.0668 3668 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:49:59.0678 3668 GEARAspiWDM - ok
21:49:59.0718 3668 gfsxldnn (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\gfsxldnn.sys
21:49:59.0718 3668 gfsxldnn - ok
21:49:59.0778 3668 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:49:59.0788 3668 gpsvc - ok
21:49:59.0858 3668 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
21:49:59.0888 3668 Greg_Service - ok
21:49:59.0978 3668 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:49:59.0978 3668 gupdate - ok
21:49:59.0978 3668 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:49:59.0988 3668 gupdatem - ok
21:50:00.0078 3668 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:50:00.0078 3668 hcw85cir - ok
21:50:00.0138 3668 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:50:00.0138 3668 HdAudAddService - ok
21:50:00.0178 3668 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:50:00.0178 3668 HDAudBus - ok
21:50:00.0218 3668 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:50:00.0228 3668 HidBatt - ok
21:50:00.0238 3668 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:50:00.0238 3668 HidBth - ok
21:50:00.0248 3668 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:50:00.0248 3668 HidIr - ok
21:50:00.0288 3668 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
21:50:00.0288 3668 hidserv - ok
21:50:00.0328 3668 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:50:00.0328 3668 HidUsb - ok
21:50:00.0368 3668 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:50:00.0378 3668 hkmsvc - ok
21:50:00.0428 3668 hkzbjrao (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\hkzbjrao.sys
21:50:00.0428 3668 hkzbjrao - ok
21:50:00.0458 3668 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:50:00.0468 3668 HomeGroupListener - ok
21:50:00.0498 3668 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:50:00.0508 3668 HomeGroupProvider - ok
21:50:00.0558 3668 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:50:00.0558 3668 HpSAMD - ok
21:50:00.0608 3668 HsfXAudioService (447256d1c026654c5cd3cc17e7b20631) C:\Windows\SysWOW64\XAudio64.dll
21:50:00.0608 3668 HsfXAudioService - ok
21:50:00.0698 3668 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
21:50:00.0738 3668 HSF_DPV - ok
21:50:00.0838 3668 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:50:00.0848 3668 HTTP - ok
21:50:00.0888 3668 hvmvzivr (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\hvmvzivr.sys
21:50:00.0888 3668 hvmvzivr - ok
21:50:00.0928 3668 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:50:00.0928 3668 hwpolicy - ok
21:50:00.0968 3668 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:50:00.0968 3668 i8042prt - ok
21:50:01.0018 3668 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:50:01.0028 3668 iaStorV - ok
21:50:01.0118 3668 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:50:01.0118 3668 IDriverT - ok
21:50:01.0238 3668 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:50:01.0248 3668 idsvc - ok
21:50:01.0428 3668 igfx (2d18c9e1f23970de32d78d3b1cdda0a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:50:01.0578 3668 igfx - ok
21:50:01.0678 3668 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:50:01.0678 3668 iirsp - ok
21:50:01.0749 3668 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:50:01.0769 3668 IKEEXT - ok
21:50:01.0849 3668 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\Windows\system32\drivers\RTKVHD64.sys
21:50:01.0889 3668 IntcAzAudAddService - ok
21:50:01.0929 3668 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
21:50:01.0929 3668 IntcHdmiAddService - ok
21:50:01.0959 3668 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:50:01.0969 3668 intelide - ok
21:50:01.0999 3668 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:50:01.0999 3668 intelppm - ok
21:50:02.0029 3668 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:50:02.0029 3668 IPBusEnum - ok
21:50:02.0089 3668 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:50:02.0089 3668 IpFilterDriver - ok
21:50:02.0129 3668 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:50:02.0129 3668 IPMIDRV - ok
21:50:02.0169 3668 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:50:02.0169 3668 IPNAT - ok
21:50:02.0239 3668 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
21:50:02.0249 3668 iPod Service - ok
21:50:02.0339 3668 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:50:02.0339 3668 IRENUM - ok
21:50:02.0379 3668 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:50:02.0389 3668 isapnp - ok
21:50:02.0419 3668 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:50:02.0429 3668 iScsiPrt - ok
21:50:02.0469 3668 k57nd60a (7dbafe10c1b777305c80bea42fbda710) C:\Windows\system32\DRIVERS\k57nd60a.sys
21:50:02.0479 3668 k57nd60a - ok
21:50:02.0529 3668 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:50:02.0529 3668 kbdclass - ok
21:50:02.0559 3668 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:50:02.0559 3668 kbdhid - ok
21:50:02.0599 3668 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:50:02.0599 3668 KeyIso - ok
21:50:02.0669 3668 koclyvye (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\koclyvye.sys
21:50:02.0669 3668 koclyvye - ok
21:50:02.0699 3668 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:50:02.0709 3668 KSecDD - ok
21:50:02.0759 3668 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:50:02.0769 3668 KSecPkg - ok
21:50:02.0799 3668 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:50:02.0799 3668 ksthunk - ok
21:50:02.0899 3668 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:50:02.0899 3668 KtmRm - ok
21:50:02.0949 3668 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
21:50:02.0959 3668 LanmanServer - ok
21:50:02.0989 3668 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:50:02.0999 3668 LanmanWorkstation - ok
21:50:03.0039 3668 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:50:03.0039 3668 lltdio - ok
21:50:03.0089 3668 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:50:03.0099 3668 lltdsvc - ok
21:50:03.0139 3668 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:50:03.0149 3668 lmhosts - ok
21:50:03.0199 3668 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:50:03.0199 3668 LSI_FC - ok
21:50:03.0209 3668 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:50:03.0219 3668 LSI_SAS - ok
21:50:03.0229 3668 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:50:03.0229 3668 LSI_SAS2 - ok
21:50:03.0239 3668 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:50:03.0239 3668 LSI_SCSI - ok
21:50:03.0259 3668 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:50:03.0269 3668 luafv - ok
21:50:03.0299 3668 ludrhrfs (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\ludrhrfs.sys
21:50:03.0299 3668 ludrhrfs - ok
21:50:03.0339 3668 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
21:50:03.0339 3668 MBAMProtector - ok
21:50:03.0409 3668 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:50:03.0409 3668 MBAMService - ok
21:50:03.0519 3668 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
21:50:03.0519 3668 mcdbus - ok
21:50:03.0569 3668 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:50:03.0569 3668 Mcx2Svc - ok
21:50:03.0619 3668 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:50:03.0619 3668 mdmxsdk - ok
21:50:03.0659 3668 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:50:03.0659 3668 megasas - ok
21:50:03.0679 3668 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:50:03.0679 3668 MegaSR - ok
21:50:03.0729 3668 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:50:03.0729 3668 MMCSS - ok
21:50:03.0799 3668 mmjkthzs (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\mmjkthzs.sys
21:50:03.0799 3668 mmjkthzs - ok
21:50:03.0869 3668 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:50:03.0869 3668 Modem - ok
21:50:03.0899 3668 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:50:03.0909 3668 monitor - ok
21:50:03.0949 3668 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:50:03.0949 3668 mouclass - ok
21:50:03.0979 3668 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:50:03.0979 3668 mouhid - ok
21:50:04.0019 3668 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:50:04.0019 3668 mountmgr - ok
21:50:04.0109 3668 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
21:50:04.0119 3668 MpFilter - ok
21:50:04.0159 3668 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:50:04.0159 3668 mpio - ok
21:50:04.0219 3668 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
21:50:04.0219 3668 MpNWMon - ok
21:50:04.0269 3668 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:50:04.0269 3668 mpsdrv - ok
21:50:04.0309 3668 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:50:04.0309 3668 MRxDAV - ok
21:50:04.0349 3668 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:50:04.0359 3668 mrxsmb - ok
21:50:04.0419 3668 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:50:04.0419 3668 mrxsmb10 - ok
21:50:04.0469 3668 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:50:04.0469 3668 mrxsmb20 - ok
21:50:04.0519 3668 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:50:04.0519 3668 msahci - ok
21:50:04.0559 3668 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:50:04.0559 3668 msdsm - ok
21:50:04.0609 3668 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:50:04.0619 3668 MSDTC - ok
21:50:04.0669 3668 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:50:04.0669 3668 Msfs - ok
21:50:04.0689 3668 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:50:04.0689 3668 mshidkmdf - ok
21:50:04.0740 3668 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:50:04.0740 3668 msisadrv - ok
21:50:04.0780 3668 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:50:04.0780 3668 MSiSCSI - ok
21:50:04.0790 3668 msiserver - ok
21:50:04.0850 3668 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:50:04.0850 3668 MSKSSRV - ok
21:50:04.0980 3668 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
21:50:04.0980 3668 MsMpSvc - ok
21:50:05.0060 3668 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:50:05.0060 3668 MSPCLOCK - ok
21:50:05.0080 3668 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:50:05.0080 3668 MSPQM - ok
21:50:05.0130 3668 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:50:05.0130 3668 MsRPC - ok
21:50:05.0180 3668 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:50:05.0180 3668 mssmbios - ok
21:50:05.0230 3668 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:50:05.0230 3668 MSTEE - ok
21:50:05.0240 3668 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:50:05.0240 3668 MTConfig - ok
21:50:05.0280 3668 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:50:05.0280 3668 Mup - ok
21:50:05.0340 3668 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:50:05.0350 3668 napagent - ok
21:50:05.0400 3668 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:50:05.0400 3668 NativeWifiP - ok
21:50:05.0440 3668 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:50:05.0450 3668 NDIS - ok
21:50:05.0500 3668 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:50:05.0500 3668 NdisCap - ok
21:50:05.0540 3668 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:50:05.0540 3668 NdisTapi - ok
21:50:05.0580 3668 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:50:05.0580 3668 Ndisuio - ok
21:50:05.0670 3668 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:50:05.0670 3668 NdisWan - ok
21:50:05.0710 3668 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:50:05.0710 3668 NDProxy - ok
21:50:05.0760 3668 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:50:05.0760 3668 NetBIOS - ok
21:50:05.0810 3668 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:50:05.0820 3668 NetBT - ok
21:50:05.0900 3668 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:50:05.0900 3668 Netlogon - ok
21:50:05.0940 3668 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:50:05.0950 3668 Netman - ok
21:50:06.0050 3668 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:50:06.0050 3668 NetMsmqActivator - ok
21:50:06.0050 3668 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:50:06.0060 3668 NetPipeActivator - ok
21:50:06.0130 3668 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:50:06.0140 3668 netprofm - ok
21:50:06.0230 3668 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:50:06.0240 3668 NetTcpActivator - ok
21:50:06.0240 3668 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:50:06.0240 3668 NetTcpPortSharing - ok
21:50:06.0470 3668 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
21:50:06.0620 3668 NETw5s64 - ok
21:50:06.0890 3668 NETwNs64 (9ec1edebba8cf6a30899ee38ab1352cc) C:\Windows\system32\DRIVERS\NETwNs64.sys
21:50:07.0060 3668 NETwNs64 - ok
21:50:07.0170 3668 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:50:07.0170 3668 nfrd960 - ok
21:50:07.0210 3668 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:50:07.0210 3668 NisDrv - ok
21:50:07.0320 3668 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
21:50:07.0330 3668 NisSrv - ok
21:50:07.0440 3668 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:50:07.0440 3668 NlaSvc - ok
21:50:07.0480 3668 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:50:07.0480 3668 Npfs - ok
21:50:07.0500 3668 NPPTNT2 - ok
21:50:07.0540 3668 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:50:07.0540 3668 nsi - ok
21:50:07.0570 3668 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:50:07.0570 3668 nsiproxy - ok
21:50:07.0650 3668 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:50:07.0700 3668 Ntfs - ok
21:50:07.0760 3668 NTI IScheduleSvc (14e66f603fb187713aeb02ad3b0390cf) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
21:50:07.0760 3668 NTI IScheduleSvc - ok
21:50:07.0850 3668 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
21:50:07.0850 3668 NTIDrvr - ok
21:50:07.0880 3668 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:50:07.0880 3668 Null - ok
21:50:07.0930 3668 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:50:07.0930 3668 nvraid - ok
21:50:07.0950 3668 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:50:07.0950 3668 nvstor - ok
21:50:07.0970 3668 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:50:07.0970 3668 nv_agp - ok
21:50:08.0010 3668 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:50:08.0020 3668 ohci1394 - ok
21:50:08.0070 3668 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:50:08.0080 3668 ose - ok
21:50:08.0220 3668 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:50:08.0310 3668 osppsvc - ok
21:50:08.0410 3668 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:50:08.0410 3668 p2pimsvc - ok
21:50:08.0460 3668 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:50:08.0470 3668 p2psvc - ok
21:50:08.0520 3668 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:50:08.0520 3668 Parport - ok
21:50:08.0560 3668 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:50:08.0560 3668 partmgr - ok
21:50:08.0610 3668 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:50:08.0620 3668 PcaSvc - ok
21:50:08.0670 3668 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:50:08.0680 3668 pci - ok
21:50:08.0690 3668 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:50:08.0700 3668 pciide - ok
21:50:08.0750 3668 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:50:08.0750 3668 pcmcia - ok
21:50:08.0780 3668 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:50:08.0780 3668 pcw - ok
21:50:08.0810 3668 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:50:08.0820 3668 PEAUTH - ok
21:50:08.0880 3668 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:50:08.0880 3668 PerfHost - ok
21:50:08.0970 3668 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:50:09.0020 3668 pla - ok
21:50:09.0060 3668 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:50:09.0070 3668 PlugPlay - ok
21:50:09.0110 3668 Pml Driver HPZ12 (f485770eec8959684cc4c4786b63c06c) C:\Windows\system32\HPZipm12.dll
21:50:09.0110 3668 Pml Driver HPZ12 - ok
21:50:09.0150 3668 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:50:09.0160 3668 PNRPAutoReg - ok
21:50:09.0190 3668 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:50:09.0190 3668 PNRPsvc - ok
21:50:09.0240 3668 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:50:09.0250 3668 PolicyAgent - ok
21:50:09.0310 3668 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:50:09.0320 3668 Power - ok
21:50:09.0370 3668 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:50:09.0370 3668 PptpMiniport - ok
21:50:09.0420 3668 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:50:09.0420 3668 Processor - ok
21:50:09.0470 3668 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:50:09.0470 3668 ProfSvc - ok
21:50:09.0520 3668 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:50:09.0520 3668 ProtectedStorage - ok
21:50:09.0580 3668 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:50:09.0580 3668 Psched - ok
21:50:09.0610 3668 pwdrvio (41ad0fcf47275a9bc70fa1b56bfd3e23) C:\Windows\system32\pwdrvio.sys
21:50:09.0620 3668 pwdrvio - ok
21:50:09.0640 3668 pwdspio (19cf17076f2524af6746b528584aa3c9) C:\Windows\system32\pwdspio.sys
21:50:09.0640 3668 pwdspio - ok
21:50:09.0720 3668 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:50:09.0750 3668 ql2300 - ok
21:50:09.0830 3668 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:50:09.0830 3668 ql40xx - ok
21:50:09.0870 3668 qnxjshig (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\qnxjshig.sys
21:50:09.0870 3668 qnxjshig - ok
21:50:09.0920 3668 qnzzkmry (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\qnzzkmry.sys
21:50:09.0930 3668 qnzzkmry - ok
21:50:09.0960 3668 qomojdsy (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\qomojdsy.sys
21:50:09.0970 3668 qomojdsy - ok
21:50:10.0000 3668 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:50:10.0010 3668 QWAVE - ok
21:50:10.0050 3668 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:50:10.0050 3668 QWAVEdrv - ok
21:50:10.0140 3668 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:50:10.0140 3668 RasAcd - ok
21:50:10.0180 3668 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:50:10.0180 3668 RasAgileVpn - ok
21:50:10.0210 3668 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:50:10.0210 3668 RasAuto - ok
21:50:10.0270 3668 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:50:10.0270 3668 Rasl2tp - ok
21:50:10.0330 3668 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:50:10.0330 3668 RasMan - ok
21:50:10.0370 3668 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:50:10.0370 3668 RasPppoe - ok
21:50:10.0410 3668 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:50:10.0410 3668 RasSstp - ok
21:50:10.0490 3668 rasycnqi (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\rasycnqi.sys
21:50:10.0500 3668 rasycnqi - ok
21:50:10.0540 3668 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:50:10.0540 3668 rdbss - ok
21:50:10.0570 3668 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:50:10.0570 3668 rdpbus - ok
21:50:10.0620 3668 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:50:10.0620 3668 RDPCDD - ok
21:50:10.0670 3668 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:50:10.0670 3668 RDPENCDD - ok
21:50:10.0700 3668 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:50:10.0700 3668 RDPREFMP - ok
21:50:10.0740 3668 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
21:50:10.0740 3668 RDPWD - ok
21:50:10.0790 3668 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:50:10.0790 3668 rdyboost - ok
21:50:10.0900 3668 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:50:10.0910 3668 RemoteAccess - ok
21:50:10.0950 3668 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:50:10.0960 3668 RemoteRegistry - ok
21:50:11.0000 3668 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:50:11.0000 3668 RpcEptMapper - ok
21:50:11.0050 3668 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:50:11.0050 3668 RpcLocator - ok
21:50:11.0090 3668 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:50:11.0090 3668 RpcSs - ok
21:50:11.0150 3668 rqvjnedt (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\rqvjnedt.sys
21:50:11.0150 3668 rqvjnedt - ok
21:50:11.0200 3668 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:50:11.0210 3668 rspndr - ok
21:50:11.0260 3668 RSUSBSTOR (db30aa4daa0d492fa5d7717d8181ffa1) C:\Windows\system32\Drivers\RtsUStor.sys
21:50:11.0260 3668 RSUSBSTOR - ok
21:50:11.0350 3668 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:50:11.0350 3668 SamSs - ok
21:50:11.0420 3668 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
21:50:11.0420 3668 SASDIFSV - ok
21:50:11.0430 3668 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
21:50:11.0440 3668 SASKUTIL - ok
21:50:11.0580 3668 SbFw (cdb954c736d51dc5fa712c039af4f683) C:\Windows\system32\drivers\SbFw.sys
21:50:11.0580 3668 SbFw - ok
21:50:11.0650 3668 SBFWIMCL (5de22e3cb6140213da2e0599b08d525c) C:\Windows\system32\DRIVERS\sbfwim.sys
21:50:11.0650 3668 SBFWIMCL - ok
21:50:11.0721 3668 SBFWIMCLMP (5de22e3cb6140213da2e0599b08d525c) C:\Windows\system32\DRIVERS\SBFWIM.sys
21:50:11.0721 3668 SBFWIMCLMP - ok
21:50:11.0761 3668 sbhips (a5bc45f8c2f30350e7566799c86b2f5d) C:\Windows\system32\drivers\sbhips.sys
21:50:11.0771 3668 sbhips - ok
21:50:11.0811 3668 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:50:11.0821 3668 sbp2port - ok
21:50:11.0891 3668 SBRE - ok
21:50:12.0041 3668 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
21:50:12.0081 3668 SBSDWSCService - ok
21:50:12.0191 3668 SbTis (f9955774a6bf0a5ca696f591c7b80a79) C:\Windows\system32\drivers\sbtis.sys
21:50:12.0201 3668 SbTis - ok
21:50:12.0241 3668 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:50:12.0241 3668 SCardSvr - ok
21:50:12.0301 3668 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:50:12.0301 3668 scfilter - ok
21:50:12.0361 3668 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:50:12.0391 3668 Schedule - ok
21:50:12.0481 3668 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:50:12.0481 3668 SCPolicySvc - ok
21:50:12.0531 3668 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:50:12.0541 3668 SDRSVC - ok
21:50:12.0581 3668 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:50:12.0581 3668 secdrv - ok
21:50:12.0621 3668 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:50:12.0631 3668 seclogon - ok
21:50:12.0661 3668 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:50:12.0671 3668 SENS - ok
21:50:12.0681 3668 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:50:12.0681 3668 SensrSvc - ok
21:50:12.0741 3668 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:50:12.0741 3668 Serenum - ok
21:50:12.0761 3668 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:50:12.0761 3668 Serial - ok
21:50:12.0801 3668 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:50:12.0811 3668 sermouse - ok
21:50:12.0861 3668 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:50:12.0871 3668 SessionEnv - ok
21:50:12.0901 3668 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:50:12.0901 3668 sffdisk - ok
21:50:12.0931 3668 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:50:12.0931 3668 sffp_mmc - ok
21:50:12.0951 3668 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:50:12.0951 3668 sffp_sd - ok
21:50:13.0001 3668 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:50:13.0001 3668 sfloppy - ok
21:50:13.0071 3668 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:50:13.0081 3668 SharedAccess - ok
21:50:13.0131 3668 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:50:13.0141 3668 ShellHWDetection - ok
21:50:13.0191 3668 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:50:13.0191 3668 SiSRaid2 - ok
21:50:13.0231 3668 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:50:13.0231 3668 SiSRaid4 - ok
21:50:13.0261 3668 skhfnizk (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\skhfnizk.sys
21:50:13.0271 3668 skhfnizk - ok
21:50:13.0281 3668 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:50:13.0281 3668 Smb - ok
21:50:13.0331 3668 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:50:13.0331 3668 SNMPTRAP - ok
21:50:13.0351 3668 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:50:13.0351 3668 spldr - ok
21:50:13.0391 3668 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:50:13.0401 3668 Spooler - ok
21:50:13.0511 3668 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:50:13.0591 3668 sppsvc - ok
21:50:13.0691 3668 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:50:13.0691 3668 sppuinotify - ok
21:50:13.0741 3668 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:50:13.0751 3668 srv - ok
21:50:13.0781 3668 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:50:13.0781 3668 srv2 - ok
21:50:13.0851 3668 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
21:50:13.0851 3668 SrvHsfHDA - ok
21:50:13.0901 3668 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
21:50:13.0941 3668 SrvHsfV92 - ok
21:50:14.0071 3668 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
21:50:14.0081 3668 SrvHsfWinac - ok
21:50:14.0131 3668 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:50:14.0131 3668 srvnet - ok
21:50:14.0221 3668 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:50:14.0231 3668 SSDPSRV - ok
21:50:14.0261 3668 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:50:14.0261 3668 SstpSvc - ok
21:50:14.0331 3668 Steam Client Service - ok
21:50:14.0431 3668 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:50:14.0441 3668 stexstor - ok
21:50:14.0481 3668 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
21:50:14.0481 3668 StillCam - ok
21:50:14.0531 3668 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:50:14.0541 3668 stisvc - ok
21:50:14.0581 3668 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:50:14.0591 3668 swenum - ok
21:50:14.0631 3668 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:50:14.0641 3668 swprv - ok
21:50:14.0731 3668 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:50:14.0781 3668 SysMain - ok
21:50:14.0891 3668 szcbhvgp (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\szcbhvgp.sys
21:50:14.0891 3668 szcbhvgp - ok
21:50:14.0951 3668 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:50:14.0951 3668 TabletInputService - ok
21:50:15.0001 3668 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:50:15.0011 3668 TapiSrv - ok
21:50:15.0051 3668 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:50:15.0051 3668 TBS - ok
21:50:15.0151 3668 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:50:15.0201 3668 Tcpip - ok
21:50:15.0341 3668 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:50:15.0361 3668 TCPIP6 - ok
21:50:15.0411 3668 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:50:15.0411 3668 tcpipreg - ok
21:50:15.0461 3668 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:50:15.0461 3668 TDPIPE - ok
21:50:15.0491 3668 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:50:15.0501 3668 TDTCP - ok
21:50:15.0541 3668 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:50:15.0541 3668 tdx - ok
21:50:15.0671 3668 TeamViewer7 (3e85bdd019e3db66d9471dad7fd6a887) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
21:50:15.0741 3668 TeamViewer7 - ok
21:50:15.0851 3668 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:50:15.0851 3668 TermDD - ok
21:50:15.0911 3668 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:50:15.0921 3668 TermService - ok
21:50:15.0971 3668 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:50:15.0971 3668 Themes - ok
21:50:16.0011 3668 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:50:16.0011 3668 THREADORDER - ok
21:50:16.0041 3668 trgcpfkn (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\trgcpfkn.sys
21:50:16.0051 3668 trgcpfkn - ok
21:50:16.0091 3668 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:50:16.0091 3668 TrkWks - ok
21:50:16.0161 3668 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:50:16.0171 3668 TrustedInstaller - ok
21:50:16.0251 3668 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:50:16.0261 3668 tssecsrv - ok
21:50:16.0291 3668 tsuqrfep (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\tsuqrfep.sys
21:50:16.0301 3668 tsuqrfep - ok
21:50:16.0331 3668 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:50:16.0331 3668 TsUsbFlt - ok
21:50:16.0401 3668 ts_arusb (230d42a65630a60968477b9cab30c935) C:\Windows\system32\DRIVERS\ts_arusbx.sys
21:50:16.0431 3668 ts_arusb - ok
21:50:16.0521 3668 ttcykyvi (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\ttcykyvi.sys
21:50:16.0531 3668 ttcykyvi - ok
21:50:16.0571 3668 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:50:16.0571 3668 tunnel - ok
21:50:16.0611 3668 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:50:16.0621 3668 uagp35 - ok
21:50:16.0651 3668 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
21:50:16.0651 3668 UBHelper - ok
21:50:16.0701 3668 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:50:16.0701 3668 udfs - ok
21:50:16.0752 3668 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:50:16.0762 3668 UI0Detect - ok
21:50:16.0802 3668 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:50:16.0802 3668 uliagpkx - ok
21:50:16.0842 3668 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:50:16.0842 3668 umbus - ok
21:50:16.0882 3668 umgkmmrc (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\umgkmmrc.sys
21:50:16.0892 3668 umgkmmrc - ok
21:50:16.0942 3668 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:50:16.0942 3668 UmPass - ok
21:50:16.0992 3668 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:50:16.0992 3668 upnphost - ok
21:50:17.0032 3668 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
21:50:17.0032 3668 usbaudio - ok
21:50:17.0062 3668 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:50:17.0062 3668 usbccgp - ok
21:50:17.0092 3668 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:50:17.0092 3668 usbcir - ok
21:50:17.0122 3668 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:50:17.0122 3668 usbehci - ok
21:50:17.0152 3668 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:50:17.0162 3668 usbhub - ok
21:50:17.0192 3668 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:50:17.0192 3668 usbohci - ok
21:50:17.0232 3668 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:50:17.0232 3668 usbprint - ok
21:50:17.0282 3668 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:50:17.0282 3668 usbscan - ok
21:50:17.0322 3668 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:50:17.0322 3668 USBSTOR - ok
21:50:17.0372 3668 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
21:50:17.0372 3668 usbuhci - ok
21:50:17.0412 3668 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
21:50:17.0412 3668 usbvideo - ok
21:50:17.0452 3668 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:50:17.0452 3668 UxSms - ok
21:50:17.0492 3668 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:50:17.0492 3668 VaultSvc - ok
21:50:17.0552 3668 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
21:50:17.0552 3668 VClone - ok
21:50:17.0582 3668 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:50:17.0582 3668 vdrvroot - ok
21:50:17.0642 3668 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:50:17.0652 3668 vds - ok
21:50:17.0702 3668 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:50:17.0702 3668 vga - ok
21:50:17.0732 3668 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:50:17.0742 3668 VgaSave - ok
21:50:17.0772 3668 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:50:17.0772 3668 vhdmp - ok
21:50:17.0792 3668 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:50:17.0792 3668 viaide - ok
21:50:17.0842 3668 vjtvpuqv (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\vjtvpuqv.sys
21:50:17.0842 3668 vjtvpuqv - ok
21:50:17.0892 3668 vlhhhfxb (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\vlhhhfxb.sys
21:50:17.0902 3668 vlhhhfxb - ok
21:50:17.0942 3668 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:50:17.0942 3668 volmgr - ok
21:50:17.0992 3668 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:50:17.0992 3668 volmgrx - ok
21:50:18.0052 3668 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:50:18.0052 3668 volsnap - ok
21:50:18.0102 3668 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:50:18.0102 3668 vsmraid - ok
21:50:18.0172 3668 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:50:18.0202 3668 VSS - ok
21:50:18.0302 3668 vucnbvrj (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\vucnbvrj.sys
21:50:18.0312 3668 vucnbvrj - ok
21:50:18.0352 3668 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:50:18.0352 3668 vwifibus - ok
21:50:18.0372 3668 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:50:18.0372 3668 vwififlt - ok
21:50:18.0402 3668 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:50:18.0402 3668 vwifimp - ok
21:50:18.0452 3668 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:50:18.0452 3668 W32Time - ok
21:50:18.0512 3668 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:50:18.0512 3668 WacomPen - ok
21:50:18.0562 3668 waisfdvq (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\waisfdvq.sys
21:50:18.0562 3668 waisfdvq - ok
21:50:18.0612 3668 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:50:18.0612 3668 WANARP - ok
21:50:18.0622 3668 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:50:18.0622 3668 Wanarpv6 - ok
21:50:18.0662 3668 wanatw (eceb715bece47e101ddec06b11126066) C:\Windows\system32\DRIVERS\wanatw64.sys
21:50:18.0662 3668 wanatw - ok
21:50:18.0722 3668 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:50:18.0773 3668 WatAdminSvc - ok
21:50:18.0883 3668 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:50:18.0933 3668 wbengine - ok
21:50:18.0973 3668 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:50:18.0983 3668 WbioSrvc - ok
21:50:19.0023 3668 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:50:19.0023 3668 wcncsvc - ok
21:50:19.0063 3668 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:50:19.0063 3668 WcsPlugInService - ok
21:50:19.0113 3668 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:50:19.0113 3668 Wd - ok
21:50:19.0163 3668 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
21:50:19.0163 3668 WDC_SAM - ok
21:50:19.0193 3668 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:50:19.0203 3668 Wdf01000 - ok
21:50:19.0293 3668 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:50:19.0293 3668 WdiServiceHost - ok
21:50:19.0303 3668 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:50:19.0313 3668 WdiSystemHost - ok
21:50:19.0373 3668 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:50:19.0373 3668 WebClient - ok
21:50:19.0393 3668 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:50:19.0403 3668 Wecsvc - ok
21:50:19.0433 3668 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:50:19.0433 3668 wercplsupport - ok
21:50:19.0483 3668 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:50:19.0493 3668 WerSvc - ok
21:50:19.0543 3668 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:50:19.0543 3668 WfpLwf - ok
21:50:19.0573 3668 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:50:19.0573 3668 WIMMount - ok
21:50:19.0623 3668 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
21:50:19.0633 3668 winachsf - ok
21:50:19.0653 3668 WinHttpAutoProxySvc - ok
21:50:19.0723 3668 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:50:19.0733 3668 Winmgmt - ok
21:50:19.0813 3668 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:50:19.0873 3668 WinRM - ok
21:50:19.0993 3668 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:50:19.0993 3668 WinUsb - ok
21:50:20.0043 3668 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:50:20.0053 3668 Wlansvc - ok
21:50:20.0193 3668 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:50:20.0243 3668 wlidsvc - ok
21:50:20.0343 3668 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:50:20.0343 3668 WmiAcpi - ok
21:50:20.0413 3668 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:50:20.0413 3668 wmiApSrv - ok
21:50:20.0483 3668 WMPNetworkSvc - ok
21:50:20.0573 3668 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:50:20.0573 3668 WPCSvc - ok
21:50:20.0623 3668 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:50:20.0623 3668 WPDBusEnum - ok
21:50:20.0663 3668 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:50:20.0663 3668 ws2ifsl - ok
21:50:20.0703 3668 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
21:50:20.0703 3668 WSDPrintDevice - ok
21:50:20.0713 3668 WSearch - ok
21:50:20.0803 3668 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:50:20.0863 3668 wuauserv - ok
21:50:20.0923 3668 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:50:20.0923 3668 WudfPf - ok
21:50:20.0953 3668 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:50:20.0953 3668 WUDFRd - ok
21:50:20.0993 3668 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:50:20.0993 3668 wudfsvc - ok
21:50:21.0033 3668 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:50:21.0043 3668 WwanSvc - ok
21:50:21.0083 3668 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
21:50:21.0083 3668 XAudio - ok
21:50:21.0143 3668 xpihkrvj (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\xpihkrvj.sys
21:50:21.0143 3668 xpihkrvj - ok
21:50:21.0203 3668 xzdxuqxm (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\xzdxuqxm.sys
21:50:21.0203 3668 xzdxuqxm - ok
21:50:21.0243 3668 zwcuxxjq (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\zwcuxxjq.sys
21:50:21.0253 3668 zwcuxxjq - ok
21:50:21.0313 3668 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:50:21.0443 3668 \Device\Harddisk0\DR0 - ok
21:50:21.0483 3668 Boot (0x1200) (71f27742d6597012d690bbe683a01894) \Device\Harddisk0\DR0\Partition0
21:50:21.0483 3668 \Device\Harddisk0\DR0\Partition0 - ok
21:50:21.0483 3668 ============================================================
21:50:21.0483 3668 Scan finished
21:50:21.0483 3668 ============================================================
21:50:21.0493 1076 Detected object count: 0
21:50:21.0493 1076 Actual detected object count: 0
21:50:32.0145 3168 Deinitialize success



Attached Files

  • Attached File  MBR.zip   580bytes   0 downloads


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:53 PM

Posted 08 April 2012 - 08:08 AM

Hi,

Please do the following

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 Carahandoccå

Carahandoccå
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 08 April 2012 - 08:09 PM

Hi again,

I ran ComboFix and here s the log:

ComboFix 12-04-08.01 - Joshua 04/08/2012 17:33:23.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4026.2668 [GMT -7:00]
Running from: c:\users\Joshua\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setup.dll
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.exe
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.ico
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\System64
.
---- Previous Run -------
.
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setup.dll
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.dat
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.exe
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.ico
c:\users\Joshua\Documents\~ytB0E5.tmp
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))
.
.
2012-04-09 00:30 . 2012-04-09 00:30 709968 ----a-w- c:\windows\is-G4QS8.exe
2012-04-08 05:03 . 2012-04-08 05:03 -------- d-----w- c:\users\Joshua\AppData\Local\WinZip
2012-04-08 05:02 . 2012-04-08 05:03 -------- d-----w- c:\programdata\WinZip
2012-04-06 08:53 . 2012-04-06 08:53 -------- d--h--w- c:\programdata\Common Files
2012-04-06 08:51 . 2012-04-07 07:46 -------- d-----w- c:\programdata\AVG2012
2012-04-06 08:51 . 2012-04-06 08:51 -------- d-----w- C:\$AVG
2012-04-06 08:50 . 2012-04-07 07:15 -------- d-----w- c:\program files (x86)\AVG
2012-04-06 08:36 . 2012-04-07 07:46 -------- d-----w- c:\programdata\MFAData
2012-04-04 04:31 . 2012-04-09 00:26 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-04 04:31 . 2012-04-09 00:25 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-04-04 04:26 . 2011-04-06 00:35 94296 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-04-04 04:26 . 2011-04-06 00:35 60504 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-04-04 04:26 . 2011-04-06 00:35 253528 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-04-04 04:26 . 2011-02-08 16:14 84568 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-04-04 01:20 . 2008-04-17 20:12 126312 ----a-r- c:\windows\system32\GEARAspi64.dll
2012-04-04 01:20 . 2008-04-17 20:12 107368 ----a-r- c:\windows\SysWow64\GEARAspi.dll
2012-04-04 01:20 . 2009-05-18 21:17 34152 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-04-03 22:37 . 2012-04-03 22:38 -------- d-----w- c:\program files (x86)\GUM3285.tmp
2012-04-01 04:36 . 2012-04-01 04:36 8738464 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-31 20:07 . 2012-04-01 04:09 -------- d-----w- C:\MGtools
2012-03-31 10:54 . 2012-03-31 10:54 -------- d-----w- c:\users\Joshua\AppData\Roaming\Malwarebytes
2012-03-31 10:54 . 2012-04-07 09:46 -------- d-----w- c:\programdata\Malwarebytes
2012-03-31 10:53 . 2012-04-09 00:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-31 10:22 . 2012-04-09 00:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-31 10:03 . 2012-04-01 04:09 -------- d-----w- c:\program files (x86)\YouTube Downloader Toolbar
2012-03-31 10:03 . 2012-03-31 10:03 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2012-03-31 07:39 . 2012-04-01 04:36 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-28 02:20 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CF7CEE6A-580F-43A6-9A1F-E6FDCA0CF623}\mpengine.dll
2012-03-27 04:43 . 2012-04-07 07:27 -------- d-----w- c:\windows\SysWow64\Adobe
2012-03-23 06:55 . 2012-04-02 08:23 -------- d-----w- c:\programdata\TamoSoft
2012-03-23 06:41 . 2012-04-02 08:25 -------- d-----w- c:\program files (x86)\CommViewWiFi
2012-03-23 06:12 . 2010-10-08 21:24 1206248 ----a-w- c:\windows\system32\drivers\ts_arusbx.sys
2012-03-22 11:08 . 2012-03-31 08:18 -------- d-----w- c:\program files (x86)\Kismet
2012-03-22 11:07 . 2012-03-22 11:07 -------- d-----w- c:\program files (x86)\CACE Technologies
2012-03-21 20:48 . 2012-03-21 20:49 -------- d-----w- c:\program files (x86)\GUMC368.tmp
2012-03-21 10:08 . 2012-03-21 10:09 -------- d-----w- c:\program files (x86)\GUME241.tmp
2012-03-14 10:06 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 10:06 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 10:06 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 04:59 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 04:59 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 04:59 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 04:54 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 04:54 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 04:54 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 04:54 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 04:54 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 04:54 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 04:54 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-05 07:46 . 2012-01-14 17:38 925184 ----a-w- c:\windows\expstart.exe
2012-04-01 04:36 . 2011-06-17 01:12 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-31 20:22 . 2012-03-31 20:07 454935 ----a-w- C:\MGlogs.zip
2012-02-23 21:24 . 2011-08-17 15:43 24408 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-02-20 04:39 . 2010-05-29 22:41 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-17 22:25 . 2012-02-17 22:25 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-31 12:44 . 2010-05-29 20:48 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-22 00:00 . 2012-01-22 00:00 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-01-22 00:00 . 2012-01-22 00:00 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-22 00:00 . 2012-01-22 00:00 459232 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-22 00:00 . 2012-01-22 00:00 395776 ----a-w- c:\windows\system32\webio.dll
2012-01-22 00:00 . 2012-01-22 00:00 31232 ----a-w- c:\windows\system32\lsass.exe
2012-01-22 00:00 . 2012-01-22 00:00 29184 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-22 00:00 . 2012-01-22 00:00 28160 ----a-w- c:\windows\system32\secur32.dll
2012-01-22 00:00 . 2012-01-22 00:00 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-01-22 00:00 . 2012-01-22 00:00 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-22 00:00 . 2012-01-22 00:00 136192 ----a-w- c:\windows\system32\sspicli.dll
2012-01-22 00:00 . 2012-01-22 00:00 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-22 00:00 . 2012-01-22 00:00 340992 ----a-w- c:\windows\system32\schannel.dll
2012-01-22 00:00 . 2012-01-22 00:00 314880 ----a-w- c:\windows\SysWow64\webio.dll
2012-01-22 00:00 . 2012-01-22 00:00 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2012-01-12 16:08 . 2009-10-16 19:03 26728 ----a-w- c:\windows\system32\drivers\TsLwWfF.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Joshua\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Joshua\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Joshua\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Joshua\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-07 574296]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-12-03 296056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-17 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0SBBD.exe /d \Device\HarddiskVolume1\Program Files (x86)\Ad-Aware Antivirus\Engine\Definitions\0SBBD.exe /d \Device\HarddiskVolume1\Program Files (x86)\Ad-Aware Antivirus\Engine\Definitions
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200404]
Ime File REG_SZ Q9W7B5.IME
.
R1 qgaqpifj;qgaqpifj;c:\windows\system32\drivers\qgaqpifj.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-28 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600]
R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 DlinkUDSTcpBus;DlinkUDSTcpBus;SysWOW64\Drivers\DlinkUDSTcpBus.sys [x]
R3 dump_wmimmc;dump_wmimmc; [x]
R3 EagleX64;EagleX64; [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-28 135664]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 npggsvc;nProtect GameGuard Service; [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 ts_arusb;[CommView] Atheros Wireless Network Adapter Service;c:\windows\system32\DRIVERS\ts_arusbx.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-15 913752]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-09-24 62720]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 DlinkUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;SysWOW64\Drivers\DlinkUDSMBus.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 04:36]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-28 01:22]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-28 01:22]
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2466065531-2552485571-3294532832-1000Core.job
- c:\users\Joshua\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-03 22:37]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2466065531-2552485571-3294532832-1000UA.job
- c:\users\Joshua\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-03 22:37]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Joshua\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Joshua\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Joshua\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Joshua\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF12297.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
bglivesvc
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273605104535l03h4z1h5a4842v24p
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
LSP: mswsock.dll
TCP: DhcpNameServer = 172.16.2.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Notify-igfxcui - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,61,02,57,9b,35,21,d2,43,83,a1,e2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,61,02,57,9b,35,21,d2,43,83,a1,e2,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-04-08 18:02:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-09 01:02
.
Pre-Run: 374,066,704,384 bytes free
Post-Run: 373,313,339,392 bytes free
.
- - End Of File - - AB7D826BDDFF488D4EAD16D704853CC4




Thank you for your time!

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:53 PM

Posted 08 April 2012 - 08:44 PM

Hi,

the infection still appears to be active, we need to get a look outside of the Windows environment,

please do the following:

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 Carahandoccå

Carahandoccå
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 08 April 2012 - 10:11 PM

Hi!


Just wondering, should I just completely disable Microsoft Security Essential for now? Cause it has been running and "protecting" so to say, but also scanning and deleting files on its own I think, which seems to have caused my laptop the need of running through recovery to get back into Windows everytime I restart...


Anyways, Here's the log from FRST:

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 08-04-2012 19:40:24
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============



HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436736 2011-06-15] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [296056 2011-12-02] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)

#9 Carahandoccå

Carahandoccå
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 08 April 2012 - 10:15 PM

Hi again, Happy Easter!!

Um just wonder, should I delete Microsoft Security Essentials for now? It has been scanning and "protecting" my laptop on it own, but also attempts to delete any detected viruses, which seems to have cause me the need go into recovery everytime I reboot... :/


Anyways, here is the FRST log:
Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 08-04-2012 19:40:24
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436736 2011-06-15] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [296056 2011-12-02] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKU\Guest\...\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US [4321112 2012-02-29] (AOL Inc.)
HKU\Joshua\...\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [574296 2012-03-06] (IObit)
HKU\Joshua\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
Tcpip\Parameters: [DhcpNameServer] 172.16.2.1
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253600 2012-03-31] (Adobe Systems Incorporated)
2 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [913752 2012-03-14] (IObit)
3 Amazon Download Agent; C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com)
3 AOL ACS; "C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe" [46640 2006-10-23] (AOL LLC)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [206072 2010-10-12] (WildTangent, Inc.)
3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-03] (Macrovision Corporation)
2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [62720 2009-09-24] (NewTech Infosystems, Inc.)
2 TeamViewer7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [3027840 2012-01-19] (TeamViewer GmbH)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
4 NetMsmqActivator; "c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [x]
4 NetPipeActivator; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpActivator; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpPortSharing; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============

2 adfs; C:\Windows\System32\Drivers\adfs.sys [88632 2008-06-27] (Adobe Systems, Inc.)
2 adfs; C:\Windows\SysWow64\Drivers\adfs.sys [74720 2008-08-14] (Adobe Systems, Inc.)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2009-12-18] ()
3 DlinkUDSMBus; C:\Windows\SysWow64\Drivers\DlinkUDSMBus.sys [66656 2010-04-06] (Windows ® Codename Longhorn DDK provider)
3 DlinkUDSTcpBus; C:\Windows\SysWow64\Drivers\DlinkUDSTcpBus.sys [85600 2010-04-06] (Windows ® Codename Longhorn DDK provider)
1 lijvcouc; C:\Windows\System32\Drivers\lijvcouc.sys [50000 2012-04-08] (Microsoft Corporation)
3 mcdbus; C:\Windows\System32\Drivers\mcdbus.sys [255552 2009-02-24] (MagicISO, Inc.)
3 NETwNs64; C:\Windows\System32\Drivers\NETwNs64.sys [8080384 2011-01-19] (Intel Corporation)
3 NTIDrvr; C:\Windows\System32\Drivers\NTIDrvr.sys [18432 2009-05-05] (NewTech Infosystems, Inc.)
3 pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [19936 2010-08-15] ()
3 pwdspio; \??\C:\Windows\system32\pwdspio.sys [13280 2010-08-15] ()
1 SbFw; C:\Windows\System32\Drivers\SbFw.sys [253528 2011-04-05] (Sunbelt Software, Inc.)
3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
3 sbhips; C:\Windows\System32\Drivers\sbhips.sys [60504 2011-04-05] (Sunbelt Software, Inc.)
1 SbTis; C:\Windows\System32\Drivers\SbTis.sys [94296 2011-04-05] (Sunbelt Software, Inc.)
3 StillCam; C:\Windows\System32\DRIVERS\serscan.sys [12288 2009-07-13] (Microsoft Corporation)
3 ts_arusb; C:\Windows\System32\DRIVERS\ts_arusbx.sys [1206248 2010-10-08] (TamoSoft)
3 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [16896 2009-05-05] (NewTech Infosystems Corporation)
1 ugumdetv; C:\Windows\System32\Drivers\ugumdetv.sys [50000 2012-04-08] (Microsoft Corporation)
3 wanatw; C:\Windows\System32\DRIVERS\wanatw64.sys [24064 2006-11-29] (America Online, Inc.)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 dump_wmimmc; [x]
3 EagleX64; [x]
3 npggsvc; [x]
3 NPPTNT2; [x]
1 qgaqpifj; \??\C:\Windows\system32\drivers\qgaqpifj.sys [x]
1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-08 18:35 - 2012-04-08 18:35 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ugumdetv.sys
2012-04-08 18:34 - 2012-04-08 18:36 - 1385843 ____A C:\Users\Joshua\Downloads\FRST64.exe
2012-04-08 18:25 - 2012-04-08 18:25 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\lijvcouc.sys
2012-04-08 18:10 - 2012-04-08 18:14 - 6409495 ____A C:\Users\Joshua\Desktop\To Show You My Love w_ Lyrics.flv
2012-04-08 17:08 - 2012-04-08 17:08 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-04-08 17:07 - 2012-04-08 17:08 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-04-08 17:02 - 2012-04-08 17:02 - 0025559 ____A C:\ComboFix.txt
2012-04-08 16:49 - 2012-04-08 16:49 - 0000000 ____D C:\$RECYCLE.BIN
2012-04-08 16:32 - 2012-04-08 17:02 - 0000000 ____D C:\ComboFix
2012-04-08 16:32 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-04-08 16:32 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-04-08 16:32 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-04-08 16:32 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-04-08 16:32 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-04-08 16:32 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-04-08 16:32 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-04-08 16:32 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-04-08 16:30 - 2012-04-08 16:30 - 0709968 ____A C:\Windows\is-G4QS8.exe
2012-04-08 16:30 - 2012-04-08 16:30 - 0010498 ____A C:\Windows\is-G4QS8.msg
2012-04-08 16:30 - 2012-04-08 16:30 - 0000441 ____A C:\Windows\is-G4QS8.lst
2012-04-08 16:07 - 2012-04-08 16:14 - 75104850 ____A C:\Users\Joshua\Desktop\Rufus Wainwright, Helena Bonham Carter - Out Of The Game.mp4
2012-04-08 16:03 - 2012-04-08 16:04 - 4452952 ____R (Swearware) C:\Users\Joshua\Desktop\ComboFix.exe
2012-04-08 16:00 - 2012-04-08 16:06 - 75104850 ____A C:\Users\Joshua\Desktop\~ytB79B.tmp
2012-04-07 21:03 - 2012-04-07 21:03 - 0000000 ____D C:\Users\Joshua\AppData\Local\WinZip
2012-04-07 21:02 - 2012-04-07 23:15 - 0000000 ____D C:\Program Files\WinZip
2012-04-07 21:02 - 2012-04-07 21:03 - 0000000 ____D C:\Users\All Users\WinZip
2012-04-07 21:02 - 2012-04-07 21:03 - 0000000 ____D C:\ProgramData\WinZip
2012-04-07 20:51 - 2012-04-07 20:50 - 0142438 ____A C:\Users\Joshua\Desktop\TDSSKiller.2.7.26.0_07.04.2012_21.49.19_log.txt
2012-04-07 20:49 - 2012-04-07 20:50 - 0142438 ____A C:\TDSSKiller.2.7.26.0_07.04.2012_21.49.19_log.txt
2012-04-07 20:49 - 2011-01-01 00:14 - 0002254 ____A C:\Users\Joshua\Desktop\eula.txt
2012-04-07 20:48 - 2012-04-07 20:48 - 0001857 ____A C:\Users\Joshua\Desktop\aswMBR.txt
2012-04-07 20:48 - 2012-04-07 20:48 - 0000512 ____A C:\Users\Joshua\Desktop\MBR.dat
2012-04-07 04:59 - 2012-04-07 04:59 - 0016194 ____A C:\Users\Joshua\Desktop\Relation of Life Experience and an Ethics.docx
2012-04-07 04:17 - 2012-04-07 04:22 - 15814192 ____A C:\Users\Joshua\Desktop\Cinematic Orchestra - To Build A Home.flv
2012-04-07 04:02 - 2012-04-07 04:02 - 0122965 ____A C:\Users\Joshua\Desktop\Description.pdf
2012-04-07 03:28 - 2012-04-07 03:28 - 0005614 ____A C:\Users\Joshua\Desktop\Attach.rar
2012-04-07 02:59 - 2012-04-07 02:59 - 0028001 ____A C:\Users\Joshua\Desktop\Attach.txt
2012-04-07 02:59 - 2012-04-07 02:59 - 0023611 ____A C:\Users\Joshua\Desktop\DDS.txt
2012-04-07 02:55 - 2012-04-07 02:55 - 0000474 ____A C:\Users\Joshua\Desktop\defogger_disable.log
2012-04-07 02:55 - 2012-04-07 02:55 - 0000000 ____A C:\Users\Joshua\defogger_reenable
2012-04-07 02:06 - 2012-04-07 02:06 - 0000000 ____D C:\Users\Joshua\Documents\Intelli-studio
2012-04-06 23:52 - 2012-04-06 23:53 - 0000524 ____A C:\Users\Joshua\Desktop\Sirefef Alureon Del Direction.txt
2012-04-06 20:20 - 2012-04-06 20:20 - 0017446 ____A C:\Users\Joshua\AppData\Local\dt.dat
2012-04-06 14:47 - 2012-04-07 04:02 - 0015356 ____A C:\Users\Joshua\Desktop\Description.docx
2012-04-06 00:51 - 2012-04-06 23:46 - 0000000 ____D C:\Users\All Users\AVG2012
2012-04-06 00:51 - 2012-04-06 23:46 - 0000000 ____D C:\ProgramData\AVG2012
2012-04-06 00:51 - 2012-04-06 00:51 - 0000000 ____D C:\$AVG
2012-04-06 00:50 - 2012-04-06 23:15 - 0000000 ____D C:\Program Files (x86)\AVG
2012-04-06 00:45 - 2012-04-08 17:10 - 0001945 ____A C:\Windows\epplauncher.mif
2012-04-06 00:38 - 2012-04-06 00:38 - 0071398 ____A (jpshortstuff) C:\Users\Joshua\Downloads\GooredFix.exe
2012-04-06 00:36 - 2012-04-06 23:46 - 0000000 ____D C:\Users\All Users\MFAData
2012-04-06 00:36 - 2012-04-06 23:46 - 0000000 ____D C:\ProgramData\MFAData
2012-04-05 19:15 - 2012-04-08 18:32 - 0000672 ____A C:\Windows\setupact.log
2012-04-05 19:15 - 2012-04-08 16:48 - 0004686 ____A C:\Windows\PFRO.log
2012-04-05 19:15 - 2012-04-05 19:15 - 0000000 ____A C:\Windows\setuperr.log
2012-04-03 21:12 - 2012-04-03 21:13 - 0000104 ____A C:\Windows\System32\SBRC.dat
2012-04-03 20:54 - 2012-04-03 20:54 - 0000537 ____A C:\Windows\wininit.ini
2012-04-03 20:31 - 2012-04-08 16:26 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-04-03 20:31 - 2012-04-08 16:26 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-04-03 20:31 - 2012-04-08 16:25 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-04-03 20:26 - 2011-04-05 16:35 - 0253528 ____A (Sunbelt Software, Inc.) C:\Windows\System32\Drivers\SbFw.sys
2012-04-03 20:26 - 2011-04-05 16:35 - 0094296 ____A (Sunbelt Software, Inc.) C:\Windows\System32\Drivers\sbtis.sys
2012-04-03 20:26 - 2011-04-05 16:35 - 0060504 ____A (Sunbelt Software, Inc.) C:\Windows\System32\Drivers\sbhips.sys
2012-04-03 20:26 - 2011-02-08 08:14 - 0084568 ____A (Sunbelt Software, Inc.) C:\Windows\System32\Drivers\SbFwIm.sys
2012-04-03 17:20 - 2009-05-18 13:17 - 0034152 ___RA (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-04-03 17:20 - 2008-04-17 12:12 - 0126312 ___RA (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
2012-04-03 17:20 - 2008-04-17 12:12 - 0107368 ___RA (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2012-04-03 14:37 - 2012-04-08 17:42 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2466065531-2552485571-3294532832-1000UA.job
2012-04-03 14:37 - 2012-04-05 14:42 - 0000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2466065531-2552485571-3294532832-1000Core.job
2012-04-03 14:37 - 2012-04-03 14:38 - 0000000 ____D C:\Program Files (x86)\GUM3285.tmp
2012-03-31 20:36 - 2012-03-31 20:36 - 8738464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-03-31 12:07 - 2012-03-31 20:09 - 0000000 ____D C:\MGtools
2012-03-31 12:07 - 2012-03-31 12:22 - 0454935 ____A C:\MGlogs.zip
2012-03-31 03:21 - 2012-03-31 03:21 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-03-31 03:21 - 2012-03-31 03:21 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-03-31 03:21 - 2012-03-31 03:21 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-03-31 03:21 - 2012-03-31 03:21 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-03-31 03:20 - 2012-03-31 03:20 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-03-31 03:20 - 2012-03-31 03:20 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-03-31 03:20 - 2012-03-31 03:20 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-03-31 03:20 - 2012-03-31 03:20 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-03-31 03:20 - 2012-03-31 03:20 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-03-31 03:20 - 2012-03-31 03:20 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-03-31 03:02 - 2012-04-08 17:02 - 0000000 ____D C:\Qoobox
2012-03-31 03:02 - 2012-04-08 16:58 - 0000000 ____D C:\Windows\ERDNT
2012-03-31 02:54 - 2012-04-07 01:46 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-03-31 02:54 - 2012-04-07 01:46 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-03-31 02:54 - 2012-03-31 02:54 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\Malwarebytes
2012-03-31 02:53 - 2012-04-08 16:48 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-31 02:22 - 2012-04-08 16:23 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-03-31 02:05 - 2012-03-31 02:09 - 0133220 ____A C:\TDSSKiller.2.7.23.0_31.03.2012_03.05.34_log.txt
2012-03-31 02:03 - 2012-03-31 20:09 - 0000000 ____D C:\Program Files (x86)\YouTube Downloader Toolbar
2012-03-31 01:57 - 2012-03-31 01:59 - 0133084 ____A C:\TDSSKiller.2.7.23.0_31.03.2012_02.57.57_log.txt
2012-03-31 01:28 - 2012-03-31 01:36 - 0129854 ____A C:\TDSSKiller.2.7.23.0_31.03.2012_02.28.35_log.txt
2012-03-31 01:23 - 2012-03-31 01:24 - 0133496 ____A C:\TDSSKiller.2.7.23.0_31.03.2012_02.23.34_log.txt
2012-03-31 01:21 - 2012-03-31 01:23 - 0137084 ____A C:\TDSSKiller.2.7.23.0_31.03.2012_02.21.55_log.txt
2012-03-31 01:07 - 2012-03-31 01:09 - 0130772 ____A C:\TDSSKiller.2.7.23.0_31.03.2012_02.07.31_log.txt
2012-03-30 23:39 - 2012-04-08 18:32 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-03-30 23:39 - 2012-03-31 20:36 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-03-28 03:30 - 2012-03-28 03:30 - 1121393 ____A C:\Users\Joshua\Downloads\3D Essay.docx
2012-03-28 02:51 - 2012-03-28 02:51 - 0961840 ____H C:\Users\Joshua\Desktop\~WRL2604.tmp
2012-03-28 02:51 - 2012-03-28 02:51 - 0000162 ___AH C:\Users\Joshua\Desktop\~$ Essay.docx
2012-03-26 20:43 - 2012-04-06 23:27 - 0000000 ____D C:\Windows\SysWOW64\Adobe
2012-03-26 20:11 - 2012-03-26 20:14 - 16334848 ____A C:\Users\Joshua\Downloads\python-2.7.2.amd64.msi
2012-03-24 16:34 - 2012-03-24 16:34 - 0000000 ____D C:\Users\Joshua\AppData\Local\{8E7A66C0-D503-4C77-A4C4-444C8A3A19B0}
2012-03-23 11:42 - 2012-03-23 11:42 - 0000162 ___AH C:\Users\Joshua\Desktop\~$e Differences between Ethics and Morality.docx
2012-03-22 22:55 - 2012-04-02 00:23 - 0000000 ____D C:\Users\All Users\TamoSoft
2012-03-22 22:55 - 2012-04-02 00:23 - 0000000 ____D C:\ProgramData\TamoSoft
2012-03-22 22:41 - 2012-04-02 00:25 - 0000000 ____D C:\Program Files (x86)\CommViewWiFi
2012-03-22 22:40 - 2012-04-06 23:46 - 0000000 ____D C:\Users\Joshua\Downloads\ca6
2012-03-22 22:12 - 2010-10-08 13:24 - 1206248 ____A (TamoSoft) C:\Windows\System32\Drivers\ts_arusbx.sys
2012-03-22 03:08 - 2012-03-31 00:18 - 0000000 ____D C:\Program Files (x86)\Kismet
2012-03-22 03:07 - 2012-03-22 03:07 - 0000000 ____D C:\Program Files (x86)\CACE Technologies
2012-03-22 02:49 - 2012-04-06 23:46 - 0000000 ____D C:\Users\Joshua\Downloads\aircrack-ng-1.1-win
2012-03-21 12:48 - 2012-03-21 12:49 - 0000000 ____D C:\Program Files (x86)\GUMC368.tmp
2012-03-21 02:08 - 2012-03-21 02:09 - 0000000 ____D C:\Program Files (x86)\GUME241.tmp
2012-03-14 02:06 - 2011-11-19 07:20 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-14 02:06 - 2011-11-19 06:50 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-14 02:06 - 2011-11-19 06:50 - 3913584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-13 20:59 - 2012-02-09 22:36 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-13 20:59 - 2012-02-09 21:38 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-13 20:59 - 2012-02-02 20:34 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-13 20:54 - 2012-02-16 22:38 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-13 20:54 - 2012-02-16 21:34 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-13 20:54 - 2012-02-16 20:58 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-13 20:54 - 2012-02-16 20:57 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-13 20:54 - 2012-01-24 22:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-13 20:54 - 2012-01-24 22:38 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-13 20:54 - 2012-01-24 22:33 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-03-09 07:22 - 2012-03-09 07:22 - 0000000 ____D C:\Users\Joshua\AppData\Local\{1E54CF58-9B94-4DAA-9896-DC8AC85092F6}
2012-03-09 07:21 - 2012-03-09 07:22 - 0000000 ____D C:\Users\Joshua\AppData\Local\{0D5C667B-3F44-42DA-8CC4-2FB1378521C2}
2012-03-09 04:39 - 2011-09-16 18:00 - 11137024 ____A (Intel Corporation) C:\Windows\SysWOW64\libmfxsw32.dll


============ 3 Months Modified Files and Folders =============



2012-04-08 19:40 - 2012-04-08 19:40 - 0000000 ____D C:\FRST
2012-04-08 18:38 - 2010-05-29 06:04 - 1133802 ____A C:\Windows\WindowsUpdate.log
2012-04-08 18:36 - 2012-04-08 18:34 - 1385843 ____A C:\Users\Joshua\Downloads\FRST64.exe
2012-04-08 18:35 - 2012-04-08 18:35 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ugumdetv.sys
2012-04-08 18:32 - 2012-04-05 19:15 - 0000672 ____A C:\Windows\setupact.log
2012-04-08 18:32 - 2012-03-30 23:39 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-08 18:25 - 2012-04-08 18:25 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\lijvcouc.sys
2012-04-08 18:14 - 2012-04-08 18:10 - 6409495 ____A C:\Users\Joshua\Desktop\To Show You My Love w_ Lyrics.flv
2012-04-08 18:13 - 2010-07-27 17:22 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-08 17:42 - 2012-04-03 14:37 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2466065531-2552485571-3294532832-1000UA.job
2012-04-08 17:10 - 2012-04-06 00:45 - 0001945 ____A C:\Windows\epplauncher.mif
2012-04-08 17:08 - 2012-04-08 17:08 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-04-08 17:08 - 2012-04-08 17:07 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-04-08 17:08 - 2011-02-19 17:14 - 0800940 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-08 17:02 - 2012-04-08 17:02 - 0025559 ____A C:\ComboFix.txt
2012-04-08 17:02 - 2012-04-08 16:32 - 0000000 ____D C:\ComboFix
2012-04-08 17:02 - 2012-03-31 03:02 - 0000000 ____D C:\Qoobox
2012-04-08 17:02 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-04-08 16:58 - 2012-03-31 03:02 - 0000000 ____D C:\Windows\ERDNT
2012-04-08 16:58 - 2009-07-13 20:45 - 0009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-08 16:58 - 2009-07-13 20:45 - 0009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-08 16:49 - 2012-04-08 16:49 - 0000000 ____D C:\$RECYCLE.BIN
2012-04-08 16:49 - 2009-07-13 18:34 - 0000280 ____A C:\Windows\system.ini
2012-04-08 16:48 - 2012-04-05 19:15 - 0004686 ____A C:\Windows\PFRO.log
2012-04-08 16:48 - 2012-03-31 02:53 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-08 16:48 - 2010-07-27 17:22 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-08 16:48 - 2010-05-29 06:00 - 3166158848 __ASH C:\hiberfil.sys
2012-04-08 16:48 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-08 16:47 - 2009-07-13 18:34 - 83886080 ____A C:\Windows\System32\config\software.bak
2012-04-08 16:47 - 2009-07-13 18:34 - 5767168 ____A C:\Windows\System32\config\default.bak
2012-04-08 16:47 - 2009-07-13 18:34 - 22020096 ____A C:\Windows\System32\config\system.bak
2012-04-08 16:47 - 2009-07-13 18:34 - 0061440 ____A C:\Windows\System32\config\sam.bak
2012-04-08 16:47 - 2009-07-13 18:34 - 0032768 ____A C:\Windows\System32\config\security.bak
2012-04-08 16:42 - 2011-04-19 02:30 - 0000000 ____D C:\users\Guest
2012-04-08 16:41 - 2011-01-02 17:57 - 0000000 ____D C:\Users\All Users\Real
2012-04-08 16:41 - 2011-01-02 17:57 - 0000000 ____D C:\ProgramData\Real
2012-04-08 16:41 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-04-08 16:32 - 2010-05-29 13:15 - 0000000 ___RD C:\Users\Joshua\Desktop\Everything
2012-04-08 16:30 - 2012-04-08 16:30 - 0709968 ____A C:\Windows\is-G4QS8.exe
2012-04-08 16:30 - 2012-04-08 16:30 - 0010498 ____A C:\Windows\is-G4QS8.msg
2012-04-08 16:30 - 2012-04-08 16:30 - 0000441 ____A C:\Windows\is-G4QS8.lst
2012-04-08 16:26 - 2012-04-03 20:31 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-04-08 16:26 - 2012-04-03 20:31 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-04-08 16:25 - 2012-04-03 20:31 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-04-08 16:23 - 2012-03-31 02:22 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-04-08 16:23 - 2009-07-13 21:13 - 0783354 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-08 16:14 - 2012-04-08 16:07 - 75104850 ____A C:\Users\Joshua\Desktop\Rufus Wainwright, Helena Bonham Carter - Out Of The Game.mp4
2012-04-08 16:06 - 2012-04-08 16:00 - 75104850 ____A C:\Users\Joshua\Desktop\~ytB79B.tmp
2012-04-08 16:06 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\System32\GroupPolicy
2012-04-08 16:04 - 2012-04-08 16:03 - 4452952 ____R (Swearware) C:\Users\Joshua\Desktop\ComboFix.exe
2012-04-08 15:44 - 2010-05-29 12:28 - 0000000 ____D C:\users\Joshua
2012-04-08 15:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-07 23:15 - 2012-04-07 21:02 - 0000000 ____D C:\Program Files\WinZip
2012-04-07 23:15 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-04-07 21:03 - 2012-04-07 21:03 - 0000000 ____D C:\Users\Joshua\AppData\Local\WinZip
2012-04-07 21:03 - 2012-04-07 21:02 - 0000000 ____D C:\Users\All Users\WinZip
2012-04-07 21:03 - 2012-04-07 21:02 - 0000000 ____D C:\ProgramData\WinZip
2012-04-07 20:50 - 2012-04-07 20:51 - 0142438 ____A C:\Users\Joshua\Desktop\TDSSKiller.2.7.26.0_07.04.2012_21.49.19_log.txt
2012-04-07 20:50 - 2012-04-07 20:49 - 0142438 ____A C:\TDSSKiller.2.7.26.0_07.04.2012_21.49.19_log.txt
2012-04-07 20:48 - 2012-04-07 20:48 - 0001857 ____A C:\Users\Joshua\Desktop\aswMBR.txt
2012-04-07 20:48 - 2012-04-07 20:48 - 0000512 ____A C:\Users\Joshua\Desktop\MBR.dat
2012-04-07 04:59 - 2012-04-07 04:59 - 0016194 ____A C:\Users\Joshua\Desktop\Relation of Life Experience and an Ethics.docx
2012-04-07 04:22 - 2012-04-07 04:17 - 15814192 ____A C:\Users\Joshua\Desktop\Cinematic Orchestra - To Build A Home.flv
2012-04-07 04:02 - 2012-04-07 04:02 - 0122965 ____A C:\Users\Joshua\Desktop\Description.pdf
2012-04-07 04:02 - 2012-04-06 14:47 - 0015356 ____A C:\Users\Joshua\Desktop\Description.docx
2012-04-07 03:28 - 2012-04-07 03:28 - 0005614 ____A C:\Users\Joshua\Desktop\Attach.rar
2012-04-07 02:59 - 2012-04-07 02:59 - 0028001 ____A C:\Users\Joshua\Desktop\Attach.txt
2012-04-07 02:59 - 2012-04-07 02:59 - 0023611 ____A C:\Users\Joshua\Desktop\DDS.txt
2012-04-07 02:55 - 2012-04-07 02:55 - 0000474 ____A C:\Users\Joshua\Desktop\defogger_disable.log
2012-04-07 02:55 - 2012-04-07 02:55 - 0000000 ____A C:\Users\Joshua\defogger_reenable
2012-04-07 02:06 - 2012-04-07 02:06 - 0000000 ____D C:\Users\Joshua\Documents\Intelli-studio
2012-04-07 01:46 - 2012-03-31 02:54 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-07 01:46 - 2012-03-31 02:54 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-06 23:53 - 2012-04-06 23:52 - 0000524 ____A C:\Users\Joshua\Desktop\Sirefef Alureon Del Direction.txt
2012-04-06 23:51 - 2009-07-13 23:45 - 0000000 ____D C:\Program Files\Windows Journal
2012-04-06 23:51 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WinBioPlugIns
2012-04-06 23:51 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\addins
2012-04-06 23:51 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-04-06 23:51 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-04-06 23:51 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-04-06 23:51 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-04-06 23:51 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-04-06 23:51 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-04-06 23:51 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 __RSD C:\Windows\Media
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-TW
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-HK
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-CN
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\uk-UA
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\tr-TR
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\th-TH
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sv-SE
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sl-SI
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sk-SK
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ru-RU
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ro-RO
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pt-PT
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pt-BR
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pl-PL
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\oobe
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\nl-NL
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\nb-NO
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\lv-LV
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\lt-LT
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ko-KR
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ja-JP
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\it-IT
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\InstallShield
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\icsxml
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\hu-HU
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\hr-HR
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\he-IL
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\fr-FR
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\fi-FI
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\et-EE
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\el-GR
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\de-DE
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\com
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\bg-BG
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ar-SA
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-TW
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-HK
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-CN
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\uk-UA
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\tr-TR
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\th-TH
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sv-SE
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sr-Latn-CS
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sl-SI
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sk-SK
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Setup
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ru-RU
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ro-RO
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pt-PT
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pt-BR
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pl-PL
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\nl-NL
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\nb-NO
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\lv-LV
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\lt-LT
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ko-KR
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ja-JP
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\it-IT
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\icsxml
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\hu-HU
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\hr-HR
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\he-IL
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\fr-FR
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\fi-FI
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\et-EE
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\es-ES
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\el-GR
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\de-DE
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\da-DK
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\com
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\bg-BG
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ar-SA
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\L2Schemas
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\IME
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Cursors
2012-04-06 23:47 - 2009-11-02 18:33 - 0000000 ____D C:\Windows\SysWOW64\Drivers\nti
2012-04-06 23:47 - 2009-11-02 18:20 - 0000000 ____D C:\Windows\OOBEOffer
2012-04-06 23:47 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\winrm
2012-04-06 23:47 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\WCN
2012-04-06 23:47 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\slmgr
2012-04-06 23:47 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2012-04-06 23:47 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\winrm
2012-04-06 23:47 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\WCN
2012-04-06 23:47 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\slmgr
2012-04-06 23:47 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2012-04-06 23:47 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\Setup
2012-04-06 23:47 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Speech
2012-04-06 23:47 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Recovery
2012-04-06 23:47 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Msdtc
2012-04-06 23:47 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\IME
2012-04-06 23:47 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Speech
2012-04-06 23:47 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Msdtc
2012-04-06 23:47 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\IME
2012-04-06 23:47 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Speech
2012-04-06 23:47 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\schemas
2012-04-06 23:47 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Resources
2012-04-06 23:47 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PLA
2012-04-06 23:46 - 2012-04-06 00:51 - 0000000 ____D C:\Users\All Users\AVG2012
2012-04-06 23:46 - 2012-04-06 00:51 - 0000000 ____D C:\ProgramData\AVG2012
2012-04-06 23:46 - 2012-04-06 00:36 - 0000000 ____D C:\Users\All Users\MFAData
2012-04-06 23:46 - 2012-04-06 00:36 - 0000000 ____D C:\ProgramData\MFAData
2012-04-06 23:46 - 2012-03-22 22:40 - 0000000 ____D C:\Users\Joshua\Downloads\ca6
2012-04-06 23:46 - 2012-03-22 02:49 - 0000000 ____D C:\Users\Joshua\Downloads\aircrack-ng-1.1-win
2012-04-06 23:46 - 2012-03-06 18:28 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-04-06 23:46 - 2012-03-06 18:26 - 0000000 ____D C:\Program Files\Bonjour
2012-04-06 23:46 - 2011-03-20 20:43 - 0000000 ____D C:\Users\All Users\IObit
2012-04-06 23:46 - 2011-03-20 20:43 - 0000000 ____D C:\ProgramData\IObit
2012-04-06 23:46 - 2010-08-07 10:06 - 0000000 ____D C:\Program Files (x86)\Essentials Codec Pack
2012-04-06 23:46 - 2010-05-31 12:47 - 0000000 ____D C:\Program Files (x86)\WinRAR
2012-04-06 23:46 - 2009-11-02 18:31 - 0000000 ____D C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
2012-04-06 23:46 - 2009-11-02 18:20 - 0000000 ____D C:\Users\All Users\WildTangent
2012-04-06 23:46 - 2009-11-02 18:20 - 0000000 ____D C:\ProgramData\WildTangent
2012-04-06 23:46 - 2009-11-02 18:20 - 0000000 ____D C:\Program Files (x86)\Gateway Games
2012-04-06 23:46 - 2009-11-02 18:14 - 0000000 ____D C:\Program Files (x86)\Launch Manager
2012-04-06 23:46 - 2009-11-02 18:03 - 0000000 ____D C:\Windows\DeployWinRE
2012-04-06 23:46 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\MSBuild
2012-04-06 23:46 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Microsoft Games
2012-04-06 23:46 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\MSBuild
2012-04-06 23:46 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Branding
2012-04-06 23:46 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Windows NT
2012-04-06 23:46 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-04-06 23:46 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-04-06 23:46 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files (x86)\Windows NT
2012-04-06 23:45 - 2012-03-06 18:26 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-04-06 23:45 - 2010-11-07 22:08 - 0000000 ____D C:\Program Files (x86)\AIM
2012-04-06 23:30 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Web
2012-04-06 23:30 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Vss
2012-04-06 23:29 - 2010-11-12 15:29 - 0000000 ____D C:\Windows\SysWOW64\winsawup
2012-04-06 23:29 - 2010-05-29 06:04 - 0000000 ____D C:\Windows\SysWOW64\Lang
2012-04-06 23:29 - 2009-11-02 18:39 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-04-06 23:29 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2012-04-06 23:29 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\spp
2012-04-06 23:29 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\NetworkList
2012-04-06 23:29 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\MUI
2012-04-06 23:28 - 2010-10-12 20:42 - 0000000 ____D C:\Windows\SysWOW64\directx
2012-04-06 23:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-04-06 23:27 - 2012-03-26 20:43 - 0000000 ____D C:\Windows\SysWOW64\Adobe
2012-04-06 23:27 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WindowsPowerShell
2012-04-06 23:26 - 2011-06-08 14:55 - 0000000 ____D C:\Windows\System32\SPReview
2012-04-06 23:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spp
2012-04-06 23:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spool
2012-04-06 23:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\SMI
2012-04-06 23:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NetworkList
2012-04-06 23:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\MUI
2012-04-06 23:25 - 2011-10-25 20:29 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-06 23:25 - 2011-06-08 14:54 - 0000000 ____D C:\Windows\System32\EventProviders
2012-04-06 23:21 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\ServiceProfiles
2012-04-06 23:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\security
2012-04-06 23:20 - 2009-11-02 18:33 - 0000000 ____D C:\Windows\oem
2012-04-06 23:20 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Performance
2012-04-06 23:20 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-04-06 23:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Help
2012-04-06 23:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Globalization
2012-04-06 23:18 - 2012-02-08 03:10 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\Dropbox
2012-04-06 23:18 - 2011-11-22 18:46 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\q9
2012-04-06 23:18 - 2011-05-20 14:03 - 0000000 ____D C:\Users\Joshua\AppData\Local\Sony
2012-04-06 23:18 - 2011-03-12 21:48 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\U3
2012-04-06 23:18 - 2011-02-24 10:10 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\IObit
2012-04-06 23:18 - 2011-02-23 21:02 - 0000000 ____D C:\Users\Joshua\Documents\My Games
2012-04-06 23:18 - 2011-02-23 19:27 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\GameRanger
2012-04-06 23:18 - 2011-02-19 22:57 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\TeamViewer
2012-04-06 23:18 - 2011-02-19 17:15 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\Kalypso Media
2012-04-06 23:18 - 2010-12-28 02:22 - 0000000 ____D C:\Users\Public\CyberLink
2012-04-06 23:18 - 2010-12-06 02:06 - 0000000 ____D C:\Users\Joshua\Documents\Fax
2012-04-06 23:18 - 2010-10-03 15:10 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\.minecraft
2012-04-06 23:18 - 2010-10-02 16:19 - 0000000 ____D C:\Windows\.jagex_cache_32
2012-04-06 23:18 - 2010-09-15 21:51 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\Serif
2012-04-06 23:18 - 2010-08-04 09:56 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\Real
2012-04-06 23:18 - 2010-07-30 05:53 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\WildTangentv1002
2012-04-06 23:18 - 2010-05-29 14:39 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\Skype
2012-04-06 23:18 - 2010-05-29 13:13 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\Adobe
2012-04-06 23:18 - 2010-05-29 13:10 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\Macromedia
2012-04-06 23:18 - 2010-05-29 12:28 - 0000000 ____D C:\Users\Joshua\AppData\LocalLow
2012-04-06 23:18 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-04-06 23:17 - 2012-02-17 14:26 - 0000000 ____D C:\Program Files\Windows Live
2012-04-06 23:17 - 2011-09-07 22:24 - 0000000 ____D C:\Users\All Users\HP Photo Creations
2012-04-06 23:17 - 2011-09-07 22:24 - 0000000 ____D C:\ProgramData\HP Photo Creations
2012-04-06 23:17 - 2011-09-07 22:23 - 0000000 ____D C:\Users\All Users\HP
2012-04-06 23:17 - 2011-09-07 22:23 - 0000000 ____D C:\ProgramData\HP
2012-04-06 23:17 - 2011-08-18 23:50 - 0000000 ____D C:\Users\Joshua\AppData\Local\Facebook
2012-04-06 23:17 - 2011-06-28 01:14 - 0000000 ____D C:\Users\All Users\AOL
2012-04-06 23:17 - 2011-06-28 01:14 - 0000000 ____D C:\ProgramData\AOL
2012-04-06 23:17 - 2011-06-27 23:48 - 0000000 ____D C:\Users\Joshua\AppData\Local\AOL
2012-04-06 23:17 - 2011-06-15 20:23 - 0000000 ____D C:\Users\All Users\Macromedia
2012-04-06 23:17 - 2011-06-15 20:23 - 0000000 ____D C:\ProgramData\Macromedia
2012-04-06 23:17 - 2011-06-15 08:47 - 0000000 ____D C:\Users\All Users\AOL Downloads
2012-04-06 23:17 - 2011-06-15 08:47 - 0000000 ____D C:\ProgramData\AOL Downloads
2012-04-06 23:17 - 2011-04-19 02:31 - 0000000 ____D C:\Users\Guest\AppData\Roaming\Mozilla
2012-04-06 23:17 - 2011-04-19 02:31 - 0000000 ____D C:\Users\Guest\AppData\Local\Mozilla
2012-04-06 23:17 - 2011-04-19 02:30 - 0000000 ____D C:\Users\Guest\AppData\Roaming\Macromedia
2012-04-06 23:17 - 2011-04-19 02:30 - 0000000 ____D C:\Users\Guest\AppData\LocalLow
2012-04-06 23:17 - 2011-04-15 08:13 - 0000000 ____D C:\Users\All Users\PC Drivers HeadQuarters
2012-04-06 23:17 - 2011-04-15 08:13 - 0000000 ____D C:\ProgramData\PC Drivers HeadQuarters
2012-04-06 23:17 - 2011-03-12 20:59 - 0000000 ____D C:\Users\All Users\NexonUS
2012-04-06 23:17 - 2011-03-12 20:59 - 0000000 ____D C:\ProgramData\NexonUS
2012-04-06 23:17 - 2011-01-11 05:49 - 0000000 ____D C:\Users\Joshua\AppData\Local\CAPCOM
2012-04-06 23:17 - 2010-12-26 20:50 - 0000000 ____D C:\Users\All Users\Driver Boost
2012-04-06 23:17 - 2010-12-26 20:50 - 0000000 ____D C:\ProgramData\Driver Boost
2012-04-06 23:17 - 2010-10-12 19:46 - 0000000 ____D C:\Users\All Users\Electronic Arts
2012-04-06 23:17 - 2010-10-12 19:46 - 0000000 ____D C:\ProgramData\Electronic Arts
2012-04-06 23:17 - 2010-10-12 19:43 - 0000000 ____D C:\Users\Joshua\AppData\Local\Downloaded Installations
2012-04-06 23:17 - 2010-08-21 01:16 - 0000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-04-06 23:17 - 2010-08-21 01:16 - 0000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-04-06 23:17 - 2010-08-21 00:53 - 0000000 ____D C:\Users\All Users\Apple Computer
2012-04-06 23:17 - 2010-08-21 00:53 - 0000000 ____D C:\ProgramData\Apple Computer
2012-04-06 23:17 - 2010-06-21 09:20 - 0000000 ____D C:\Program Files\Paint.NET
2012-04-06 23:17 - 2010-06-04 08:20 - 0000000 ____D C:\Users\All Users\Apple
2012-04-06 23:17 - 2010-06-04 08:20 - 0000000 ____D C:\ProgramData\Apple
2012-04-06 23:17 - 2010-05-31 22:09 - 0000000 ____D C:\Users\Joshua\AppData\Local\Microsoft Games
2012-04-06 23:17 - 2010-05-30 18:36 - 0000000 ____D C:\Users\Joshua\AppData\Local\Adobe
2012-04-06 23:17 - 2010-05-29 14:39 - 0000000 ____D C:\Users\All Users\Skype
2012-04-06 23:17 - 2010-05-29 14:39 - 0000000 ____D C:\ProgramData\Skype
2012-04-06 23:17 - 2010-05-29 14:36 - 0000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2012-04-06 23:17 - 2010-05-29 14:36 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2012-04-06 23:17 - 2010-05-29 13:13 - 0000000 ____D C:\Users\Joshua\AppData\Local\Google
2012-04-06 23:17 - 2010-05-29 13:13 - 0000000 ____D C:\Users\All Users\CyberLink
2012-04-06 23:17 - 2010-05-29 13:13 - 0000000 ____D C:\ProgramData\CyberLink
2012-04-06 23:17 - 2010-05-29 12:28 - 0000000 ____D C:\Users\All Users\OEM_E471269A730D
2012-04-06 23:17 - 2010-05-29 12:28 - 0000000 ____D C:\ProgramData\OEM_E471269A730D
2012-04-06 23:17 - 2009-11-02 18:40 - 0000000 ____D C:\Users\All Users\Norton
2012-04-06 23:17 - 2009-11-02 18:40 - 0000000 ____D C:\ProgramData\Norton
2012-04-06 23:17 - 2009-11-02 18:38 - 0000000 ____D C:\Users\All Users\Adobe
2012-04-06 23:17 - 2009-11-02 18:38 - 0000000 ____D C:\ProgramData\Adobe
2012-04-06 23:17 - 2009-11-02 18:37 - 0000000 ____D C:\Users\All Users\Google
2012-04-06 23:17 - 2009-11-02 18:37 - 0000000 ____D C:\ProgramData\Google
2012-04-06 23:17 - 2009-11-02 18:35 - 0000000 ____D C:\Users\All Users\OEM
2012-04-06 23:17 - 2009-11-02 18:35 - 0000000 ____D C:\ProgramData\OEM
2012-04-06 23:17 - 2009-11-02 18:26 - 0000000 ____D C:\Program Files\Microsoft Office
2012-04-06 23:17 - 2009-11-02 18:25 - 0000000 ____D C:\Program Files\Preload
2012-04-06 23:17 - 2009-11-02 18:19 - 0000000 ____D C:\Program Files\Realtek
2012-04-06 23:17 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Reference Assemblies
2012-04-06 23:17 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-04-06 23:16 - 2012-03-06 18:28 - 0000000 ____D C:\Program Files\iTunes
2012-04-06 23:16 - 2012-03-06 18:28 - 0000000 ____D C:\Program Files\iPod
2012-04-06 23:16 - 2012-02-17 13:52 - 0000000 ____D C:\Program Files (x86)\Wondershare
2012-04-06 23:16 - 2012-01-28 02:12 - 0000000 ____D C:\Program Files (x86)\TeamViewer
2012-04-06 23:16 - 2011-12-26 14:17 - 0000000 ____D C:\Program Files (x86)\Jasc Software Inc
2012-04-06 23:16 - 2011-12-21 06:02 - 0000000 ____D C:\Program Files (x86)\Rovio
2012-04-06 23:16 - 2011-11-29 02:16 - 0000000 ____D C:\Program Files (x86)\Samsung
2012-04-06 23:16 - 2011-11-22 18:37 - 0000000 ____D C:\Program Files (x86)\Q9W7B5
2012-04-06 23:16 - 2011-11-10 22:57 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-04-06 23:16 - 2011-09-07 22:23 - 0000000 ____D C:\Program Files (x86)\HP
2012-04-06 23:16 - 2011-09-07 22:22 - 0000000 ____D C:\Program Files\HP
2012-04-06 23:16 - 2011-07-05 04:55 - 0000000 ____D C:\Program Files\CHDICT
2012-04-06 23:16 - 2011-06-08 16:33 - 0000000 ____D C:\Program Files (x86)\IObit
2012-04-06 23:16 - 2011-05-15 17:23 - 0000000 ____D C:\Program Files (x86)\VideoLAN
2012-04-06 23:16 - 2011-05-15 16:37 - 0000000 ____D C:\Program Files (x86)\RIFT Game
2012-04-06 23:16 - 2011-05-05 16:33 - 0000000 ____D C:\Program Files (x86)\WildTangent Games
2012-04-06 23:16 - 2011-03-10 23:29 - 0000000 ____D C:\Program Files\DIFX
2012-04-06 23:16 - 2011-02-23 19:58 - 0000000 ____D C:\Program Files (x86)\Microsoft Games
2012-04-06 23:16 - 2011-02-16 06:02 - 0000000 ____D C:\Program Files (x86)\Microsoft XNA
2012-04-06 23:16 - 2011-02-14 21:47 - 0000000 ____D C:\Program Files (x86)\Steam
2012-04-06 23:16 - 2011-01-16 15:09 - 0000000 ____D C:\Program Files (x86)\REACTOR
2012-04-06 23:16 - 2011-01-11 03:26 - 0000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-04-06 23:16 - 2011-01-09 19:34 - 0000000 ____D C:\Program Files\Alex Feinman
2012-04-06 23:16 - 2011-01-02 17:58 - 0000000 ____D C:\Program Files (x86)\Real
2012-04-06 23:16 - 2010-12-27 19:00 - 0000000 ____D C:\Program Files\Adobe
2012-04-06 23:16 - 2010-12-27 18:58 - 0000000 ____D C:\Program Files\Common Files\Adobe
2012-04-06 23:16 - 2010-12-27 17:26 - 0000000 ____D C:\Program Files (x86)\jan1024188's software
2012-04-06 23:16 - 2010-12-26 20:54 - 0000000 ____D C:\Program Files (x86)\oZone3D
2012-04-06 23:16 - 2010-12-15 21:19 - 0000000 ____D C:\Program Files (x86)\Musicnotes
2012-04-06 23:16 - 2010-12-13 23:50 - 0000000 ____D C:\Program Files (x86)\Ouino languages
2012-04-06 23:16 - 2010-11-26 17:32 - 0000000 ____D C:\Program Files (x86)\WorldOfGoo
2012-04-06 23:16 - 2010-10-29 13:29 - 0000000 ____D C:\Program Files\Lexmark
2012-04-06 23:16 - 2010-09-20 17:01 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-06 23:16 - 2010-08-24 03:34 - 0000000 ____D C:\Program Files (x86)\PopCap Games
2012-04-06 23:16 - 2010-08-22 03:26 - 0000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2012-04-06 23:16 - 2010-08-21 19:57 - 0000000 ____D C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 5.2
2012-04-06 23:16 - 2010-08-21 01:16 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-04-06 23:16 - 2010-05-29 19:50 - 0000000 ____D C:\Program Files (x86)\YouTube Downloader
2012-04-06 23:16 - 2010-05-29 14:41 - 0000000 ____D C:\Program Files (x86)\Java
2012-04-06 23:16 - 2010-05-29 14:39 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-04-06 23:16 - 2010-05-29 13:19 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-04-06 23:16 - 2010-05-29 13:18 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-04-06 23:16 - 2009-11-02 18:37 - 0000000 ____D C:\Program Files (x86)\Google
2012-04-06 23:16 - 2009-11-02 18:34 - 0000000 ____D C:\Program Files\Gateway
2012-04-06 23:16 - 2009-11-02 18:33 - 0000000 ____D C:\Program Files (x86)\NewTech Infosystems
2012-04-06 23:16 - 2009-11-02 18:32 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-04-06 23:16 - 2009-11-02 18:27 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
2012-04-06 23:16 - 2009-11-02 18:25 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-04-06 23:16 - 2009-11-02 18:20 - 0000000 ____D C:\Program Files (x86)\Gateway
2012-04-06 23:16 - 2009-11-02 18:15 - 0000000 ____D C:\Program Files\CONEXANT
2012-04-06 23:16 - 2009-11-02 18:14 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-04-06 23:16 - 2009-11-02 18:14 - 0000000 ____D C:\Program Files (x86)\Realtek
2012-04-06 23:16 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Reference Assemblies
2012-04-06 23:16 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-04-06 23:15 - 2012-04-06 00:50 - 0000000 ____D C:\Program Files (x86)\AVG
2012-04-06 23:15 - 2012-02-17 14:41 - 0000000 ____D C:\Program Files (x86)\Free Audio Editor
2012-04-06 23:15 - 2011-11-10 22:55 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-04-06 23:15 - 2011-09-13 00:01 - 0000000 ____D C:\Program Files (x86)\AVS4YOU
2012-04-06 23:15 - 2011-09-07 16:21 - 0000000 ____D C:\Program Files (x86)\DigiCel
2012-04-06 23:15 - 2011-07-04 22:29 - 0000000 ____D C:\Program Files (x86)\D-Link
2012-04-06 23:15 - 2011-06-28 01:14 - 0000000 ____D C:\Program Files (x86)\AOL Desktop 9.6
2012-04-06 23:15 - 2011-06-14 23:47 - 0000000 ____D C:\e7482c0986f99a4a38b1dcdd1d9b1ada
2012-04-06 23:15 - 2011-06-09 23:26 - 0000000 ____D C:\Program Files (x86)\AhnLab
2012-04-06 23:15 - 2011-03-25 16:30 - 0000000 ____D C:\0368eb3823204c80f4de3d77
2012-04-06 23:15 - 2011-01-09 19:38 - 0000000 ____D C:\Program Files (x86)\Elaborate Bytes
2012-04-06 23:15 - 2011-01-04 20:48 - 0000000 ____D C:\Program Files (x86)\Conduit
2012-04-06 23:15 - 2010-11-26 17:29 - 0000000 ____D C:\Program Files (x86)\Amazon
2012-04-06 23:15 - 2010-10-12 19:42 - 0000000 ____D C:\Program Files (x86)\Electronic Arts
2012-04-06 23:15 - 2010-07-27 04:44 - 0000000 ____D C:\Program Files (x86)\Foxy
2012-04-06 23:15 - 2009-11-02 18:39 - 0000000 ____D C:\Program Files (x86)\CyberLink
2012-04-06 23:15 - 2009-11-02 18:37 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-04-06 23:15 - 2009-11-02 18:25 - 0000000 ___RD C:\MSOCache
2012-04-06 23:15 - 2009-11-02 18:00 - 0000000 ____D C:\OEM
2012-04-06 20:20 - 2012-04-06 20:20 - 0017446 ____A C:\Users\Joshua\AppData\Local\dt.dat
2012-04-06 00:51 - 2012-04-06 00:51 - 0000000 ____D C:\$AVG
2012-04-06 00:38 - 2012-04-06 00:38 - 0071398 ____A (jpshortstuff) C:\Users\Joshua\Downloads\GooredFix.exe
2012-04-05 21:48 - 2011-07-31 06:52 - 0000000 ____D C:\Users\Joshua\riotsGamesLogs
2012-04-05 19:15 - 2012-04-05 19:15 - 0000000 ____A C:\Windows\setuperr.log
2012-04-05 14:42 - 2012-04-03 14:37 - 0000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2466065531-2552485571-3294532832-1000Core.job
2012-04-05 00:12 - 2010-09-29 09:19 - 0000000 ____D C:\Users\Joshua\AppData\Local\ElevatedDiagnostics
2012-04-04 23:46 - 2012-01-14 09:38 - 0925184 ____A C:\Windows\expstart.exe
2012-04-04 23:46 - 2012-01-14 09:38 - 0000000 ____D C:\Windows\W7SOC
2012-04-03 21:16 - 2012-03-05 01:07 - 0000000 ____D C:\Program Files (x86)\PageRage
2012-04-03 21:13 - 2012-04-03 21:12 - 0000104 ____A C:\Windows\System32\SBRC.dat
2012-04-03 20:54 - 2012-04-03 20:54 - 0000537 ____A C:\Windows\wininit.ini
2012-04-03 14:38 - 2012-04-03 14:37 - 0000000 ____D C:\Program Files (x86)\GUM3285.tmp
2012-04-02 21:35 - 2011-07-22 08:35 - 0000000 ____D C:\Users\All Users\YouTube Downloader
2012-04-02 21:35 - 2011-07-22 08:35 - 0000000 ____D C:\ProgramData\YouTube Downloader
2012-04-02 03:14 - 2010-12-27 19:10 - 0000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-04-02 03:14 - 2010-12-27 19:10 - 0000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2012-04-02 02:52 - 2011-11-29 02:16 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\Intelli-studio
2012-04-02 00:25 - 2012-03-22 22:41 - 0000000 ____D C:\Program Files (x86)\CommViewWiFi
2012-04-02 00:23 - 2012-03-22 22:55 - 0000000 ____D C:\Users\All Users\TamoSoft
2012-04-02 00:23 - 2012-03-22 22:55 - 0000000 ____D C:\ProgramData\TamoSoft
2012-03-31 20:36 - 2012-03-31 20:36 - 8738464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-03-31 20:36 - 2012-03-30 23:39 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-03-31 20:36 - 2011-06-16 17:12 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-03-31 20:09 - 2012-03-31 12:07 - 0000000 ____D C:\MGtools
2012-03-31 20:09 - 2012-03-31 02:03 - 0000000 ____D C:\Program Files (x86)\YouTube Downloader Toolbar
2012-03-31 20:08 - 2010-05-29 14:34 - 0000000 ____D C:\Riot Games
2012-03-31 12:22 - 2012-03-31 12:07 - 0454935 ____A C:\MGlogs.zip
2012-03-31 03:21 - 2012-03-31 03:21 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-03-31 03:21 - 2012-03-31 03:21 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-03-31 03:21 - 2012-03-31 03:21 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-03-31 03:21 - 2012-03-31 03:21 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-03-31 03:20 - 2012-03-31 03:20 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-03-31 03:20 - 2012-03-31 03:20 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-03-31 03:20 - 2012-03-31 03:20 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-03-31 03:20 - 2012-03-31 03:20 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-03-31 03:20 - 2012-03-31 03:20 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-03-31 03:20 - 2012-03-31 03:20 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-03-31 02:54 - 2012-03-31 02:54 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\Malwarebytes
2012-03-31 02:09 - 2012-03-31 02:05 - 0133220 ____A C:\TDSSKiller.2.7.23.0_31.03.2012_03.05.34_log.txt
2012-03-31 01:59 - 2012-03-31 01:57 - 0133084 ____A C:\TDSSKiller.2.7.23.0_31.03.2012_02.57.57_log.txt
2012-03-31 01:36 - 2012-03-31 01:28 - 0129854 ____A C:\TDSSKiller.2.7.23.0_31.03.2012_02.28.35_log.txt
2012-03-31 01:24 - 2012-03-31 01:23 - 0133496 ____A C:\TDSSKiller.2.7.23.0_31.03.2012_02.23.34_log.txt
2012-03-31 01:23 - 2012-03-31 01:21 - 0137084 ____A C:\TDSSKiller.2.7.23.0_31.03.2012_02.21.55_log.txt
2012-03-31 01:18 - 2011-01-09 19:10 - 0000000 ____D C:\Program Files (x86)\The Rosetta Stone
2012-03-31 01:09 - 2012-03-31 01:07 - 0130772 ____A C:\TDSSKiller.2.7.23.0_31.03.2012_02.07.31_log.txt
2012-03-31 00:18 - 2012-03-22 03:08 - 0000000 ____D C:\Program Files (x86)\Kismet
2012-03-28 03:30 - 2012-03-28 03:30 - 1121393 ____A C:\Users\Joshua\Downloads\3D Essay.docx
2012-03-28 02:51 - 2012-03-28 02:51 - 0961840 ____H C:\Users\Joshua\Desktop\~WRL2604.tmp
2012-03-28 02:51 - 2012-03-28 02:51 - 0000162 ___AH C:\Users\Joshua\Desktop\~$ Essay.docx
2012-03-26 20:14 - 2012-03-26 20:11 - 16334848 ____A C:\Users\Joshua\Downloads\python-2.7.2.amd64.msi
2012-03-24 16:34 - 2012-03-24 16:34 - 0000000 ____D C:\Users\Joshua\AppData\Local\{8E7A66C0-D503-4C77-A4C4-444C8A3A19B0}
2012-03-23 11:42 - 2012-03-23 11:42 - 0000162 ___AH C:\Users\Joshua\Desktop\~$e Differences between Ethics and Morality.docx
2012-03-23 03:25 - 2012-02-17 14:41 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\Free Audio Editor
2012-03-23 03:17 - 2012-01-10 06:24 - 0000000 ____D C:\Users\Joshua\Documents\Free Sound Recorder
2012-03-22 22:32 - 2010-09-10 17:32 - 0000000 ____D C:\Users\Joshua\AppData\Local\CrashDumps
2012-03-22 03:07 - 2012-03-22 03:07 - 0000000 ____D C:\Program Files (x86)\CACE Technologies
2012-03-21 12:49 - 2012-03-21 12:48 - 0000000 ____D C:\Program Files (x86)\GUMC368.tmp
2012-03-21 02:09 - 2012-03-21 02:08 - 0000000 ____D C:\Program Files (x86)\GUME241.tmp
2012-03-15 22:56 - 2011-02-14 19:13 - 0000132 ____A C:\Users\Joshua\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-03-14 15:35 - 2009-07-13 20:45 - 5045952 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-14 02:03 - 2010-06-16 08:49 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-14 02:02 - 2009-11-02 18:25 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-03-14 02:02 - 2009-11-02 18:25 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-03-09 08:34 - 2011-01-04 20:46 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\uTorrent
2012-03-09 07:22 - 2012-03-09 07:22 - 0000000 ____D C:\Users\Joshua\AppData\Local\{1E54CF58-9B94-4DAA-9896-DC8AC85092F6}
2012-03-09 07:22 - 2012-03-09 07:21 - 0000000 ____D C:\Users\Joshua\AppData\Local\{0D5C667B-3F44-42DA-8CC4-2FB1378521C2}
2012-03-09 07:22 - 2010-10-27 15:27 - 0000000 ____D C:\Users\Joshua\AppData\Local\Windows Live
2012-03-07 15:55 - 2012-03-07 15:55 - 0000162 ___AH C:\Users\Joshua\Desktop\~$dterm Essay.docx
2012-03-06 22:23 - 2012-03-06 21:52 - 0000372 ___AH C:\IPH.PH
2012-03-06 22:23 - 2010-11-07 22:08 - 0000000 ____D C:\Users\Joshua\AppData\Local\AIM
2012-03-05 22:47 - 2012-03-05 22:46 - 0000000 ____D C:\670f1ea96f36ba87aceb25ed1036445d
2012-02-29 21:56 - 2012-02-08 03:12 - 0000000 ___RD C:\Users\Joshua\Dropbox
2012-02-28 21:22 - 2010-06-21 09:20 - 0000000 ____D C:\Users\Joshua\AppData\Local\Paint.NET
2012-02-27 23:34 - 2012-02-27 23:34 - 2236937 ____A C:\Users\Joshua\Downloads\Unit4BrettellUrbanCapitalism.pdf
2012-02-24 04:14 - 2011-01-04 20:47 - 0000000 ____D C:\Program Files (x86)\uTorrent
2012-02-24 03:53 - 2011-09-13 00:03 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\AVS4YOU
2012-02-24 02:52 - 2012-02-24 02:52 - 0000000 ____D C:\Users\Joshua\AppData\Local\{B6E0CA61-1E79-44B8-8C97-3D97A66596EB}
2012-02-24 02:52 - 2012-02-24 02:51 - 0000000 ____D C:\Users\Joshua\AppData\Local\{D4191164-24D4-42AA-B107-7EFAA9243F7F}
2012-02-24 02:24 - 2012-02-24 02:18 - 0000000 ____D C:\Users\Joshua\Downloads\AVS Video Editor 6.0.3.184
2012-02-23 13:24 - 2011-08-17 07:43 - 0024408 ____A (IObit) C:\Windows\System32\RegistryDefragBootTime.exe
2012-02-23 09:18 - 2010-05-29 12:48 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-22 21:35 - 2012-02-22 21:35 - 0000000 ____D C:\Users\Joshua\AppData\Local\{060B8F15-A789-4DBB-9C4E-E2CCDF006410}
2012-02-22 21:35 - 2012-02-22 21:34 - 0000000 ____D C:\Users\Joshua\AppData\Local\{182D7689-84D8-495A-8379-96270DAAE800}
2012-02-19 20:39 - 2012-02-19 20:39 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-02-19 20:39 - 2012-02-19 20:39 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-02-19 20:39 - 2012-02-19 20:39 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-02-19 20:39 - 2010-05-29 14:41 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-02-17 14:36 - 2012-02-17 14:35 - 22873624 ____A C:\Users\Joshua\Downloads\FreeAudioEditor.exe
2012-02-17 14:29 - 2012-02-17 14:29 - 0000000 ____D C:\Windows\en
2012-02-17 14:21 - 2012-02-17 14:21 - 35215136 ____A (WonderShare Software Co.,Ltd. ) C:\Users\Joshua\Downloads\dsb_deluxe_full18.exe
2012-02-17 13:53 - 2012-02-17 13:53 - 0000000 ____D C:\Users\All Users\Wondershare
2012-02-17 13:53 - 2012-02-17 13:53 - 0000000 ____D C:\ProgramData\Wondershare
2012-02-17 12:59 - 2012-02-17 12:58 - 0000000 ____D C:\Users\Joshua\AppData\Local\{6B285510-548C-4485-BBEB-7B32AFCFF3E9}
2012-02-17 12:58 - 2012-02-17 12:58 - 0000000 ____D C:\Users\Joshua\AppData\Local\{ECF66D4E-B2E0-4967-BFC2-10C6D519B015}
2012-02-16 22:38 - 2012-03-13 20:54 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-13 20:54 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-13 20:54 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-13 20:54 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-15 11:18 - 2010-08-04 09:52 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\Media Player Classic
2012-02-14 13:16 - 2011-05-15 17:24 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\vlc
2012-02-11 15:14 - 2012-02-11 15:14 - 36929536 ____A C:\Windows\System32\config\components.iobit
2012-02-09 22:36 - 2012-03-13 20:59 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-03-13 20:59 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-02 20:34 - 2012-03-13 20:59 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-02 14:17 - 2011-09-29 15:41 - 0000000 __SHD C:\Users\Joshua\wc
2012-02-01 21:16 - 2010-12-26 20:30 - 0000000 ____D C:\Users\Joshua%5

#10 Carahandoccå

Carahandoccå
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 08 April 2012 - 10:16 PM

Hi again, Happy Easter!!

Um just wonder, should I delete Microsoft Security Essentials for now? It has been scanning and "protecting" my laptop on it own, but also attempts to delete any detected viruses, which seems to have cause me the need go into recovery everytime I reboot... :/


Anyways, here is the FRST log:


Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 08-04-2012 19:40:24
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436736 2011-06-15] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [296056 2011-12-02] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKU\Guest\...\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US [4321112 2012-02-29] (AOL Inc.)
HKU\Joshua\...\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [574296 2012-03-06] (IObit)
HKU\Joshua\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
Tcpip\Parameters: [DhcpNameServer] 172.16.2.1
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253600 2012-03-31] (Adobe Systems Incorporated)
2 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [913752 2012-03-14] (IObit)
3 Amazon Download Agent; C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com)
3 AOL ACS; "C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe" [46640 2006-10-23] (AOL LLC)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [206072 2010-10-12] (WildTangent, Inc.)
3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-03] (Macrovision Corporation)
2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [62720 2009-09-24] (NewTech Infosystems, Inc.)
2 TeamViewer7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [3027840 2012-01-19] (TeamViewer GmbH)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
4 NetMsmqActivator; "c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [x]
4 NetPipeActivator; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpActivator; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpPortSharing; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============

2 adfs; C:\Windows\System32\Drivers\adfs.sys [88632 2008-06-27] (Adobe Systems, Inc.)
2 adfs; C:\Windows\SysWow64\Drivers\adfs.sys [74720 2008-08-14] (Adobe Systems, Inc.)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2009-12-18] ()
3 DlinkUDSMBus; C:\Windows\SysWow64\Drivers\DlinkUDSMBus.sys [66656 2010-04-06] (Windows ® Codename Longhorn DDK provider)
3 DlinkUDSTcpBus; C:\Windows\SysWow64\Drivers\DlinkUDSTcpBus.sys [85600 2010-04-06] (Windows ® Codename Longhorn DDK provider)
1 lijvcouc; C:\Windows\System32\Drivers\lijvcouc.sys [50000 2012-04-08] (Microsoft Corporation)
3 mcdbus; C:\Windows\System32\Drivers\mcdbus.sys [255552 2009-02-24] (MagicISO, Inc.)
3 NETwNs64; C:\Windows\System32\Drivers\NETwNs64.sys [8080384 2011-01-19] (Intel Corporation)
3 NTIDrvr; C:\Windows\System32\Drivers\NTIDrvr.sys [18432 2009-05-05] (NewTech Infosystems, Inc.)
3 pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [19936 2010-08-15] ()
3 pwdspio; \??\C:\Windows\system32\pwdspio.sys [13280 2010-08-15] ()
1 SbFw; C:\Windows\System32\Drivers\SbFw.sys [253528 2011-04-05] (Sunbelt Software, Inc.)
3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
3 sbhips; C:\Windows\System32\Drivers\sbhips.sys [60504 2011-04-05] (Sunbelt Software, Inc.)
1 SbTis; C:\Windows\System32\Drivers\SbTis.sys [94296 2011-04-05] (Sunbelt Software, Inc.)
3 StillCam; C:\Windows\System32\DRIVERS\serscan.sys [12288 2009-07-13] (Microsoft Corporation)
3 ts_arusb; C:\Windows\System32\DRIVERS\ts_arusbx.sys [1206248 2010-10-08] (TamoSoft)
3 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [16896 2009-05-05] (NewTech Infosystems Corporation)
1 ugumdetv; C:\Windows\System32\Drivers\ugumdetv.sys [50000 2012-04-08] (Microsoft Corporation)
3 wanatw; C:\Windows\System32\DRIVERS\wanatw64.sys [24064 2006-11-29] (America Online, Inc.)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 dump_wmimmc; [x]
3 EagleX64; [x]
3 npggsvc; [x]
3 NPPTNT2; [x]
1 qgaqpifj; \??\C:\Windows\system32\drivers\qgaqpifj.sys [x]
1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-08 18:35 - 2012-04-08 18:35 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ugumdetv.sys
2012-04-08 18:34 - 2012-04-08 18:36 - 1385843 ____A C:\Users\Joshua\Downloads\FRST64.exe
2012-04-08 18:25 - 2012-04-08 18:25 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\lijvcouc.sys
2012-04-08 18:10 - 2012-04-08 18:14 - 6409495 ____A C:\Users\Joshua\Desktop\To Show You My Love w_ Lyrics.flv
2012-04-08 17:08 - 2012-04-08 17:08 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-04-08 17:07 - 2012-04-08 17:08 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-04-08 17:02 - 2012-04-08 17:02 - 0025559 ____A C:\ComboFix.txt
2012-04-08 16:49 - 2012-04-08 16:49 - 0000000 ____D C:\$RECYCLE.BIN
2012-04-08 16:32 - 2012-04-08 17:02 - 0000000 ____D C:\ComboFix
2012-04-08 16:32 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-04-08 16:32 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-04-08 16:32 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-04-08 16:32 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-04-08 16:32 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-04-08 16:32 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-04-08 16:32 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-04-08 16:32 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-04-08 16:30 - 2012-04-08 16:30 - 0709968 ____A C:\Windows\is-G4QS8.exe
2012-04-08 16:30 - 2012-04-08 16:30 - 0010498 ____A C:\Windows\is-G4QS8.msg
2012-04-08 16:30 - 2012-04-08 16:30 - 0000441 ____A C:\Windows\is-G4QS8.lst
2012-04-08 16:07 - 2012-04-08 16:14 - 75104850 ____A C:\Users\Joshua\Desktop\Rufus Wainwright, Helena Bonham Carter - Out Of The Game.mp4
2012-04-08 16:03 - 2012-04-08 16:04 - 4452952 ____R (Swearware) C:\Users\Joshua\Desktop\ComboFix.exe
2012-04-08 16:00 - 2012-04-08 16:06 - 75104850 ____A C:\Users\Joshua\Desktop\~ytB79B.tmp
2012-04-07 21:03 - 2012-04-07 21:03 - 0000000 ____D C:\Users\Joshua\AppData\Local\WinZip
2012-04-07 21:02 - 2012-04-07 23:15 - 0000000 ____D C:\Program Files\WinZip
2012-04-07 21:02 - 2012-04-07 21:03 - 0000000 ____D C:\Users\All Users\WinZip
2012-04-07 21:02 - 2012-04-07 21:03 - 0000000 ____D C:\ProgramData\WinZip
2012-04-07 20:51 - 2012-04-07 20:50 - 0142438 ____A C:\Users\Joshua\Desktop\TDSSKiller.2.7.26.0_07.04.2012_21.49.19_log.txt
2012-04-07 20:49 - 2012-04-07 20:50 - 0142438 ____A C:\TDSSKiller.2.7.26.0_07.04.2012_21.49.19_log.txt
2012-04-07 20:49 - 2011-01-01 00:14 - 0002254 ____A C:\Users\Joshua\Desktop\eula.txt
2012-04-07 20:48 - 2012-04-07 20:48 - 0001857 ____A C:\Users\Joshua\Desktop\aswMBR.txt
2012-04-07 20:48 - 2012-04-07 20:48 - 0000512 ____A C:\Users\Joshua\Desktop\MBR.dat
2012-04-07 04:59 - 2012-04-07 04:59 - 0016194 ____A C:\Users\Joshua\Desktop\Relation of Life Experience and an Ethics.docx
2012-04-07 04:17 - 2012-04-07 04:22 - 15814192 ____A C:\Users\Joshua\Desktop\Cinematic Orchestra - To Build A Home.flv
2012-04-07 04:02 - 2012-04-07 04:02 - 0122965 ____A C:\Users\Joshua\Desktop\Description.pdf
2012-04-07 03:28 - 2012-04-07 03:28 - 0005614 ____A C:\Users\Joshua\Desktop\Attach.rar
2012-04-07 02:59 - 2012-04-07 02:59 - 0028001 ____A C:\Users\Joshua\Desktop\Attach.txt
2012-04-07 02:59 - 2012-04-07 02:59 - 0023611 ____A C:\Users\Joshua\Desktop\DDS.txt
2012-04-07 02:55 - 2012-04-07 02:55 - 0000474 ____A C:\Users\Joshua\Desktop\defogger_disable.log
2012-04-07 02:55 - 2012-04-07 02:55 - 0000000 ____A C:\Users\Joshua\defogger_reenable
2012-04-07 02:06 - 2012-04-07 02:06 - 0000000 ____D C:\Users\Joshua\Documents\Intelli-studio
2012-04-06 23:52 - 2012-04-06 23:53 - 0000524 ____A C:\Users\Joshua\Desktop\Sirefef Alureon Del Direction.txt
2012-04-06 20:20 - 2012-04-06 20:20 - 0017446 ____A C:\Users\Joshua\AppData\Local\dt.dat
2012-04-06 14:47 - 2012-04-07 04:02 - 0015356 ____A C:\Users\Joshua\Desktop\Description.docx
2012-04-06 00:51 - 2012-04-06 23:46 - 0000000 ____D C:\Users\All Users\AVG2012
2012-04-06 00:51 - 2012-04-06 23:46 - 0000000 ____D C:\ProgramData\AVG2012
2012-04-06 00:51 - 2012-04-06 00:51 - 0000000 ____D C:\$AVG
2012-04-06 00:50 - 2012-04-06 23:15 - 0000000 ____D C:\Program Files (x86)\AVG
2012-04-06 00:45 - 2012-04-08 17:10 - 0001945 ____A C:\Windows\epplauncher.mif
2012-04-06 00:38 - 2012-04-06 00:38 - 0071398 ____A (jpshortstuff) C:\Users\Joshua\Downloads\GooredFix.exe
2012-04-06 00:36 - 2012-04-06 23:46 - 0000000 ____D C:\Users\All Users\MFAData
2012-04-06 00:36 - 2012-04-06 23:46 - 0000000 ____D C:\ProgramData\MFAData
2012-04-05 19:15 - 2012-04-08 18:32 - 0000672 ____A C:\Windows\setupact.log
2012-04-05 19:15 - 2012-04-08 16:48 - 0004686 ____A C:\Windows\PFRO.log
2012-04-05 19:15 - 2012-04-05 19:15 - 0000000 ____A C:\Windows\setuperr.log
2012-04-03 21:12 - 2012-04-03 21:13 - 0000104 ____A C:\Windows\System32\SBRC.dat
2012-04-03 20:54 - 2012-04-03 20:54 - 0000537 ____A C:\Windows\wininit.ini
2012-04-03 20:31 - 2012-04-08 16:26 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-04-03 20:31 - 2012-04-08 16:26 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-04-03 20:31 - 2012-04-08 16:25 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-04-03 20:26 - 2011-04-05 16:35 - 0253528 ____A (Sunbelt Software, Inc.) C:\Windows\System32\Drivers\SbFw.sys
2012-04-03 20:26 - 2011-04-05 16:35 - 0094296 ____A (Sunbelt Software, Inc.) C:\Windows\System32\Drivers\sbtis.sys
2012-04-03 20:26 - 2011-04-05 16:35 - 0060504 ____A (Sunbelt Software, Inc.) C:\Windows\System32\Drivers\sbhips.sys
2012-04-03 20:26 - 2011-02-08 08:14 - 0084568 ____A (Sunbelt Software, Inc.) C:\Windows\System32\Drivers\SbFwIm.sys
2012-04-03 17:20 - 2009-05-18 13:17 - 0034152 ___RA (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-04-03 17:20 - 2008-04-17 12:12 - 0126312 ___RA (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
2012-04-03 17:20 - 2008-04-17 12:12 - 0107368 ___RA (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2012-04-03 14:37 - 2012-04-08 17:42 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2466065531-2552485571-3294532832-1000UA.job
2012-04-03 14:37 - 2012-04-05 14:42 - 0000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2466065531-2552485571-3294532832-1000Core.job
2012-04-03 14:37 - 2012-04-03 14:38 - 0000000 ____D C:\Program Files (x86)\GUM3285.tmp
2012-03-31 20:36 - 2012-03-31 20:36 - 8738464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-03-31 12:07 - 2012-03-31 20:09 - 0000000 ____D C:\MGtools
2012-03-31 12:07 - 2012-03-31 12:22 - 0454935 ____A C:\MGlogs.zip
2012-03-31 03:21 - 2012-03-31 03:21 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-03-31 03:21 - 2012-03-31 03:21 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-03-31 03:21 - 2012-03-31 03:21 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-03-31 03:21 - 2012-03-31 03:21 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-03-31 03:20 - 2012-03-31 03:20 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-03-31 03:20 - 2012-03-31 03:20 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-03-31 03:20 - 2012-03-31 03:20 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-03-31 03:20 - 2012-03-31 03:20 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-03-31 03:20 - 2012-03-31 03:20 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-03-31 03:20 - 2012-03-31 03:20 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-03-31 03:02 - 2012-04-08 17:02 - 0000000 ____D C:\Qoobox
2012-03-31 03:02 - 2012-04-08 16:58 - 0000000 ____D C:\Windows\ERDNT
2012-03-31 02:54 - 2012-04-07 01:46 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-03-31 02:54 - 2012-04-07 01:46 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-03-31 02:54 - 2012-03-31 02:54 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\Malwarebytes
2012-03-31 02:53 - 2012-04-08 16:48 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-31 02:22 - 2012-04-08 16:23 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-03-31 02:05 - 2012-03-31 02:09 - 0133220 ____A C:\TDSSKiller.2.7.23.0_31.03.2012_03.05.34_log.txt
2012-03-31 02:03 - 2012-03-31 20:09 - 0000000 ____D C:\Program Files (x86)\YouTube Downloader Toolbar
2012-03-31 01:57 - 2012-03-31 01:59 - 0133084 ____A C:\TDSSKiller.2.7.23.0_31.03.2012_02.57.57_log.txt
2012-03-31 01:28 - 2012-03-31 01:36 - 0129854 ____A C:\TDSSKiller.2.7.23.0_31.03.2012_02.28.35_log.txt
2012-03-31 01:23 - 2012-03-31 01:24 - 0133496 ____A C:\TDSSKiller.2.7.23.0_31.03.2012_02.23.34_log.txt
2012-03-31 01:21 - 2012-03-31 01:23 - 0137084 ____A C:\TDSSKiller.2.7.23.0_31.03.2012_02.21.55_log.txt
2012-03-31 01:07 - 2012-03-31 01:09 - 0130772 ____A C:\TDSSKiller.2.7.23.0_31.03.2012_02.07.31_log.txt
2012-03-30 23:39 - 2012-04-08 18:32 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-03-30 23:39 - 2012-03-31 20:36 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-03-28 03:30 - 2012-03-28 03:30 - 1121393 ____A C:\Users\Joshua\Downloads\3D Essay.docx
2012-03-28 02:51 - 2012-03-28 02:51 - 0961840 ____H C:\Users\Joshua\Desktop\~WRL2604.tmp
2012-03-28 02:51 - 2012-03-28 02:51 - 0000162 ___AH C:\Users\Joshua\Desktop\~$ Essay.docx
2012-03-26 20:43 - 2012-04-06 23:27 - 0000000 ____D C:\Windows\SysWOW64\Adobe
2012-03-26 20:11 - 2012-03-26 20:14 - 16334848 ____A C:\Users\Joshua\Downloads\python-2.7.2.amd64.msi
2012-03-24 16:34 - 2012-03-24 16:34 - 0000000 ____D C:\Users\Joshua\AppData\Local\{8E7A66C0-D503-4C77-A4C4-444C8A3A19B0}
2012-03-23 11:42 - 2012-03-23 11:42 - 0000162 ___AH C:\Users\Joshua\Desktop\~$e Differences between Ethics and Morality.docx
2012-03-22 22:55 - 2012-04-02 00:23 - 0000000 ____D C:\Users\All Users\TamoSoft
2012-03-22 22:55 - 2012-04-02 00:23 - 0000000 ____D C:\ProgramData\TamoSoft
2012-03-22 22:41 - 2012-04-02 00:25 - 0000000 ____D C:\Program Files (x86)\CommViewWiFi
2012-03-22 22:40 - 2012-04-06 23:46 - 0000000 ____D C:\Users\Joshua\Downloads\ca6
2012-03-22 22:12 - 2010-10-08 13:24 - 1206248 ____A (TamoSoft) C:\Windows\System32\Drivers\ts_arusbx.sys
2012-03-22 03:08 - 2012-03-31 00:18 - 0000000 ____D C:\Program Files (x86)\Kismet
2012-03-22 03:07 - 2012-03-22 03:07 - 0000000 ____D C:\Program Files (x86)\CACE Technologies
2012-03-22 02:49 - 2012-04-06 23:46 - 0000000 ____D C:\Users\Joshua\Downloads\aircrack-ng-1.1-win
2012-03-21 12:48 - 2012-03-21 12:49 - 0000000 ____D C:\Program Files (x86)\GUMC368.tmp
2012-03-21 02:08 - 2012-03-21 02:09 - 0000000 ____D C:\Program Files (x86)\GUME241.tmp
2012-03-14 02:06 - 2011-11-19 07:20 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-14 02:06 - 2011-11-19 06:50 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-14 02:06 - 2011-11-19 06:50 - 3913584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-13 20:59 - 2012-02-09 22:36 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-13 20:59 - 2012-02-09 21:38 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-13 20:59 - 2012-02-02 20:34 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-13 20:54 - 2012-02-16 22:38 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-13 20:54 - 2012-02-16 21:34 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-13 20:54 - 2012-02-16 20:58 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-13 20:54 - 2012-02-16 20:57 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-13 20:54 - 2012-01-24 22:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-13 20:54 - 2012-01-24 22:38 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-13 20:54 - 2012-01-24 22:33 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-03-09 07:22 - 2012-03-09 07:22 - 0000000 ____D C:\Users\Joshua\AppData\Local\{1E54CF58-9B94-4DAA-9896-DC8AC85092F6}
2012-03-09 07:21 - 2012-03-09 07:22 - 0000000 ____D C:\Users\Joshua\AppData\Local\{0D5C667B-3F44-42DA-8CC4-2FB1378521C2}
2012-03-09 04:39 - 2011-09-16 18:00 - 11137024 ____A (Intel Corporation) C:\Windows\SysWOW64\libmfxsw32.dll


============ 3 Months Modified Files and Folders =============

2012-04-08 19:40 - 2012-04-08 19:40 - 0000000 ____D C:\FRST
2012-04-08 18:38 - 2010-05-29 06:04 - 1133802 ____A C:\Windows\WindowsUpdate.log
2012-04-08 18:36 - 2012-04-08 18:34 - 1385843 ____A C:\Users\Joshua\Downloads\FRST64.exe
2012-04-08 18:35 - 2012-04-08 18:35 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ugumdetv.sys
2012-04-08 18:32 - 2012-04-05 19:15 - 0000672 ____A C:\Windows\setupact.log
2012-04-08 18:32 - 2012-03-30 23:39 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-08 18:25 - 2012-04-08 18:25 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\lijvcouc.sys
2012-04-08 18:14 - 2012-04-08 18:10 - 6409495 ____A C:\Users\Joshua\Desktop\To Show You My Love w_ Lyrics.flv
2012-04-08 18:13 - 2010-07-27 17:22 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-08 17:42 - 2012-04-03 14:37 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2466065531-2552485571-3294532832-1000UA.job
2012-04-08 17:10 - 2012-04-06 00:45 - 0001945 ____A C:\Windows\epplauncher.mif
2012-04-08 17:08 - 2012-04-08 17:08 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-04-08 17:08 - 2012-04-08 17:07 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-04-08 17:08 - 2011-02-19 17:14 - 0800940 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-08 17:02 - 2012-04-08 17:02 - 0025559 ____A C:\ComboFix.txt
2012-04-08 17:02 - 2012-04-08 16:32 - 0000000 ____D C:\ComboFix
2012-04-08 17:02 - 2012-03-31 03:02 - 0000000 ____D C:\Qoobox
2012-04-08 17:02 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-04-08 16:58 - 2012-03-31 03:02 - 0000000 ____D C:\Windows\ERDNT
2012-04-08 16:58 - 2009-07-13 20:45 - 0009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-08 16:58 - 2009-07-13 20:45 - 0009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-08 16:49 - 2012-04-08 16:49 - 0000000 ____D C:\$RECYCLE.BIN
2012-04-08 16:49 - 2009-07-13 18:34 - 0000280 ____A C:\Windows\system.ini
2012-04-08 16:48 - 2012-04-05 19:15 - 0004686 ____A C:\Windows\PFRO.log
2012-04-08 16:48 - 2012-03-31 02:53 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-08 16:48 - 2010-07-27 17:22 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-08 16:48 - 2010-05-29 06:00 - 3166158848 __ASH C:\hiberfil.sys
2012-04-08 16:48 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-08 16:47 - 2009-07-13 18:34 - 83886080 ____A C:\Windows\System32\config\software.bak
2012-04-08 16:47 - 2009-07-13 18:34 - 5767168 ____A C:\Windows\System32\config\default.bak
2012-04-08 16:47 - 2009-07-13 18:34 - 22020096 ____A C:\Windows\System32\config\system.bak
2012-04-08 16:47 - 2009-07-13 18:34 - 0061440 ____A C:\Windows\System32\config\sam.bak
2012-04-08 16:47 - 2009-07-13 18:34 - 0032768 ____A C:\Windows\System32\config\security.bak
2012-04-08 16:42 - 2011-04-19 02:30 - 0000000 ____D C:\users\Guest
2012-04-08 16:41 - 2011-01-02 17:57 - 0000000 ____D C:\Users\All Users\Real
2012-04-08 16:41 - 2011-01-02 17:57 - 0000000 ____D C:\ProgramData\Real
2012-04-08 16:41 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-04-08 16:32 - 2010-05-29 13:15 - 0000000 ___RD C:\Users\Joshua\Desktop\Everything
2012-04-08 16:30 - 2012-04-08 16:30 - 0709968 ____A C:\Windows\is-G4QS8.exe
2012-04-08 16:30 - 2012-04-08 16:30 - 0010498 ____A C:\Windows\is-G4QS8.msg
2012-04-08 16:30 - 2012-04-08 16:30 - 0000441 ____A C:\Windows\is-G4QS8.lst
2012-04-08 16:26 - 2012-04-03 20:31 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-04-08 16:26 - 2012-04-03 20:31 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-04-08 16:25 - 2012-04-03 20:31 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-04-08 16:23 - 2012-03-31 02:22 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-04-08 16:23 - 2009-07-13 21:13 - 0783354 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-08 16:14 - 2012-04-08 16:07 - 75104850 ____A C:\Users\Joshua\Desktop\Rufus Wainwright, Helena Bonham Carter - Out Of The Game.mp4
2012-04-08 16:06 - 2012-04-08 16:00 - 75104850 ____A C:\Users\Joshua\Desktop\~ytB79B.tmp
2012-04-08 16:06 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\System32\GroupPolicy
2012-04-08 16:04 - 2012-04-08 16:03 - 4452952 ____R (Swearware) C:\Users\Joshua\Desktop\ComboFix.exe
2012-04-08 15:44 - 2010-05-29 12:28 - 0000000 ____D C:\users\Joshua
2012-04-08 15:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-07 23:15 - 2012-04-07 21:02 - 0000000 ____D C:\Program Files\WinZip
2012-04-07 23:15 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-04-07 21:03 - 2012-04-07 21:03 - 0000000 ____D C:\Users\Joshua\AppData\Local\WinZip
2012-04-07 21:03 - 2012-04-07 21:02 - 0000000 ____D C:\Users\All Users\WinZip
2012-04-07 21:03 - 2012-04-07 21:02 - 0000000 ____D C:\ProgramData\WinZip
2012-04-07 20:50 - 2012-04-07 20:51 - 0142438 ____A C:\Users\Joshua\Desktop\TDSSKiller.2.7.26.0_07.04.2012_21.49.19_log.txt
2012-04-07 20:50 - 2012-04-07 20:49 - 0142438 ____A C:\TDSSKiller.2.7.26.0_07.04.2012_21.49.19_log.txt
2012-04-07 20:48 - 2012-04-07 20:48 - 0001857 ____A C:\Users\Joshua\Desktop\aswMBR.txt
2012-04-07 20:48 - 2012-04-07 20:48 - 0000512 ____A C:\Users\Joshua\Desktop\MBR.dat
2012-04-07 04:59 - 2012-04-07 04:59 - 0016194 ____A C:\Users\Joshua\Desktop\Relation of Life Experience and an Ethics.docx
2012-04-07 04:22 - 2012-04-07 04:17 - 15814192 ____A C:\Users\Joshua\Desktop\Cinematic Orchestra - To Build A Home.flv
2012-04-07 04:02 - 2012-04-07 04:02 - 0122965 ____A C:\Users\Joshua\Desktop\Description.pdf
2012-04-07 04:02 - 2012-04-06 14:47 - 0015356 ____A C:\Users\Joshua\Desktop\Description.docx
2012-04-07 03:28 - 2012-04-07 03:28 - 0005614 ____A C:\Users\Joshua\Desktop\Attach.rar
2012-04-07 02:59 - 2012-04-07 02:59 - 0028001 ____A C:\Users\Joshua\Desktop\Attach.txt
2012-04-07 02:59 - 2012-04-07 02:59 - 0023611 ____A C:\Users\Joshua\Desktop\DDS.txt
2012-04-07 02:55 - 2012-04-07 02:55 - 0000474 ____A C:\Users\Joshua\Desktop\defogger_disable.log
2012-04-07 02:55 - 2012-04-07 02:55 - 0000000 ____A C:\Users\Joshua\defogger_reenable
2012-04-07 02:06 - 2012-04-07 02:06 - 0000000 ____D C:\Users\Joshua\Documents\Intelli-studio
2012-04-07 01:46 - 2012-03-31 02:54 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-07 01:46 - 2012-03-31 02:54 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-06 23:53 - 2012-04-06 23:52 - 0000524 ____A C:\Users\Joshua\Desktop\Sirefef Alureon Del Direction.txt
2012-04-06 23:51 - 2009-07-13 23:45 - 0000000 ____D C:\Program Files\Windows Journal
2012-04-06 23:51 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WinBioPlugIns
2012-04-06 23:51 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\addins
2012-04-06 23:51 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-04-06 23:51 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-04-06 23:51 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-04-06 23:51 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-04-06 23:51 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-04-06 23:51 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-04-06 23:51 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 __RSD C:\Windows\Media
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-TW
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-HK
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-CN
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\uk-UA
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\tr-TR
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\th-TH
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sv-SE
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sl-SI
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sk-SK
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ru-RU
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ro-RO
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pt-PT
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pt-BR
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pl-PL
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\oobe
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\nl-NL
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\nb-NO
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\lv-LV
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\lt-LT
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ko-KR
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ja-JP
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\it-IT
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\InstallShield
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\icsxml
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\hu-HU
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\hr-HR
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\he-IL
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\fr-FR
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\fi-FI
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\et-EE
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\el-GR
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\de-DE
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\com
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\bg-BG
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ar-SA
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-TW
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-HK
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-CN
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\uk-UA
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\tr-TR
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\th-TH
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sv-SE
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sr-Latn-CS
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sl-SI
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sk-SK
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Setup
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ru-RU
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ro-RO
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pt-PT
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pt-BR
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pl-PL
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\nl-NL
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\nb-NO
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\lv-LV
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\lt-LT
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ko-KR
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ja-JP
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\it-IT
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\icsxml
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\hu-HU
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\hr-HR
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\he-IL
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\fr-FR
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\fi-FI
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\et-EE
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\es-ES
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\el-GR
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\de-DE
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\da-DK
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\com
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\bg-BG
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ar-SA
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\L2Schemas
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\IME
2012-04-06 23:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Cursors
2012-04-06 23:47 - 2009-11-02 18:33 - 0000000 ____D C:\Windows\SysWOW64\Drivers\nti
2012-04-06 23:47 - 2009-11-02 18:20 - 0000000 ____D C:\Windows\OOBEOffer
2012-04-06 23:47 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\winrm
2012-04-06 23:47 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\WCN
2012-04-06 23:47 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\slmgr
2012-04-06 23:47 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2012-04-06 23:47 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\winrm
2012-04-06 23:47 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\WCN
2012-04-06 23:47 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\slmgr
2012-04-06 23:47 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2012-04-06 23:47 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\Setup
2012-04-06 23:47 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Speech
2012-04-06 23:47 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Recovery
2012-04-06 23:47 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Msdtc
2012-04-06 23:47 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\IME
2012-04-06 23:47 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Speech
2012-04-06 23:47 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Msdtc
2012-04-06 23:47 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\IME
2012-04-06 23:47 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Speech
2012-04-06 23:47 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\schemas
2012-04-06 23:47 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Resources
2012-04-06 23:47 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PLA
2012-04-06 23:46 - 2012-04-06 00:51 - 0000000 ____D C:\Users\All Users\AVG2012
2012-04-06 23:46 - 2012-04-06 00:51 - 0000000 ____D C:\ProgramData\AVG2012
2012-04-06 23:46 - 2012-04-06 00:36 - 0000000 ____D C:\Users\All Users\MFAData
2012-04-06 23:46 - 2012-04-06 00:36 - 0000000 ____D C:\ProgramData\MFAData
2012-04-06 23:46 - 2012-03-22 22:40 - 0000000 ____D C:\Users\Joshua\Downloads\ca6
2012-04-06 23:46 - 2012-03-22 02:49 - 0000000 ____D C:\Users\Joshua\Downloads\aircrack-ng-1.1-win
2012-04-06 23:46 - 2012-03-06 18:28 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-04-06 23:46 - 2012-03-06 18:26 - 0000000 ____D C:\Program Files\Bonjour
2012-04-06 23:46 - 2011-03-20 20:43 - 0000000 ____D C:\Users\All Users\IObit
2012-04-06 23:46 - 2011-03-20 20:43 - 0000000 ____D C:\ProgramData\IObit
2012-04-06 23:46 - 2010-08-07 10:06 - 0000000 ____D C:\Program Files (x86)\Essentials Codec Pack
2012-04-06 23:46 - 2010-05-31 12:47 - 0000000 ____D C:\Program Files (x86)\WinRAR
2012-04-06 23:46 - 2009-11-02 18:31 - 0000000 ____D C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
2012-04-06 23:46 - 2009-11-02 18:20 - 0000000 ____D C:\Users\All Users\WildTangent
2012-04-06 23:46 - 2009-11-02 18:20 - 0000000 ____D C:\ProgramData\WildTangent
2012-04-06 23:46 - 2009-11-02 18:20 - 0000000 ____D C:\Program Files (x86)\Gateway Games
2012-04-06 23:46 - 2009-11-02 18:14 - 0000000 ____D C:\Program Files (x86)\Launch Manager
2012-04-06 23:46 - 2009-11-02 18:03 - 0000000 ____D C:\Windows\DeployWinRE
2012-04-06 23:46 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\MSBuild
2012-04-06 23:46 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Microsoft Games
2012-04-06 23:46 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\MSBuild
2012-04-06 23:46 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Branding
2012-04-06 23:46 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Windows NT
2012-04-06 23:46 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-04-06 23:46 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-04-06 23:46 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files (x86)\Windows NT
2012-04-06 23:45 - 2012-03-06 18:26 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-04-06 23:45 - 2010-11-07 22:08 - 0000000 ____D C:\Program Files (x86)\AIM
2012-04-06 23:30 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Web
2012-04-06 23:30 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Vss
2012-04-06 23:29 - 2010-11-12 15:29 - 0000000 ____D C:\Windows\SysWOW64\winsawup
2012-04-06 23:29 - 2010-05-29 06:04 - 0000000 ____D C:\Windows\SysWOW64\Lang
2012-04-06 23:29 - 2009-11-02 18:39 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-04-06 23:29 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2012-04-06 23:29 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\spp
2012-04-06 23:29 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\NetworkList
2012-04-06 23:29 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\MUI
2012-04-06 23:28 - 2010-10-12 20:42 - 0000000 ____D C:\Windows\SysWOW64\directx
2012-04-06 23:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-04-06 23:27 - 2012-03-26 20:43 - 0000000 ____D C:\Windows\SysWOW64\Adobe
2012-04-06 23:27 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WindowsPowerShell
2012-04-06 23:26 - 2011-06-08 14:55 - 0000000 ____D C:\Windows\System32\SPReview
2012-04-06 23:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spp
2012-04-06 23:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spool
2012-04-06 23:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\SMI
2012-04-06 23:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NetworkList
2012-04-06 23:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\MUI
2012-04-06 23:25 - 2011-10-25 20:29 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-06 23:25 - 2011-06-08 14:54 - 0000000 ____D C:\Windows\System32\EventProviders
2012-04-06 23:21 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\ServiceProfiles
2012-04-06 23:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\security
2012-04-06 23:20 - 2009-11-02 18:33 - 0000000 ____D C:\Windows\oem
2012-04-06 23:20 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Performance
2012-04-06 23:20 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-04-06 23:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Help
2012-04-06 23:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Globalization
2012-04-06 23:18 - 2012-02-08 03:10 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\Dropbox
2012-04-06 23:18 - 2011-11-22 18:46 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\q9
2012-04-06 23:18 - 2011-05-20 14:03 - 0000000 ____D C:\Users\Joshua\AppData\Local\Sony
2012-04-06 23:18 - 2011-03-12 21:48 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\U3
2012-04-06 23:18 - 2011-02-24 10:10 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\IObit
2012-04-06 23:18 - 2011-02-23 21:02 - 0000000 ____D C:\Users\Joshua\Documents\My Games
2012-04-06 23:18 - 2011-02-23 19:27 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\GameRanger
2012-04-06 23:18 - 2011-02-19 22:57 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\TeamViewer
2012-04-06 23:18 - 2011-02-19 17:15 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\Kalypso Media
2012-04-06 23:18 - 2010-12-28 02:22 - 0000000 ____D C:\Users\Public\CyberLink
2012-04-06 23:18 - 2010-12-06 02:06 - 0000000 ____D C:\Users\Joshua\Documents\Fax
2012-04-06 23:18 - 2010-10-03 15:10 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\.minecraft
2012-04-06 23:18 - 2010-10-02 16:19 - 0000000 ____D C:\Windows\.jagex_cache_32
2012-04-06 23:18 - 2010-09-15 21:51 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\Serif
2012-04-06 23:18 - 2010-08-04 09:56 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\Real
2012-04-06 23:18 - 2010-07-30 05:53 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\WildTangentv1002
2012-04-06 23:18 - 2010-05-29 14:39 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\Skype
2012-04-06 23:18 - 2010-05-29 13:13 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\Adobe
2012-04-06 23:18 - 2010-05-29 13:10 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\Macromedia
2012-04-06 23:18 - 2010-05-29 12:28 - 0000000 ____D C:\Users\Joshua\AppData\LocalLow
2012-04-06 23:18 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-04-06 23:17 - 2012-02-17 14:26 - 0000000 ____D C:\Program Files\Windows Live
2012-04-06 23:17 - 2011-09-07 22:24 - 0000000 ____D C:\Users\All Users\HP Photo Creations
2012-04-06 23:17 - 2011-09-07 22:24 - 0000000 ____D C:\ProgramData\HP Photo Creations
2012-04-06 23:17 - 2011-09-07 22:23 - 0000000 ____D C:\Users\All Users\HP
2012-04-06 23:17 - 2011-09-07 22:23 - 0000000 ____D C:\ProgramData\HP
2012-04-06 23:17 - 2011-08-18 23:50 - 0000000 ____D C:\Users\Joshua\AppData\Local\Facebook
2012-04-06 23:17 - 2011-06-28 01:14 - 0000000 ____D C:\Users\All Users\AOL
2012-04-06 23:17 - 2011-06-28 01:14 - 0000000 ____D C:\ProgramData\AOL
2012-04-06 23:17 - 2011-06-27 23:48 - 0000000 ____D C:\Users\Joshua\AppData\Local\AOL
2012-04-06 23:17 - 2011-06-15 20:23 - 0000000 ____D C:\Users\All Users\Macromedia
2012-04-06 23:17 - 2011-06-15 20:23 - 0000000 ____D C:\ProgramData\Macromedia
2012-04-06 23:17 - 2011-06-15 08:47 - 0000000 ____D C:\Users\All Users\AOL Downloads
2012-04-06 23:17 - 2011-06-15 08:47 - 0000000 ____D C:\ProgramData\AOL Downloads
2012-04-06 23:17 - 2011-04-19 02:31 - 0000000 ____D C:\Users\Guest\AppData\Roaming\Mozilla
2012-04-06 23:17 - 2011-04-19 02:31 - 0000000 ____D C:\Users\Guest\AppData\Local\Mozilla
2012-04-06 23:17 - 2011-04-19 02:30 - 0000000 ____D C:\Users\Guest\AppData\Roaming\Macromedia
2012-04-06 23:17 - 2011-04-19 02:30 - 0000000 ____D C:\Users\Guest\AppData\LocalLow
2012-04-06 23:17 - 2011-04-15 08:13 - 0000000 ____D C:\Users\All Users\PC Drivers HeadQuarters
2012-04-06 23:17 - 2011-04-15 08:13 - 0000000 ____D C:\ProgramData\PC Drivers HeadQuarters
2012-04-06 23:17 - 2011-03-12 20:59 - 0000000 ____D C:\Users\All Users\NexonUS
2012-04-06 23:17 - 2011-03-12 20:59 - 0000000 ____D C:\ProgramData\NexonUS
2012-04-06 23:17 - 2011-01-11 05:49 - 0000000 ____D C:\Users\Joshua\AppData\Local\CAPCOM
2012-04-06 23:17 - 2010-12-26 20:50 - 0000000 ____D C:\Users\All Users\Driver Boost
2012-04-06 23:17 - 2010-12-26 20:50 - 0000000 ____D C:\ProgramData\Driver Boost
2012-04-06 23:17 - 2010-10-12 19:46 - 0000000 ____D C:\Users\All Users\Electronic Arts
2012-04-06 23:17 - 2010-10-12 19:46 - 0000000 ____D C:\ProgramData\Electronic Arts
2012-04-06 23:17 - 2010-10-12 19:43 - 0000000 ____D C:\Users\Joshua\AppData\Local\Downloaded Installations
2012-04-06 23:17 - 2010-08-21 01:16 - 0000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-04-06 23:17 - 2010-08-21 01:16 - 0000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-04-06 23:17 - 2010-08-21 00:53 - 0000000 ____D C:\Users\All Users\Apple Computer
2012-04-06 23:17 - 2010-08-21 00:53 - 0000000 ____D C:\ProgramData\Apple Computer
2012-04-06 23:17 - 2010-06-21 09:20 - 0000000 ____D C:\Program Files\Paint.NET
2012-04-06 23:17 - 2010-06-04 08:20 - 0000000 ____D C:\Users\All Users\Apple
2012-04-06 23:17 - 2010-06-04 08:20 - 0000000 ____D C:\ProgramData\Apple
2012-04-06 23:17 - 2010-05-31 22:09 - 0000000 ____D C:\Users\Joshua\AppData\Local\Microsoft Games
2012-04-06 23:17 - 2010-05-30 18:36 - 0000000 ____D C:\Users\Joshua\AppData\Local\Adobe
2012-04-06 23:17 - 2010-05-29 14:39 - 0000000 ____D C:\Users\All Users\Skype
2012-04-06 23:17 - 2010-05-29 14:39 - 0000000 ____D C:\ProgramData\Skype
2012-04-06 23:17 - 2010-05-29 14:36 - 0000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2012-04-06 23:17 - 2010-05-29 14:36 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2012-04-06 23:17 - 2010-05-29 13:13 - 0000000 ____D C:\Users\Joshua\AppData\Local\Google
2012-04-06 23:17 - 2010-05-29 13:13 - 0000000 ____D C:\Users\All Users\CyberLink
2012-04-06 23:17 - 2010-05-29 13:13 - 0000000 ____D C:\ProgramData\CyberLink
2012-04-06 23:17 - 2010-05-29 12:28 - 0000000 ____D C:\Users\All Users\OEM_E471269A730D
2012-04-06 23:17 - 2010-05-29 12:28 - 0000000 ____D C:\ProgramData\OEM_E471269A730D
2012-04-06 23:17 - 2009-11-02 18:40 - 0000000 ____D C:\Users\All Users\Norton
2012-04-06 23:17 - 2009-11-02 18:40 - 0000000 ____D C:\ProgramData\Norton
2012-04-06 23:17 - 2009-11-02 18:38 - 0000000 ____D C:\Users\All Users\Adobe
2012-04-06 23:17 - 2009-11-02 18:38 - 0000000 ____D C:\ProgramData\Adobe
2012-04-06 23:17 - 2009-11-02 18:37 - 0000000 ____D C:\Users\All Users\Google
2012-04-06 23:17 - 2009-11-02 18:37 - 0000000 ____D C:\ProgramData\Google
2012-04-06 23:17 - 2009-11-02 18:35 - 0000000 ____D C:\Users\All Users\OEM
2012-04-06 23:17 - 2009-11-02 18:35 - 0000000 ____D C:\ProgramData\OEM
2012-04-06 23:17 - 2009-11-02 18:26 - 0000000 ____D C:\Program Files\Microsoft Office
2012-04-06 23:17 - 2009-11-02 18:25 - 0000000 ____D C:\Program Files\Preload
2012-04-06 23:17 - 2009-11-02 18:19 - 0000000 ____D C:\Program Files\Realtek
2012-04-06 23:17 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Reference Assemblies
2012-04-06 23:17 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-04-06 23:16 - 2012-03-06 18:28 - 0000000 ____D C:\Program Files\iTunes
2012-04-06 23:16 - 2012-03-06 18:28 - 0000000 ____D C:\Program Files\iPod
2012-04-06 23:16 - 2012-02-17 13:52 - 0000000 ____D C:\Program Files (x86)\Wondershare
2012-04-06 23:16 - 2012-01-28 02:12 - 0000000 ____D C:\Program Files (x86)\TeamViewer
2012-04-06 23:16 - 2011-12-26 14:17 - 0000000 ____D C:\Program Files (x86)\Jasc Software Inc
2012-04-06 23:16 - 2011-12-21 06:02 - 0000000 ____D C:\Program Files (x86)\Rovio
2012-04-06 23:16 - 2011-11-29 02:16 - 0000000 ____D C:\Program Files (x86)\Samsung
2012-04-06 23:16 - 2011-11-22 18:37 - 0000000 ____D C:\Program Files (x86)\Q9W7B5
2012-04-06 23:16 - 2011-11-10 22:57 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-04-06 23:16 - 2011-09-07 22:23 - 0000000 ____D C:\Program Files (x86)\HP
2012-04-06 23:16 - 2011-09-07 22:22 - 0000000 ____D C:\Program Files\HP
2012-04-06 23:16 - 2011-07-05 04:55 - 0000000 ____D C:\Program Files\CHDICT
2012-04-06 23:16 - 2011-06-08 16:33 - 0000000 ____D C:\Program Files (x86)\IObit
2012-04-06 23:16 - 2011-05-15 17:23 - 0000000 ____D C:\Program Files (x86)\VideoLAN
2012-04-06 23:16 - 2011-05-15 16:37 - 0000000 ____D C:\Program Files (x86)\RIFT Game
2012-04-06 23:16 - 2011-05-05 16:33 - 0000000 ____D C:\Program Files (x86)\WildTangent Games
2012-04-06 23:16 - 2011-03-10 23:29 - 0000000 ____D C:\Program Files\DIFX
2012-04-06 23:16 - 2011-02-23 19:58 - 0000000 ____D C:\Program Files (x86)\Microsoft Games
2012-04-06 23:16 - 2011-02-16 06:02 - 0000000 ____D C:\Program Files (x86)\Microsoft XNA
2012-04-06 23:16 - 2011-02-14 21:47 - 0000000 ____D C:\Program Files (x86)\Steam
2012-04-06 23:16 - 2011-01-16 15:09 - 0000000 ____D C:\Program Files (x86)\REACTOR
2012-04-06 23:16 - 2011-01-11 03:26 - 0000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-04-06 23:16 - 2011-01-09 19:34 - 0000000 ____D C:\Program Files\Alex Feinman
2012-04-06 23:16 - 2011-01-02 17:58 - 0000000 ____D C:\Program Files (x86)\Real
2012-04-06 23:16 - 2010-12-27 19:00 - 0000000 ____D C:\Program Files\Adobe
2012-04-06 23:16 - 2010-12-27 18:58 - 0000000 ____D C:\Program Files\Common Files\Adobe
2012-04-06 23:16 - 2010-12-27 17:26 - 0000000 ____D C:\Program Files (x86)\jan1024188's software
2012-04-06 23:16 - 2010-12-26 20:54 - 0000000 ____D C:\Program Files (x86)\oZone3D
2012-04-06 23:16 - 2010-12-15 21:19 - 0000000 ____D C:\Program Files (x86)\Musicnotes
2012-04-06 23:16 - 2010-12-13 23:50 - 0000000 ____D C:\Program Files (x86)\Ouino languages
2012-04-06 23:16 - 2010-11-26 17:32 - 0000000 ____D C:\Program Files (x86)\WorldOfGoo
2012-04-06 23:16 - 2010-10-29 13:29 - 0000000 ____D C:\Program Files\Lexmark
2012-04-06 23:16 - 2010-09-20 17:01 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-06 23:16 - 2010-08-24 03:34 - 0000000 ____D C:\Program Files (x86)\PopCap Games
2012-04-06 23:16 - 2010-08-22 03:26 - 0000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2012-04-06 23:16 - 2010-08-21 19:57 - 0000000 ____D C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 5.2
2012-04-06 23:16 - 2010-08-21 01:16 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-04-06 23:16 - 2010-05-29 19:50 - 0000000 ____D C:\Program Files (x86)\YouTube Downloader
2012-04-06 23:16 - 2010-05-29 14:41 - 0000000 ____D C:\Program Files (x86)\Java
2012-04-06 23:16 - 2010-05-29 14:39 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-04-06 23:16 - 2010-05-29 13:19 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-04-06 23:16 - 2010-05-29 13:18 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-04-06 23:16 - 2009-11-02 18:37 - 0000000 ____D C:\Program Files (x86)\Google
2012-04-06 23:16 - 2009-11-02 18:34 - 0000000 ____D C:\Program Files\Gateway
2012-04-06 23:16 - 2009-11-02 18:33 - 0000000 ____D C:\Program Files (x86)\NewTech Infosystems
2012-04-06 23:16 - 2009-11-02 18:32 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-04-06 23:16 - 2009-11-02 18:27 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
2012-04-06 23:16 - 2009-11-02 18:25 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-04-06 23:16 - 2009-11-02 18:20 - 0000000 ____D C:\Program Files (x86)\Gateway
2012-04-06 23:16 - 2009-11-02 18:15 - 0000000 ____D C:\Program Files\CONEXANT
2012-04-06 23:16 - 2009-11-02 18:14 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-04-06 23:16 - 2009-11-02 18:14 - 0000000 ____D C:\Program Files (x86)\Realtek
2012-04-06 23:16 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Reference Assemblies
2012-04-06 23:16 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-04-06 23:15 - 2012-04-06 00:50 - 0000000 ____D C:\Program Files (x86)\AVG
2012-04-06 23:15 - 2012-02-17 14:41 - 0000000 ____D C:\Program Files (x86)\Free Audio Editor
2012-04-06 23:15 - 2011-11-10 22:55 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-04-06 23:15 - 2011-09-13 00:01 - 0000000 ____D C:\Program Files (x86)\AVS4YOU
2012-04-06 23:15 - 2011-09-07 16:21 - 0000000 ____D C:\Program Files (x86)\DigiCel
2012-04-06 23:15 - 2011-07-04 22:29 - 0000000 ____D C:\Program Files (x86)\D-Link
2012-04-06 23:15 - 2011-06-28 01:14 - 0000000 ____D C:\Program Files (x86)\AOL Desktop 9.6
2012-04-06 23:15 - 2011-06-14 23:47 - 0000000 ____D C:\e7482c0986f99a4a38b1dcdd1d9b1ada
2012-04-06 23:15 - 2011-06-09 23:26 - 0000000 ____D C:\Program Files (x86)\AhnLab
2012-04-06 23:15 - 2011-03-25 16:30 - 0000000 ____D C:\0368eb3823204c80f4de3d77
2012-04-06 23:15 - 2011-01-09 19:38 - 0000000 ____D C:\Program Files (x86)\Elaborate Bytes
2012-04-06 23:15 - 2011-01-04 20:48 - 0000000 ____D C:\Program Files (x86)\Conduit
2012-04-06 23:15 - 2010-11-26 17:29 - 0000000 ____D C:\Program Files (x86)\Amazon
2012-04-06 23:15 - 2010-10-12 19:42 - 0000000 ____D C:\Program Files (x86)\Electronic Arts
2012-04-06 23:15 - 2010-07-27 04:44 - 0000000 ____D C:\Program Files (x86)\Foxy
2012-04-06 23:15 - 2009-11-02 18:39 - 0000000 ____D C:\Program Files (x86)\CyberLink
2012-04-06 23:15 - 2009-11-02 18:37 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-04-06 23:15 - 2009-11-02 18:25 - 0000000 ___RD C:\MSOCache
2012-04-06 23:15 - 2009-11-02 18:00 - 0000000 ____D C:\OEM
2012-04-06 20:20 - 2012-04-06 20:20 - 0017446 ____A C:\Users\Joshua\AppData\Local\dt.dat
2012-04-06 00:51 - 2012-04-06 00:51 - 0000000 ____D C:\$AVG
2012-04-06 00:38 - 2012-04-06 00:38 - 0071398 ____A (jpshortstuff) C:\Users\Joshua\Downloads\GooredFix.exe
2012-04-05 21:48 - 2011-07-31 06:52 - 0000000 ____D C:\Users\Joshua\riotsGamesLogs
2012-04-05 19:15 - 2012-04-05 19:15 - 0000000 ____A C:\Windows\setuperr.log
2012-04-05 14:42 - 2012-04-03 14:37 - 0000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2466065531-2552485571-3294532832-1000Core.job
2012-04-05 00:12 - 2010-09-29 09:19 - 0000000 ____D C:\Users\Joshua\AppData\Local\ElevatedDiagnostics
2012-04-04 23:46 - 2012-01-14 09:38 - 0925184 ____A C:\Windows\expstart.exe
2012-04-04 23:46 - 2012-01-14 09:38 - 0000000 ____D C:\Windows\W7SOC
2012-04-03 21:16 - 2012-03-05 01:07 - 0000000 ____D C:\Program Files (x86)\PageRage
2012-04-03 21:13 - 2012-04-03 21:12 - 0000104 ____A C:\Windows\System32\SBRC.dat
2012-04-03 20:54 - 2012-04-03 20:54 - 0000537 ____A C:\Windows\wininit.ini
2012-04-03 14:38 - 2012-04-03 14:37 - 0000000 ____D C:\Program Files (x86)\GUM3285.tmp
2012-04-02 21:35 - 2011-07-22 08:35 - 0000000 ____D C:\Users\All Users\YouTube Downloader
2012-04-02 21:35 - 2011-07-22 08:35 - 0000000 ____D C:\ProgramData\YouTube Downloader
2012-04-02 03:14 - 2010-12-27 19:10 - 0000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-04-02 03:14 - 2010-12-27 19:10 - 0000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2012-04-02 02:52 - 2011-11-29 02:16 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\Intelli-studio
2012-04-02 00:25 - 2012-03-22 22:41 - 0000000 ____D C:\Program Files (x86)\CommViewWiFi
2012-04-02 00:23 - 2012-03-22 22:55 - 0000000 ____D C:\Users\All Users\TamoSoft
2012-04-02 00:23 - 2012-03-22 22:55 - 0000000 ____D C:\ProgramData\TamoSoft
2012-03-31 20:36 - 2012-03-31 20:36 - 8738464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-03-31 20:36 - 2012-03-30 23:39 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-03-31 20:36 - 2011-06-16 17:12 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-03-31 20:09 - 2012-03-31 12:07 - 0000000 ____D C:\MGtools
2012-03-31 20:09 - 2012-03-31 02:03 - 0000000 ____D C:\Program Files (x86)\YouTube Downloader Toolbar
2012-03-31 20:08 - 2010-05-29 14:34 - 0000000 ____D C:\Riot Games
2012-03-31 12:22 - 2012-03-31 12:07 - 0454935 ____A C:\MGlogs.zip
2012-03-31 03:21 - 2012-03-31 03:21 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-03-31 03:21 - 2012-03-31 03:21 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-03-31 03:21 - 2012-03-31 03:21 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-03-31 03:21 - 2012-03-31 03:21 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-03-31 03:20 - 2012-03-31 03:20 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-03-31 03:20 - 2012-03-31 03:20 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-03-31 03:20 - 2012-03-31 03:20 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-03-31 03:20 - 2012-03-31 03:20 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-03-31 03:20 - 2012-03-31 03:20 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-03-31 03:20 - 2012-03-31 03:20 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-03-31 02:54 - 2012-03-31 02:54 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\Malwarebytes
2012-03-31 02:09 - 2012-03-31 02:05 - 0133220 ____A C:\TDSSKiller.2.7.23.0_31.03.2012_03.05.34_log.txt
2012-03-31 01:59 - 2012-03-31 01:57 - 0133084 ____A C:\TDSSKiller.2.7.23.0_31.03.2012_02.57.57_log.txt
2012-03-31 01:36 - 2012-03-31 01:28 - 0129854 ____A C:\TDSSKiller.2.7.23.0_31.03.2012_02.28.35_log.txt
2012-03-31 01:24 - 2012-03-31 01:23 - 0133496 ____A C:\TDSSKiller.2.7.23.0_31.03.2012_02.23.34_log.txt
2012-03-31 01:23 - 2012-03-31 01:21 - 0137084 ____A C:\TDSSKiller.2.7.23.0_31.03.2012_02.21.55_log.txt
2012-03-31 01:18 - 2011-01-09 19:10 - 0000000 ____D C:\Program Files (x86)\The Rosetta Stone
2012-03-31 01:09 - 2012-03-31 01:07 - 0130772 ____A C:\TDSSKiller.2.7.23.0_31.03.2012_02.07.31_log.txt
2012-03-31 00:18 - 2012-03-22 03:08 - 0000000 ____D C:\Program Files (x86)\Kismet
2012-03-28 03:30 - 2012-03-28 03:30 - 1121393 ____A C:\Users\Joshua\Downloads\3D Essay.docx
2012-03-28 02:51 - 2012-03-28 02:51 - 0961840 ____H C:\Users\Joshua\Desktop\~WRL2604.tmp
2012-03-28 02:51 - 2012-03-28 02:51 - 0000162 ___AH C:\Users\Joshua\Desktop\~$ Essay.docx
2012-03-26 20:14 - 2012-03-26 20:11 - 16334848 ____A C:\Users\Joshua\Downloads\python-2.7.2.amd64.msi
2012-03-24 16:34 - 2012-03-24 16:34 - 0000000 ____D C:\Users\Joshua\AppData\Local\{8E7A66C0-D503-4C77-A4C4-444C8A3A19B0}
2012-03-23 11:42 - 2012-03-23 11:42 - 0000162 ___AH C:\Users\Joshua\Desktop\~$e Differences between Ethics and Morality.docx
2012-03-23 03:25 - 2012-02-17 14:41 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\Free Audio Editor
2012-03-23 03:17 - 2012-01-10 06:24 - 0000000 ____D C:\Users\Joshua\Documents\Free Sound Recorder
2012-03-22 22:32 - 2010-09-10 17:32 - 0000000 ____D C:\Users\Joshua\AppData\Local\CrashDumps
2012-03-22 03:07 - 2012-03-22 03:07 - 0000000 ____D C:\Program Files (x86)\CACE Technologies
2012-03-21 12:49 - 2012-03-21 12:48 - 0000000 ____D C:\Program Files (x86)\GUMC368.tmp
2012-03-21 02:09 - 2012-03-21 02:08 - 0000000 ____D C:\Program Files (x86)\GUME241.tmp
2012-03-15 22:56 - 2011-02-14 19:13 - 0000132 ____A C:\Users\Joshua\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-03-14 15:35 - 2009-07-13 20:45 - 5045952 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-14 02:03 - 2010-06-16 08:49 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-14 02:02 - 2009-11-02 18:25 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-03-14 02:02 - 2009-11-02 18:25 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-03-09 08:34 - 2011-01-04 20:46 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\uTorrent
2012-03-09 07:22 - 2012-03-09 07:22 - 0000000 ____D C:\Users\Joshua\AppData\Local\{1E54CF58-9B94-4DAA-9896-DC8AC85092F6}
2012-03-09 07:22 - 2012-03-09 07:21 - 0000000 ____D C:\Users\Joshua\AppData\Local\{0D5C667B-3F44-42DA-8CC4-2FB1378521C2}
2012-03-09 07:22 - 2010-10-27 15:27 - 0000000 ____D C:\Users\Joshua\AppData\Local\Windows Live
2012-03-07 15:55 - 2012-03-07 15:55 - 0000162 ___AH C:\Users\Joshua\Desktop\~$dterm Essay.docx
2012-03-06 22:23 - 2012-03-06 21:52 - 0000372 ___AH C:\IPH.PH
2012-03-06 22:23 - 2010-11-07 22:08 - 0000000 ____D C:\Users\Joshua\AppData\Local\AIM
2012-03-05 22:47 - 2012-03-05 22:46 - 0000000 ____D C:\670f1ea96f36ba87aceb25ed1036445d
2012-02-29 21:56 - 2012-02-08 03:12 - 0000000 ___RD C:\Users\Joshua\Dropbox
2012-02-28 21:22 - 2010-06-21 09:20 - 0000000 ____D C:\Users\Joshua\AppData\Local\Paint.NET
2012-02-27 23:34 - 2012-02-27 23:34 - 2236937 ____A C:\Users\Joshua\Downloads\Unit4BrettellUrbanCapitalism.pdf
2012-02-24 04:14 - 2011-01-04 20:47 - 0000000 ____D C:\Program Files (x86)\uTorrent
2012-02-24 03:53 - 2011-09-13 00:03 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\AVS4YOU
2012-02-24 02:52 - 2012-02-24 02:52 - 0000000 ____D C:\Users\Joshua\AppData\Local\{B6E0CA61-1E79-44B8-8C97-3D97A66596EB}
2012-02-24 02:52 - 2012-02-24 02:51 - 0000000 ____D C:\Users\Joshua\AppData\Local\{D4191164-24D4-42AA-B107-7EFAA9243F7F}
2012-02-24 02:24 - 2012-02-24 02:18 - 0000000 ____D C:\Users\Joshua\Downloads\AVS Video Editor 6.0.3.184
2012-02-23 13:24 - 2011-08-17 07:43 - 0024408 ____A (IObit) C:\Windows\System32\RegistryDefragBootTime.exe
2012-02-23 09:18 - 2010-05-29 12:48 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-22 21:35 - 2012-02-22 21:35 - 0000000 ____D C:\Users\Joshua\AppData\Local\{060B8F15-A789-4DBB-9C4E-E2CCDF006410}
2012-02-22 21:35 - 2012-02-22 21:34 - 0000000 ____D C:\Users\Joshua\AppData\Local\{182D7689-84D8-495A-8379-96270DAAE800}
2012-02-19 20:39 - 2012-02-19 20:39 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-02-19 20:39 - 2012-02-19 20:39 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-02-19 20:39 - 2012-02-19 20:39 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-02-19 20:39 - 2010-05-29 14:41 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-02-17 14:36 - 2012-02-17 14:35 - 22873624 ____A C:\Users\Joshua\Downloads\FreeAudioEditor.exe
2012-02-17 14:29 - 2012-02-17 14:29 - 0000000 ____D C:\Windows\en
2012-02-17 14:21 - 2012-02-17 14:21 - 35215136 ____A (WonderShare Software Co.,Ltd. ) C:\Users\Joshua\Downloads\dsb_deluxe_full18.exe
2012-02-17 13:53 - 2012-02-17 13:53 - 0000000 ____D C:\Users\All Users\Wondershare
2012-02-17 13:53 - 2012-02-17 13:53 - 0000000 ____D C:\ProgramData\Wondershare
2012-02-17 12:59 - 2012-02-17 12:58 - 0000000 ____D C:\Users\Joshua\AppData\Local\{6B285510-548C-4485-BBEB-7B32AFCFF3E9}
2012-02-17 12:58 - 2012-02-17 12:58 - 0000000 ____D C:\Users\Joshua\AppData\Local\{ECF66D4E-B2E0-4967-BFC2-10C6D519B015}
2012-02-16 22:38 - 2012-03-13 20:54 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-13 20:54 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-13 20:54 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-13 20:54 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-15 11:18 - 2010-08-04 09:52 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\Media Player Classic
2012-02-14 13:16 - 2011-05-15 17:24 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\vlc
2012-02-11 15:14 - 2012-02-11 15:14 - 36929536 ____A C:\Windows\System32\config\components.iobit
2012-02-09 22:36 - 2012-03-13 20:59 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-03-13 20:59 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-02 20:34 - 2012-03-13 20:59 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-02 14:17 - 2011-09-29 15:41 - 0000000 __SHD C:\Users\Joshua\wc
2012-02-01 21:16 - 2010-12-26 20:30 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\SystemRequirementsLab
2012-02-01 21:16 - 2010-12-26 20:30 - 0000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2012-01-26 15:31 - 2011-12-14 19:32 - 0000000 __SHD C:\Users\Joshua\AppData\Roaming\Cyberduck Updater AU
2012-01-24 22:38 - 2012-03-13 20:54 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 22:38 - 2012-03-13 20:54 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 22:33 - 2012-03-13 20:54 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-21 16:00 - 2012-01-21 16:00 - 1447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-01-21 16:00 - 2012-01-21 16:00 - 0459232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-01-21 16:00 - 2012-01-21 16:00 - 0395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-01-21 16:00 - 2012-01-21 16:00 - 0340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-01-21 16:00 - 2012-01-21 16:00 - 0314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2012-01-21 16:00 - 2012-01-21 16:00 - 0224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-01-21 16:00 - 2012-01-21 16:00 - 0152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-01-21 16:00 - 2012-01-21 16:00 - 0136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-01-21 16:00 - 2012-01-21 16:00 - 0096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-01-21 16:00 - 2012-01-21 16:00 - 0095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-01-21 16:00 - 2012-01-21 16:00 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-01-21 16:00 - 2012-01-21 16:00 - 0029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-01-21 16:00 - 2012-01-21 16:00 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-01-21 16:00 - 2012-01-21 16:00 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-01-16 00:29 - 2012-01-14 07:03 - 0000000 ____D C:\Program Files (x86)\Resource Hacker
2012-01-15 01:10 - 2012-01-11 03:05 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\Audacity
2012-01-15 01:10 - 2012-01-11 03:05 - 0000000 ____D C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
2012-01-15 01:10 - 2012-01-11 01:45 - 0000000 ____D C:\Program Files (x86)\NCH Software
2012-01-15 01:10 - 2012-01-10 06:24 - 0000000 ____D C:\Program Files (x86)\Free Sound Recorder
2012-01-15 01:10 - 2011-05-03 16:41 - 0000000 ____D C:\Windows\SysWOW64\RTCOM
2012-01-14 10:46 - 2012-01-14 10:45 - 0000233 ____A C:\Windows\SysWOW64\authui.il
2012-01-14 10:01 - 2012-01-14 10:00 - 0000006 ____A C:\Windows\IFSOBACKUP.txt
2012-01-14 09:57 - 2012-01-14 09:57 - 0000000 ____D C:\Windows\BACKUPSSS
2012-01-12 08:08 - 2009-10-16 11:03 - 0026728 ____A (TamoSoft) C:\Windows\System32\Drivers\TsLwWfF.sys
2012-01-12 05:26 - 2012-01-12 04:34 - 0000132 ____A C:\Users\Joshua\AppData\Roaming\Adobe BMP Format CS5 Prefs
2012-01-11 01:45 - 2012-01-11 01:45 - 0000000 ____D C:\Users\All Users\NCH Software
2012-01-11 01:45 - 2012-01-11 01:45 - 0000000 ____D C:\ProgramData\NCH Software
2012-01-10 11:31 - 2012-01-10 11:30 - 0000000 ____D C:\b214ec3399fe3edfd2921e
2012-01-10 07:47 - 2012-01-10 07:47 - 0000000 ____D C:\Users\Joshua\AppData\Local\{484271D9-B25F-42EF-9806-B0D70C37FD89}
2012-01-10 07:47 - 2012-01-10 07:47 - 0000000 ____D C:\Users\Joshua\AppData\Local\{29D273EF-8C92-404B-9BA5-FD5506C04B92}
2012-01-10 07:03 - 2012-01-10 06:24 - 0000000 ____D C:\Users\Joshua\AppData\Roaming\Free Sound Recorder

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 4025.98 MB
Available physical RAM: 3430.15 MB
Total Pagefile: 4024.13 MB
Available Pagefile: 3427.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Gateway) (Fixed) (Total:465.76 GB) (Free:347.32 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: (CD_ROM) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS
3 Drive e: (Intelli-studio) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS
4 Drive f: () (Removable) (Total:7.41 GB) (Free:2.69 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 7600 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 1024 KB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Gateway NTFS Partition 465 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7596 MB 4096 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 7596 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-30 02:21

======================= End Of Log ==========================



Thanks again!!~





#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:53 PM

Posted 09 April 2012 - 08:08 AM

Hi, make sure MSE and Spybot are both disabled, it you are unable to, then uninstall them till we are done

please do the following:



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
SubSystems: [Windows] ==> ZeroAccess
1 qgaqpifj; \??\C:\Windows\system32\drivers\qgaqpifj.sys [x]
C:\Windows\system32\drivers\qgaqpifj.sys 
1 lijvcouc; C:\Windows\System32\Drivers\lijvcouc.sys [50000 2012-04-08] (Microsoft Corporation)
1 ugumdetv; C:\Windows\System32\Drivers\ugumdetv.sys [50000 2012-04-08] (Microsoft Corporation)
C:\Windows\System32\Drivers\ugumdetv.sys 
2012-04-08 18:35 - 2012-04-08 18:35 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ugumdetv.sys
2012-04-08 18:25 - 2012-04-08 18:25 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\lijvcouc.sys
2012-04-08 16:30 - 2012-04-08 16:30 - 0709968 ____A C:\Windows\is-G4QS8.exe
2012-04-08 16:30 - 2012-04-08 16:30 - 0010498 ____A C:\Windows\is-G4QS8.msg
2012-04-08 16:30 - 2012-04-08 16:30 - 0000441 ____A C:\Windows\is-G4QS8.lst

end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.


NEXT

Re-Run ComboFix > allow it to update if it asks to do so

(Make sure your security programs are disabled) post the resulting log

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 Carahandoccå

Carahandoccå
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 09 April 2012 - 10:17 AM

Morning,


Everything ran smoothly this time (IMO) so hopefully things went well.



Log from ComboFix:

ComboFix 12-04-09.04 - Joshua 04/09/2012 7:50.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4026.2750 [GMT -7:00]
Running from: c:\users\Joshua\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setup.dll
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.exe
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.ico
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\isRS-000.tmp
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))
.
.
2012-04-09 14:22 . 2012-04-09 14:22 -------- d-----w- c:\users\Joshua\AppData\Roaming\SUPERAntiSpyware.com
2012-04-09 03:40 . 2012-04-09 03:45 -------- d-----w- C:\FRST
2012-04-09 02:59 . 2012-04-09 02:59 -------- d-----we c:\windows\system64
2012-04-08 05:03 . 2012-04-08 05:03 -------- d-----w- c:\users\Joshua\AppData\Local\WinZip
2012-04-08 05:02 . 2012-04-08 05:03 -------- d-----w- c:\programdata\WinZip
2012-04-06 08:53 . 2012-04-06 08:53 -------- d--h--w- c:\programdata\Common Files
2012-04-06 08:51 . 2012-04-07 07:46 -------- d-----w- c:\programdata\AVG2012
2012-04-06 08:51 . 2012-04-06 08:51 -------- d-----w- C:\$AVG
2012-04-06 08:50 . 2012-04-07 07:15 -------- d-----w- c:\program files (x86)\AVG
2012-04-06 08:36 . 2012-04-07 07:46 -------- d-----w- c:\programdata\MFAData
2012-04-04 04:31 . 2012-04-09 14:46 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-04-04 04:31 . 2012-04-09 14:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-04 04:26 . 2011-04-06 00:35 94296 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-04-04 04:26 . 2011-04-06 00:35 60504 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-04-04 04:26 . 2011-04-06 00:35 253528 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-04-04 04:26 . 2011-02-08 16:14 84568 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-04-04 01:20 . 2008-04-17 20:12 126312 ----a-r- c:\windows\system32\GEARAspi64.dll
2012-04-04 01:20 . 2008-04-17 20:12 107368 ----a-r- c:\windows\SysWow64\GEARAspi.dll
2012-04-04 01:20 . 2009-05-18 21:17 34152 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-04-03 22:37 . 2012-04-03 22:38 -------- d-----w- c:\program files (x86)\GUM3285.tmp
2012-04-01 04:36 . 2012-04-01 04:36 8738464 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-31 20:07 . 2012-04-01 04:09 -------- d-----w- C:\MGtools
2012-03-31 10:54 . 2012-03-31 10:54 -------- d-----w- c:\users\Joshua\AppData\Roaming\Malwarebytes
2012-03-31 10:54 . 2012-04-09 03:56 -------- d-----w- c:\programdata\Malwarebytes
2012-03-31 10:53 . 2012-04-09 14:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-31 10:22 . 2012-04-09 14:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-31 10:03 . 2012-04-01 04:09 -------- d-----w- c:\program files (x86)\YouTube Downloader Toolbar
2012-03-31 10:03 . 2012-03-31 10:03 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2012-03-31 07:39 . 2012-04-01 04:36 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-28 02:20 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CF7CEE6A-580F-43A6-9A1F-E6FDCA0CF623}\mpengine.dll
2012-03-27 04:43 . 2012-04-07 07:27 -------- d-----w- c:\windows\SysWow64\Adobe
2012-03-23 06:55 . 2012-04-02 08:23 -------- d-----w- c:\programdata\TamoSoft
2012-03-23 06:41 . 2012-04-02 08:25 -------- d-----w- c:\program files (x86)\CommViewWiFi
2012-03-23 06:12 . 2010-10-08 21:24 1206248 ----a-w- c:\windows\system32\drivers\ts_arusbx.sys
2012-03-22 11:08 . 2012-03-31 08:18 -------- d-----w- c:\program files (x86)\Kismet
2012-03-22 11:07 . 2012-03-22 11:07 -------- d-----w- c:\program files (x86)\CACE Technologies
2012-03-21 20:48 . 2012-03-21 20:49 -------- d-----w- c:\program files (x86)\GUMC368.tmp
2012-03-21 10:08 . 2012-03-21 10:09 -------- d-----w- c:\program files (x86)\GUME241.tmp
2012-03-14 10:06 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 10:06 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 10:06 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 04:59 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 04:59 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 04:59 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 04:54 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 04:54 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 04:54 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 04:54 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 04:54 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 04:54 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 04:54 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-05 07:46 . 2012-01-14 17:38 925184 ----a-w- c:\windows\expstart.exe
2012-04-01 04:36 . 2011-06-17 01:12 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-31 20:22 . 2012-03-31 20:07 454935 ----a-w- C:\MGlogs.zip
2012-02-23 21:24 . 2011-08-17 15:43 24408 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-02-20 04:39 . 2010-05-29 22:41 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-17 22:25 . 2012-02-17 22:25 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-31 12:44 . 2010-05-29 20:48 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-22 00:00 . 2012-01-22 00:00 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-01-22 00:00 . 2012-01-22 00:00 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-22 00:00 . 2012-01-22 00:00 459232 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-22 00:00 . 2012-01-22 00:00 395776 ----a-w- c:\windows\system32\webio.dll
2012-01-22 00:00 . 2012-01-22 00:00 31232 ----a-w- c:\windows\system32\lsass.exe
2012-01-22 00:00 . 2012-01-22 00:00 29184 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-22 00:00 . 2012-01-22 00:00 28160 ----a-w- c:\windows\system32\secur32.dll
2012-01-22 00:00 . 2012-01-22 00:00 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-01-22 00:00 . 2012-01-22 00:00 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-22 00:00 . 2012-01-22 00:00 136192 ----a-w- c:\windows\system32\sspicli.dll
2012-01-22 00:00 . 2012-01-22 00:00 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-22 00:00 . 2012-01-22 00:00 340992 ----a-w- c:\windows\system32\schannel.dll
2012-01-22 00:00 . 2012-01-22 00:00 314880 ----a-w- c:\windows\SysWow64\webio.dll
2012-01-22 00:00 . 2012-01-22 00:00 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2012-01-12 16:08 . 2009-10-16 19:03 26728 ----a-w- c:\windows\system32\drivers\TsLwWfF.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Joshua\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Joshua\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Joshua\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Joshua\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-07 574296]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-12-03 296056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-17 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[BU]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0SBBD.exe /d \Device\HarddiskVolume1\Program Files (x86)\Ad-Aware Antivirus\Engine\Definitions\0SBBD.exe /d \Device\HarddiskVolume1\Program Files (x86)\Ad-Aware Antivirus\Engine\Definitions
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200404]
Ime File REG_SZ Q9W7B5.IME
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-28 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600]
R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 DlinkUDSTcpBus;DlinkUDSTcpBus;SysWOW64\Drivers\DlinkUDSTcpBus.sys [x]
R3 dump_wmimmc;dump_wmimmc; [x]
R3 EagleX64;EagleX64; [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-28 135664]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 npggsvc;nProtect GameGuard Service; [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 ts_arusb;[CommView] Atheros Wireless Network Adapter Service;c:\windows\system32\DRIVERS\ts_arusbx.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-15 913752]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-09-24 62720]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 DlinkUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;SysWOW64\Drivers\DlinkUDSMBus.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 04:36]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-28 01:22]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-28 01:22]
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2466065531-2552485571-3294532832-1000Core.job
- c:\users\Joshua\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-03 22:37]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2466065531-2552485571-3294532832-1000UA.job
- c:\users\Joshua\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-03 22:37]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Joshua\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Joshua\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Joshua\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Joshua\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273605104535l03h4z1h5a4842v24p
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 172.16.2.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Wow6432Node-HKCU-Run-SpybotSD TeaTimer - c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,61,02,57,9b,35,21,d2,43,83,a1,e2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,61,02,57,9b,35,21,d2,43,83,a1,e2,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-04-09 08:10:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-09 15:10
ComboFix2.txt 2012-04-09 01:02
.
Pre-Run: 373,327,171,584 bytes free
Post-Run: 373,206,872,064 bytes free
.
- - End Of File - - B57430679FB9E5C0392B13175C12C868




Log From FRST Fix:

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-04-09 07:43:05 R:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
qgaqpifj service not found.
C:\Windows\system32\drivers\qgaqpifj.sys not found.
lijvcouc service not found.
ugumdetv service not found.
C:\Windows\System32\Drivers\ugumdetv.sys not found.
C:\Windows\System32\Drivers\ugumdetv.sys not found.
C:\Windows\System32\Drivers\lijvcouc.sys not found.
C:\Windows\is-G4QS8.exe not found.
C:\Windows\is-G4QS8.msg not found.
C:\Windows\is-G4QS8.lst not found.

==== End of Fixlog ====













#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:53 PM

Posted 09 April 2012 - 10:32 AM

Hi,

Looks much better,

please run the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish


NEXT



Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 Carahandoccå

Carahandoccå
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 09 April 2012 - 01:23 PM

Hi again,


Computer is running better now, internet doesn't seem to be lagging severely that I checked, gaming is fine - no more weird ms rises and intense pins..
Web browsers, or at least IE right now, does not redirect anymore. Though I am not sure about Chrome.



Anyways here's the Malwarebyte Log:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.09.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Joshua :: JOSHUA-PC [administrator]

Protection: Disabled

4/9/2012 9:11:11 AM
mbam-log-2012-04-09 (09-11-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227847
Time elapsed: 2 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



And the ESETSCAN Log:

C:\ProgramData\YouTube Downloader\ytd_installer.exe probably a variant of Win32/Toolbar.Widgi application
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.DN trojan
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.G trojan
C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.G trojan
C:\Users\All Users\YouTube Downloader\ytd_installer.exe probably a variant of Win32/Toolbar.Widgi application
C:\Users\Joshua\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\13673cb0-56d4a79a a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Joshua\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\51d1c3f7-43866d75 a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Windows\system64\consrv.dll Win64/Sirefef.G trojan


I am worried about the inconveniences that MSE might bring, and therefore I kept it uninstalled. So I am not sure if Alureon.FP still exist, but as I see up there, Sirefef.G is up there as mentioned earlier by the MSE scans. Should I keep it uninstall for now, or do I need some kinds of protection from it?



Anyways thanks a lot!~




#15 Carahandoccå

Carahandoccå
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 09 April 2012 - 01:26 PM

Hi again,


Computer is running better now, internet doesn't seem to be lagging severely that I checked, gaming is fine - no more weird ms rises and intense pins..
Web browsers, or at least IE right now, does not redirect anymore. Though I am not sure about Chrome.



Anyways here's the Malwarebyte Log:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.09.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Joshua :: JOSHUA-PC [administrator]

Protection: Disabled

4/9/2012 9:11:11 AM
mbam-log-2012-04-09 (09-11-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227847
Time elapsed: 2 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



And the ESETSCAN Log:

C:\ProgramData\YouTube Downloader\ytd_installer.exe probably a variant of Win32/Toolbar.Widgi application
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.DN trojan
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.G trojan
C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.G trojan
C:\Users\All Users\YouTube Downloader\ytd_installer.exe probably a variant of Win32/Toolbar.Widgi application
C:\Users\Joshua\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\13673cb0-56d4a79a a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Joshua\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\51d1c3f7-43866d75 a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Windows\system64\consrv.dll Win64/Sirefef.G trojan


I am worried about the inconveniences that MSE might bring, and therefore I kept it uninstalled. So I am not sure if Alureon.FP still exist, but as I see up there, Sirefef.G is up there as mentioned earlier by the MSE scans. Should I keep it uninstall for now, or do I need some kinds of protection from it?



Anyways thanks a lot!~







0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users