Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor.Multi.Zaccess.Gen and SMART HDD


  • This topic is locked This topic is locked
22 replies to this topic

#1 Jay A.

Jay A.

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 16 April 2012 - 10:51 PM

So I've tried almost everything short of erasing everything and starting all over. I was able to remove the SMART HDD but then it came back. I removed it again using Malwarebytes and it seems to be gone but I'm not so sure. The Backdoor.Multi.Zaccess.Gen is really frustrating me. I can't remove it despite all the anti virus programs I've tried. Everytime I use TDSSKILLER, it's still there. I can't go on google or yahoo because I keep on getting redirected. I have Windows 7 64 Bit. I'm in serious need of help.


Thanks so much for any help!
Jay


DDS Log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Dell at 19:48:22 on 2012-04-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2479 [GMT -7:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
D:\Dell\TimeLeft3\TimeLeft.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
mURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: BHO Class: {8b3868b4-eba8-48fa-a19b-e1dfb99066fa} - D:\Dell\Flash Capture\fcbho.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [FreeCT] C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe -autorun
mRun: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
StartupFolder: C:\Users\Dell\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Dell\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TimeLeft.lnk - D:\Dell\TimeLeft3\TimeLeft.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Save F&lash with FlashCapture - D:\Dell\Flash Capture\fciext.dll/FCIEXT.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - res://D:\Dell\Flash Capture\fciext.dll/FCIEXT.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.winkflash.com/photo/loaders/ImageUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4F5627FA-33CD-48A8-972C-D09D67B53C0B} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4F5627FA-33CD-48A8-972C-D09D67B53C0B}\2375942554636363 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4F5627FA-33CD-48A8-972C-D09D67B53C0B}\24F4555403 : DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{4F5627FA-33CD-48A8-972C-D09D67B53C0B}\75962756C6563737 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{6F236DE3-E5AA-43A2-9732-55129218D2E7} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: BHO Class: {8B3868B4-EBA8-48FA-A19B-E1DFB99066FA} - D:\Dell\Flash Capture\fcbho.dll
BHO-X64: FCBHOBHO Class - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
IE-X64: {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - res://D:\Dell\Flash Capture\fciext.dll/FCIEXT.htm
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\4b9xtrjk.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdflt.sys --> C:\Windows\system32\DRIVERS\stdflt.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-4 92160]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-4-11 784792]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-17 155648]
R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-12-14 60928]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-4-15 793048]
R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-4 206064]
R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [2011-8-1 317328]
R2 WDFMEService;WDFMEService;C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [2011-8-1 1978256]
R2 WDRulesService;WDRulesService;C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-8-1 1338256]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?]
R3 pnetmdm;PdaNet Modem;C:\Windows\system32\DRIVERS\pnetmdm64.sys --> C:\Windows\system32\DRIVERS\pnetmdm64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-8 135664]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-2-13 654408]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 253088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-8 135664]
S3 HtcUsbMdmV64;HTC Proprietary USB Driver;C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys --> C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys [?]
S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\system32\DRIVERS\HtcVComV64.sys --> C:\Windows\system32\DRIVERS\HtcVComV64.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-9-21 315664]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-04-17 02:37:09 -------- d-----w- C:\Users\Dell\AppData\Local\visi_coupon
2012-04-17 02:08:02 230952 -c--a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-04-17 02:07:40 -------- d-----w- C:\Users\Dell\AppData\Roaming\TestApp
2012-04-17 02:03:17 -------- d-----w- C:\Users\Dell\AppData\Roaming\Registry Mechanic
2012-04-16 02:39:28 880640 -c--a-w- C:\Windows\SysWow64\UniBox10.ocx
2012-04-16 02:39:28 658432 -c--a-w- C:\Windows\SysWow64\MSCOMCT2.OCX
2012-04-16 02:39:28 512472 -c--a-w- C:\Windows\SysWow64\msxml.dll
2012-04-16 02:39:28 40408 -c--a-w- C:\Windows\System32\CleanMFT64.exe
2012-04-16 02:39:28 212992 -c--a-w- C:\Windows\SysWow64\UniBoxVB12.ocx
2012-04-16 02:39:28 1101824 -c--a-w- C:\Windows\SysWow64\UniBox210.ocx
2012-04-16 02:39:27 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-04-16 02:39:26 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-04-16 02:39:06 -------- dc----w- C:\ProgramData\PC Tools
2012-04-16 02:39:06 -------- d-----w- C:\Users\Dell\AppData\Roaming\Product_RM
2012-04-16 01:13:04 -------- dc----w- C:\sh4ldr
2012-04-16 01:13:04 -------- d-----w- C:\Program Files\Enigma Software Group
2012-04-16 01:12:28 -------- dc----w- C:\Windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-04-15 22:51:28 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-15 22:51:28 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-04-15 19:47:39 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-04-15 18:59:13 0 -csha-w- C:\Windows\System32\dds_trash_log.cmd
2012-04-15 03:28:55 -------- dc----we C:\Windows\system64
2012-04-14 18:32:36 -------- d-----w- C:\Users\Dell\AppData\Roaming\Reallusion
2012-04-14 18:31:47 -------- d-----w- C:\Users\Dell\AppData\Roaming\Windows Live Writer
2012-04-14 18:31:47 -------- d-----w- C:\Users\Dell\AppData\Local\Windows Live Writer
2012-04-14 17:53:18 -------- dcsh--w- C:\$RECYCLE.BIN
2012-04-14 16:57:51 -------- dc----w- C:\TDSSKiller_Quarantine
2012-04-14 15:33:26 98816 -c--a-w- C:\Windows\sed.exe
2012-04-14 15:33:26 518144 -c--a-w- C:\Windows\SWREG.exe
2012-04-14 15:33:26 256000 -c--a-w- C:\Windows\PEV.exe
2012-04-14 15:33:26 208896 -c--a-w- C:\Windows\MBR.exe
2012-04-14 00:19:22 8766112 -c--a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-13 23:11:57 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D0F3B0FA-6673-4154-A989-3897D91AEDB9}\mpengine.dll
2012-04-13 22:37:06 -------- dcsh--w- C:\Windows\SysWow64\%APPDATA%
2012-04-11 22:59:48 -------- d-----w- C:\Program Files (x86)\YouTube Downloader Toolbar
2012-04-11 22:59:48 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2012-04-11 22:59:48 -------- d-----w- C:\Program Files (x86)\Application Updater
2012-04-11 04:26:07 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-11 04:26:07 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 04:26:07 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-11 04:26:06 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-11 04:26:06 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-11 04:26:06 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-11 04:26:06 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-09 00:38:27 -------- d-sh--w- C:\Users\Dell\AppData\Roaming\Total Anti Malware Protection
2012-04-09 00:38:26 -------- dcsh--w- C:\ProgramData\TAQQMP
2012-04-09 00:37:25 -------- dcsh--w- C:\ProgramData\c60f4f
2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-04-03 13:20:35 418464 -c--a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-04-14 00:19:36 70304 -c--a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-11 04:28:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-11 04:28:46 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-04-11 04:28:46 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-04-11 04:28:46 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-04-11 04:28:46 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-04-11 04:28:46 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-04-11 04:28:46 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-04-11 04:28:46 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-04-11 04:28:16 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-11 04:28:16 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-11 04:28:16 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-04 22:56:40 24904 -c--a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-17 17:24:18 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-17 17:24:14 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-17 17:24:14 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-17 17:24:14 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-17 17:24:12 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-17 17:24:12 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-17 17:22:14 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-17 17:22:14 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-17 17:22:14 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-17 17:22:14 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-23 16:18:36 279656 -c----w- C:\Windows\System32\MpSigStub.exe
2012-02-15 06:24:18 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-15 06:24:18 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-15 06:19:32 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-15 06:19:32 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-15 06:19:04 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-15 06:18:35 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-15 06:18:35 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2010-05-28 01:12:12 8354440 ----a-w- C:\Program Files\Firefox Setup 3.6.3.exe
2010-05-23 17:47:11 2394408 ----a-w- C:\Program Files\mp3tagv246asetup.exe
2010-05-20 21:10:47 232704 ----a-w- C:\Program Files\yahoo_toolbar_install_helper.exe
2010-05-20 05:59:23 98435368 ----a-w- C:\Program Files\iTunes64Setup.exe
2010-05-20 04:34:47 12383736 ----a-w- C:\Program Files\picasa36-setup.exe
2009-07-10 20:39:00 350720 ----a-w- C:\Program Files\hjsplit.exe
.
============= FINISH: 19:50:35.27 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:50 PM

Posted 16 April 2012 - 11:44 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Jay A.

Jay A.
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 17 April 2012 - 08:27 PM

Thanks for the quick reply! Here is my scan for the Farbar Recovery Scan Tool

Scan result of Farbar Recovery Scan Tool Version: 16-04-2012
Ran by SYSTEM at 17-04-2012 18:19:47
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8123936 2009-10-04] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1822504 2009-08-23] (Synaptics Incorporated)
HKLM-x32\...\Run: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [206064 2009-05-20] (SupportSoft, Inc.)
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-03-22] (Nullsoft, Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKLM-x32\...\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [981856 2012-04-11] (Spigot, Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103896 2012-03-21] (PC Tools)
HKU\Dell\...\Run: [FreeCT] C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe -autorun [1995088 2011-11-17] (Comfort Software Group)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253088 2012-04-13] (Adobe Systems Incorporated)
2 Application Updater; "C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe" [784792 2012-04-11] (Spigot, Inc.)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2009-06-23] ()
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [315664 2009-09-21] ()
2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2012-03-21] (PC Tools)
2 vmnetuserif; C:\Windows\System32\was.dll [6656 2009-07-13] (Oak Technology Inc.)
2 WDDMService; "C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe" [317328 2011-08-01] (WDC)
2 WDFMEService; "C:\Program Files\Western Digital\WD SmartWare\WDFME.exe" [1978256 2011-08-01] (Western Digital )
2 WDRulesService; "C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe" [1338256 2011-08-01] (Western Digital )
2 btwdins; c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [x]
2 SPService; c:\windows\system32\%appdata%\sp.dll [x]

========================== Drivers (Whitelisted) =============

3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 HtcUsbMdmV64; C:\Windows\System32\Drivers\HtcUsbMdmV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
1 PCTSD; C:\Windows\System32\Drivers\PCTSD64.sys [230952 2012-02-24] (PC Tools)
3 pneteth; C:\Windows\System32\Drivers\pneteth.sys [15360 2010-09-02] (June Fabrics Technology Inc.)
2 SecDrv; C:\Windows\SysWow64\Drivers\SecDrv.sys [11376 2003-08-27] ()
3 wdkmd; C:\Windows\System32\Drivers\wdkmd.sys [36760 2009-10-14] (Intel® Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: vmnetuserif

============ One Month Created Files and Folders ==============

2012-04-17 15:02 - 2012-04-14 21:51 - 1386117 ____A C:\Users\Dell\Desktop\FRST64.exe
2012-04-16 19:35 - - 0001891 ____A C:\Users\Dell\Desktop\ark.txt
2012-04-16 18:51 - 2012-04-16 19:35 - 0018190 ____A C:\Users\Dell\Desktop\Attach.txt
2012-04-16 18:51 - 2012-04-16 18:16 - 0029087 ____A C:\Users\Dell\Desktop\DDS.txt
2012-04-16 18:45 - 2011-04-09 22:23 - 0935175 ____A C:\Users\Dell\Desktop\RSITx64.exe
2012-04-16 18:37 - 2010-11-11 19:53 - 0000000 ____D C:\Users\Dell\AppData\Local\visi_coupon
2012-04-16 18:32 - 2012-04-17 15:02 - 0302592 ____A C:\Users\Dell\Desktop\gmer.exe
2012-04-16 18:18 - 2011-07-16 21:21 - 0294216 ____A C:\Users\Dell\Desktop\gmer.zip
2012-04-16 18:16 - 2012-04-16 18:51 - 0607260 ____R (Swearware) C:\Users\Dell\Desktop\dds.scr
2012-04-16 18:08 - 2009-07-13 17:45 - 0230952 ___AC (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
2012-04-16 18:07 - 2012-04-16 18:45 - 3712464 ____A (PC Tools) C:\Users\Dell\Desktop\SD_Online_aff_GenericRevenueWire_207.exe
2012-04-16 18:07 - 2010-01-11 16:08 - 0000000 ____D C:\Users\Dell\AppData\Roaming\TestApp
2012-04-16 18:03 - 2012-04-14 10:32 - 0000000 ____D C:\Users\Dell\AppData\Roaming\Registry Mechanic
2012-04-16 18:00 - 2009-07-13 17:14 - 0000894 ___AC C:\Windows\SysWOW64\AppLog.log
2012-04-16 17:41 - 2012-04-15 20:27 - 0133938 ___AC C:\TDSSKiller.2.7.28.0_16.04.2012_18.41.00_log.txt
2012-04-15 19:28 - 2012-04-15 16:42 - 0133684 ___AC C:\TDSSKiller.2.7.28.0_15.04.2012_20.28.25_log.txt
2012-04-15 18:40 - 2012-04-17 17:16 - 0000302 ___AC C:\Windows\Tasks\RMSchedule.job
2012-04-15 18:40 - 2012-04-17 16:23 - 0000300 ___AC C:\Windows\Tasks\RMAutoUpdate.job
2012-04-15 18:39 - 2012-04-14 22:41 - 0001327 ____A C:\Users\Public\Desktop\PC Tools Registry Mechanic.lnk
2012-04-15 18:39 - 2011-06-25 11:32 - 0000000 ___DC C:\Users\All Users\PC Tools
2012-04-15 18:39 - 2011-06-25 11:32 - 0000000 ___DC C:\ProgramData\PC Tools
2012-04-15 18:39 - 2011-06-25 11:31 - 0000000 ____D C:\Program Files (x86)\PC Tools
2012-04-15 18:39 - 2011-05-13 15:22 - 0000000 ____D C:\Users\Dell\AppData\Roaming\Product_RM
2012-04-15 18:39 - 2010-11-20 04:19 - 0658432 ___AC (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2012-04-15 18:39 - 2009-07-13 17:40 - 0040408 ___AC C:\Windows\System32\CleanMFT64.exe
2012-04-15 18:39 - 2009-07-13 17:16 - 0880640 ___AC (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBox10.ocx
2012-04-15 18:39 - 2009-07-13 17:15 - 0512472 ___AC (Microsoft Corporation) C:\Windows\SysWOW64\msxml.dll
2012-04-15 18:39 - 2008-04-02 15:54 - 0212992 ___AC (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBoxVB12.ocx
2012-04-15 18:39 - 2008-04-02 15:53 - 1101824 ___AC (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBox210.ocx
2012-04-15 18:34 - 2010-11-21 15:37 - 17824216 ____A (PC Tools) C:\Users\Dell\Downloads\rminstall.exe
2012-04-15 17:13 - 2012-04-14 09:23 - 0000000 ___DC C:\sh4ldr
2012-04-15 17:13 - 2011-04-26 18:10 - 0000000 ____D C:\Program Files\Enigma Software Group
2012-04-15 17:12 - - 0000000 ___DC C:\Windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-04-15 16:12 - 2012-04-15 15:21 - 0133614 ___AC C:\TDSSKiller.2.7.28.0_15.04.2012_17.12.29_log.txt
2012-04-15 14:26 - 2012-04-15 11:28 - 0131262 ___AC C:\TDSSKiller.2.7.28.0_15.04.2012_15.26.02_log.txt
2012-04-15 11:26 - 2012-04-15 10:59 - 0133572 ___AC C:\TDSSKiller.2.7.28.0_15.04.2012_12.26.00_log.txt
2012-04-15 11:10 - 2012-04-15 18:38 - 943174817 ____A C:\Users\Dell\Downloads\SH2AGOS.2011.720p.BR.900MB.ShAaNiG.rar
2012-04-15 10:59 - 2009-07-13 17:40 - 0000000 _ASHC C:\Windows\System32\dds_trash_log.cmd
2012-04-15 10:58 - 2012-04-15 10:56 - 0132226 ___AC C:\TDSSKiller.2.7.28.0_15.04.2012_11.58.07_log.txt
2012-04-15 10:55 - 2012-04-14 08:58 - 0134998 ___AC C:\TDSSKiller.2.7.28.0_15.04.2012_11.55.24_log.txt
2012-04-15 10:51 - 2012-04-14 09:53 - 2071600 ____A (Kaspersky Lab ZAO) C:\Users\Dell\Downloads\TDSSKiller.exe
2012-04-15 10:28 - 2012-04-10 15:55 - 2052353 ____A C:\Users\Dell\Downloads\tdsskiller.zip
2012-04-14 22:41 - - 0001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-14 22:35 - 2011-04-26 18:19 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Dell\Desktop\mbam-setup-1.61.0.1400.exe
2012-04-14 22:11 - 2012-04-14 22:11 - 0000168 ___AC C:\Users\All Users\-XoJ8SCDUJETSC2r
2012-04-14 22:11 - 2012-04-14 22:11 - 0000168 ___AC C:\ProgramData\-XoJ8SCDUJETSC2r
2012-04-14 22:11 - 2012-04-14 20:54 - 0000000 ___AC C:\Users\All Users\-XoJ8SCDUJETSC2
2012-04-14 22:11 - 2012-04-14 20:54 - 0000000 ___AC C:\ProgramData\-XoJ8SCDUJETSC2
2012-04-14 22:08 - 2010-01-23 14:22 - 0000256 ___AC C:\Users\All Users\XoJ8SCDUJETSC2
2012-04-14 22:08 - 2010-01-23 14:22 - 0000256 ___AC C:\ProgramData\XoJ8SCDUJETSC2
2012-04-14 21:39 - 2012-03-25 13:59 - 0008588 ____A C:\Users\Dell\Documents\unhide.txt
2012-04-14 20:54 - 2012-04-14 20:54 - 0000168 ___AC C:\Users\All Users\-qhApYSIY6lo9krr
2012-04-14 20:54 - 2012-04-14 20:54 - 0000168 ___AC C:\ProgramData\-qhApYSIY6lo9krr
2012-04-14 20:54 - 2009-12-14 03:38 - 0000256 ___AC C:\Users\All Users\qhApYSIY6lo9kr
2012-04-14 20:54 - 2009-12-14 03:38 - 0000256 ___AC C:\ProgramData\qhApYSIY6lo9kr
2012-04-14 20:54 - - 0000000 ___AC C:\Users\All Users\-qhApYSIY6lo9kr
2012-04-14 20:54 - - 0000000 ___AC C:\ProgramData\-qhApYSIY6lo9kr
2012-04-14 19:28 - 2012-04-17 16:56 - 0000000 ___DC C:\Windows\system64
2012-04-14 10:32 - 2012-04-15 18:39 - 0000000 ____D C:\Users\Dell\AppData\Roaming\Reallusion
2012-04-14 10:31 - 2012-02-29 16:44 - 0000000 ____D C:\Users\Dell\AppData\Local\Windows Live Writer
2012-04-14 10:31 - 2010-10-29 09:59 - 0000000 ____D C:\Users\Dell\AppData\Roaming\Windows Live Writer
2012-04-14 10:31 - 2010-01-11 15:52 - 0000000 ____D C:\Users\Dell\Documents\My Weblog Posts
2012-04-14 09:53 - 2012-04-15 14:18 - 0000909 ____A C:\Users\Dell\Downloads\TDSSKiller - Shortcut.lnk
2012-04-14 09:53 - 2010-10-23 16:34 - 0000891 ____A C:\Users\Dell\Downloads\ComboFix - Shortcut.lnk
2012-04-14 09:53 - - 0000000 _SHDC C:\$RECYCLE.BIN
2012-04-14 09:23 - 2012-04-14 14:25 - 0027697 ___AC C:\ComboFix.txt
2012-04-14 09:06 - 2010-05-21 22:59 - 0060416 ___AC (NirSoft) C:\Windows\NIRCMD.exe
2012-04-14 08:57 - 2012-04-16 18:03 - 0000000 ___DC C:\TDSSKiller_Quarantine
2012-04-14 08:49 - 2012-04-17 15:43 - 0136136 ___AC C:\TDSSKiller.2.7.28.0_14.04.2012_09.49.58_log.txt
2012-04-14 08:06 - 2012-04-14 08:06 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-04-14 08:06 - 2012-04-14 08:06 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-04-14 08:06 - 2012-04-14 08:06 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-04-14 08:06 - 2012-04-14 08:06 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-04-14 08:06 - 2012-04-14 08:06 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-04-14 08:06 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-04-14 08:06 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-04-14 08:06 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-04-14 08:06 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-04-14 08:06 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-04-14 07:39 - 2010-02-15 18:12 - 0000000 ____D C:\Users\Dell\Documents\Outlook Files
2012-04-14 07:33 - 2012-04-15 18:39 - 0000000 ___DC C:\Qoobox
2012-04-14 07:33 - 2012-04-13 14:50 - 0518144 ___AC (SteelWerX) C:\Windows\SWREG.exe
2012-04-14 07:33 - 2011-04-26 18:08 - 0208896 ___AC C:\Windows\MBR.exe
2012-04-14 07:33 - 2009-07-13 23:50 - 0080412 ___AC C:\Windows\grep.exe
2012-04-14 07:33 - 2009-07-13 21:37 - 0000000 ___DC C:\Windows\ERDNT
2012-04-14 07:33 - 2009-07-13 21:32 - 0256000 ___AC C:\Windows\PEV.exe
2012-04-14 07:33 - 2009-07-13 19:20 - 0098816 ___AC C:\Windows\sed.exe
2012-04-14 07:33 - 2009-07-13 17:39 - 0068096 ___AC C:\Windows\zip.exe
2012-04-14 07:33 - 2000-08-30 16:00 - 0406528 ___AC (SteelWerX) C:\Windows\SWSC.exe
2012-04-14 07:19 - 2012-04-06 14:49 - 0000000 ____D C:\Users\Dell\Documents\Dell WebCam Central
2012-04-14 07:19 - 2010-10-23 16:34 - 0000000 ____D C:\Users\Dell\AppData\Roaming\Creative
2012-04-14 07:19 - 2009-12-14 03:54 - 0000000 ___DC C:\Users\All Users\Creative
2012-04-14 07:19 - 2009-12-14 03:54 - 0000000 ___DC C:\ProgramData\Creative
2012-04-14 07:18 - - 0001980 ____A C:\Users\Dell\Start Menu\Programs\Startup\Dell Dock.lnk
2012-04-14 07:18 - - 0001980 ____A C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
2012-04-13 19:15 - 2011-04-12 19:00 - 0399264 ____A (Bleeping Computer, LLC) C:\Users\Dell\Downloads\unhide.exe
2012-04-13 18:41 - 2012-04-13 15:08 - 0282448 ___AC C:\Windows\Minidump\041312-76502-01.dmp
2012-04-13 18:41 - 2009-07-13 21:32 - 454495776 ____A C:\Windows\MEMORY.DMP
2012-04-13 18:41 - 2009-07-13 17:39 - 0379766 ___AC C:\Windows\ntbtlog.txt
2012-04-13 18:35 - 2012-04-14 22:38 - 10063024 ____A (Malwarebytes Corporation ) C:\Users\Dell\Desktop\mbam-setup.exe
2012-04-13 16:19 - 2012-04-13 16:19 - 8766112 ___AC (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-13 16:01 - 2012-04-08 07:46 - 0282448 ___AC C:\Windows\Minidump\041312-27237-01.dmp
2012-04-13 15:08 - 2012-04-13 16:01 - 0282456 ___AC C:\Windows\Minidump\041312-30763-01.dmp
2012-04-13 14:50 - 2009-06-10 12:31 - 0000000 ___DC C:\Windows\Sun
2012-04-13 14:37 - - 0000000 _SHDC C:\Windows\SysWOW64\%APPDATA%
2012-04-11 19:44 - 2011-07-17 09:23 - 0000162 ____A C:\Users\Dell\Documents\~$Brag Sheet. April 10, 2012.doc
2012-04-11 14:59 - 2012-03-01 00:38 - 0000000 ____D C:\Program Files (x86)\YouTube Downloader Toolbar
2012-04-11 14:59 - 2011-07-03 07:04 - 0000000 ____D C:\Program Files (x86)\Application Updater
2012-04-10 20:28 - 2012-04-10 20:28 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-10 20:28 - 2012-04-10 20:28 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-10 20:28 - 2012-04-10 20:28 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-10 20:28 - 2011-05-02 21:29 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-10 20:28 - 2011-05-02 20:30 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-10 20:28 - 2011-04-26 18:08 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-10 20:28 - 2011-04-26 18:08 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-10 20:28 - 2011-04-26 18:08 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-10 20:28 - 2011-04-26 18:08 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-10 20:28 - 2011-04-26 18:08 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-10 20:28 - 2011-04-26 18:08 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-10 20:28 - 2011-04-26 18:08 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-10 20:28 - 2011-04-26 18:08 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-10 20:28 - 2010-11-20 05:27 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-10 20:28 - 2010-11-20 04:21 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-10 20:28 - 2009-07-13 17:41 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-10 20:28 - 2009-07-13 17:41 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-10 20:28 - 2009-07-13 17:38 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-10 20:28 - 2009-07-13 17:16 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-04-10 20:28 - 2009-07-13 17:16 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-10 20:28 - 2009-07-13 17:16 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-10 20:28 - 2009-07-13 17:14 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-10 20:26 - 2009-07-13 17:47 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-10 20:26 - 2009-07-13 17:41 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-10 20:26 - 2009-07-13 17:38 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-10 20:26 - 2009-07-13 17:33 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-10 20:26 - 2009-07-13 17:16 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-10 20:26 - 2009-07-13 17:14 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-10 20:26 - 2009-07-13 17:11 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-08 16:38 - 2012-01-15 17:51 - 0000000 __SHD C:\Users\Dell\AppData\Roaming\Total Anti Malware Protection
2012-04-08 16:38 - 2010-01-19 14:23 - 0000000 _SHDC C:\Users\All Users\TAQQMP
2012-04-08 16:38 - 2010-01-19 14:23 - 0000000 _SHDC C:\ProgramData\TAQQMP
2012-04-08 16:37 - 2010-11-11 19:53 - 0000000 _SHDC C:\Users\All Users\c60f4f
2012-04-08 16:37 - 2010-11-11 19:53 - 0000000 _SHDC C:\ProgramData\c60f4f
2012-04-08 07:46 - - 0282456 ___AC C:\Windows\Minidump\040812-27346-01.dmp
2012-04-07 22:03 - 2012-04-16 18:07 - 0000721 ____A C:\Users\Dell\Desktop\Spain Playlist (ended at Chantal K).lnk
2012-04-06 14:49 - 2010-09-18 19:19 - 0000000 ____D C:\Users\Dell\Documents\Colby Music
2012-04-03 05:21 - - 0000830 ___AC C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-03 05:20 - 2009-07-13 17:14 - 0418464 ___AC (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-03-26 19:45 - 2011-10-11 20:12 - 0013415 ____A C:\Users\Dell\Documents\ISOPREP.docx
2012-03-25 13:59 - 2011-05-15 08:31 - 0153314 ____A C:\Users\Dell\Documents\Travel-State Dept.docx
2012-03-21 15:10 - 2012-03-26 20:04 - 0217820 ____A C:\Users\Dell\Documents\ISOPREP.pdf


============ 3 Months Modified Files and Folders =============

2012-04-17 18:20 - 2012-04-17 18:19 - 0000000 ___DC C:\FRST
2012-04-17 17:16 - 2012-04-15 18:40 - 0000300 ___AC C:\Windows\Tasks\RMAutoUpdate.job
2012-04-17 17:15 - 2011-04-08 19:27 - 0000890 ___AC C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-17 17:15 - 2009-07-13 21:08 - 0000006 __AHC C:\Windows\Tasks\SA.DAT
2012-04-17 17:15 - 2009-07-13 20:51 - 0151204 ___AC C:\Windows\setupact.log
2012-04-17 17:14 - 2012-04-03 05:21 - 0000830 ___AC C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-17 17:12 - 2009-07-13 21:10 - 2063320 ___AC C:\Windows\WindowsUpdate.log
2012-04-17 17:12 - 2009-07-13 20:45 - 0014240 ___AC C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-17 17:12 - 2009-07-13 20:45 - 0014240 ___AC C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-17 17:10 - 2012-04-15 10:59 - 0000000 _ASHC C:\Windows\System32\dds_trash_log.cmd
2012-04-17 17:02 - 2009-12-14 19:11 - 1169746 ___AC C:\Windows\PFRO.log
2012-04-17 17:02 - 2009-11-19 23:14 - 0000000 ___DC C:\DELL
2012-04-17 16:56 - 2009-07-13 21:13 - 0761236 ___AC C:\Windows\System32\PerfStringBackup.INI
2012-04-17 16:23 - 2011-04-08 19:27 - 0000894 ___AC C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-17 15:02 - 2012-04-17 15:02 - 1386117 ____A C:\Users\Dell\Desktop\FRST64.exe
2012-04-17 15:00 - 2012-04-13 14:37 - 0000000 _SHDC C:\Windows\SysWOW64\%APPDATA%
2012-04-16 19:35 - 2012-04-16 19:35 - 0001891 ____A C:\Users\Dell\Desktop\ark.txt
2012-04-16 18:51 - 2012-04-16 18:51 - 0029087 ____A C:\Users\Dell\Desktop\DDS.txt
2012-04-16 18:51 - 2012-04-16 18:51 - 0018190 ____A C:\Users\Dell\Desktop\Attach.txt
2012-04-16 18:45 - 2012-04-16 18:45 - 0935175 ____A C:\Users\Dell\Desktop\RSITx64.exe
2012-04-16 18:40 - 2012-04-15 17:13 - 0000000 ___DC C:\sh4ldr
2012-04-16 18:38 - 2012-04-15 17:12 - 0000000 ___DC C:\Windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-04-16 18:37 - 2012-04-16 18:37 - 0000000 ____D C:\Users\Dell\AppData\Local\visi_coupon
2012-04-16 18:18 - 2012-04-16 18:18 - 0294216 ____A C:\Users\Dell\Desktop\gmer.zip
2012-04-16 18:16 - 2012-04-16 18:16 - 0607260 ____R (Swearware) C:\Users\Dell\Desktop\dds.scr
2012-04-16 18:10 - 2012-04-15 18:39 - 0000000 ____D C:\Program Files (x86)\PC Tools
2012-04-16 18:07 - 2012-04-16 18:07 - 3712464 ____A (PC Tools) C:\Users\Dell\Desktop\SD_Online_aff_GenericRevenueWire_207.exe
2012-04-16 18:07 - 2012-04-16 18:07 - 0000000 ____D C:\Users\Dell\AppData\Roaming\TestApp
2012-04-16 18:03 - 2012-04-16 18:03 - 0000000 ____D C:\Users\Dell\AppData\Roaming\Registry Mechanic
2012-04-16 18:03 - 2012-04-16 18:00 - 0000894 ___AC C:\Windows\SysWOW64\AppLog.log
2012-04-16 18:03 - 2012-04-16 17:41 - 0133938 ___AC C:\TDSSKiller.2.7.28.0_16.04.2012_18.41.00_log.txt
2012-04-16 18:03 - 2012-04-15 18:40 - 0000302 ___AC C:\Windows\Tasks\RMSchedule.job
2012-04-16 18:03 - 2012-04-14 08:57 - 0000000 ___DC C:\TDSSKiller_Quarantine
2012-04-15 20:27 - 2012-04-15 19:28 - 0133684 ___AC C:\TDSSKiller.2.7.28.0_15.04.2012_20.28.25_log.txt
2012-04-15 20:26 - 2010-04-24 15:18 - 0013109 ____A C:\Users\Dell\Documents\Movies.txt
2012-04-15 20:25 - 2010-02-13 11:14 - 0000000 ____D C:\Users\Dell\AppData\Roaming\vlc
2012-04-15 18:39 - 2012-04-15 18:39 - 0001327 ____A C:\Users\Public\Desktop\PC Tools Registry Mechanic.lnk
2012-04-15 18:39 - 2012-04-15 18:39 - 0000000 ___DC C:\Users\All Users\PC Tools
2012-04-15 18:39 - 2012-04-15 18:39 - 0000000 ___DC C:\ProgramData\PC Tools
2012-04-15 18:39 - 2012-04-15 18:39 - 0000000 ____D C:\Users\Dell\AppData\Roaming\Product_RM
2012-04-15 18:38 - 2012-04-15 18:34 - 17824216 ____A (PC Tools) C:\Users\Dell\Downloads\rminstall.exe
2012-04-15 17:13 - 2012-04-15 17:13 - 0000000 ____D C:\Program Files\Enigma Software Group
2012-04-15 16:42 - 2012-04-15 16:12 - 0133614 ___AC C:\TDSSKiller.2.7.28.0_15.04.2012_17.12.29_log.txt
2012-04-15 15:21 - 2012-04-15 14:26 - 0131262 ___AC C:\TDSSKiller.2.7.28.0_15.04.2012_15.26.02_log.txt
2012-04-15 14:51 - 2010-05-27 17:12 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-15 14:18 - 2012-04-15 11:10 - 943174817 ____A C:\Users\Dell\Downloads\SH2AGOS.2011.720p.BR.900MB.ShAaNiG.rar
2012-04-15 11:28 - 2012-04-15 11:26 - 0133572 ___AC C:\TDSSKiller.2.7.28.0_15.04.2012_12.26.00_log.txt
2012-04-15 11:22 - 2010-01-11 15:52 - 0000000 ____D C:\Users\Dell\AppData\LocalLow
2012-04-15 10:59 - 2012-04-15 10:58 - 0132226 ___AC C:\TDSSKiller.2.7.28.0_15.04.2012_11.58.07_log.txt
2012-04-15 10:56 - 2012-04-15 10:55 - 0134998 ___AC C:\TDSSKiller.2.7.28.0_15.04.2012_11.55.24_log.txt
2012-04-15 10:28 - 2012-04-15 10:28 - 2052353 ____A C:\Users\Dell\Downloads\tdsskiller.zip
2012-04-14 23:26 - 2012-04-14 21:39 - 0008588 ____A C:\Users\Dell\Documents\unhide.txt
2012-04-14 22:41 - 2012-04-14 22:41 - 0001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-14 22:41 - 2010-02-13 07:07 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-14 22:40 - 2012-04-13 18:41 - 0379766 ___AC C:\Windows\ntbtlog.txt
2012-04-14 22:38 - 2012-04-14 22:35 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Dell\Desktop\mbam-setup-1.61.0.1400.exe
2012-04-14 22:11 - 2012-04-14 22:11 - 0000168 ___AC C:\Users\All Users\-XoJ8SCDUJETSC2r
2012-04-14 22:11 - 2012-04-14 22:11 - 0000168 ___AC C:\ProgramData\-XoJ8SCDUJETSC2r
2012-04-14 22:11 - 2012-04-14 22:11 - 0000000 ___AC C:\Users\All Users\-XoJ8SCDUJETSC2
2012-04-14 22:11 - 2012-04-14 22:11 - 0000000 ___AC C:\ProgramData\-XoJ8SCDUJETSC2
2012-04-14 22:11 - 2012-04-14 22:08 - 0000256 ___AC C:\Users\All Users\XoJ8SCDUJETSC2
2012-04-14 22:11 - 2012-04-14 22:08 - 0000256 ___AC C:\ProgramData\XoJ8SCDUJETSC2
2012-04-14 21:51 - 2010-10-29 18:40 - 0000000 ___RD C:\Users\Dell\Desktop\Finances
2012-04-14 20:54 - 2012-04-14 20:54 - 0000256 ___AC C:\Users\All Users\qhApYSIY6lo9kr
2012-04-14 20:54 - 2012-04-14 20:54 - 0000256 ___AC C:\ProgramData\qhApYSIY6lo9kr
2012-04-14 20:54 - 2012-04-14 20:54 - 0000168 ___AC C:\Users\All Users\-qhApYSIY6lo9krr
2012-04-14 20:54 - 2012-04-14 20:54 - 0000168 ___AC C:\ProgramData\-qhApYSIY6lo9krr
2012-04-14 20:54 - 2012-04-14 20:54 - 0000000 ___AC C:\Users\All Users\-qhApYSIY6lo9kr
2012-04-14 20:54 - 2012-04-14 20:54 - 0000000 ___AC C:\ProgramData\-qhApYSIY6lo9kr
2012-04-14 19:28 - 2012-04-14 19:28 - 0000000 ___DC C:\Windows\system64
2012-04-14 18:17 - 2009-07-13 19:20 - 0000000 ___DC C:\Windows\System32\sysprep
2012-04-14 18:13 - 2010-10-16 11:42 - 0000000 ____D C:\Program Files\DivX
2012-04-14 18:13 - 2010-10-16 11:41 - 0000000 ____D C:\Program Files (x86)\DivX
2012-04-14 18:13 - 2010-10-16 11:40 - 0000000 ___DC C:\Users\All Users\DivX
2012-04-14 18:13 - 2010-10-16 11:40 - 0000000 ___DC C:\ProgramData\DivX
2012-04-14 14:25 - 2012-04-14 09:53 - 0000000 _SHDC C:\$RECYCLE.BIN
2012-04-14 10:32 - 2012-04-14 10:32 - 0000000 ____D C:\Users\Dell\AppData\Roaming\Reallusion
2012-04-14 10:32 - 2012-04-14 07:19 - 0000000 ___DC C:\Users\All Users\Creative
2012-04-14 10:32 - 2012-04-14 07:19 - 0000000 ___DC C:\ProgramData\Creative
2012-04-14 10:32 - 2012-04-14 07:19 - 0000000 ____D C:\Users\Dell\Documents\Dell WebCam Central
2012-04-14 10:31 - 2012-04-14 10:31 - 0000000 ____D C:\Users\Dell\Documents\My Weblog Posts
2012-04-14 10:31 - 2012-04-14 10:31 - 0000000 ____D C:\Users\Dell\AppData\Roaming\Windows Live Writer
2012-04-14 10:31 - 2012-04-14 10:31 - 0000000 ____D C:\Users\Dell\AppData\Local\Windows Live Writer
2012-04-14 09:53 - 2012-04-14 09:53 - 0000909 ____A C:\Users\Dell\Downloads\TDSSKiller - Shortcut.lnk
2012-04-14 09:53 - 2012-04-14 09:53 - 0000891 ____A C:\Users\Dell\Downloads\ComboFix - Shortcut.lnk
2012-04-14 09:23 - 2012-04-14 09:23 - 0027697 ___AC C:\ComboFix.txt
2012-04-14 09:23 - 2012-04-14 07:33 - 0000000 ___DC C:\Qoobox
2012-04-14 09:21 - 2009-07-13 18:34 - 0000215 ___AC C:\Windows\system.ini
2012-04-14 08:58 - 2012-04-14 08:49 - 0136136 ___AC C:\TDSSKiller.2.7.28.0_14.04.2012_09.49.58_log.txt
2012-04-14 08:15 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-04-14 08:12 - 2012-04-14 07:33 - 0000000 ___DC C:\Windows\ERDNT
2012-04-14 08:07 - 2009-07-13 18:34 - 72089600 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-04-14 08:07 - 2009-07-13 18:34 - 19136512 ____A C:\Windows\System32\config\SYSTEM.bak
2012-04-14 08:07 - 2009-07-13 18:34 - 0524288 ____A C:\Windows\System32\config\DEFAULT.bak
2012-04-14 08:07 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-04-14 08:07 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SAM.bak
2012-04-14 08:06 - 2012-04-14 08:06 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-04-14 08:06 - 2012-04-14 08:06 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-04-14 08:06 - 2012-04-14 08:06 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-04-14 08:06 - 2012-04-14 08:06 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-04-14 08:06 - 2012-04-14 08:06 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-04-14 08:06 - 2012-04-14 08:06 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-04-14 08:06 - 2012-04-14 08:06 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-04-14 08:06 - 2012-04-14 08:06 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-04-14 08:06 - 2012-04-14 08:06 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-04-14 08:06 - 2012-04-14 08:06 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-04-14 08:05 - 2009-07-13 21:32 - 0000000 ___DC C:\Windows\Downloaded Program Files
2012-04-14 07:39 - 2012-04-14 07:39 - 0000000 ____D C:\Users\Dell\Documents\Outlook Files
2012-04-14 07:19 - 2012-04-14 07:19 - 0000000 ____D C:\Users\Dell\AppData\Roaming\Creative
2012-04-14 07:18 - 2012-04-14 07:18 - 0001980 ____A C:\Users\Dell\Start Menu\Programs\Startup\Dell Dock.lnk
2012-04-14 07:18 - 2012-04-14 07:18 - 0001980 ____A C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
2012-04-13 19:15 - 2012-04-13 19:15 - 0399264 ____A (Bleeping Computer, LLC) C:\Users\Dell\Downloads\unhide.exe
2012-04-13 18:41 - 2012-04-13 18:41 - 454495776 ____A C:\Windows\MEMORY.DMP
2012-04-13 18:41 - 2012-04-13 18:41 - 0282448 ___AC C:\Windows\Minidump\041312-76502-01.dmp
2012-04-13 18:41 - 2011-09-29 21:33 - 0000000 ___DC C:\Windows\Minidump
2012-04-13 18:36 - 2012-04-13 18:35 - 10063024 ____A (Malwarebytes Corporation ) C:\Users\Dell\Desktop\mbam-setup.exe
2012-04-13 16:19 - 2012-04-13 16:19 - 8766112 ___AC (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-13 16:19 - 2012-04-03 05:20 - 0418464 ___AC (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-13 16:19 - 2011-05-15 07:04 - 0070304 ___AC (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-13 16:01 - 2012-04-13 16:01 - 0282448 ___AC C:\Windows\Minidump\041312-27237-01.dmp
2012-04-13 15:08 - 2012-04-13 15:08 - 0282456 ___AC C:\Windows\Minidump\041312-30763-01.dmp
2012-04-13 14:50 - 2012-04-13 14:50 - 0000000 ___DC C:\Windows\Sun
2012-04-12 16:27 - 2012-01-13 23:14 - 0076288 ____A C:\Users\Dell\Documents\~ Brag Sheet. April 10, 2012.doc
2012-04-11 19:44 - 2012-04-11 19:44 - 0000162 ____A C:\Users\Dell\Documents\~$Brag Sheet. April 10, 2012.doc
2012-04-11 14:59 - 2012-04-11 14:59 - 0000000 ____D C:\Program Files (x86)\YouTube Downloader Toolbar
2012-04-11 14:59 - 2012-04-11 14:59 - 0000000 ____D C:\Program Files (x86)\Application Updater
2012-04-10 20:28 - 2012-04-10 20:28 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-10 20:28 - 2012-04-10 20:28 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-04-10 20:28 - 2012-04-10 20:28 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-10 20:28 - 2012-04-10 20:28 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-10 20:28 - 2012-04-10 20:28 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-10 20:28 - 2012-04-10 20:28 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-10 20:28 - 2012-04-10 20:28 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-10 20:28 - 2012-04-10 20:28 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-10 20:26 - 2012-04-10 20:26 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-10 20:26 - 2012-04-10 20:26 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-10 20:26 - 2012-04-10 20:26 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-10 20:26 - 2012-04-10 20:26 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-10 20:26 - 2012-04-10 20:26 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-10 20:26 - 2012-04-10 20:26 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-10 20:26 - 2012-04-10 20:26 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-10 20:26 - 2010-01-11 22:37 - 57249312 ___AC (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-10 15:55 - 2012-04-15 10:51 - 2071600 ____A (Kaspersky Lab ZAO) C:\Users\Dell\Downloads\TDSSKiller.exe
2012-04-08 17:09 - 2012-04-08 16:37 - 0000000 _SHDC C:\Users\All Users\c60f4f
2012-04-08 17:09 - 2012-04-08 16:37 - 0000000 _SHDC C:\ProgramData\c60f4f
2012-04-08 16:40 - 2012-04-08 16:38 - 0000000 __SHD C:\Users\Dell\AppData\Roaming\Total Anti Malware Protection
2012-04-08 16:38 - 2012-04-08 16:38 - 0000000 _SHDC C:\Users\All Users\TAQQMP
2012-04-08 16:38 - 2012-04-08 16:38 - 0000000 _SHDC C:\ProgramData\TAQQMP
2012-04-08 07:46 - 2012-04-08 07:46 - 0282456 ___AC C:\Windows\Minidump\040812-27346-01.dmp
2012-04-08 07:14 - 2011-07-26 20:59 - 0000000 ____D C:\Users\Dell\AppData\Roaming\InstallShield
2012-04-07 22:03 - 2012-04-07 22:03 - 0000721 ____A C:\Users\Dell\Desktop\Spain Playlist (ended at Chantal K).lnk
2012-04-06 14:49 - 2012-04-06 14:49 - 0000000 ____D C:\Users\Dell\Documents\Colby Music
2012-04-04 14:56 - 2010-02-13 07:07 - 0024904 ___AC (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-26 20:04 - 2012-03-26 19:45 - 0013415 ____A C:\Users\Dell\Documents\ISOPREP.docx
2012-03-26 19:46 - 2012-03-21 15:10 - 0217820 ____A C:\Users\Dell\Documents\ISOPREP.pdf
2012-03-25 13:59 - 2012-03-25 13:59 - 0153314 ____A C:\Users\Dell\Documents\Travel-State Dept.docx
2012-03-21 21:09 - 2010-12-28 20:25 - 0000000 ____D C:\Users\Dell\Documents\Archives
2012-03-21 18:41 - 2009-07-13 19:20 - 0000000 ___DC C:\Windows\System32\NDF
2012-03-21 11:23 - 2012-04-15 18:39 - 0512472 ___AC (Microsoft Corporation) C:\Windows\SysWOW64\msxml.dll
2012-03-21 11:23 - 2012-04-15 18:39 - 0040408 ___AC C:\Windows\System32\CleanMFT64.exe
2012-03-17 16:07 - 2009-07-13 20:45 - 0444488 ___AC C:\Windows\System32\FNTCACHE.DAT
2012-03-17 09:24 - 2012-03-17 08:02 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-17 09:24 - 2012-03-17 08:02 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-17 09:24 - 2012-03-17 08:02 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-17 09:24 - 2012-03-17 08:00 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-17 09:24 - 2012-03-17 08:00 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-17 09:24 - 2012-03-17 08:00 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-03-17 09:22 - 2012-03-17 08:00 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-17 09:22 - 2012-03-17 08:00 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-17 09:22 - 2012-03-17 08:00 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-17 09:22 - 2012-03-17 08:00 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-17 09:22 - 2010-02-06 12:18 - 0000000 ___DC C:\Users\All Users\Yahoo! Companion
2012-03-17 09:22 - 2010-02-06 12:18 - 0000000 ___DC C:\ProgramData\Yahoo! Companion
2012-03-01 11:28 - 2010-09-24 18:55 - 0000000 ___RD C:\Users\Dell\Documents\Scanned Documents
2012-03-01 00:38 - 2012-03-01 00:38 - 0000000 ___DC C:\Users\All Users\YouTube Downloader
2012-03-01 00:38 - 2012-03-01 00:38 - 0000000 ___DC C:\ProgramData\YouTube Downloader
2012-03-01 00:38 - 2012-03-01 00:38 - 0000000 ____D C:\Program Files (x86)\YouTube Downloader
2012-02-29 16:44 - 2012-02-26 11:04 - 0000000 ____D C:\Users\Dell\AppData\Local\Western_Digital
2012-02-28 20:06 - 2010-11-26 14:03 - 0000000 ___RD C:\Users\Dell\Desktop\To Be Printed
2012-02-28 10:03 - 2012-02-28 10:03 - 0776232 ____A (Adobe Systems Incorporated) C:\Users\Dell\Downloads\install_flashplayer11x64_mssd_aih.exe
2012-02-28 07:54 - 2012-02-28 07:54 - 0000000 ____D C:\Users\Default\AppData\Local\Western Digital
2012-02-28 07:54 - 2012-02-28 07:54 - 0000000 ____D C:\Users\Default User\AppData\Local\Western Digital
2012-02-28 07:54 - 2012-02-26 10:58 - 0000000 ___DC C:\Users\All Users\Western Digital
2012-02-28 07:54 - 2012-02-26 10:58 - 0000000 ___DC C:\ProgramData\Western Digital
2012-02-28 07:53 - 2012-02-28 07:53 - 0000000 ____D C:\Program Files\Western Digital
2012-02-28 07:52 - 2012-02-28 07:52 - 0120944 ___AC C:\Windows\System32\GDIPFONTCACHEV1.DAT
2012-02-26 07:55 - 2012-02-26 07:54 - 0000000 ____D C:\Program Files\iTunes
2012-02-26 07:55 - 2012-01-11 18:06 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-02-26 07:54 - 2012-02-26 07:54 - 0000000 ____D C:\Program Files\iPod
2012-02-26 07:54 - 2010-05-19 22:00 - 0000000 ___DC C:\Users\All Users\Apple Computer
2012-02-26 07:54 - 2010-05-19 22:00 - 0000000 ___DC C:\ProgramData\Apple Computer
2012-02-25 10:53 - 2009-07-13 21:08 - 0032574 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-02-24 09:36 - 2012-04-16 18:08 - 0230952 ___AC (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
2012-02-23 08:18 - 2010-01-14 08:16 - 0279656 ____C (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-21 16:31 - 2010-12-18 18:53 - 0000000 ____D C:\Users\Dell\AppData\Local\Microsoft Help
2012-02-15 15:15 - 2010-01-11 16:08 - 0000174 ___SH C:\Users\Dell\Start Menu\Programs\Startup\desktop.ini
2012-02-15 15:15 - 2010-01-11 16:08 - 0000174 ___SH C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-14 22:24 - 2012-02-14 16:08 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-02-14 22:24 - 2012-02-14 16:08 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-02-14 22:24 - 2012-02-14 16:08 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-02-14 22:24 - 2012-02-14 16:08 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-02-14 22:19 - 2012-02-14 16:06 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-02-14 22:19 - 2012-02-14 16:06 - 0498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-02-14 22:19 - 2012-02-14 16:06 - 0478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2012-02-14 22:18 - 2012-02-14 16:05 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-02-14 22:18 - 2012-02-14 16:05 - 0634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-02-06 20:17 - 2012-01-11 17:54 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-01-29 15:07 - 2012-01-29 14:23 - 1447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-01-29 15:07 - 2012-01-29 14:23 - 0459232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-01-29 15:07 - 2012-01-29 14:23 - 0395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-01-29 15:07 - 2012-01-29 14:23 - 0340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-01-29 15:07 - 2012-01-29 14:23 - 0314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2012-01-29 15:07 - 2012-01-29 14:23 - 0224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-01-29 15:07 - 2012-01-29 14:23 - 0152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-01-29 15:07 - 2012-01-29 14:23 - 0136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-01-29 15:07 - 2012-01-29 14:23 - 0096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-01-29 15:07 - 2012-01-29 14:23 - 0095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-01-29 15:07 - 2012-01-29 14:23 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-01-29 15:07 - 2012-01-29 14:23 - 0029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-01-29 15:07 - 2012-01-29 14:23 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-01-29 15:07 - 2012-01-29 14:23 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-01-21 10:14 - 2011-10-16 16:36 - 0120944 ___AC C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 3892.54 MB
Available physical RAM: 3270.96 MB
Total Pagefile: 3890.69 MB
Available Pagefile: 3259.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:58.59 GB) (Free:17.33 GB) NTFS
2 Drive d: () (Fixed) (Total:397.29 GB) (Free:200.58 GB) NTFS
4 Drive g: () (Fixed) (Total:298.09 GB) (Free:208.59 GB) NTFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (RECOVERY) (Fixed) (Total:9.77 GB) (Free:3.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 9 MB
Disk 1 Online 298 GB 1024 KB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 100 MB 1024 KB
Partition 2 Primary 9 GB 101 MB
Partition 3 Primary 58 GB 9 GB
Partition 0 Extended 397 GB 68 GB
Partition 4 Logical 397 GB 68 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 100 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 9 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 58 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D NTFS Partition 397 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 31 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G NTFS Partition 298 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-09 11:39

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:50 PM

Posted 17 April 2012 - 08:56 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ==> ZeroAccess
2 vmnetuserif; C:\Windows\System32\was.dll [6656 2009-07-13] (Oak Technology Inc.)
C:\Windows\System32\was.dll
NETSVC: vmnetuserif

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Jay A.

Jay A.
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 17 April 2012 - 09:20 PM

Ok. Here is the latest log.



Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 16-04-2012
Ran by SYSTEM at 2012-04-17 19:16:13 R:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
vmnetuserif service deleted successfully.
C:\Windows\System32\was.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs vmnetuserif Deleted successfully.

==== End of Fixlog ====

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:50 PM

Posted 17 April 2012 - 09:31 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Jay A.

Jay A.
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 17 April 2012 - 10:17 PM

I've been trying to attach the log and copy and paste it, but it states that my log is too big (539kb). Is there any particular part of the log that I can just copy and paste without posting the entire log? Thanks!

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:50 PM

Posted 17 April 2012 - 10:32 PM

upload it to mediafire.com and send me the link here


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Jay A.

Jay A.
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 17 April 2012 - 10:38 PM

Here it is. I hope I did it right.

http://www.mediafire.com/view/?nz4nndidbsw52jx

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:50 PM

Posted 17 April 2012 - 10:51 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Jay A.

Jay A.
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 17 April 2012 - 11:03 PM

Here is my latest Farbar log.



Scan result of Farbar Recovery Scan Tool Version: 16-04-2012
Ran by SYSTEM at 17-04-2012 20:56:48
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8123936 2009-10-04] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1822504 2009-08-23] (Synaptics Incorporated)
HKLM-x32\...\Run: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [206064 2009-05-20] (SupportSoft, Inc.)
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-03-22] (Nullsoft, Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKLM-x32\...\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [981856 2012-04-11] (Spigot, Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103896 2012-03-21] (PC Tools)
HKU\Dell\...\Run: [FreeCT] C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe -autorun [1995088 2011-11-17] (Comfort Software Group)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

==================== Services (Whitelisted) ======

3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253088 2012-04-13] (Adobe Systems Incorporated)
2 Application Updater; "C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe" [784792 2012-04-11] (Spigot, Inc.)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2009-06-23] ()
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [315664 2009-09-21] ()
2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2012-03-21] (PC Tools)
2 WDDMService; "C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe" [317328 2011-08-01] (WDC)
2 WDFMEService; "C:\Program Files\Western Digital\WD SmartWare\WDFME.exe" [1978256 2011-08-01] (Western Digital )
2 WDRulesService; "C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe" [1338256 2011-08-01] (Western Digital )
2 btwdins; c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [x]

========================== Drivers (Whitelisted) =============

3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 HtcUsbMdmV64; C:\Windows\System32\Drivers\HtcUsbMdmV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
1 PCTSD; C:\Windows\System32\Drivers\PCTSD64.sys [230952 2012-02-24] (PC Tools)
3 pneteth; C:\Windows\System32\Drivers\pneteth.sys [15360 2010-09-02] (June Fabrics Technology Inc.)
2 SecDrv; C:\Windows\SysWow64\Drivers\SecDrv.sys [11376 2003-08-27] ()
3 wdkmd; C:\Windows\System32\Drivers\wdkmd.sys [36760 2009-10-14] (Intel® Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-17 19:06 - 2012-04-17 19:10 - 0198841 ____A C:\Users\Dell\Desktop\ComboFix2.txt
2012-04-17 19:06 - 2012-04-17 18:57 - 0353898 ____A C:\Users\Dell\Desktop\ComboFix1.txt
2012-04-17 18:57 - 2012-04-17 18:33 - 0552739 ____A C:\Users\Dell\Desktop\ComboFix.txt
2012-04-17 18:53 - 2012-04-17 18:57 - 0552739 ___AC C:\ComboFix.txt
2012-04-17 18:51 - - 0000000 _SHDC C:\$RECYCLE.BIN
2012-04-17 18:46 - - 0000027 ___AC C:\Windows\System32\Drivers\etc\hosts
2012-04-17 18:33 - 2012-04-16 18:51 - 4466721 ____R (Swearware) C:\Users\Dell\Desktop\ComboFix.exe
2012-04-17 18:19 - 2009-12-14 19:09 - 0000000 ___DC C:\FRST
2012-04-17 15:02 - 2012-04-14 21:51 - 1386117 ____A C:\Users\Dell\Desktop\FRST64.exe
2012-04-16 19:35 - - 0001891 ____A C:\Users\Dell\Desktop\ark.txt
2012-04-16 18:51 - 2012-04-16 19:35 - 0018190 ____A C:\Users\Dell\Desktop\Attach.txt
2012-04-16 18:51 - 2012-04-16 18:16 - 0029087 ____A C:\Users\Dell\Desktop\DDS.txt
2012-04-16 18:45 - 2011-04-09 22:23 - 0935175 ____A C:\Users\Dell\Desktop\RSITx64.exe
2012-04-16 18:37 - 2010-11-11 19:53 - 0000000 ____D C:\Users\Dell\AppData\Local\visi_coupon
2012-04-16 18:32 - 2012-04-17 15:02 - 0302592 ____A C:\Users\Dell\Desktop\gmer.exe
2012-04-16 18:16 - 2012-04-17 19:10 - 0607260 ____R (Swearware) C:\Users\Dell\Desktop\dds.scr
2012-04-16 18:08 - 2009-07-13 17:45 - 0230952 ___AC (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
2012-04-16 18:07 - 2012-04-16 18:45 - 3712464 ____A (PC Tools) C:\Users\Dell\Desktop\SD_Online_aff_GenericRevenueWire_207.exe
2012-04-16 18:07 - 2010-01-11 16:08 - 0000000 ____D C:\Users\Dell\AppData\Roaming\TestApp
2012-04-16 18:03 - 2012-04-14 10:32 - 0000000 ____D C:\Users\Dell\AppData\Roaming\Registry Mechanic
2012-04-16 18:00 - 2009-07-13 17:14 - 0000432 ___AC C:\Windows\SysWOW64\AppLog.log
2012-04-16 17:41 - 2012-04-15 20:27 - 0133938 ___AC C:\TDSSKiller.2.7.28.0_16.04.2012_18.41.00_log.txt
2012-04-15 19:28 - 2012-04-15 16:42 - 0133684 ___AC C:\TDSSKiller.2.7.28.0_15.04.2012_20.28.25_log.txt
2012-04-15 18:40 - 2012-04-17 19:54 - 0000302 ___AC C:\Windows\Tasks\RMSchedule.job
2012-04-15 18:40 - 2012-04-17 19:23 - 0000300 ___AC C:\Windows\Tasks\RMAutoUpdate.job
2012-04-15 18:39 - 2012-04-14 22:41 - 0001327 ____A C:\Users\Public\Desktop\PC Tools Registry Mechanic.lnk
2012-04-15 18:39 - 2011-06-25 11:32 - 0000000 ___DC C:\Users\All Users\PC Tools
2012-04-15 18:39 - 2011-06-25 11:32 - 0000000 ___DC C:\ProgramData\PC Tools
2012-04-15 18:39 - 2011-06-25 11:31 - 0000000 ____D C:\Program Files (x86)\PC Tools
2012-04-15 18:39 - 2011-05-13 15:22 - 0000000 ____D C:\Users\Dell\AppData\Roaming\Product_RM
2012-04-15 18:39 - 2010-11-20 04:19 - 0658432 ___AC (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2012-04-15 18:39 - 2009-07-13 17:40 - 0040408 ___AC C:\Windows\System32\CleanMFT64.exe
2012-04-15 18:39 - 2009-07-13 17:16 - 0880640 ___AC (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBox10.ocx
2012-04-15 18:39 - 2009-07-13 17:15 - 0512472 ___AC (Microsoft Corporation) C:\Windows\SysWOW64\msxml.dll
2012-04-15 18:39 - 2008-04-02 15:54 - 0212992 ___AC (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBoxVB12.ocx
2012-04-15 18:39 - 2008-04-02 15:53 - 1101824 ___AC (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBox210.ocx
2012-04-15 18:34 - 2010-11-21 15:37 - 17824216 ____A (PC Tools) C:\Users\Dell\Downloads\rminstall.exe
2012-04-15 17:13 - 2012-04-17 18:53 - 0000000 ___DC C:\sh4ldr
2012-04-15 17:13 - 2011-04-26 18:10 - 0000000 ____D C:\Program Files\Enigma Software Group
2012-04-15 17:12 - - 0000000 ___DC C:\Windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-04-15 16:12 - 2012-04-15 15:21 - 0133614 ___AC C:\TDSSKiller.2.7.28.0_15.04.2012_17.12.29_log.txt
2012-04-15 14:26 - 2012-04-15 11:28 - 0131262 ___AC C:\TDSSKiller.2.7.28.0_15.04.2012_15.26.02_log.txt
2012-04-15 11:26 - 2012-04-15 10:59 - 0133572 ___AC C:\TDSSKiller.2.7.28.0_15.04.2012_12.26.00_log.txt
2012-04-15 11:10 - 2012-04-15 18:38 - 943174817 ____A C:\Users\Dell\Downloads\SH2AGOS.2011.720p.BR.900MB.ShAaNiG.rar
2012-04-15 10:58 - 2012-04-15 10:56 - 0132226 ___AC C:\TDSSKiller.2.7.28.0_15.04.2012_11.58.07_log.txt
2012-04-15 10:55 - 2012-04-14 08:58 - 0134998 ___AC C:\TDSSKiller.2.7.28.0_15.04.2012_11.55.24_log.txt
2012-04-15 10:51 - 2012-04-14 09:53 - 2071600 ____A (Kaspersky Lab ZAO) C:\Users\Dell\Downloads\TDSSKiller.exe
2012-04-15 10:28 - 2012-04-10 15:55 - 2052353 ____A C:\Users\Dell\Downloads\tdsskiller.zip
2012-04-14 22:41 - - 0001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-14 22:35 - 2011-04-26 18:19 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Dell\Desktop\mbam-setup-1.61.0.1400.exe
2012-04-14 22:11 - 2012-04-14 22:11 - 0000168 ___AC C:\Users\All Users\-XoJ8SCDUJETSC2r
2012-04-14 22:11 - 2012-04-14 22:11 - 0000168 ___AC C:\ProgramData\-XoJ8SCDUJETSC2r
2012-04-14 22:11 - 2012-04-14 20:54 - 0000000 ___AC C:\Users\All Users\-XoJ8SCDUJETSC2
2012-04-14 22:11 - 2012-04-14 20:54 - 0000000 ___AC C:\ProgramData\-XoJ8SCDUJETSC2
2012-04-14 21:39 - 2012-03-25 13:59 - 0008588 ____A C:\Users\Dell\Documents\unhide.txt
2012-04-14 20:54 - 2012-04-14 20:54 - 0000168 ___AC C:\Users\All Users\-qhApYSIY6lo9krr
2012-04-14 20:54 - 2012-04-14 20:54 - 0000168 ___AC C:\ProgramData\-qhApYSIY6lo9krr
2012-04-14 20:54 - - 0000000 ___AC C:\Users\All Users\-qhApYSIY6lo9kr
2012-04-14 20:54 - - 0000000 ___AC C:\ProgramData\-qhApYSIY6lo9kr
2012-04-14 19:28 - 2012-04-17 19:03 - 0000000 ___DC C:\Windows\system64
2012-04-14 10:32 - 2012-04-15 18:39 - 0000000 ____D C:\Users\Dell\AppData\Roaming\Reallusion
2012-04-14 10:31 - 2012-02-29 16:44 - 0000000 ____D C:\Users\Dell\AppData\Local\Windows Live Writer
2012-04-14 10:31 - 2010-10-29 09:59 - 0000000 ____D C:\Users\Dell\AppData\Roaming\Windows Live Writer
2012-04-14 10:31 - 2010-01-11 15:52 - 0000000 ____D C:\Users\Dell\Documents\My Weblog Posts
2012-04-14 09:53 - 2012-04-15 14:18 - 0000909 ____A C:\Users\Dell\Downloads\TDSSKiller - Shortcut.lnk
2012-04-14 09:53 - 2010-10-23 16:34 - 0000891 ____A C:\Users\Dell\Downloads\ComboFix - Shortcut.lnk
2012-04-14 09:06 - 2010-05-21 22:59 - 0060416 ___AC (NirSoft) C:\Windows\NIRCMD.exe
2012-04-14 08:57 - 2012-04-16 18:03 - 0000000 ___DC C:\TDSSKiller_Quarantine
2012-04-14 08:49 - 2012-04-17 18:36 - 0136136 ___AC C:\TDSSKiller.2.7.28.0_14.04.2012_09.49.58_log.txt
2012-04-14 08:06 - 2012-04-14 08:06 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-04-14 08:06 - 2012-04-14 08:06 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-04-14 08:06 - 2012-04-14 08:06 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-04-14 08:06 - 2012-04-14 08:06 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-04-14 08:06 - 2012-04-14 08:06 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-04-14 08:06 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-04-14 08:06 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-04-14 08:06 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-04-14 08:06 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-04-14 08:06 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-04-14 07:39 - 2010-02-15 18:12 - 0000000 ____D C:\Users\Dell\Documents\Outlook Files
2012-04-14 07:33 - 2012-04-17 18:45 - 0000000 ___DC C:\Qoobox
2012-04-14 07:33 - 2012-04-13 14:50 - 0518144 ___AC (SteelWerX) C:\Windows\SWREG.exe
2012-04-14 07:33 - 2011-04-26 18:08 - 0208896 ___AC C:\Windows\MBR.exe
2012-04-14 07:33 - 2009-07-13 23:50 - 0080412 ___AC C:\Windows\grep.exe
2012-04-14 07:33 - 2009-07-13 21:37 - 0000000 ___DC C:\Windows\ERDNT
2012-04-14 07:33 - 2009-07-13 21:32 - 0256000 ___AC C:\Windows\PEV.exe
2012-04-14 07:33 - 2009-07-13 19:20 - 0098816 ___AC C:\Windows\sed.exe
2012-04-14 07:33 - 2009-07-13 17:39 - 0068096 ___AC C:\Windows\zip.exe
2012-04-14 07:33 - 2000-08-30 16:00 - 0406528 ___AC (SteelWerX) C:\Windows\SWSC.exe
2012-04-14 07:19 - 2012-04-06 14:49 - 0000000 ____D C:\Users\Dell\Documents\Dell WebCam Central
2012-04-14 07:19 - 2010-10-23 16:34 - 0000000 ____D C:\Users\Dell\AppData\Roaming\Creative
2012-04-14 07:19 - 2009-12-14 03:54 - 0000000 ___DC C:\Users\All Users\Creative
2012-04-14 07:19 - 2009-12-14 03:54 - 0000000 ___DC C:\ProgramData\Creative
2012-04-14 07:18 - - 0001980 ____A C:\Users\Dell\Start Menu\Programs\Startup\Dell Dock.lnk
2012-04-14 07:18 - - 0001980 ____A C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
2012-04-13 19:15 - 2011-04-12 19:00 - 0399264 ____A (Bleeping Computer, LLC) C:\Users\Dell\Downloads\unhide.exe
2012-04-13 18:41 - 2012-04-13 15:08 - 0282448 ___AC C:\Windows\Minidump\041312-76502-01.dmp
2012-04-13 18:41 - 2009-07-13 21:32 - 454495776 ____A C:\Windows\MEMORY.DMP
2012-04-13 18:41 - 2009-07-13 17:39 - 0379766 ___AC C:\Windows\ntbtlog.txt
2012-04-13 18:35 - 2012-04-14 22:38 - 10063024 ____A (Malwarebytes Corporation ) C:\Users\Dell\Desktop\mbam-setup.exe
2012-04-13 16:19 - 2012-04-13 16:19 - 8766112 ___AC (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-13 16:01 - 2012-04-08 07:46 - 0282448 ___AC C:\Windows\Minidump\041312-27237-01.dmp
2012-04-13 15:08 - 2012-04-13 16:01 - 0282456 ___AC C:\Windows\Minidump\041312-30763-01.dmp
2012-04-13 14:50 - 2009-06-10 12:31 - 0000000 ___DC C:\Windows\Sun
2012-04-13 14:37 - - 0000000 _SHDC C:\Windows\SysWOW64\%APPDATA%
2012-04-11 19:44 - 2011-07-17 09:23 - 0000162 ____A C:\Users\Dell\Documents\~$Brag Sheet. April 10, 2012.doc
2012-04-11 14:59 - 2012-03-01 00:38 - 0000000 ____D C:\Program Files (x86)\YouTube Downloader Toolbar
2012-04-11 14:59 - 2011-07-03 07:04 - 0000000 ____D C:\Program Files (x86)\Application Updater
2012-04-10 20:28 - 2012-04-10 20:28 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-10 20:28 - 2012-04-10 20:28 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-10 20:28 - 2012-04-10 20:28 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-10 20:28 - 2011-05-02 21:29 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-10 20:28 - 2011-05-02 20:30 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-10 20:28 - 2011-04-26 18:08 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-10 20:28 - 2011-04-26 18:08 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-10 20:28 - 2011-04-26 18:08 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-10 20:28 - 2011-04-26 18:08 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-10 20:28 - 2011-04-26 18:08 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-10 20:28 - 2011-04-26 18:08 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-10 20:28 - 2011-04-26 18:08 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-10 20:28 - 2011-04-26 18:08 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-10 20:28 - 2010-11-20 05:27 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-10 20:28 - 2010-11-20 04:21 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-10 20:28 - 2009-07-13 17:41 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-10 20:28 - 2009-07-13 17:41 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-10 20:28 - 2009-07-13 17:38 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-10 20:28 - 2009-07-13 17:16 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-04-10 20:28 - 2009-07-13 17:16 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-10 20:28 - 2009-07-13 17:16 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-10 20:28 - 2009-07-13 17:14 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-10 20:26 - 2009-07-13 17:47 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-10 20:26 - 2009-07-13 17:41 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-10 20:26 - 2009-07-13 17:38 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-10 20:26 - 2009-07-13 17:33 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-10 20:26 - 2009-07-13 17:16 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-10 20:26 - 2009-07-13 17:14 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-10 20:26 - 2009-07-13 17:11 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-08 16:38 - 2012-01-15 17:51 - 0000000 __SHD C:\Users\Dell\AppData\Roaming\Total Anti Malware Protection
2012-04-08 16:38 - 2010-01-19 14:23 - 0000000 _SHDC C:\Users\All Users\TAQQMP
2012-04-08 16:38 - 2010-01-19 14:23 - 0000000 _SHDC C:\ProgramData\TAQQMP
2012-04-08 16:37 - 2010-11-11 19:53 - 0000000 _SHDC C:\Users\All Users\c60f4f
2012-04-08 16:37 - 2010-11-11 19:53 - 0000000 _SHDC C:\ProgramData\c60f4f
2012-04-08 07:46 - - 0282456 ___AC C:\Windows\Minidump\040812-27346-01.dmp
2012-04-07 22:03 - 2012-04-16 18:07 - 0000721 ____A C:\Users\Dell\Desktop\Spain Playlist (ended at Chantal K).lnk
2012-04-06 14:49 - 2010-09-18 19:19 - 0000000 ____D C:\Users\Dell\Documents\Colby Music
2012-04-03 05:21 - - 0000830 ___AC C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-03 05:20 - 2009-07-13 17:14 - 0418464 ___AC (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-03-26 19:45 - 2011-10-11 20:12 - 0013415 ____A C:\Users\Dell\Documents\ISOPREP.docx
2012-03-25 13:59 - 2011-05-15 08:31 - 0153314 ____A C:\Users\Dell\Documents\Travel-State Dept.docx
2012-03-21 15:10 - 2012-03-26 20:04 - 0217820 ____A C:\Users\Dell\Documents\ISOPREP.pdf


============ 3 Months Modified Files and Folders =============

2012-04-17 20:57 - 2012-04-17 18:19 - 0000000 ___DC C:\FRST
2012-04-17 19:54 - 2012-04-15 18:40 - 0000300 ___AC C:\Windows\Tasks\RMAutoUpdate.job
2012-04-17 19:54 - 2011-04-08 19:27 - 0000890 ___AC C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-17 19:54 - 2009-07-13 21:10 - 2085906 ___AC C:\Windows\WindowsUpdate.log
2012-04-17 19:25 - 2012-04-17 19:25 - 0566415 ____A C:\Users\Dell\Desktop\PdfFile.pdf
2012-04-17 19:23 - 2011-04-08 19:27 - 0000894 ___AC C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-17 19:14 - 2012-04-03 05:21 - 0000830 ___AC C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-17 19:10 - 2012-04-17 19:06 - 0353898 ____A C:\Users\Dell\Desktop\ComboFix1.txt
2012-04-17 19:10 - 2012-04-17 19:06 - 0198841 ____A C:\Users\Dell\Desktop\ComboFix2.txt
2012-04-17 19:06 - 2009-07-13 20:45 - 0014240 ___AC C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-17 19:06 - 2009-07-13 20:45 - 0014240 ___AC C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-17 19:03 - 2009-07-13 21:13 - 0761236 ___AC C:\Windows\System32\PerfStringBackup.INI
2012-04-17 19:00 - 2009-11-19 23:14 - 0000000 ___DC C:\DELL
2012-04-17 18:58 - 2009-07-13 21:08 - 0000006 __AHC C:\Windows\Tasks\SA.DAT
2012-04-17 18:58 - 2009-07-13 20:51 - 0151484 ___AC C:\Windows\setupact.log
2012-04-17 18:57 - 2012-04-17 18:57 - 0552739 ____A C:\Users\Dell\Desktop\ComboFix.txt
2012-04-17 18:57 - 2012-04-17 18:51 - 0000000 _SHDC C:\$RECYCLE.BIN
2012-04-17 18:53 - 2012-04-17 18:53 - 0552739 ___AC C:\ComboFix.txt
2012-04-17 18:53 - 2012-04-14 07:33 - 0000000 ___DC C:\Qoobox
2012-04-17 18:48 - 2012-04-17 18:46 - 0000027 ___AC C:\Windows\System32\Drivers\etc\hosts
2012-04-17 18:48 - 2009-07-13 18:34 - 0000215 ___AC C:\Windows\system.ini
2012-04-17 18:47 - 2009-12-14 19:11 - 1170298 ___AC C:\Windows\PFRO.log
2012-04-17 18:47 - 2009-07-13 18:34 - 71806976 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-04-17 18:47 - 2009-07-13 18:34 - 19136512 ____A C:\Windows\System32\config\SYSTEM.bak
2012-04-17 18:47 - 2009-07-13 18:34 - 0372736 ____A C:\Windows\System32\config\DEFAULT.bak
2012-04-17 18:47 - 2009-07-13 18:34 - 0057344 ____A C:\Windows\System32\config\SAM.bak
2012-04-17 18:47 - 2009-07-13 18:34 - 0028672 ____A C:\Windows\System32\config\SECURITY.bak
2012-04-17 18:46 - 2012-04-14 07:33 - 0000000 ___DC C:\Windows\ERDNT
2012-04-17 18:45 - 2012-04-13 14:37 - 0000000 _SHDC C:\Windows\SysWOW64\%APPDATA%
2012-04-17 18:33 - 2012-04-17 18:33 - 4466721 ____R (Swearware) C:\Users\Dell\Desktop\ComboFix.exe
2012-04-17 18:00 - 2012-04-16 18:00 - 0000432 ___AC C:\Windows\SysWOW64\AppLog.log
2012-04-17 18:00 - 2012-04-15 18:40 - 0000302 ___AC C:\Windows\Tasks\RMSchedule.job
2012-04-17 15:02 - 2012-04-17 15:02 - 1386117 ____A C:\Users\Dell\Desktop\FRST64.exe
2012-04-16 19:35 - 2012-04-16 19:35 - 0001891 ____A C:\Users\Dell\Desktop\ark.txt
2012-04-16 18:51 - 2012-04-16 18:51 - 0029087 ____A C:\Users\Dell\Desktop\DDS.txt
2012-04-16 18:51 - 2012-04-16 18:51 - 0018190 ____A C:\Users\Dell\Desktop\Attach.txt
2012-04-16 18:45 - 2012-04-16 18:45 - 0935175 ____A C:\Users\Dell\Desktop\RSITx64.exe
2012-04-16 18:40 - 2012-04-15 17:13 - 0000000 ___DC C:\sh4ldr
2012-04-16 18:38 - 2012-04-15 17:12 - 0000000 ___DC C:\Windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-04-16 18:37 - 2012-04-16 18:37 - 0000000 ____D C:\Users\Dell\AppData\Local\visi_coupon
2012-04-16 18:16 - 2012-04-16 18:16 - 0607260 ____R (Swearware) C:\Users\Dell\Desktop\dds.scr
2012-04-16 18:10 - 2012-04-15 18:39 - 0000000 ____D C:\Program Files (x86)\PC Tools
2012-04-16 18:07 - 2012-04-16 18:07 - 3712464 ____A (PC Tools) C:\Users\Dell\Desktop\SD_Online_aff_GenericRevenueWire_207.exe
2012-04-16 18:07 - 2012-04-16 18:07 - 0000000 ____D C:\Users\Dell\AppData\Roaming\TestApp
2012-04-16 18:03 - 2012-04-16 18:03 - 0000000 ____D C:\Users\Dell\AppData\Roaming\Registry Mechanic
2012-04-16 18:03 - 2012-04-16 17:41 - 0133938 ___AC C:\TDSSKiller.2.7.28.0_16.04.2012_18.41.00_log.txt
2012-04-16 18:03 - 2012-04-14 08:57 - 0000000 ___DC C:\TDSSKiller_Quarantine
2012-04-15 20:27 - 2012-04-15 19:28 - 0133684 ___AC C:\TDSSKiller.2.7.28.0_15.04.2012_20.28.25_log.txt
2012-04-15 20:26 - 2010-04-24 15:18 - 0013109 ____A C:\Users\Dell\Documents\Movies.txt
2012-04-15 20:25 - 2010-02-13 11:14 - 0000000 ____D C:\Users\Dell\AppData\Roaming\vlc
2012-04-15 18:39 - 2012-04-15 18:39 - 0001327 ____A C:\Users\Public\Desktop\PC Tools Registry Mechanic.lnk
2012-04-15 18:39 - 2012-04-15 18:39 - 0000000 ___DC C:\Users\All Users\PC Tools
2012-04-15 18:39 - 2012-04-15 18:39 - 0000000 ___DC C:\ProgramData\PC Tools
2012-04-15 18:39 - 2012-04-15 18:39 - 0000000 ____D C:\Users\Dell\AppData\Roaming\Product_RM
2012-04-15 18:38 - 2012-04-15 18:34 - 17824216 ____A (PC Tools) C:\Users\Dell\Downloads\rminstall.exe
2012-04-15 17:13 - 2012-04-15 17:13 - 0000000 ____D C:\Program Files\Enigma Software Group
2012-04-15 16:42 - 2012-04-15 16:12 - 0133614 ___AC C:\TDSSKiller.2.7.28.0_15.04.2012_17.12.29_log.txt
2012-04-15 15:21 - 2012-04-15 14:26 - 0131262 ___AC C:\TDSSKiller.2.7.28.0_15.04.2012_15.26.02_log.txt
2012-04-15 14:51 - 2010-05-27 17:12 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-15 14:18 - 2012-04-15 11:10 - 943174817 ____A C:\Users\Dell\Downloads\SH2AGOS.2011.720p.BR.900MB.ShAaNiG.rar
2012-04-15 11:28 - 2012-04-15 11:26 - 0133572 ___AC C:\TDSSKiller.2.7.28.0_15.04.2012_12.26.00_log.txt
2012-04-15 11:22 - 2010-01-11 15:52 - 0000000 ____D C:\Users\Dell\AppData\LocalLow
2012-04-15 10:59 - 2012-04-15 10:58 - 0132226 ___AC C:\TDSSKiller.2.7.28.0_15.04.2012_11.58.07_log.txt
2012-04-15 10:56 - 2012-04-15 10:55 - 0134998 ___AC C:\TDSSKiller.2.7.28.0_15.04.2012_11.55.24_log.txt
2012-04-15 10:28 - 2012-04-15 10:28 - 2052353 ____A C:\Users\Dell\Downloads\tdsskiller.zip
2012-04-14 23:26 - 2012-04-14 21:39 - 0008588 ____A C:\Users\Dell\Documents\unhide.txt
2012-04-14 22:41 - 2012-04-14 22:41 - 0001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-14 22:41 - 2010-02-13 07:07 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-14 22:40 - 2012-04-13 18:41 - 0379766 ___AC C:\Windows\ntbtlog.txt
2012-04-14 22:38 - 2012-04-14 22:35 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Dell\Desktop\mbam-setup-1.61.0.1400.exe
2012-04-14 22:11 - 2012-04-14 22:11 - 0000168 ___AC C:\Users\All Users\-XoJ8SCDUJETSC2r
2012-04-14 22:11 - 2012-04-14 22:11 - 0000168 ___AC C:\ProgramData\-XoJ8SCDUJETSC2r
2012-04-14 22:11 - 2012-04-14 22:11 - 0000000 ___AC C:\Users\All Users\-XoJ8SCDUJETSC2
2012-04-14 22:11 - 2012-04-14 22:11 - 0000000 ___AC C:\ProgramData\-XoJ8SCDUJETSC2
2012-04-14 21:51 - 2010-10-29 18:40 - 0000000 ___RD C:\Users\Dell\Desktop\Finances
2012-04-14 20:54 - 2012-04-14 20:54 - 0000168 ___AC C:\Users\All Users\-qhApYSIY6lo9krr
2012-04-14 20:54 - 2012-04-14 20:54 - 0000168 ___AC C:\ProgramData\-qhApYSIY6lo9krr
2012-04-14 20:54 - 2012-04-14 20:54 - 0000000 ___AC C:\Users\All Users\-qhApYSIY6lo9kr
2012-04-14 20:54 - 2012-04-14 20:54 - 0000000 ___AC C:\ProgramData\-qhApYSIY6lo9kr
2012-04-14 19:28 - 2012-04-14 19:28 - 0000000 ___DC C:\Windows\system64
2012-04-14 18:17 - 2009-07-13 19:20 - 0000000 ___DC C:\Windows\System32\sysprep
2012-04-14 18:13 - 2010-10-16 11:42 - 0000000 ____D C:\Program Files\DivX
2012-04-14 18:13 - 2010-10-16 11:41 - 0000000 ____D C:\Program Files (x86)\DivX
2012-04-14 18:13 - 2010-10-16 11:40 - 0000000 ___DC C:\Users\All Users\DivX
2012-04-14 18:13 - 2010-10-16 11:40 - 0000000 ___DC C:\ProgramData\DivX
2012-04-14 10:32 - 2012-04-14 10:32 - 0000000 ____D C:\Users\Dell\AppData\Roaming\Reallusion
2012-04-14 10:32 - 2012-04-14 07:19 - 0000000 ___DC C:\Users\All Users\Creative
2012-04-14 10:32 - 2012-04-14 07:19 - 0000000 ___DC C:\ProgramData\Creative
2012-04-14 10:32 - 2012-04-14 07:19 - 0000000 ____D C:\Users\Dell\Documents\Dell WebCam Central
2012-04-14 10:31 - 2012-04-14 10:31 - 0000000 ____D C:\Users\Dell\Documents\My Weblog Posts
2012-04-14 10:31 - 2012-04-14 10:31 - 0000000 ____D C:\Users\Dell\AppData\Roaming\Windows Live Writer
2012-04-14 10:31 - 2012-04-14 10:31 - 0000000 ____D C:\Users\Dell\AppData\Local\Windows Live Writer
2012-04-14 09:53 - 2012-04-14 09:53 - 0000909 ____A C:\Users\Dell\Downloads\TDSSKiller - Shortcut.lnk
2012-04-14 09:53 - 2012-04-14 09:53 - 0000891 ____A C:\Users\Dell\Downloads\ComboFix - Shortcut.lnk
2012-04-14 08:58 - 2012-04-14 08:49 - 0136136 ___AC C:\TDSSKiller.2.7.28.0_14.04.2012_09.49.58_log.txt
2012-04-14 08:15 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-04-14 08:06 - 2012-04-14 08:06 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-04-14 08:06 - 2012-04-14 08:06 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-04-14 08:06 - 2012-04-14 08:06 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-04-14 08:06 - 2012-04-14 08:06 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-04-14 08:06 - 2012-04-14 08:06 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-04-14 08:06 - 2012-04-14 08:06 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-04-14 08:06 - 2012-04-14 08:06 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-04-14 08:06 - 2012-04-14 08:06 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-04-14 08:06 - 2012-04-14 08:06 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-04-14 08:06 - 2012-04-14 08:06 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-04-14 08:05 - 2009-07-13 21:32 - 0000000 ___DC C:\Windows\Downloaded Program Files
2012-04-14 07:39 - 2012-04-14 07:39 - 0000000 ____D C:\Users\Dell\Documents\Outlook Files
2012-04-14 07:19 - 2012-04-14 07:19 - 0000000 ____D C:\Users\Dell\AppData\Roaming\Creative
2012-04-14 07:18 - 2012-04-14 07:18 - 0001980 ____A C:\Users\Dell\Start Menu\Programs\Startup\Dell Dock.lnk
2012-04-14 07:18 - 2012-04-14 07:18 - 0001980 ____A C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
2012-04-13 19:15 - 2012-04-13 19:15 - 0399264 ____A (Bleeping Computer, LLC) C:\Users\Dell\Downloads\unhide.exe
2012-04-13 18:41 - 2012-04-13 18:41 - 454495776 ____A C:\Windows\MEMORY.DMP
2012-04-13 18:41 - 2012-04-13 18:41 - 0282448 ___AC C:\Windows\Minidump\041312-76502-01.dmp
2012-04-13 18:41 - 2011-09-29 21:33 - 0000000 ___DC C:\Windows\Minidump
2012-04-13 18:36 - 2012-04-13 18:35 - 10063024 ____A (Malwarebytes Corporation ) C:\Users\Dell\Desktop\mbam-setup.exe
2012-04-13 16:19 - 2012-04-13 16:19 - 8766112 ___AC (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-13 16:19 - 2012-04-03 05:20 - 0418464 ___AC (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-13 16:19 - 2011-05-15 07:04 - 0070304 ___AC (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-13 16:01 - 2012-04-13 16:01 - 0282448 ___AC C:\Windows\Minidump\041312-27237-01.dmp
2012-04-13 15:08 - 2012-04-13 15:08 - 0282456 ___AC C:\Windows\Minidump\041312-30763-01.dmp
2012-04-13 14:50 - 2012-04-13 14:50 - 0000000 ___DC C:\Windows\Sun
2012-04-12 16:27 - 2012-01-13 23:14 - 0076288 ____A C:\Users\Dell\Documents\~ Brag Sheet. April 10, 2012.doc
2012-04-11 19:44 - 2012-04-11 19:44 - 0000162 ____A C:\Users\Dell\Documents\~$Brag Sheet. April 10, 2012.doc
2012-04-11 14:59 - 2012-04-11 14:59 - 0000000 ____D C:\Program Files (x86)\YouTube Downloader Toolbar
2012-04-11 14:59 - 2012-04-11 14:59 - 0000000 ____D C:\Program Files (x86)\Application Updater
2012-04-10 20:28 - 2012-04-10 20:28 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-10 20:28 - 2012-04-10 20:28 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-04-10 20:28 - 2012-04-10 20:28 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-10 20:28 - 2012-04-10 20:28 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-10 20:28 - 2012-04-10 20:28 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-10 20:28 - 2012-04-10 20:28 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-10 20:28 - 2012-04-10 20:28 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-10 20:28 - 2012-04-10 20:28 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-10 20:28 - 2012-04-10 20:28 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-10 20:26 - 2012-04-10 20:26 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-10 20:26 - 2012-04-10 20:26 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-10 20:26 - 2012-04-10 20:26 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-10 20:26 - 2012-04-10 20:26 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-10 20:26 - 2012-04-10 20:26 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-10 20:26 - 2012-04-10 20:26 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-10 20:26 - 2012-04-10 20:26 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-10 20:26 - 2010-01-11 22:37 - 57249312 ___AC (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-10 15:55 - 2012-04-15 10:51 - 2071600 ____A (Kaspersky Lab ZAO) C:\Users\Dell\Downloads\TDSSKiller.exe
2012-04-08 17:09 - 2012-04-08 16:37 - 0000000 _SHDC C:\Users\All Users\c60f4f
2012-04-08 17:09 - 2012-04-08 16:37 - 0000000 _SHDC C:\ProgramData\c60f4f
2012-04-08 16:40 - 2012-04-08 16:38 - 0000000 __SHD C:\Users\Dell\AppData\Roaming\Total Anti Malware Protection
2012-04-08 16:38 - 2012-04-08 16:38 - 0000000 _SHDC C:\Users\All Users\TAQQMP
2012-04-08 16:38 - 2012-04-08 16:38 - 0000000 _SHDC C:\ProgramData\TAQQMP
2012-04-08 07:46 - 2012-04-08 07:46 - 0282456 ___AC C:\Windows\Minidump\040812-27346-01.dmp
2012-04-08 07:14 - 2011-07-26 20:59 - 0000000 ____D C:\Users\Dell\AppData\Roaming\InstallShield
2012-04-07 22:03 - 2012-04-07 22:03 - 0000721 ____A C:\Users\Dell\Desktop\Spain Playlist (ended at Chantal K).lnk
2012-04-06 14:49 - 2012-04-06 14:49 - 0000000 ____D C:\Users\Dell\Documents\Colby Music
2012-04-04 14:56 - 2010-02-13 07:07 - 0024904 ___AC (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-26 20:04 - 2012-03-26 19:45 - 0013415 ____A C:\Users\Dell\Documents\ISOPREP.docx
2012-03-26 19:46 - 2012-03-21 15:10 - 0217820 ____A C:\Users\Dell\Documents\ISOPREP.pdf
2012-03-25 13:59 - 2012-03-25 13:59 - 0153314 ____A C:\Users\Dell\Documents\Travel-State Dept.docx
2012-03-21 21:09 - 2010-12-28 20:25 - 0000000 ____D C:\Users\Dell\Documents\Archives
2012-03-21 18:41 - 2009-07-13 19:20 - 0000000 ___DC C:\Windows\System32\NDF
2012-03-21 11:23 - 2012-04-15 18:39 - 0512472 ___AC (Microsoft Corporation) C:\Windows\SysWOW64\msxml.dll
2012-03-21 11:23 - 2012-04-15 18:39 - 0040408 ___AC C:\Windows\System32\CleanMFT64.exe
2012-03-17 16:07 - 2009-07-13 20:45 - 0444488 ___AC C:\Windows\System32\FNTCACHE.DAT
2012-03-17 09:24 - 2012-03-17 08:02 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-17 09:24 - 2012-03-17 08:02 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-17 09:24 - 2012-03-17 08:02 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-17 09:24 - 2012-03-17 08:00 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-17 09:24 - 2012-03-17 08:00 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-17 09:24 - 2012-03-17 08:00 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-03-17 09:22 - 2012-03-17 08:00 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-17 09:22 - 2012-03-17 08:00 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-17 09:22 - 2012-03-17 08:00 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-17 09:22 - 2012-03-17 08:00 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-17 09:22 - 2010-02-06 12:18 - 0000000 ___DC C:\Users\All Users\Yahoo! Companion
2012-03-17 09:22 - 2010-02-06 12:18 - 0000000 ___DC C:\ProgramData\Yahoo! Companion
2012-03-01 11:28 - 2010-09-24 18:55 - 0000000 ___RD C:\Users\Dell\Documents\Scanned Documents
2012-03-01 00:38 - 2012-03-01 00:38 - 0000000 ___DC C:\Users\All Users\YouTube Downloader
2012-03-01 00:38 - 2012-03-01 00:38 - 0000000 ___DC C:\ProgramData\YouTube Downloader
2012-03-01 00:38 - 2012-03-01 00:38 - 0000000 ____D C:\Program Files (x86)\YouTube Downloader
2012-02-29 16:44 - 2012-02-26 11:04 - 0000000 ____D C:\Users\Dell\AppData\Local\Western_Digital
2012-02-28 20:06 - 2010-11-26 14:03 - 0000000 ___RD C:\Users\Dell\Desktop\To Be Printed
2012-02-28 10:03 - 2012-02-28 10:03 - 0776232 ____A (Adobe Systems Incorporated) C:\Users\Dell\Downloads\install_flashplayer11x64_mssd_aih.exe
2012-02-28 07:54 - 2012-02-28 07:54 - 0000000 ____D C:\Users\Default\AppData\Local\Western Digital
2012-02-28 07:54 - 2012-02-28 07:54 - 0000000 ____D C:\Users\Default User\AppData\Local\Western Digital
2012-02-28 07:54 - 2012-02-26 10:58 - 0000000 ___DC C:\Users\All Users\Western Digital
2012-02-28 07:54 - 2012-02-26 10:58 - 0000000 ___DC C:\ProgramData\Western Digital
2012-02-28 07:53 - 2012-02-28 07:53 - 0000000 ____D C:\Program Files\Western Digital
2012-02-28 07:52 - 2012-02-28 07:52 - 0120944 ___AC C:\Windows\System32\GDIPFONTCACHEV1.DAT
2012-02-26 07:55 - 2012-02-26 07:54 - 0000000 ____D C:\Program Files\iTunes
2012-02-26 07:55 - 2012-01-11 18:06 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-02-26 07:54 - 2012-02-26 07:54 - 0000000 ____D C:\Program Files\iPod
2012-02-26 07:54 - 2010-05-19 22:00 - 0000000 ___DC C:\Users\All Users\Apple Computer
2012-02-26 07:54 - 2010-05-19 22:00 - 0000000 ___DC C:\ProgramData\Apple Computer
2012-02-25 10:53 - 2009-07-13 21:08 - 0032574 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-02-24 09:36 - 2012-04-16 18:08 - 0230952 ___AC (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
2012-02-23 08:18 - 2010-01-14 08:16 - 0279656 ____C (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-21 16:31 - 2010-12-18 18:53 - 0000000 ____D C:\Users\Dell\AppData\Local\Microsoft Help
2012-02-15 15:15 - 2010-01-11 16:08 - 0000174 ___SH C:\Users\Dell\Start Menu\Programs\Startup\desktop.ini
2012-02-15 15:15 - 2010-01-11 16:08 - 0000174 ___SH C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-14 22:24 - 2012-02-14 16:08 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-02-14 22:24 - 2012-02-14 16:08 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-02-14 22:24 - 2012-02-14 16:08 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-02-14 22:24 - 2012-02-14 16:08 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-02-14 22:19 - 2012-02-14 16:06 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-02-14 22:19 - 2012-02-14 16:06 - 0498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-02-14 22:19 - 2012-02-14 16:06 - 0478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2012-02-14 22:18 - 2012-02-14 16:05 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-02-14 22:18 - 2012-02-14 16:05 - 0634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-02-06 20:17 - 2012-01-11 17:54 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-01-29 15:07 - 2012-01-29 14:23 - 1447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-01-29 15:07 - 2012-01-29 14:23 - 0459232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-01-29 15:07 - 2012-01-29 14:23 - 0395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-01-29 15:07 - 2012-01-29 14:23 - 0340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-01-29 15:07 - 2012-01-29 14:23 - 0314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2012-01-29 15:07 - 2012-01-29 14:23 - 0224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-01-29 15:07 - 2012-01-29 14:23 - 0152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-01-29 15:07 - 2012-01-29 14:23 - 0136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-01-29 15:07 - 2012-01-29 14:23 - 0096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-01-29 15:07 - 2012-01-29 14:23 - 0095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-01-29 15:07 - 2012-01-29 14:23 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-01-29 15:07 - 2012-01-29 14:23 - 0029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-01-29 15:07 - 2012-01-29 14:23 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-01-29 15:07 - 2012-01-29 14:23 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-01-21 10:14 - 2011-10-16 16:36 - 0120944 ___AC C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 3892.54 MB
Available physical RAM: 3270.69 MB
Total Pagefile: 3890.69 MB
Available Pagefile: 3257.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:58.59 GB) (Free:16.98 GB) NTFS
2 Drive d: () (Fixed) (Total:397.29 GB) (Free:200.58 GB) NTFS
4 Drive g: () (Fixed) (Total:298.09 GB) (Free:208.59 GB) NTFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (RECOVERY) (Fixed) (Total:9.77 GB) (Free:3.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 9 MB
Disk 1 Online 298 GB 1024 KB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 100 MB 1024 KB
Partition 2 Primary 9 GB 101 MB
Partition 3 Primary 58 GB 9 GB
Partition 0 Extended 397 GB 68 GB
Partition 4 Logical 397 GB 68 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 100 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 9 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 58 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D NTFS Partition 397 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 31 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G NTFS Partition 298 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-09 11:39

======================= End Of Log ==========================

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:50 PM

Posted 17 April 2012 - 11:17 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Jay A.

Jay A.
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 17 April 2012 - 11:31 PM

Here are the logs

TDSS log

21:22:58.0516 5860 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
21:22:58.0881 5860 ============================================================
21:22:58.0881 5860 Current date / time: 2012/04/17 21:22:58.0881
21:22:58.0881 5860 SystemInfo:
21:22:58.0881 5860
21:22:58.0881 5860 OS Version: 6.1.7601 ServicePack: 1.0
21:22:58.0881 5860 Product type: Workstation
21:22:58.0881 5860 ComputerName: DELL-PC
21:22:58.0882 5860 UserName: Dell
21:22:58.0882 5860 Windows directory: C:\Windows
21:22:58.0882 5860 System windows directory: C:\Windows
21:22:58.0882 5860 Running under WOW64
21:22:58.0882 5860 Processor architecture: Intel x64
21:22:58.0882 5860 Number of processors: 4
21:22:58.0882 5860 Page size: 0x1000
21:22:58.0882 5860 Boot type: Normal boot
21:22:58.0882 5860 ============================================================
21:22:59.0970 5860 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:22:59.0974 5860 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:23:14.0409 5860 \Device\Harddisk0\DR0:
21:23:14.0409 5860 MBR used
21:23:14.0409 5860 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1388000
21:23:14.0409 5860 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x13BA800, BlocksNum 0x7530000
21:23:14.0460 5860 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x88EB000, BlocksNum 0x31A96030
21:23:14.0460 5860 \Device\Harddisk1\DR1:
21:23:14.0465 5860 MBR used
21:23:14.0465 5860 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
21:23:14.0545 5860 Initialize success
21:23:14.0545 5860 ============================================================
21:23:17.0110 4356 ============================================================
21:23:17.0111 4356 Scan started
21:23:17.0111 4356 Mode: Manual;
21:23:17.0111 4356 ============================================================
21:23:20.0049 4356 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:23:20.0054 4356 1394ohci - ok
21:23:20.0103 4356 Acceler (c49c56b35bfc6cda8d1fdcad2885568f) C:\Windows\system32\DRIVERS\Acceler.sys
21:23:20.0104 4356 Acceler - ok
21:23:20.0147 4356 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:23:20.0153 4356 ACPI - ok
21:23:20.0186 4356 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:23:20.0188 4356 AcpiPmi - ok
21:23:20.0332 4356 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:23:20.0333 4356 AdobeARMservice - ok
21:23:20.0431 4356 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:23:20.0433 4356 AdobeFlashPlayerUpdateSvc - ok
21:23:20.0533 4356 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:23:20.0556 4356 adp94xx - ok
21:23:20.0585 4356 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:23:20.0593 4356 adpahci - ok
21:23:20.0623 4356 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:23:20.0628 4356 adpu320 - ok
21:23:20.0657 4356 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:23:20.0658 4356 AeLookupSvc - ok
21:23:20.0699 4356 AERTFilters (3ac22a3dfa8a050e35f0e3cd99d0cdf2) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
21:23:20.0700 4356 AERTFilters - ok
21:23:20.0748 4356 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:23:20.0756 4356 AFD - ok
21:23:20.0794 4356 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:23:20.0796 4356 agp440 - ok
21:23:20.0826 4356 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:23:20.0829 4356 ALG - ok
21:23:20.0845 4356 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:23:20.0848 4356 aliide - ok
21:23:20.0869 4356 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:23:20.0871 4356 amdide - ok
21:23:20.0925 4356 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:23:20.0928 4356 AmdK8 - ok
21:23:20.0968 4356 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:23:20.0970 4356 AmdPPM - ok
21:23:21.0036 4356 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:23:21.0040 4356 amdsata - ok
21:23:21.0079 4356 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:23:21.0085 4356 amdsbs - ok
21:23:21.0132 4356 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:23:21.0133 4356 amdxata - ok
21:23:21.0295 4356 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:23:21.0298 4356 AppID - ok
21:23:21.0345 4356 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:23:21.0348 4356 AppIDSvc - ok
21:23:21.0398 4356 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:23:21.0400 4356 Appinfo - ok
21:23:21.0486 4356 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:23:21.0487 4356 Apple Mobile Device - ok
21:23:21.0564 4356 Application Updater (f315f08142e39e969d785ce409ad61ce) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
21:23:21.0572 4356 Application Updater - ok
21:23:21.0647 4356 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:23:21.0651 4356 arc - ok
21:23:21.0673 4356 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:23:21.0677 4356 arcsas - ok
21:23:21.0708 4356 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:23:21.0710 4356 AsyncMac - ok
21:23:21.0747 4356 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:23:21.0748 4356 atapi - ok
21:23:21.0810 4356 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:23:21.0817 4356 AudioEndpointBuilder - ok
21:23:21.0841 4356 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:23:21.0845 4356 AudioSrv - ok
21:23:21.0882 4356 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:23:21.0885 4356 AxInstSV - ok
21:23:21.0920 4356 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:23:21.0935 4356 b06bdrv - ok
21:23:21.0975 4356 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:23:21.0983 4356 b57nd60a - ok
21:23:22.0012 4356 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:23:22.0015 4356 BDESVC - ok
21:23:22.0031 4356 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:23:22.0033 4356 Beep - ok
21:23:22.0098 4356 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:23:22.0118 4356 BFE - ok
21:23:22.0153 4356 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
21:23:22.0159 4356 BITS - ok
21:23:22.0196 4356 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:23:22.0198 4356 blbdrive - ok
21:23:22.0271 4356 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:23:22.0275 4356 Bonjour Service - ok
21:23:22.0325 4356 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:23:22.0327 4356 bowser - ok
21:23:22.0349 4356 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:23:22.0351 4356 BrFiltLo - ok
21:23:22.0370 4356 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:23:22.0373 4356 BrFiltUp - ok
21:23:22.0423 4356 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:23:22.0427 4356 BridgeMP - ok
21:23:22.0465 4356 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:23:22.0467 4356 Browser - ok
21:23:22.0495 4356 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:23:22.0503 4356 Brserid - ok
21:23:22.0520 4356 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:23:22.0523 4356 BrSerWdm - ok
21:23:22.0543 4356 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:23:22.0545 4356 BrUsbMdm - ok
21:23:22.0560 4356 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:23:22.0562 4356 BrUsbSer - ok
21:23:22.0600 4356 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
21:23:22.0602 4356 BthEnum - ok
21:23:22.0628 4356 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:23:22.0632 4356 BTHMODEM - ok
21:23:22.0666 4356 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:23:22.0667 4356 BthPan - ok
21:23:22.0711 4356 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
21:23:22.0720 4356 BTHPORT - ok
21:23:22.0748 4356 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:23:22.0750 4356 bthserv - ok
21:23:22.0779 4356 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
21:23:22.0782 4356 BTHUSB - ok
21:23:22.0844 4356 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys
21:23:22.0845 4356 btusbflt - ok
21:23:22.0881 4356 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
21:23:22.0883 4356 btwaudio - ok
21:23:22.0914 4356 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys
21:23:22.0916 4356 btwavdt - ok
21:23:23.0001 4356 btwdins (d65aa164acd0f6706dbcfbbcc9731584) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
21:23:23.0009 4356 btwdins - ok
21:23:23.0029 4356 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
21:23:23.0030 4356 btwl2cap - ok
21:23:23.0047 4356 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
21:23:23.0047 4356 btwrchid - ok
21:23:23.0074 4356 catchme - ok
21:23:23.0117 4356 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:23:23.0120 4356 cdfs - ok
21:23:23.0162 4356 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:23:23.0166 4356 cdrom - ok
21:23:23.0214 4356 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:23:23.0215 4356 CertPropSvc - ok
21:23:23.0235 4356 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:23:23.0238 4356 circlass - ok
21:23:23.0274 4356 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:23:23.0280 4356 CLFS - ok
21:23:23.0329 4356 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:23:23.0331 4356 clr_optimization_v2.0.50727_32 - ok
21:23:23.0370 4356 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:23:23.0373 4356 clr_optimization_v2.0.50727_64 - ok
21:23:23.0455 4356 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:23:23.0457 4356 clr_optimization_v4.0.30319_32 - ok
21:23:23.0489 4356 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:23:23.0490 4356 clr_optimization_v4.0.30319_64 - ok
21:23:23.0567 4356 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:23:23.0569 4356 CmBatt - ok
21:23:23.0603 4356 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:23:23.0605 4356 cmdide - ok
21:23:23.0660 4356 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:23:23.0667 4356 CNG - ok
21:23:23.0698 4356 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:23:23.0698 4356 Compbatt - ok
21:23:23.0741 4356 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:23:23.0743 4356 CompositeBus - ok
21:23:23.0767 4356 COMSysApp - ok
21:23:23.0794 4356 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:23:23.0796 4356 crcdisk - ok
21:23:23.0848 4356 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:23:23.0849 4356 CryptSvc - ok
21:23:23.0907 4356 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
21:23:23.0911 4356 CtClsFlt - ok
21:23:23.0954 4356 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:23:23.0958 4356 DcomLaunch - ok
21:23:23.0989 4356 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:23:23.0994 4356 defragsvc - ok
21:23:24.0015 4356 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:23:24.0017 4356 DfsC - ok
21:23:24.0045 4356 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:23:24.0047 4356 Dhcp - ok
21:23:24.0068 4356 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:23:24.0069 4356 discache - ok
21:23:24.0111 4356 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:23:24.0113 4356 Disk - ok
21:23:24.0160 4356 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:23:24.0161 4356 Dnscache - ok
21:23:24.0236 4356 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
21:23:24.0238 4356 DockLoginService - ok
21:23:24.0281 4356 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:23:24.0287 4356 dot3svc - ok
21:23:24.0338 4356 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
21:23:24.0342 4356 Dot4 - ok
21:23:24.0395 4356 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
21:23:24.0397 4356 Dot4Print - ok
21:23:24.0415 4356 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
21:23:24.0418 4356 dot4usb - ok
21:23:24.0454 4356 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:23:24.0456 4356 DPS - ok
21:23:24.0500 4356 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:23:24.0502 4356 drmkaud - ok
21:23:24.0549 4356 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:23:24.0558 4356 DXGKrnl - ok
21:23:24.0602 4356 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:23:24.0604 4356 EapHost - ok
21:23:24.0691 4356 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:23:24.0742 4356 ebdrv - ok
21:23:24.0775 4356 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:23:24.0776 4356 EFS - ok
21:23:24.0823 4356 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:23:24.0840 4356 ehRecvr - ok
21:23:24.0865 4356 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:23:24.0868 4356 ehSched - ok
21:23:24.0910 4356 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:23:24.0931 4356 elxstor - ok
21:23:24.0960 4356 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:23:24.0964 4356 ErrDev - ok
21:23:25.0053 4356 esgiguard - ok
21:23:25.0101 4356 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:23:25.0105 4356 EventSystem - ok
21:23:25.0197 4356 EvtEng (51643ee2712d9212e1e53ca7e8d8eb4a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:23:25.0213 4356 EvtEng - ok
21:23:25.0272 4356 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:23:25.0276 4356 exfat - ok
21:23:25.0302 4356 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:23:25.0305 4356 fastfat - ok
21:23:25.0362 4356 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:23:25.0379 4356 Fax - ok
21:23:25.0398 4356 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:23:25.0399 4356 fdc - ok
21:23:25.0423 4356 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:23:25.0425 4356 fdPHost - ok
21:23:25.0442 4356 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:23:25.0444 4356 FDResPub - ok
21:23:25.0458 4356 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:23:25.0460 4356 FileInfo - ok
21:23:25.0477 4356 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:23:25.0479 4356 Filetrace - ok
21:23:25.0499 4356 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:23:25.0501 4356 flpydisk - ok
21:23:25.0544 4356 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:23:25.0548 4356 FltMgr - ok
21:23:25.0604 4356 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:23:25.0630 4356 FontCache - ok
21:23:25.0690 4356 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:23:25.0693 4356 FontCache3.0.0.0 - ok
21:23:25.0731 4356 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:23:25.0733 4356 FsDepends - ok
21:23:25.0766 4356 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:23:25.0767 4356 Fs_Rec - ok
21:23:25.0810 4356 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:23:25.0815 4356 fvevol - ok
21:23:25.0856 4356 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:23:25.0859 4356 gagp30kx - ok
21:23:25.0945 4356 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
21:23:25.0950 4356 GameConsoleService - ok
21:23:25.0984 4356 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:23:25.0984 4356 GEARAspiWDM - ok
21:23:26.0020 4356 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
21:23:26.0022 4356 GoToAssist - ok
21:23:26.0064 4356 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:23:26.0085 4356 gpsvc - ok
21:23:26.0191 4356 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:23:26.0195 4356 gupdate - ok
21:23:26.0218 4356 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:23:26.0220 4356 gupdatem - ok
21:23:26.0261 4356 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:23:26.0264 4356 hcw85cir - ok
21:23:26.0445 4356 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:23:26.0460 4356 HdAudAddService - ok
21:23:26.0501 4356 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:23:26.0504 4356 HDAudBus - ok
21:23:26.0552 4356 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
21:23:26.0553 4356 HECIx64 - ok
21:23:26.0578 4356 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:23:26.0581 4356 HidBatt - ok
21:23:26.0600 4356 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:23:26.0604 4356 HidBth - ok
21:23:26.0628 4356 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:23:26.0631 4356 HidIr - ok
21:23:26.0658 4356 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:23:26.0661 4356 hidserv - ok
21:23:26.0682 4356 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
21:23:26.0684 4356 HidUsb - ok
21:23:26.0722 4356 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:23:26.0726 4356 hkmsvc - ok
21:23:26.0769 4356 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:23:26.0775 4356 HomeGroupListener - ok
21:23:26.0815 4356 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:23:26.0821 4356 HomeGroupProvider - ok
21:23:26.0916 4356 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
21:23:26.0918 4356 hpqcxs08 - ok
21:23:26.0962 4356 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
21:23:26.0964 4356 hpqddsvc - ok
21:23:27.0028 4356 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:23:27.0031 4356 HpSAMD - ok
21:23:27.0071 4356 HPSLPSVC (7f57926169c1b8aba9274ea7d4b70f18) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
21:23:27.0080 4356 HPSLPSVC - ok
21:23:27.0126 4356 HtcUsbMdmV64 (7c7c986776d00e575bfbde5dcbdc615d) C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys
21:23:27.0130 4356 HtcUsbMdmV64 - ok
21:23:27.0167 4356 HtcVCom32 (7c7c986776d00e575bfbde5dcbdc615d) C:\Windows\system32\DRIVERS\HtcVComV64.sys
21:23:27.0171 4356 HtcVCom32 - ok
21:23:27.0224 4356 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:23:27.0245 4356 HTTP - ok
21:23:27.0280 4356 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:23:27.0281 4356 hwpolicy - ok
21:23:27.0327 4356 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:23:27.0330 4356 i8042prt - ok
21:23:27.0383 4356 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:23:27.0405 4356 iaStorV - ok
21:23:27.0475 4356 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:23:27.0501 4356 idsvc - ok
21:23:27.0680 4356 igfx (0372c154226f7074cd150f475a4870a6) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:23:27.0825 4356 igfx - ok
21:23:27.0866 4356 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:23:27.0869 4356 iirsp - ok
21:23:27.0931 4356 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:23:27.0957 4356 IKEEXT - ok
21:23:28.0021 4356 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
21:23:28.0026 4356 Impcd - ok
21:23:28.0074 4356 InstallFilterService (fd5ef1d0210cb9c0773bba7ca360d762) C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
21:23:28.0074 4356 InstallFilterService - ok
21:23:28.0146 4356 IntcAzAudAddService (9c1d5314d42b7f1bd6ad6fb1ba8870a8) C:\Windows\system32\drivers\RTKVHD64.sys
21:23:28.0157 4356 IntcAzAudAddService - ok
21:23:28.0204 4356 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys
21:23:28.0211 4356 IntcDAud - ok
21:23:28.0251 4356 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:23:28.0253 4356 intelide - ok
21:23:28.0299 4356 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:23:28.0300 4356 intelppm - ok
21:23:28.0338 4356 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:23:28.0341 4356 IPBusEnum - ok
21:23:28.0372 4356 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:23:28.0376 4356 IpFilterDriver - ok
21:23:28.0468 4356 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:23:28.0485 4356 iphlpsvc - ok
21:23:28.0523 4356 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:23:28.0526 4356 IPMIDRV - ok
21:23:28.0562 4356 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:23:28.0565 4356 IPNAT - ok
21:23:28.0650 4356 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
21:23:28.0658 4356 iPod Service - ok
21:23:28.0697 4356 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:23:28.0699 4356 IRENUM - ok
21:23:28.0732 4356 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:23:28.0734 4356 isapnp - ok
21:23:28.0773 4356 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:23:28.0779 4356 iScsiPrt - ok
21:23:28.0798 4356 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:23:28.0799 4356 kbdclass - ok
21:23:28.0826 4356 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:23:28.0828 4356 kbdhid - ok
21:23:28.0859 4356 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:23:28.0860 4356 KeyIso - ok
21:23:28.0880 4356 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:23:28.0882 4356 KSecDD - ok
21:23:28.0907 4356 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:23:28.0910 4356 KSecPkg - ok
21:23:28.0930 4356 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:23:28.0931 4356 ksthunk - ok
21:23:28.0987 4356 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:23:28.0994 4356 KtmRm - ok
21:23:29.0036 4356 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
21:23:29.0041 4356 LanmanServer - ok
21:23:29.0073 4356 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:23:29.0075 4356 LanmanWorkstation - ok
21:23:29.0114 4356 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:23:29.0116 4356 lltdio - ok
21:23:29.0147 4356 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:23:29.0153 4356 lltdsvc - ok
21:23:29.0171 4356 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:23:29.0174 4356 lmhosts - ok
21:23:29.0217 4356 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:23:29.0221 4356 LSI_FC - ok
21:23:29.0245 4356 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:23:29.0249 4356 LSI_SAS - ok
21:23:29.0275 4356 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:23:29.0278 4356 LSI_SAS2 - ok
21:23:29.0304 4356 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:23:29.0308 4356 LSI_SCSI - ok
21:23:29.0333 4356 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:23:29.0336 4356 luafv - ok
21:23:29.0366 4356 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
21:23:29.0366 4356 MBAMProtector - ok
21:23:29.0454 4356 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:23:29.0460 4356 MBAMService - ok
21:23:29.0491 4356 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:23:29.0494 4356 Mcx2Svc - ok
21:23:29.0513 4356 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:23:29.0515 4356 megasas - ok
21:23:29.0542 4356 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:23:29.0550 4356 MegaSR - ok
21:23:29.0644 4356 Microsoft SharePoint Workspace Audit Service - ok
21:23:29.0677 4356 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:23:29.0680 4356 MMCSS - ok
21:23:29.0698 4356 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:23:29.0700 4356 Modem - ok
21:23:29.0735 4356 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:23:29.0736 4356 monitor - ok
21:23:29.0786 4356 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
21:23:29.0787 4356 mouclass - ok
21:23:29.0830 4356 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:23:29.0832 4356 mouhid - ok
21:23:29.0869 4356 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:23:29.0872 4356 mountmgr - ok
21:23:29.0924 4356 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:23:29.0929 4356 mpio - ok
21:23:29.0949 4356 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:23:29.0952 4356 mpsdrv - ok
21:23:30.0040 4356 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:23:30.0067 4356 MpsSvc - ok
21:23:30.0101 4356 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:23:30.0105 4356 MRxDAV - ok
21:23:30.0141 4356 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:23:30.0145 4356 mrxsmb - ok
21:23:30.0182 4356 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:23:30.0188 4356 mrxsmb10 - ok
21:23:30.0223 4356 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:23:30.0227 4356 mrxsmb20 - ok
21:23:30.0260 4356 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:23:30.0261 4356 msahci - ok
21:23:30.0303 4356 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:23:30.0308 4356 msdsm - ok
21:23:30.0344 4356 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:23:30.0349 4356 MSDTC - ok
21:23:30.0395 4356 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:23:30.0397 4356 Msfs - ok
21:23:30.0430 4356 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:23:30.0433 4356 mshidkmdf - ok
21:23:30.0451 4356 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:23:30.0452 4356 msisadrv - ok
21:23:30.0480 4356 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:23:30.0485 4356 MSiSCSI - ok
21:23:30.0495 4356 msiserver - ok
21:23:30.0536 4356 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:23:30.0537 4356 MSKSSRV - ok
21:23:30.0576 4356 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:23:30.0579 4356 MSPCLOCK - ok
21:23:30.0619 4356 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:23:30.0621 4356 MSPQM - ok
21:23:30.0657 4356 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:23:30.0664 4356 MsRPC - ok
21:23:30.0708 4356 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:23:30.0709 4356 mssmbios - ok
21:23:30.0741 4356 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:23:30.0742 4356 MSTEE - ok
21:23:30.0764 4356 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:23:30.0766 4356 MTConfig - ok
21:23:30.0790 4356 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:23:30.0791 4356 Mup - ok
21:23:30.0881 4356 MyWiFiDHCPDNS (d285d0539016be299a55ff997b44da33) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
21:23:30.0887 4356 MyWiFiDHCPDNS - ok
21:23:30.0934 4356 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:23:30.0951 4356 napagent - ok
21:23:30.0984 4356 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:23:30.0991 4356 NativeWifiP - ok
21:23:31.0045 4356 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:23:31.0071 4356 NDIS - ok
21:23:31.0102 4356 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:23:31.0104 4356 NdisCap - ok
21:23:31.0144 4356 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:23:31.0146 4356 NdisTapi - ok
21:23:31.0187 4356 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:23:31.0190 4356 Ndisuio - ok
21:23:31.0235 4356 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:23:31.0239 4356 NdisWan - ok
21:23:31.0275 4356 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:23:31.0277 4356 NDProxy - ok
21:23:31.0311 4356 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
21:23:31.0313 4356 Net Driver HPZ12 - ok
21:23:31.0354 4356 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:23:31.0356 4356 NetBIOS - ok
21:23:31.0395 4356 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:23:31.0401 4356 NetBT - ok
21:23:31.0441 4356 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:23:31.0443 4356 Netlogon - ok
21:23:31.0531 4356 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:23:31.0539 4356 Netman - ok
21:23:31.0569 4356 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:23:31.0588 4356 netprofm - ok
21:23:31.0635 4356 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:23:31.0638 4356 NetTcpPortSharing - ok
21:23:31.0816 4356 NETw5s64 (981736527b6384bd594b45b2c852432f) C:\Windows\system32\DRIVERS\NETw5s64.sys
21:23:31.0932 4356 NETw5s64 - ok
21:23:31.0992 4356 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:23:31.0995 4356 nfrd960 - ok
21:23:32.0038 4356 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:23:32.0046 4356 NlaSvc - ok
21:23:32.0064 4356 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:23:32.0066 4356 Npfs - ok
21:23:32.0094 4356 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:23:32.0096 4356 nsi - ok
21:23:32.0111 4356 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:23:32.0113 4356 nsiproxy - ok
21:23:32.0176 4356 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:23:32.0218 4356 Ntfs - ok
21:23:32.0234 4356 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:23:32.0235 4356 Null - ok
21:23:32.0286 4356 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:23:32.0291 4356 nvraid - ok
21:23:32.0330 4356 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:23:32.0336 4356 nvstor - ok
21:23:32.0386 4356 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:23:32.0391 4356 nv_agp - ok
21:23:32.0424 4356 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:23:32.0427 4356 ohci1394 - ok
21:23:32.0500 4356 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:23:32.0504 4356 ose - ok
21:23:32.0701 4356 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:23:32.0788 4356 osppsvc - ok
21:23:32.0834 4356 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:23:32.0840 4356 p2pimsvc - ok
21:23:32.0860 4356 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:23:32.0867 4356 p2psvc - ok
21:23:32.0915 4356 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:23:32.0918 4356 Parport - ok
21:23:32.0950 4356 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:23:32.0952 4356 partmgr - ok
21:23:32.0974 4356 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:23:32.0978 4356 PcaSvc - ok
21:23:33.0012 4356 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:23:33.0015 4356 pci - ok
21:23:33.0050 4356 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:23:33.0051 4356 pciide - ok
21:23:33.0081 4356 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:23:33.0088 4356 pcmcia - ok
21:23:33.0176 4356 PCToolsSSDMonitorSvc (0aea7303e97c02dad9245ebdfbd4d253) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
21:23:33.0186 4356 PCToolsSSDMonitorSvc - ok
21:23:33.0238 4356 PCTSD (9b7670b21e7fcbe9da9c4a751f31cca6) C:\Windows\system32\Drivers\PCTSD64.sys
21:23:33.0240 4356 PCTSD - ok
21:23:33.0264 4356 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:23:33.0265 4356 pcw - ok
21:23:33.0298 4356 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:23:33.0307 4356 PEAUTH - ok
21:23:33.0346 4356 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:23:33.0348 4356 PerfHost - ok
21:23:33.0407 4356 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:23:33.0434 4356 pla - ok
21:23:33.0481 4356 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:23:33.0488 4356 PlugPlay - ok
21:23:33.0535 4356 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
21:23:33.0537 4356 Pml Driver HPZ12 - ok
21:23:33.0584 4356 pneteth (fe74ba87cdaa80ac9261f49167f0608a) C:\Windows\system32\DRIVERS\pneteth.sys
21:23:33.0587 4356 pneteth - ok
21:23:33.0639 4356 pnetmdm (06841f5cd8410b6bdc0b5a631b8f8787) C:\Windows\system32\DRIVERS\pnetmdm64.sys
21:23:33.0641 4356 pnetmdm - ok
21:23:33.0668 4356 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:23:33.0671 4356 PNRPAutoReg - ok
21:23:33.0692 4356 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:23:33.0695 4356 PNRPsvc - ok
21:23:33.0740 4356 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:23:33.0748 4356 PolicyAgent - ok
21:23:33.0785 4356 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:23:33.0787 4356 Power - ok
21:23:33.0829 4356 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:23:33.0832 4356 PptpMiniport - ok
21:23:33.0860 4356 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:23:33.0863 4356 Processor - ok
21:23:33.0886 4356 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:23:33.0891 4356 ProfSvc - ok
21:23:33.0916 4356 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:23:33.0918 4356 ProtectedStorage - ok
21:23:33.0952 4356 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:23:33.0955 4356 Psched - ok
21:23:33.0991 4356 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
21:23:33.0992 4356 PxHlpa64 - ok
21:23:34.0049 4356 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:23:34.0087 4356 ql2300 - ok
21:23:34.0114 4356 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:23:34.0118 4356 ql40xx - ok
21:23:34.0156 4356 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:23:34.0162 4356 QWAVE - ok
21:23:34.0184 4356 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:23:34.0185 4356 QWAVEdrv - ok
21:23:34.0208 4356 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:23:34.0209 4356 RasAcd - ok
21:23:34.0244 4356 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:23:34.0246 4356 RasAgileVpn - ok
21:23:34.0258 4356 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:23:34.0262 4356 RasAuto - ok
21:23:34.0301 4356 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:23:34.0304 4356 Rasl2tp - ok
21:23:34.0343 4356 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:23:34.0346 4356 RasMan - ok
21:23:34.0369 4356 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:23:34.0371 4356 RasPppoe - ok
21:23:34.0406 4356 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:23:34.0408 4356 RasSstp - ok
21:23:34.0447 4356 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:23:34.0452 4356 rdbss - ok
21:23:34.0474 4356 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:23:34.0476 4356 rdpbus - ok
21:23:34.0497 4356 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:23:34.0499 4356 RDPCDD - ok
21:23:34.0519 4356 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:23:34.0520 4356 RDPENCDD - ok
21:23:34.0542 4356 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:23:34.0544 4356 RDPREFMP - ok
21:23:34.0581 4356 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
21:23:34.0585 4356 RDPWD - ok
21:23:34.0622 4356 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:23:34.0625 4356 rdyboost - ok
21:23:34.0718 4356 RegSrvc (3b71b5b91e7dca93585d5a86c897adc4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
21:23:34.0726 4356 RegSrvc - ok
21:23:34.0778 4356 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:23:34.0782 4356 RemoteAccess - ok
21:23:34.0814 4356 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:23:34.0819 4356 RemoteRegistry - ok
21:23:34.0867 4356 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:23:34.0870 4356 RFCOMM - ok
21:23:34.0919 4356 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
21:23:34.0921 4356 ROOTMODEM - ok
21:23:34.0944 4356 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:23:34.0948 4356 RpcEptMapper - ok
21:23:34.0968 4356 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:23:34.0971 4356 RpcLocator - ok
21:23:35.0012 4356 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:23:35.0018 4356 RpcSs - ok
21:23:35.0037 4356 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:23:35.0040 4356 rspndr - ok
21:23:35.0088 4356 RSUSBSTOR (502b316947ea887cddd325d4745eb7d0) C:\Windows\system32\Drivers\RtsUStor.sys
21:23:35.0095 4356 RSUSBSTOR - ok
21:23:35.0153 4356 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:23:35.0160 4356 RTL8167 - ok
21:23:35.0188 4356 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:23:35.0190 4356 SamSs - ok
21:23:35.0234 4356 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:23:35.0239 4356 sbp2port - ok
21:23:35.0270 4356 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:23:35.0276 4356 SCardSvr - ok
21:23:35.0307 4356 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:23:35.0309 4356 scfilter - ok
21:23:35.0373 4356 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:23:35.0408 4356 Schedule - ok
21:23:35.0442 4356 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:23:35.0442 4356 SCPolicySvc - ok
21:23:35.0476 4356 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:23:35.0480 4356 SDRSVC - ok
21:23:35.0544 4356 SeaPort (d358e077a0a05d9b12da22d137ee8464) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
21:23:35.0546 4356 SeaPort - ok
21:23:35.0613 4356 SecDrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\SECDRV.SYS
21:23:35.0615 4356 SecDrv - ok
21:23:35.0649 4356 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:23:35.0653 4356 seclogon - ok
21:23:35.0681 4356 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
21:23:35.0684 4356 SENS - ok
21:23:35.0700 4356 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:23:35.0704 4356 SensrSvc - ok
21:23:35.0727 4356 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:23:35.0729 4356 Serenum - ok
21:23:35.0750 4356 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:23:35.0753 4356 Serial - ok
21:23:35.0790 4356 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:23:35.0792 4356 sermouse - ok
21:23:35.0855 4356 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:23:35.0860 4356 SessionEnv - ok
21:23:35.0902 4356 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:23:35.0905 4356 sffdisk - ok
21:23:35.0927 4356 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:23:35.0929 4356 sffp_mmc - ok
21:23:35.0950 4356 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:23:35.0952 4356 sffp_sd - ok
21:23:35.0975 4356 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:23:35.0977 4356 sfloppy - ok
21:23:36.0027 4356 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:23:36.0034 4356 SharedAccess - ok
21:23:36.0069 4356 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:23:36.0076 4356 ShellHWDetection - ok
21:23:36.0105 4356 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:23:36.0110 4356 SiSRaid2 - ok
21:23:36.0131 4356 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:23:36.0134 4356 SiSRaid4 - ok
21:23:36.0183 4356 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:23:36.0186 4356 Smb - ok
21:23:36.0236 4356 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:23:36.0239 4356 SNMPTRAP - ok
21:23:36.0258 4356 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:23:36.0259 4356 spldr - ok
21:23:36.0303 4356 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:23:36.0320 4356 Spooler - ok
21:23:36.0416 4356 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:23:36.0505 4356 sppsvc - ok
21:23:36.0597 4356 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:23:36.0635 4356 sppuinotify - ok
21:23:36.0783 4356 sprtsvc_DellComms (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
21:23:36.0786 4356 sprtsvc_DellComms - ok
21:23:36.0834 4356 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
21:23:36.0836 4356 sprtsvc_DellSupportCenter - ok
21:23:36.0892 4356 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:23:36.0900 4356 srv - ok
21:23:36.0942 4356 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:23:36.0949 4356 srv2 - ok
21:23:36.0972 4356 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:23:36.0976 4356 srvnet - ok
21:23:37.0010 4356 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:23:37.0016 4356 SSDPSRV - ok
21:23:37.0038 4356 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:23:37.0042 4356 SstpSvc - ok
21:23:37.0095 4356 stdflt (c48e0745d33897c7a73394214f2b9b4f) C:\Windows\system32\DRIVERS\stdflt.sys
21:23:37.0095 4356 stdflt - ok
21:23:37.0132 4356 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:23:37.0134 4356 stexstor - ok
21:23:37.0189 4356 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:23:37.0210 4356 stisvc - ok
21:23:37.0246 4356 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:23:37.0247 4356 swenum - ok
21:23:37.0296 4356 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:23:37.0317 4356 swprv - ok
21:23:37.0383 4356 SynTP (639b57dc871be4b86283027faf1f4e30) C:\Windows\system32\DRIVERS\SynTP.sys
21:23:37.0385 4356 SynTP - ok
21:23:37.0440 4356 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:23:37.0466 4356 SysMain - ok
21:23:37.0504 4356 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:23:37.0508 4356 TabletInputService - ok
21:23:37.0558 4356 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:23:37.0561 4356 TapiSrv - ok
21:23:37.0591 4356 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:23:37.0594 4356 TBS - ok
21:23:37.0671 4356 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:23:37.0726 4356 Tcpip - ok
21:23:37.0781 4356 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:23:37.0796 4356 TCPIP6 - ok
21:23:37.0836 4356 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:23:37.0839 4356 tcpipreg - ok
21:23:37.0885 4356 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:23:37.0886 4356 TDPIPE - ok
21:23:37.0923 4356 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:23:37.0925 4356 TDTCP - ok
21:23:37.0961 4356 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:23:37.0964 4356 tdx - ok
21:23:38.0005 4356 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:23:38.0006 4356 TermDD - ok
21:23:38.0051 4356 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:23:38.0074 4356 TermService - ok
21:23:38.0092 4356 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:23:38.0096 4356 Themes - ok
21:23:38.0126 4356 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:23:38.0128 4356 THREADORDER - ok
21:23:38.0145 4356 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:23:38.0150 4356 TrkWks - ok
21:23:38.0183 4356 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:23:38.0184 4356 TrustedInstaller - ok
21:23:38.0222 4356 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:23:38.0224 4356 tssecsrv - ok
21:23:38.0270 4356 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:23:38.0272 4356 TsUsbFlt - ok
21:23:38.0318 4356 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:23:38.0321 4356 tunnel - ok
21:23:38.0353 4356 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:23:38.0356 4356 uagp35 - ok
21:23:38.0401 4356 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:23:38.0407 4356 udfs - ok
21:23:38.0434 4356 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:23:38.0438 4356 UI0Detect - ok
21:23:38.0477 4356 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:23:38.0479 4356 uliagpkx - ok
21:23:38.0512 4356 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:23:38.0514 4356 umbus - ok
21:23:38.0531 4356 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:23:38.0534 4356 UmPass - ok
21:23:38.0571 4356 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:23:38.0579 4356 upnphost - ok
21:23:38.0609 4356 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:23:38.0612 4356 usbccgp - ok
21:23:38.0660 4356 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:23:38.0666 4356 usbcir - ok
21:23:38.0698 4356 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:23:38.0700 4356 usbehci - ok
21:23:38.0750 4356 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:23:38.0756 4356 usbhub - ok
21:23:38.0789 4356 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:23:38.0791 4356 usbohci - ok
21:23:38.0837 4356 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:23:38.0839 4356 usbprint - ok
21:23:38.0877 4356 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:23:38.0880 4356 usbscan - ok
21:23:38.0921 4356 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:23:38.0923 4356 USBSTOR - ok
21:23:38.0949 4356 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:23:38.0951 4356 usbuhci - ok
21:23:38.0988 4356 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
21:23:38.0992 4356 usbvideo - ok
21:23:39.0027 4356 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:23:39.0030 4356 UxSms - ok
21:23:39.0051 4356 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:23:39.0052 4356 VaultSvc - ok
21:23:39.0096 4356 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:23:39.0097 4356 vdrvroot - ok
21:23:39.0154 4356 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:23:39.0171 4356 vds - ok
21:23:39.0202 4356 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:23:39.0204 4356 vga - ok
21:23:39.0227 4356 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:23:39.0229 4356 VgaSave - ok
21:23:39.0253 4356 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:23:39.0258 4356 vhdmp - ok
21:23:39.0279 4356 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:23:39.0281 4356 viaide - ok
21:23:39.0301 4356 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:23:39.0303 4356 volmgr - ok
21:23:39.0348 4356 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:23:39.0354 4356 volmgrx - ok
21:23:39.0377 4356 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:23:39.0382 4356 volsnap - ok
21:23:39.0423 4356 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:23:39.0428 4356 vsmraid - ok
21:23:39.0490 4356 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:23:39.0526 4356 VSS - ok
21:23:39.0544 4356 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:23:39.0546 4356 vwifibus - ok
21:23:39.0567 4356 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:23:39.0569 4356 vwififlt - ok
21:23:39.0605 4356 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:23:39.0607 4356 vwifimp - ok
21:23:39.0638 4356 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:23:39.0647 4356 W32Time - ok
21:23:39.0677 4356 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:23:39.0679 4356 WacomPen - ok
21:23:39.0722 4356 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:23:39.0724 4356 WANARP - ok
21:23:39.0732 4356 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:23:39.0733 4356 Wanarpv6 - ok
21:23:39.0801 4356 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:23:39.0831 4356 WatAdminSvc - ok
21:23:39.0878 4356 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:23:39.0913 4356 wbengine - ok
21:23:39.0943 4356 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:23:39.0949 4356 WbioSrvc - ok
21:23:39.0990 4356 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:23:39.0999 4356 wcncsvc - ok
21:23:40.0021 4356 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:23:40.0025 4356 WcsPlugInService - ok
21:23:40.0046 4356 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:23:40.0048 4356 Wd - ok
21:23:40.0101 4356 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
21:23:40.0103 4356 WDC_SAM - ok
21:23:40.0194 4356 WDDMService (20442a908fe6d3bc687a5b5df4d5868c) C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
21:23:40.0197 4356 WDDMService - ok
21:23:40.0226 4356 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:23:40.0246 4356 Wdf01000 - ok
21:23:40.0310 4356 WDFMEService (bb9d012a82f66e08d2e235a53b0eba40) C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
21:23:40.0342 4356 WDFMEService - ok
21:23:40.0372 4356 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:23:40.0377 4356 WdiServiceHost - ok
21:23:40.0383 4356 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:23:40.0386 4356 WdiSystemHost - ok
21:23:40.0431 4356 wdkmd (adcb28896d433d68103a1670fa3d5ee5) C:\Windows\system32\DRIVERS\WDKMD.sys
21:23:40.0431 4356 wdkmd - ok
21:23:40.0484 4356 WDRulesService (d878c31511169de535852fc6d15570e8) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
21:23:40.0508 4356 WDRulesService - ok
21:23:40.0541 4356 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:23:40.0548 4356 WebClient - ok
21:23:40.0568 4356 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:23:40.0575 4356 Wecsvc - ok
21:23:40.0597 4356 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:23:40.0601 4356 wercplsupport - ok
21:23:40.0629 4356 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:23:40.0633 4356 WerSvc - ok
21:23:40.0672 4356 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:23:40.0674 4356 WfpLwf - ok
21:23:40.0695 4356 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:23:40.0697 4356 WIMMount - ok
21:23:40.0747 4356 WinDefend - ok
21:23:40.0756 4356 WinHttpAutoProxySvc - ok
21:23:40.0810 4356 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:23:40.0813 4356 Winmgmt - ok
21:23:40.0895 4356 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:23:40.0945 4356 WinRM - ok
21:23:41.0013 4356 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:23:41.0015 4356 WinUsb - ok
21:23:41.0065 4356 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:23:41.0090 4356 Wlansvc - ok
21:23:41.0124 4356 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:23:41.0125 4356 WmiAcpi - ok
21:23:41.0178 4356 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:23:41.0182 4356 wmiApSrv - ok
21:23:41.0219 4356 WMPNetworkSvc - ok
21:23:41.0258 4356 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:23:41.0262 4356 WPCSvc - ok
21:23:41.0296 4356 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:23:41.0301 4356 WPDBusEnum - ok
21:23:41.0328 4356 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:23:41.0329 4356 ws2ifsl - ok
21:23:41.0391 4356 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
21:23:41.0396 4356 wscsvc - ok
21:23:41.0407 4356 WSearch - ok
21:23:41.0490 4356 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:23:41.0533 4356 wuauserv - ok
21:23:41.0571 4356 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:23:41.0574 4356 WudfPf - ok
21:23:41.0606 4356 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:23:41.0610 4356 WUDFRd - ok
21:23:41.0643 4356 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:23:41.0645 4356 wudfsvc - ok
21:23:41.0676 4356 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:23:41.0683 4356 WwanSvc - ok
21:23:41.0846 4356 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
21:23:41.0852 4356 YahooAUService - ok
21:23:41.0972 4356 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:23:42.0043 4356 \Device\Harddisk0\DR0 - ok
21:23:42.0371 4356 MBR (0x1B8) (bc9a8f0f7284c2604c4d542295f79124) \Device\Harddisk1\DR1
21:23:43.0413 4356 \Device\Harddisk1\DR1 - ok
21:23:43.0444 4356 Boot (0x1200) (7abf2c9b870e936c3ab869eee24bd3a4) \Device\Harddisk0\DR0\Partition0
21:23:43.0447 4356 \Device\Harddisk0\DR0\Partition0 - ok
21:23:43.0463 4356 Boot (0x1200) (5fbeec304255b89f9f44bfbc42ea0a09) \Device\Harddisk0\DR0\Partition1
21:23:43.0465 4356 \Device\Harddisk0\DR0\Partition1 - ok
21:23:43.0480 4356 Boot (0x1200) (8dcd222ca7598a543bcec53e018419b7) \Device\Harddisk0\DR0\Partition2
21:23:43.0483 4356 \Device\Harddisk0\DR0\Partition2 - ok
21:23:43.0488 4356 Boot (0x1200) (8259deca7e4755e7a806c17c6a2bd4b7) \Device\Harddisk1\DR1\Partition0
21:23:43.0491 4356 \Device\Harddisk1\DR1\Partition0 - ok
21:23:43.0491 4356 ============================================================
21:23:43.0491 4356 Scan finished
21:23:43.0491 4356 ============================================================
21:23:43.0504 6116 Detected object count: 0
21:23:43.0504 6116 Actual detected object count: 0




aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-17 21:25:05
-----------------------------
21:25:05.710 OS Version: Windows x64 6.1.7601 Service Pack 1
21:25:05.711 Number of processors: 4 586 0x2502
21:25:05.711 ComputerName: DELL-PC UserName: Dell
21:25:06.511 Initialize success
21:26:02.053 AVAST engine defs: 12041701
21:26:39.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
21:26:39.285 Disk 0 Vendor: ST9500420AS 0003SDM1 Size: 476940MB BusType: 11
21:26:39.338 Disk 0 MBR read successfully
21:26:39.343 Disk 0 MBR scan
21:26:39.349 Disk 0 Windows 7 default MBR code
21:26:39.363 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
21:26:39.375 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10000 MB offset 206848
21:26:39.392 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 60000 MB offset 20686848
21:26:39.400 Disk 0 Partition - 00 0F Extended LBA 406838 MB offset 143566848
21:26:39.427 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 406828 MB offset 143568896
21:26:39.469 Disk 0 scanning C:\Windows\system32\drivers
21:26:49.974 Service scanning
21:27:12.287 Modules scanning
21:27:12.301 Disk 0 trace - called modules:
21:27:12.340 ntoskrnl.exe CLASSPNP.SYS disk.sys stdflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:27:12.346 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004be5060]
21:27:12.351 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8004a7dbf0]
21:27:12.356 5 stdflt.sys[fffff8800199aa4a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa800491b680]
21:27:12.992 AVAST engine scan C:\Windows
21:27:14.979 AVAST engine scan C:\Windows\system32
21:27:23.920 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
21:29:59.695 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
21:29:59.717 File: C:\Windows\assembly\temp\U\80000064.@ **INFECTED** Win32:Malware-gen
21:29:59.966 AVAST engine scan C:\Windows\system32\drivers
21:30:12.383 AVAST engine scan C:\Users\Dell
21:30:27.561 Disk 0 MBR has been saved successfully to "C:\Users\Dell\Desktop\MBR.dat"
21:30:27.568 The log file has been saved successfully to "C:\Users\Dell\Desktop\aswMBR.txt"

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:50 PM

Posted 17 April 2012 - 11:41 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
C:\Windows\assembly\temp\U

File::
C:\Windows\system32\consrv.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Jay A.

Jay A.
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 18 April 2012 - 12:10 AM

Here is the latest log. The computer seems to be doing fine. I just got on google and did some random searches. So far, there have been no re-directs. Does this mean that it's been solved?


ComboFix 12-04-17.01 - Dell 04/17/2012 21:47:24.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2221 [GMT -7:00]
Running from: c:\users\Dell\Desktop\ComboFix.exe
Command switches used :: c:\users\Dell\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\consrv.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\temp\U
c:\windows\assembly\temp\U\00000001.@
c:\windows\assembly\temp\U\00000002.@
c:\windows\assembly\temp\U\00000004.@
c:\windows\assembly\temp\U\000000c0.@
c:\windows\assembly\temp\U\000000cb.@
c:\windows\assembly\temp\U\000000cf.@
c:\windows\assembly\temp\U\80000000.@
c:\windows\assembly\temp\U\80000004.@
c:\windows\assembly\temp\U\80000032.@
c:\windows\assembly\temp\U\80000064.@
c:\windows\assembly\temp\U\800000c0.@
c:\windows\assembly\temp\U\800000cb.@
c:\windows\assembly\temp\U\800000cf.@
c:\windows\system32\consrv.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))
.
.
2012-04-18 04:58 . 2012-04-18 04:58 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-04-18 04:58 . 2012-04-18 04:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-18 02:19 . 2012-04-18 04:57 -------- dc----w- C:\FRST
2012-04-17 02:37 . 2012-04-17 02:37 -------- d-----w- c:\users\Dell\AppData\Local\visi_coupon
2012-04-17 02:08 . 2012-02-24 17:36 230952 -c--a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-04-17 02:07 . 2012-04-17 02:07 -------- d-----w- c:\users\Dell\AppData\Roaming\TestApp
2012-04-17 02:03 . 2012-04-17 02:03 -------- d-----w- c:\users\Dell\AppData\Roaming\Registry Mechanic
2012-04-16 02:39 . 2012-03-21 19:23 512472 -c--a-w- c:\windows\SysWow64\msxml.dll
2012-04-16 02:39 . 2012-03-21 19:23 40408 -c--a-w- c:\windows\system32\CleanMFT64.exe
2012-04-16 02:39 . 2008-09-18 05:17 658432 -c--a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2012-04-16 02:39 . 2008-04-02 23:54 1101824 -c--a-w- c:\windows\SysWow64\UniBox210.ocx
2012-04-16 02:39 . 2008-04-02 23:53 212992 -c--a-w- c:\windows\SysWow64\UniBoxVB12.ocx
2012-04-16 02:39 . 2008-04-02 23:53 880640 -c--a-w- c:\windows\SysWow64\UniBox10.ocx
2012-04-16 02:39 . 2012-04-17 02:08 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-04-16 02:39 . 2012-04-17 02:10 -------- d-----w- c:\program files (x86)\PC Tools
2012-04-16 02:39 . 2012-04-16 02:39 -------- dc----w- c:\programdata\PC Tools
2012-04-16 02:39 . 2012-04-16 02:39 -------- d-----w- c:\users\Dell\AppData\Roaming\Product_RM
2012-04-16 01:13 . 2012-04-17 02:40 -------- dc----w- C:\sh4ldr
2012-04-16 01:13 . 2012-04-16 01:13 -------- d-----w- c:\program files\Enigma Software Group
2012-04-16 01:12 . 2012-04-17 02:38 -------- dc----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-04-15 22:51 . 2012-04-15 22:51 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-15 22:51 . 2012-04-15 22:51 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-04-15 19:47 . 2012-04-15 19:47 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-04-15 03:28 . 2012-04-15 03:28 -------- dc----we c:\windows\system64
2012-04-14 18:32 . 2012-04-14 18:32 -------- d-----w- c:\users\Dell\AppData\Roaming\Reallusion
2012-04-14 18:31 . 2012-04-14 18:31 -------- d-----w- c:\users\Dell\AppData\Local\Windows Live Writer
2012-04-14 18:31 . 2012-04-14 18:31 -------- d-----w- c:\users\Dell\AppData\Roaming\Windows Live Writer
2012-04-14 16:57 . 2012-04-17 02:03 -------- dc----w- C:\TDSSKiller_Quarantine
2012-04-14 15:19 . 2012-04-14 18:32 -------- dc----w- c:\programdata\Creative
2012-04-14 15:19 . 2012-04-14 15:19 -------- d-----w- c:\users\Dell\AppData\Roaming\Creative
2012-04-14 00:19 . 2012-04-14 00:19 8766112 -c--a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-13 23:11 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0F3B0FA-6673-4154-A989-3897D91AEDB9}\mpengine.dll
2012-04-13 22:50 . 2012-04-13 22:50 -------- dc----w- c:\windows\Sun
2012-04-13 22:37 . 2012-04-18 02:45 -------- dcsh--w- c:\windows\SysWow64\%APPDATA%
2012-04-11 22:59 . 2012-04-11 22:59 -------- d-----w- c:\program files (x86)\YouTube Downloader Toolbar
2012-04-11 22:59 . 2012-04-11 22:59 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2012-04-11 22:59 . 2012-04-11 22:59 -------- d-----w- c:\program files (x86)\Application Updater
2012-04-11 04:26 . 2012-04-11 04:26 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 04:26 . 2012-04-11 04:26 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 04:26 . 2012-04-11 04:26 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 04:26 . 2012-04-11 04:26 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 04:26 . 2012-04-11 04:26 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 04:26 . 2012-04-11 04:26 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 04:26 . 2012-04-11 04:26 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-09 00:38 . 2012-04-09 00:40 -------- d-sh--w- c:\users\Dell\AppData\Roaming\Total Anti Malware Protection
2012-04-09 00:38 . 2012-04-09 00:38 -------- dcsh--w- c:\programdata\TAQQMP
2012-04-09 00:37 . 2012-04-09 01:09 -------- dcsh--w- c:\programdata\c60f4f
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-04-03 13:20 . 2012-04-14 00:19 418464 -c--a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 00:19 . 2011-05-15 15:04 70304 -c--a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 22:56 . 2010-02-13 15:07 24904 -c--a-w- c:\windows\system32\drivers\mbam.sys
2012-03-17 17:24 . 2012-03-17 16:02 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-17 17:24 . 2012-03-17 16:00 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-17 17:24 . 2012-03-17 16:00 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-17 17:24 . 2012-03-17 16:00 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-17 17:24 . 2012-03-17 16:02 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-17 17:24 . 2012-03-17 16:02 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-17 17:22 . 2012-03-17 16:00 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-17 17:22 . 2012-03-17 16:00 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-17 17:22 . 2012-03-17 16:00 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-17 17:22 . 2012-03-17 16:00 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-23 16:18 . 2010-01-14 16:16 279656 -c----w- c:\windows\system32\MpSigStub.exe
2012-02-15 06:24 . 2012-02-15 00:08 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 06:24 . 2012-02-15 00:08 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 06:19 . 2012-02-15 00:06 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 06:19 . 2012-02-15 00:06 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 06:19 . 2012-02-15 00:06 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 06:18 . 2012-02-15 00:05 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-15 06:18 . 2012-02-15 00:05 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-01-29 23:07 . 2012-01-29 22:23 395776 ----a-w- c:\windows\system32\webio.dll
2012-01-29 23:07 . 2012-01-29 22:23 340992 ----a-w- c:\windows\system32\schannel.dll
2012-01-29 23:07 . 2012-01-29 22:23 314880 ----a-w- c:\windows\SysWow64\webio.dll
2012-01-29 23:07 . 2012-01-29 22:23 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2012-01-29 23:07 . 2012-01-29 22:23 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-01-29 23:07 . 2012-01-29 22:23 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-29 23:07 . 2012-01-29 22:23 459232 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-29 23:07 . 2012-01-29 22:23 31232 ----a-w- c:\windows\system32\lsass.exe
2012-01-29 23:07 . 2012-01-29 22:23 29184 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-29 23:07 . 2012-01-29 22:23 28160 ----a-w- c:\windows\system32\secur32.dll
2012-01-29 23:07 . 2012-01-29 22:23 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-01-29 23:07 . 2012-01-29 22:23 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-29 23:07 . 2012-01-29 22:23 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-29 23:07 . 2012-01-29 22:23 136192 ----a-w- c:\windows\system32\sspicli.dll
2010-05-28 01:12 . 2010-05-29 14:55 8354440 ----a-w- c:\program files\Firefox Setup 3.6.3.exe
2010-05-23 17:47 . 2010-05-29 14:55 2394408 ----a-w- c:\program files\mp3tagv246asetup.exe
2010-05-20 21:10 . 2010-05-29 14:55 232704 ----a-w- c:\program files\yahoo_toolbar_install_helper.exe
2010-05-20 05:59 . 2010-05-29 14:55 98435368 ----a-w- c:\program files\iTunes64Setup.exe
2010-05-20 04:34 . 2010-05-20 04:34 12383736 ----a-w- c:\program files\picasa36-setup.exe
2009-07-10 20:39 . 2010-07-03 22:21 350720 ----a-w- c:\program files\hjsplit.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-18_02.48.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-04-18 05:01 35548 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-12 06:45 . 2012-04-18 05:01 22022 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3991066933-4123389269-316651398-1000_UserData.bin
+ 2009-07-14 05:10 . 2012-04-18 04:00 35540 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-12 06:45 . 2012-04-18 04:00 21990 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3991066933-4123389269-316651398-1000_UserData.bin
- 2012-04-18 02:47 . 2012-04-18 02:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-18 04:59 . 2012-04-18 04:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-18 04:59 . 2012-04-18 04:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-18 02:47 . 2012-04-18 02:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-05-12 04:14 . 2012-04-18 02:17 344064 c:\windows\Temp\Cookies\index.dat
+ 2010-05-12 04:14 . 2012-04-18 03:58 344064 c:\windows\Temp\Cookies\index.dat
- 2009-07-14 02:36 . 2012-04-18 02:21 649676 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-18 04:03 649676 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-18 04:03 115564 c:\windows\system64\perfc009.dat
- 2009-07-14 02:36 . 2012-04-18 02:21 115564 c:\windows\system64\perfc009.dat
- 2009-07-14 02:36 . 2012-04-18 02:21 649676 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-18 04:03 649676 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-18 04:03 115564 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-18 02:21 115564 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-04-18 04:58 409292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-18 02:46 409292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-05-12 04:14 . 2012-04-18 03:58 9306112 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-12 04:14 . 2012-04-18 02:17 9306112 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-04-27 05:29 . 2012-04-18 04:58 3154600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3991066933-4123389269-316651398-1000-8192.dat
+ 2010-05-12 04:14 . 2012-04-18 03:58 16187392 c:\windows\Temp\History\History.IE5\index.dat
- 2010-05-12 04:14 . 2012-04-18 02:17 16187392 c:\windows\Temp\History\History.IE5\index.dat
+ 2011-04-27 05:29 . 2012-04-18 04:58 28109636 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3991066933-4123389269-316651398-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-01-12 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"FreeCT"="c:\program files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe" [2011-11-18 1995088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-03-22 74752]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-17 421736]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-04-11 981856]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-03-21 103896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"dplaysvr"="c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe" [BU]
.
c:\users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-29 1316192]
TimeLeft.lnk - d:\dell\TimeLeft3\TimeLeft.exe [2011-4-12 2051880]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-29 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
2009-07-07 02:23 1779952 ----a-w- c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
2009-06-24 08:21 409744 ------w- c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellComms]
2009-05-04 21:39 206064 ----a-w- c:\program files (x86)\Dell\DellComms\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 00:59 206064 ----a-w- c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool]
2009-06-18 13:46 494064 ----a-w- c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
.
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-09 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-09 135664]
R3 HtcUsbMdmV64;HTC Proprietary USB Driver;c:\windows\system32\DRIVERS\HtcUsbMdmV64.sys [x]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-05 92160]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-04-11 784792]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-03-21 793048]
S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-05-04 206064]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-08-01 317328]
S2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-08-01 1978256]
S2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-08-01 1338256]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 00:19]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-09 03:27]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-09 03:27]
.
2012-04-18 c:\windows\Tasks\RMAutoUpdate.job
- c:\program files (x86)\PC Tools\PC Tools Registry Mechanic\SULauncher.exe [2012-04-16 19:23]
.
2012-04-18 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\PC Tools\PC Tools Registry Mechanic\RegMech.exe [2012-04-16 19:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-05 8123936]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Save F&lash with FlashCapture - d:\dell\Flash Capture\fciext.dll/FCIEXT.htm
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\4b9xtrjk.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=hex:51,66,7a,6c,4c,1d,38,12,81,47,e9,
25,5f,79,3d,08,e4,19,c9,c9,d6,7c,d4,7c
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{F3FEE66E-E034-436A-86E4-9690573BEE8A}"=hex:51,66,7a,6c,4c,1d,38,12,00,e5,ed,
f7,06,ae,04,06,f9,f2,d5,d0,52,65,aa,9e
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{8B3868B4-EBA8-48FA-A19B-E1DFB99066FA}"=hex:51,66,7a,6c,4c,1d,38,12,da,6b,2b,
8f,9a,a5,94,0d,de,8d,a2,9f,bc,ce,22,ee
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}"=hex:51,66,7a,6c,4c,1d,38,12,ae,8e,49,
e5,24,cb,cf,07,fe,fc,9f,d4,e9,44,8b,04
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:32,6d,b0,bb,c9,19,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-04-17 22:04:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-18 05:04
ComboFix2.txt 2012-04-18 02:53
ComboFix3.txt 2012-04-14 17:23
ComboFix4.txt 2012-04-14 16:15
.
Pre-Run: 18,093,735,936 bytes free
Post-Run: 17,840,906,240 bytes free
.
- - End Of File - - 9D5C3EE26A448D82D553D870025E151B




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users