Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop Infected with various Trojans and ZeroAccess rootkit


  • This topic is locked This topic is locked
11 replies to this topic

#1 isiDTV

isiDTV

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 16 April 2012 - 11:22 PM

Hello,

My friend's laptop was infected with trojans/rootkit that will restart in a loop. I was able to go into safe mode and clean up the laptop using a combination of malwarebytes, tdsskiller, and roquekiller. I am able to get into the laptop without it restarting, but have not been able to fully remove all the trojans and malwares. Help is greatly appreciated. Thank you.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Nina Ong at 23:17:49 on 2012-04-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2273 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Windows\System32\vds.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Megaupload\Mega Manager\MegaManager.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Mega Manager] C:\Program Files (x86)\Megaupload\Mega Manager\MegaManager.exe /Tray
uRun: [beaabdfecaeefccdct] "C:\ProgramData\beaabdfecaeefccdct.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
dRun: [Mshost Manager] \svchost.exe
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
dRun: [beaabdfecaeefccdct] "C:\ProgramData\beaabdfecaeefccdct.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{78AED60D-EB82-4DE6-A0D8-FDE077AFA40C} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{824580C9-FD54-4095-95EE-D83B8AF7D3FB} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{824580C9-FD54-4095-95EE-D83B8AF7D3FB}\269627E65697 : DhcpNameServer = 192.168.0.1
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll
BHO-X64: MegaIEMn - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun-x64: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R?2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-2-26 98208]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-15 654408]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-2-26 705856]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-26 2533400]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2010-7-31 25072]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-17 04:10:17 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-17 04:10:05 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5E61EE88-40E2-4B85-974D-E660BDFAFAD6}\mpengine.dll
2012-04-16 04:50:55 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2012-04-16 04:43:47 -------- d-s---w- C:\ComboFix
2012-04-15 23:28:57 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-15 23:28:56 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-15 23:28:56 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-15 23:25:14 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BEF7D49A-1DE9-47A8-B09E-9B91B4E26DC5}\gapaengine.dll
2012-04-15 23:24:57 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-04-15 23:22:19 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-04-15 23:22:10 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-04-15 22:09:48 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-15 20:36:37 -------- d-----w- C:\Users\Nina Ong\AppData\Roaming\Malwarebytes
2012-04-15 20:36:14 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-15 20:36:13 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-15 20:36:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-14 04:35:35 86016 ----a-w- C:\ProgramData\beaabdfecaeefccdct.exe
2012-04-14 03:53:57 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-04-11 04:24:51 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-11 04:24:51 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-11 04:24:51 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-11 04:24:51 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 04:24:51 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-11 04:24:51 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-11 04:24:51 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-10 03:42:10 -------- d--h--w- C:\Users\Nina Ong\AppData\Roaming\Fingertapps
2012-03-26 04:20:18 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-26 04:20:15 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-26 04:20:14 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-26 04:20:11 77312 ----a-w- C:\Windows\System32\packager.dll
2012-03-26 04:20:11 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-03-26 04:20:00 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-03-26 04:20:00 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-03-26 04:16:17 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-03-26 04:16:17 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-03-26 04:12:42 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-26 04:12:41 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-26 04:12:40 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-26 04:12:40 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-26 04:12:38 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-26 04:12:37 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-26 04:12:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-23 04:37:33 -------- d--h--w- C:\Users\Nina Ong\AppData\Local\{F6C4FE64-B705-40D4-9827-82EB7741BF4B}
.
==================== Find3M ====================
.
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 23:19:00.81 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:02 PM

Posted 16 April 2012 - 11:46 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 isiDTV

isiDTV
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 17 April 2012 - 12:19 AM

Hi Gringo,

Thank you for your quick response. Below is the output from the Farbar Recovery Scan Tool:

Scan result of Farbar Recovery Scan Tool Version: 16-04-2012
Ran by SYSTEM at 17-04-2012 01:15:27
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2122536 2010-05-07] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10144288 2010-04-13] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-07-29] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-07-29] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-07-29] (Intel Corporation)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3203440 2010-04-06] (Dell Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.)
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207350 2011-01-25] ()
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436736 2011-06-15] (Microsoft Corporation)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [487562 2010-08-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [647216 2009-07-07] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash [472112 2009-07-08] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKU\Nina Ong\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet [5252408 2010-06-01] (Yahoo! Inc.)
HKU\Nina Ong\...\Run: [Mega Manager] C:\Program Files (x86)\Megaupload\Mega Manager\MegaManager.exe /Tray [2113024 2010-11-03] (Megaupload Limited)
HKU\Nina Ong\...\Run: [beaabdfecaeefccdct] "C:\ProgramData\beaabdfecaeefccdct.exe" [86016 2012-04-14] ()
HKU\Nina Ong\...\Policies\system: [disableregistrytools] 0
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-11-24] (Dell)
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-01-13] (Softthinks)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)

==================== Services (Whitelisted) ======

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 nmservice; "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" [647216 2009-07-07] (Cisco Systems, Inc.)
2 NOBU; "C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe" SERVICE [2823000 2010-08-25] (Dell, Inc.)
3 RoxMediaDB12OEM; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe" [1116656 2010-11-25] (Sonic Solutions)
2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-11-25] (Sonic Solutions)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2533400 2010-07-01] (Intel Corporation)
2 btwdins; c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [x]
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]
2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
2 pnarp; C:\Windows\System32\Drivers\pnarp.sys [33328 2009-07-07] (Cisco Systems, Inc.)
2 purendis; C:\Windows\System32\Drivers\purendis.sys [35376 2009-07-07] (Cisco Systems, Inc.)
3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-17 01:15 - 2011-02-26 07:05 - 0000000 ____D C:\FRST
2012-04-16 23:20 - 2012-04-15 17:51 - 0023174 ____A C:\Users\Nina Ong\My Documents\Attach.txt
2012-04-16 23:20 - 2012-04-15 17:51 - 0023174 ____A C:\Users\Nina Ong\Documents\Attach.txt
2012-04-16 23:19 - 2011-07-12 22:43 - 0023466 ____A C:\Users\Nina Ong\My Documents\DDS.txt
2012-04-16 23:19 - 2011-07-12 22:43 - 0023466 ____A C:\Users\Nina Ong\Documents\DDS.txt
2012-04-16 22:58 - 2009-07-14 00:32 - 0000332 ____A C:\Windows\PFRO.log
2012-04-15 23:43 - 2012-04-15 18:22 - 0000000 ____D C:\Windows\ERDNT
2012-04-15 23:43 - 2011-02-26 05:32 - 0000000 ___SD C:\ComboFix
2012-04-15 23:39 - 2012-04-15 23:51 - 0000000 ____D C:\Qoobox
2012-04-15 23:39 - 2011-12-05 00:29 - 0000000 ___SD C:\32788R22FWJFW
2012-04-15 23:39 - - 4463836 ____R (Swearware) C:\Users\Nina Ong\Desktop\ComboFix.exe
2012-04-15 23:34 - 2012-04-15 17:56 - 0130246 ____A C:\TDSSKiller.2.7.28.0_15.04.2012_23.34.27_log.txt
2012-04-15 23:32 - 2011-04-06 23:05 - 0002875 ____A C:\Users\Nina Ong\My Documents\RKreport[1].txt
2012-04-15 23:32 - 2011-04-06 23:05 - 0002875 ____A C:\Users\Nina Ong\Documents\RKreport[1].txt
2012-04-15 23:31 - 2012-04-15 23:31 - 1262080 ____A C:\Users\Nina Ong\Desktop\RogueKiller.exe
2012-04-15 23:31 - 2011-07-17 20:56 - 0002875 ____A C:\Users\Nina Ong\Desktop\RKreport[1].txt
2012-04-15 23:31 - 2011-07-16 22:21 - 0593920 ____A (OldTimer Tools) C:\Users\Nina Ong\Desktop\OTL.exe
2012-04-15 23:30 - 2012-04-15 23:31 - 0000000 ____D C:\Users\Nina Ong\Desktop\RK_Quarantine
2012-04-15 23:13 - 2012-03-26 10:33 - 0302592 ____A C:\Users\Nina Ong\Desktop\gmer.exe
2012-04-15 18:28 - 2009-07-13 20:41 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-15 18:28 - 2009-07-13 20:16 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-04-15 18:28 - 2009-07-13 20:16 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-15 18:24 - 2009-07-13 20:41 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-04-15 18:22 - 2011-05-05 22:06 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-04-15 18:22 - 2011-05-05 22:06 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-04-15 18:13 - 2009-07-14 00:37 - 0001945 ____A C:\Windows\epplauncher.mif
2012-04-15 18:12 - 2009-07-13 20:39 - 1064454 ____A C:\Windows\ntbtlog.txt
2012-04-15 18:05 - 2009-07-13 23:54 - 0366872 ____A C:\Windows\WindowsUpdate.log
2012-04-15 18:01 - 2012-04-16 23:26 - 0000000 ____A C:\Windows\setuperr.log
2012-04-15 18:01 - 2011-02-26 06:47 - 0001242 ____A C:\Windows\setupact.log
2012-04-15 17:51 - 2012-04-15 17:15 - 0251792 ____A C:\TDSSKiller.2.7.28.0_15.04.2012_17.51.43_log.txt
2012-04-15 17:51 - 2011-07-18 23:15 - 0002136 ____A C:\Users\Nina Ong\My Documents\aswMBR.txt
2012-04-15 17:51 - 2011-07-18 23:15 - 0002136 ____A C:\Users\Nina Ong\Documents\aswMBR.txt
2012-04-15 17:51 - 2011-04-06 22:56 - 0000512 ____A C:\Users\Nina Ong\My Documents\MBR.dat
2012-04-15 17:51 - 2011-04-06 22:56 - 0000512 ____A C:\Users\Nina Ong\Documents\MBR.dat
2012-04-15 17:15 - 2012-04-15 17:09 - 0128412 ____A C:\TDSSKiller.2.7.28.0_15.04.2012_17.15.16_log.txt
2012-04-15 17:09 - 2012-04-15 23:36 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-15 17:07 - 2012-04-16 23:04 - 0136470 ____A C:\TDSSKiller.2.7.28.0_15.04.2012_17.07.49_log.txt
2012-04-15 15:36 - 2011-06-07 22:20 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-15 15:36 - 2011-03-06 18:42 - 0000000 ____D C:\Users\Nina Ong\Application Data\Malwarebytes
2012-04-15 15:36 - 2011-03-06 18:42 - 0000000 ____D C:\Users\Nina Ong\AppData\Roaming\Malwarebytes
2012-04-15 15:36 - 2011-02-26 05:23 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-15 15:36 - 2011-02-26 05:23 - 0000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-04-15 15:36 - 2011-02-26 05:23 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-15 15:36 - 2009-07-13 18:26 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-15 15:36 - - 0001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-15 15:36 - - 0001115 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-14 00:17 - 2012-04-15 21:12 - 0000649 ___AH C:\Users\Nina Ong\Desktop\SMART_HDD.lnk
2012-04-14 00:17 - 2012-04-14 00:17 - 0000256 ___AH C:\Users\All Users\Application Data\91u3A5SsGxKwL6
2012-04-14 00:17 - 2012-04-14 00:17 - 0000256 ___AH C:\Users\All Users\91u3A5SsGxKwL6
2012-04-14 00:17 - 2012-04-14 00:17 - 0000256 ___AH C:\ProgramData\91u3A5SsGxKwL6
2012-04-14 00:17 - - 0000000 ___AH C:\Users\All Users\Application Data\-91u3A5SsGxKwL6
2012-04-14 00:17 - - 0000000 ___AH C:\Users\All Users\-91u3A5SsGxKwL6
2012-04-14 00:17 - - 0000000 ___AH C:\ProgramData\-91u3A5SsGxKwL6
2012-04-13 23:43 - 2012-04-13 23:44 - 0000000 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_36 (2).avi.03yd9hq.partial
2012-04-13 23:35 - 2009-07-14 00:08 - 0086016 ____A C:\Users\All Users\beaabdfecaeefccdct.exe
2012-04-13 23:35 - 2009-07-14 00:08 - 0086016 ____A C:\Users\All Users\Application Data\beaabdfecaeefccdct.exe
2012-04-13 23:35 - 2009-07-14 00:08 - 0086016 ____A C:\ProgramData\beaabdfecaeefccdct.exe
2012-04-13 23:15 - 2012-04-15 23:43 - 0000016 ____H C:\datafile
2012-04-13 22:59 - 2012-04-13 23:44 - 343539154 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_34.avi.pmvbxs5.partial
2012-04-13 22:59 - 2012-04-13 23:44 - 108783726 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_35.avi.k5kfj76.partial
2012-04-13 22:59 - 2012-04-13 23:43 - 1699134 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_36.avi.7fawau8.partial
2012-04-13 22:59 - 2009-07-13 22:20 - 0012185 ____A C:\Windows\SysWOW64\hs_err_pid6296.log
2012-04-13 22:58 - 2012-04-13 23:44 - 87750878 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_33.avi.qm9ls9g.partial
2012-04-13 22:58 - 2012-04-13 23:44 - 85195878 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_31.avi.lt0hx82.partial
2012-04-13 22:58 - 2012-04-13 23:44 - 496757394 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_32.avi.h2wcn2w.partial
2012-04-13 22:58 - 2012-04-12 00:58 - 99219178 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_30.avi.18vx0oh.partial
2012-04-13 22:58 - 2009-06-10 15:31 - 0000000 ____D C:\Windows\Sun
2012-04-13 22:53 - - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-04-12 22:17 - 2012-04-13 00:02 - 650584250 ___AH C:\Users\Nina Ong\Downloads\Giant.39.avi
2012-04-12 22:17 - 2012-04-12 23:42 - 649239428 ___AH C:\Users\Nina Ong\Downloads\Giant.40.avi
2012-04-12 22:17 - 2012-04-12 23:37 - 649752286 ___AH C:\Users\Nina Ong\Downloads\Giant.38.avi
2012-04-12 22:16 - 2012-04-12 23:38 - 650828864 ___AH C:\Users\Nina Ong\Downloads\Giant.35.avi
2012-04-12 22:16 - 2012-04-12 23:32 - 0000000 ___AH C:\Users\Nina Ong\Downloads\Giant.36.avi.5us2e01.partial
2012-04-12 22:16 - 2012-04-12 22:16 - 650968622 ___AH C:\Users\Nina Ong\Downloads\Giant.37.avi
2012-04-12 22:16 - 2012-04-12 22:15 - 651277048 ___AH C:\Users\Nina Ong\Downloads\Giant.34.avi
2012-04-12 22:15 - 2012-04-12 23:41 - 0000000 ___AH C:\Users\Nina Ong\Downloads\Giant.33.avi.hk98mjz.partial
2012-04-12 22:15 - 2012-04-12 22:15 - 651340316 ___AH C:\Users\Nina Ong\Downloads\Giant.32.avi
2012-04-12 22:15 - 2012-04-12 00:05 - 703478870 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_21 (1).avi
2012-04-12 22:15 - 2012-04-11 22:57 - 0000000 ___AH C:\Users\Nina Ong\Downloads\Giant.31.avi.rii94bl.partial
2012-04-12 00:20 - 2012-04-12 00:59 - 705078800 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_29.avi
2012-04-12 00:20 - 2012-04-12 00:57 - 705970692 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_28.avi
2012-04-12 00:20 - 2012-04-12 00:53 - 705313118 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_27.avi
2012-04-12 00:20 - 2012-04-12 00:08 - 704169176 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_26.avi
2012-04-11 23:34 - 2012-04-12 00:17 - 703982224 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_25.avi
2012-04-11 23:33 - 2012-04-12 00:20 - 704218264 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_24.avi
2012-04-11 23:33 - 2012-04-12 00:14 - 704247234 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_23.avi
2012-04-11 23:33 - 2012-04-11 23:00 - 704068608 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_22.avi
2012-04-11 23:00 - 2012-04-12 23:43 - 0000000 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_21.avi.yc9g8ms.partial
2012-04-11 23:00 - 2012-04-11 23:57 - 704712210 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_19.avi
2012-04-11 23:00 - 2012-04-11 23:27 - 704541852 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_20.avi
2012-04-11 22:59 - 2012-04-11 23:31 - 706728352 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_18.avi
2012-04-11 22:40 - 2012-04-11 23:22 - 705947974 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_17.avi
2012-04-11 22:40 - 2012-04-11 22:50 - 705486830 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_16.avi
2012-04-11 21:41 - 2012-04-11 22:36 - 705617784 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_15.avi
2012-04-11 21:41 - 2012-04-11 22:35 - 705835030 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_14.avi
2012-04-11 21:40 - 2012-04-11 22:58 - 705534426 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_13.avi
2012-04-11 21:40 - 2012-04-08 13:32 - 704823668 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_12.avi
2012-04-11 21:39 - 2012-04-11 22:54 - 651270744 ___AH C:\Users\Nina Ong\Downloads\Giant.30.avi
2012-04-11 21:39 - 2012-04-10 00:32 - 650979330 ___AH C:\Users\Nina Ong\Downloads\Giant.27.avi
2012-04-11 21:39 - 2012-04-10 00:28 - 651136250 ___AH C:\Users\Nina Ong\Downloads\Giant.29.avi
2012-04-10 23:27 - 2012-04-10 23:25 - 0000129 ____A C:\Windows\System32\MRT.INI
2012-04-10 23:27 - 2012-02-28 02:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-10 23:27 - 2012-02-28 01:56 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-10 23:27 - 2012-02-28 01:48 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-10 23:27 - 2012-02-28 01:45 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-10 23:27 - 2012-02-28 01:42 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-10 23:27 - 2012-02-27 20:52 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-10 23:27 - 2012-02-27 20:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-10 23:27 - 2012-02-27 20:09 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-10 23:27 - 2012-02-27 20:06 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-10 23:27 - 2012-02-27 20:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-10 23:27 - 2011-09-11 20:20 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-10 23:27 - 2011-09-11 20:20 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-10 23:27 - 2011-09-11 20:20 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-10 23:27 - 2011-09-11 20:20 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-10 23:27 - 2011-09-11 20:20 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-10 23:27 - 2011-09-11 20:20 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-10 23:27 - 2011-09-11 20:20 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-10 23:27 - 2011-09-11 20:20 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-10 23:27 - 2011-05-03 00:29 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-10 23:27 - 2011-05-02 23:30 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-10 23:27 - 2010-11-20 08:27 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-10 23:27 - 2010-11-20 07:21 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-10 23:27 - 2009-07-13 20:41 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-10 23:27 - 2009-07-13 20:38 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-10 23:27 - 2009-07-13 20:16 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-10 23:27 - 2009-07-13 20:14 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-10 23:24 - 2009-07-13 20:47 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-10 23:24 - 2009-07-13 20:41 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-10 23:24 - 2009-07-13 20:38 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-10 23:24 - 2009-07-13 20:33 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-10 23:24 - 2009-07-13 20:16 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-10 23:24 - 2009-07-13 20:14 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-10 23:24 - 2009-07-13 20:11 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-10 00:18 - 2012-04-03 22:32 - 652081446 ___AH C:\Users\Nina Ong\Downloads\Giant.22.avi
2012-04-09 23:57 - 2012-04-11 22:52 - 651137406 ___AH C:\Users\Nina Ong\Downloads\Giant.28.avi
2012-04-09 23:57 - 2012-04-10 00:38 - 651910674 ___AH C:\Users\Nina Ong\Downloads\Giant.26.avi
2012-04-09 22:42 - 2011-03-04 22:07 - 0000000 ___HD C:\Users\Nina Ong\Application Data\Fingertapps
2012-04-09 22:42 - 2011-03-04 22:07 - 0000000 ___HD C:\Users\Nina Ong\AppData\Roaming\Fingertapps
2012-04-08 12:29 - 2012-04-03 22:15 - 704549030 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_11.avi
2012-04-03 23:29 - 2012-04-03 23:53 - 274464297 ___AH C:\Users\Nina Ong\Downloads\TVBfanDivXumkt_05.avi.__b
2012-04-03 23:28 - 2012-04-03 23:53 - 274464297 ___AH C:\Users\Nina Ong\Downloads\TVBfanDivXumkt_05.avi.__a
2012-04-03 23:25 - 2012-04-03 23:51 - 272682892 ___AH C:\Users\Nina Ong\Downloads\TVBfanDivXumkt_04.avi.__a
2012-04-03 23:24 - 2012-04-03 23:51 - 272980428 ___AH C:\Users\Nina Ong\Downloads\TVBfanDivXumkt_03.avi.__b
2012-04-03 23:23 - 2012-04-02 00:24 - 272980428 ___AH C:\Users\Nina Ong\Downloads\TVBfanDivXumkt_03.avi.__a
2012-04-03 23:07 - 2012-04-03 11:19 - 3833856 ___AH C:\Users\Nina Ong\Downloads\Today I Miss You - Dai Nhan.mp3
2012-04-03 23:04 - 2012-04-03 10:29 - 4358144 ___AH C:\Users\Nina Ong\Downloads\Sayonarao - Akira Phan.mp3
2012-04-03 23:01 - 2012-04-03 11:03 - 4857856 ___AH C:\Users\Nina Ong\Downloads\Xin Loi Em - Noo Phuoc Thinh.mp3
2012-04-03 22:49 - 2012-04-13 23:44 - 4354048 ___AH C:\Users\Nina Ong\Downloads\Vuot Qua - Cao Thai Son.mp3
2012-04-03 22:49 - 2012-04-02 00:42 - 0774144 ___AH C:\Users\Nina Ong\Downloads\Dang Cay - Cao Thai Son.mp3
2012-04-03 22:39 - 2012-04-03 22:49 - 3440640 ___AH C:\Users\Nina Ong\Downloads\Vi Em Quay Lung - Ho Quang Hieu.mp3
2012-04-03 22:37 - 2012-04-02 10:38 - 3338240 ___AH C:\Users\Nina Ong\Downloads\Vet Thuong Vo Hinh - Ho Quang Hieu.mp3
2012-04-03 22:18 - 2012-04-03 22:17 - 4536320 ___AH C:\Users\Nina Ong\Downloads\Em La Hanh Phuc Trong Anh - Ho Quang Hieu.mp3
2012-04-03 22:08 - 2012-03-26 10:33 - 3567616 ___AH C:\Users\Nina Ong\Downloads\Dieu Em Lo So - Hien Thuc.mp3
2012-04-03 22:06 - 2012-04-02 00:03 - 4009984 ___AH C:\Users\Nina Ong\Downloads\Buong Tay - Tang Nhat Tue.mp3
2012-04-03 22:04 - 2012-04-03 22:48 - 4372480 ___AH C:\Users\Nina Ong\Downloads\Vi Ta Qua Yeu - Quoc Thien.mp3
2012-04-03 21:50 - 2012-04-02 01:11 - 4608000 ___AH C:\Users\Nina Ong\Downloads\In Sau Trong Day Tim. - Nhat Tinh Anh.mp3
2012-04-03 21:50 - 2012-04-02 00:18 - 4544512 ___AH C:\Users\Nina Ong\Downloads\Chia Cach Binh Yen - Quoc Thien.mp3
2012-04-03 11:20 - 2011-03-06 19:13 - 3747840 ___AH C:\Users\Nina Ong\Downloads\Mot lan cuoi thoi - Ho Ngoc Ha (1).mp3
2012-04-03 11:06 - 2012-04-02 00:18 - 5261312 ___AH C:\Users\Nina Ong\Downloads\Tim Lai Bau Troi - Tuan Hung.mp3
2012-04-03 11:05 - - 4364288 ___AH C:\Users\Nina Ong\Downloads\Angel - Mai Tien Dung ft. Toc Tien - Toc Tien.mp3
2012-04-03 10:50 - 2012-04-03 23:02 - 3985408 ___AH C:\Users\Nina Ong\Downloads\Xep Vao Qua Khu - Bao Thy.mp3
2012-04-03 10:48 - 2012-04-03 23:06 - 5488640 ___AH C:\Users\Nina Ong\Downloads\Xua Tan Niem Dau - Tuan Hung.mp3
2012-04-03 10:20 - 2012-04-03 23:50 - 3323904 ___AH C:\Users\Nina Ong\Downloads\Vai Chinh Vai Phu - Tu Quyen (1).mp3
2012-04-03 10:15 - 2012-04-02 00:53 - 3995648 ___AH C:\Users\Nina Ong\Downloads\Phoi Phai - Noo Phuoc Thinh.mp3
2012-04-02 21:11 - 2012-04-12 23:29 - 3602432 ___AH C:\Users\Nina Ong\Downloads\Guc Nga - Toc Tien.mp3
2012-04-02 10:53 - 2012-04-11 22:23 - 0000000 ____D C:\Windows\Minidump
2012-04-02 10:38 - 2012-04-03 10:36 - 0000000 ___AH C:\Users\Nina Ong\Downloads\Vai Chinh Vai Phu - Tu Quyen.mp3.z09iopg.partial
2012-04-02 00:36 - 2012-04-03 11:30 - 5548032 ___AH C:\Users\Nina Ong\Downloads\Mot Minh Anh Giu Lai - Minh Tuan.mp3
2012-04-02 00:36 - 2012-04-03 11:06 - 4540416 ___AH C:\Users\Nina Ong\Downloads\Yeu Mai Yeu - Duong Trieu Vu ft. Bao Thy.mp3
2012-04-02 00:35 - 2012-04-02 00:55 - 1614760 ___AH C:\Users\Nina Ong\Downloads\Da Biet Khi Yeu - Bang Kieu.mp3
2012-04-02 00:34 - 2012-04-02 00:59 - 4292608 ___AH C:\Users\Nina Ong\Downloads\Hua Mai Yeu Nhau - Akira Phan ft. Hee Lee.mp3
2012-04-02 00:33 - 2012-04-02 00:14 - 1804560 ___AH C:\Users\Nina Ong\Downloads\Nho De Quen - The Men.mp3
2012-04-02 00:32 - 2012-04-03 22:02 - 3317760 ___AH C:\Users\Nina Ong\Downloads\Co Nho De Quen - Le Anh Minh.mp3
2012-04-02 00:28 - 2012-04-03 11:16 - 3616768 ___AH C:\Users\Nina Ong\Downloads\Bat Dau Mot Ket Thuc - Anh Minh.mp3
2012-04-02 00:28 - 2012-04-02 21:27 - 4509696 ___AH C:\Users\Nina Ong\Downloads\Hoang Hon Khoc - Luong The Minh.mp3
2012-04-02 00:14 - 2012-04-03 23:18 - 2988620 ___AH C:\Users\Nina Ong\Downloads\Trang Khoc - Bang Cuong.mp3
2012-04-02 00:04 - 2012-04-03 22:20 - 3864576 ___AH C:\Users\Nina Ong\Downloads\Chi Con Trong Mo - Minh Vuong M4U.mp3
2012-04-02 00:03 - 2012-04-02 00:11 - 4640768 ___AH C:\Users\Nina Ong\Downloads\Thu Cuoi - Yanbi ft. Mr T.mp3
2012-04-01 23:55 - 2012-04-02 00:56 - 1105220 ___AH C:\Users\Nina Ong\Downloads\Biet Cach Nao Cho Quen - Ung Hoang Phuc.mp3
2012-04-01 23:55 - 2011-03-04 22:15 - 4409344 ___AH C:\Users\Nina Ong\Downloads\Ngon Gio Lanh Lung - Ung Hoang Phuc.mp3
2012-04-01 23:54 - 2012-04-03 23:21 - 1483360 ___AH C:\Users\Nina Ong\Downloads\Tai Sao La Anh - Ly Hai.mp3
2012-04-01 23:54 - 2012-04-03 22:51 - 4242760 ___AH C:\Users\Nina Ong\Downloads\Den Luc Phai Xa Nhau - Ung Hoang Phuc.mp3
2012-04-01 23:53 - 2012-04-02 00:02 - 4511744 ___AH C:\Users\Nina Ong\Downloads\Tha Rang Em Cu Noi - Ly Hai.mp3
2012-03-25 23:20 - 2010-11-20 08:27 - 1572864 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-03-25 23:20 - 2010-11-20 08:26 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-25 23:20 - 2010-11-20 07:20 - 1328128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2012-03-25 23:20 - 2010-11-20 07:18 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-25 23:20 - 2009-07-13 20:41 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-03-25 23:20 - 2009-07-13 20:39 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-25 23:20 - 2009-07-13 20:16 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2012-03-25 23:19 - 2011-11-17 01:49 - 0152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-03-25 23:19 - 2011-11-17 01:35 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-03-25 23:19 - 2011-11-17 01:35 - 0029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-03-25 23:19 - 2010-11-20 08:27 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-03-25 23:19 - 2010-11-20 08:27 - 0395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-03-25 23:19 - 2010-11-20 08:27 - 0366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-03-25 23:19 - 2010-11-20 08:27 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-03-25 23:19 - 2010-11-20 07:21 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-03-25 23:19 - 2010-11-20 07:21 - 0314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2012-03-25 23:19 - 2010-11-20 07:21 - 0224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-03-25 23:19 - 2010-11-20 07:21 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-03-25 23:19 - 2010-11-20 07:20 - 0514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-03-25 23:19 - 2010-11-20 05:33 - 0095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-03-25 23:19 - 2010-03-18 15:27 - 0634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-03-25 23:19 - 2009-07-13 20:52 - 0498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-03-25 23:19 - 2009-07-13 20:52 - 0459232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-03-25 23:19 - 2009-07-13 20:41 - 0340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-03-25 23:19 - 2009-07-13 20:41 - 0136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-03-25 23:19 - 2009-07-13 20:40 - 0723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2012-03-25 23:19 - 2009-07-13 20:39 - 1447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-03-25 23:19 - 2009-07-13 20:39 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-03-25 23:19 - 2009-07-13 20:39 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-03-25 23:19 - 2009-07-13 20:16 - 0096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-03-25 23:19 - 2009-07-13 20:15 - 0534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2012-03-25 23:19 - 2009-07-13 20:14 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-03-25 23:19 - 2009-07-13 20:14 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-03-25 23:19 - 2009-07-13 18:55 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2012-03-25 23:19 - 2009-06-10 16:15 - 0478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2012-03-25 23:19 - 2009-06-10 15:31 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-03-25 23:19 - 2003-02-21 05:42 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-03-25 23:16 - 2010-11-20 08:25 - 1731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-03-25 23:16 - 2010-11-20 07:17 - 1292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2012-03-25 23:12 - 2012-02-17 01:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-25 23:12 - 2010-11-20 08:27 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-25 23:12 - 2010-11-20 08:27 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-25 23:12 - 2010-11-20 07:21 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-25 23:12 - 2009-07-13 20:39 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-03-25 23:12 - 2009-07-13 19:16 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-25 23:12 - 2009-07-13 19:16 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-22 23:37 - 2011-04-07 22:05 - 0000000 ___HD C:\Users\Nina Ong\Local Settings\Application Data\{F6C4FE64-B705-40D4-9827-82EB7741BF4B}
2012-03-22 23:37 - 2011-04-07 22:05 - 0000000 ___HD C:\Users\Nina Ong\Local Settings\{F6C4FE64-B705-40D4-9827-82EB7741BF4B}
2012-03-22 23:37 - 2011-04-07 22:05 - 0000000 ___HD C:\Users\Nina Ong\AppData\Local\{F6C4FE64-B705-40D4-9827-82EB7741BF4B}

============ 3 Months Modified Files and Folders =============

2012-04-17 01:15 - 2012-04-17 01:15 - 0000000 ____D C:\FRST
2012-04-16 23:54 - 2012-04-15 18:12 - 1064454 ____A C:\Windows\ntbtlog.txt
2012-04-16 23:49 - 2011-02-26 07:05 - 3061202944 __ASH C:\hiberfil.sys
2012-04-16 23:48 - 2012-04-15 18:05 - 0366872 ____A C:\Windows\WindowsUpdate.log
2012-04-16 23:40 - 2011-03-04 22:05 - 0000422 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-04-16 23:39 - 2009-07-13 23:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-16 23:39 - 2009-07-13 23:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-16 23:34 - 2009-07-14 00:13 - 0730834 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-16 23:29 - 2011-02-26 05:24 - 0000000 ___HD C:\Users\All Users\Sonic
2012-04-16 23:29 - 2011-02-26 05:24 - 0000000 ___HD C:\Users\All Users\Application Data\Sonic
2012-04-16 23:29 - 2011-02-26 05:24 - 0000000 ___HD C:\ProgramData\Sonic
2012-04-16 23:27 - 2011-03-04 22:03 - 0000000 ___HD C:\Users\Nina Ong\Local Settings\SoftThinks
2012-04-16 23:27 - 2011-03-04 22:03 - 0000000 ___HD C:\Users\Nina Ong\Local Settings\Application Data\SoftThinks
2012-04-16 23:27 - 2011-03-04 22:03 - 0000000 ___HD C:\Users\Nina Ong\AppData\Local\SoftThinks
2012-04-16 23:27 - 2011-02-26 05:56 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-04-16 23:26 - 2012-04-15 18:01 - 0001242 ____A C:\Windows\setupact.log
2012-04-16 23:26 - 2009-07-14 00:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-16 23:20 - 2012-04-16 23:20 - 0023174 ____A C:\Users\Nina Ong\My Documents\Attach.txt
2012-04-16 23:20 - 2012-04-16 23:20 - 0023174 ____A C:\Users\Nina Ong\Documents\Attach.txt
2012-04-16 23:19 - 2012-04-16 23:19 - 0023466 ____A C:\Users\Nina Ong\My Documents\DDS.txt
2012-04-16 23:19 - 2012-04-16 23:19 - 0023466 ____A C:\Users\Nina Ong\Documents\DDS.txt
2012-04-16 22:58 - 2012-04-16 22:58 - 0000332 ____A C:\Windows\PFRO.log
2012-04-15 23:50 - 2009-07-13 22:20 - 0000000 ___RD C:\users\Public
2012-04-15 23:43 - 2012-04-15 23:43 - 0000000 ___SD C:\ComboFix
2012-04-15 23:43 - 2012-04-15 23:43 - 0000000 ____D C:\Windows\ERDNT
2012-04-15 23:43 - 2012-04-15 23:39 - 0000000 ___SD C:\32788R22FWJFW
2012-04-15 23:43 - 2012-04-15 23:39 - 0000000 ____D C:\Qoobox
2012-04-15 23:36 - 2012-04-15 23:34 - 0130246 ____A C:\TDSSKiller.2.7.28.0_15.04.2012_23.34.27_log.txt
2012-04-15 23:32 - 2012-04-15 23:32 - 0002875 ____A C:\Users\Nina Ong\My Documents\RKreport[1].txt
2012-04-15 23:32 - 2012-04-15 23:32 - 0002875 ____A C:\Users\Nina Ong\Documents\RKreport[1].txt
2012-04-15 23:31 - 2012-04-15 23:31 - 0002875 ____A C:\Users\Nina Ong\Desktop\RKreport[1].txt
2012-04-15 23:31 - 2012-04-15 23:30 - 0000000 ____D C:\Users\Nina Ong\Desktop\RK_Quarantine
2012-04-15 21:15 - 2012-04-15 23:31 - 0593920 ____A (OldTimer Tools) C:\Users\Nina Ong\Desktop\OTL.exe
2012-04-15 21:12 - 2012-04-15 23:31 - 1262080 ____A C:\Users\Nina Ong\Desktop\RogueKiller.exe
2012-04-15 18:29 - 2011-05-05 22:06 - 0747466 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-15 18:29 - 2011-05-05 22:06 - 0000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-04-15 18:28 - 2011-02-26 05:35 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-04-15 18:22 - 2012-04-15 18:22 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-04-15 18:22 - 2012-04-15 18:22 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-04-15 18:22 - 2012-04-15 18:13 - 0001945 ____A C:\Windows\epplauncher.mif
2012-04-15 18:02 - 2009-07-14 00:08 - 0032544 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-15 18:01 - 2012-04-15 18:01 - 0000000 ____A C:\Windows\setuperr.log
2012-04-15 17:58 - 2012-04-02 10:53 - 0000000 ____D C:\Windows\Minidump
2012-04-15 17:58 - 2011-07-17 20:48 - 0000000 ___HD C:\Users\Nina Ong\Application Data\Skype
2012-04-15 17:58 - 2011-07-17 20:48 - 0000000 ___HD C:\Users\Nina Ong\AppData\Roaming\Skype
2012-04-15 17:58 - 2011-02-26 06:47 - 0000000 ___AD C:\Windows\Panther
2012-04-15 17:56 - 2012-04-15 17:51 - 0251792 ____A C:\TDSSKiller.2.7.28.0_15.04.2012_17.51.43_log.txt
2012-04-15 17:51 - 2012-04-15 17:51 - 0002136 ____A C:\Users\Nina Ong\My Documents\aswMBR.txt
2012-04-15 17:51 - 2012-04-15 17:51 - 0002136 ____A C:\Users\Nina Ong\Documents\aswMBR.txt
2012-04-15 17:51 - 2012-04-15 17:51 - 0000512 ____A C:\Users\Nina Ong\My Documents\MBR.dat
2012-04-15 17:51 - 2012-04-15 17:51 - 0000512 ____A C:\Users\Nina Ong\Documents\MBR.dat
2012-04-15 17:15 - 2012-04-15 17:15 - 0128412 ____A C:\TDSSKiller.2.7.28.0_15.04.2012_17.15.16_log.txt
2012-04-15 17:09 - 2012-04-15 17:09 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-15 17:09 - 2012-04-15 17:07 - 0136470 ____A C:\TDSSKiller.2.7.28.0_15.04.2012_17.07.49_log.txt
2012-04-15 15:36 - 2012-04-15 23:39 - 4463836 ____R (Swearware) C:\Users\Nina Ong\Desktop\ComboFix.exe
2012-04-15 15:36 - 2012-04-15 15:36 - 0001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-15 15:36 - 2012-04-15 15:36 - 0001115 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-15 15:36 - 2012-04-15 15:36 - 0000000 ____D C:\Users\Nina Ong\Application Data\Malwarebytes
2012-04-15 15:36 - 2012-04-15 15:36 - 0000000 ____D C:\Users\Nina Ong\AppData\Roaming\Malwarebytes
2012-04-15 15:36 - 2012-04-15 15:36 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-15 15:36 - 2012-04-15 15:36 - 0000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-04-15 15:36 - 2012-04-15 15:36 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-15 15:36 - 2012-04-15 15:36 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-14 00:30 - 2011-03-04 22:07 - 0000000 ___HD C:\Users\Nina Ong\Local Settings\VirtualStore
2012-04-14 00:30 - 2011-03-04 22:07 - 0000000 ___HD C:\Users\Nina Ong\Local Settings\Application Data\VirtualStore
2012-04-14 00:30 - 2011-03-04 22:07 - 0000000 ___HD C:\Users\Nina Ong\AppData\Local\VirtualStore
2012-04-14 00:25 - 2012-04-13 23:35 - 0086016 ____A C:\Users\All Users\beaabdfecaeefccdct.exe
2012-04-14 00:25 - 2012-04-13 23:35 - 0086016 ____A C:\Users\All Users\Application Data\beaabdfecaeefccdct.exe
2012-04-14 00:25 - 2012-04-13 23:35 - 0086016 ____A C:\ProgramData\beaabdfecaeefccdct.exe
2012-04-14 00:21 - 2012-04-14 00:17 - 0000256 ___AH C:\Users\All Users\Application Data\91u3A5SsGxKwL6
2012-04-14 00:21 - 2012-04-14 00:17 - 0000256 ___AH C:\Users\All Users\91u3A5SsGxKwL6
2012-04-14 00:21 - 2012-04-14 00:17 - 0000256 ___AH C:\ProgramData\91u3A5SsGxKwL6
2012-04-14 00:17 - 2012-04-14 00:17 - 0000649 ___AH C:\Users\Nina Ong\Desktop\SMART_HDD.lnk
2012-04-14 00:17 - 2012-04-14 00:17 - 0000000 ___AH C:\Users\All Users\Application Data\-91u3A5SsGxKwL6
2012-04-14 00:17 - 2012-04-14 00:17 - 0000000 ___AH C:\Users\All Users\-91u3A5SsGxKwL6
2012-04-14 00:17 - 2012-04-14 00:17 - 0000000 ___AH C:\ProgramData\-91u3A5SsGxKwL6
2012-04-13 23:44 - 2012-04-13 22:59 - 343539154 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_34.avi.pmvbxs5.partial
2012-04-13 23:44 - 2012-04-13 22:59 - 1699134 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_36.avi.7fawau8.partial
2012-04-13 23:44 - 2012-04-13 22:59 - 108783726 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_35.avi.k5kfj76.partial
2012-04-13 23:44 - 2012-04-13 22:58 - 99219178 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_30.avi.18vx0oh.partial
2012-04-13 23:44 - 2012-04-13 22:58 - 87750878 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_33.avi.qm9ls9g.partial
2012-04-13 23:44 - 2012-04-13 22:58 - 85195878 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_31.avi.lt0hx82.partial
2012-04-13 23:44 - 2012-04-13 22:58 - 496757394 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_32.avi.h2wcn2w.partial
2012-04-13 23:43 - 2012-04-13 23:43 - 0000000 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_36 (2).avi.03yd9hq.partial
2012-04-13 23:41 - 2011-02-26 05:24 - 0000000 ___HD C:\Users\All Users\Roxio
2012-04-13 23:41 - 2011-02-26 05:24 - 0000000 ___HD C:\Users\All Users\Application Data\Roxio
2012-04-13 23:41 - 2011-02-26 05:24 - 0000000 ___HD C:\ProgramData\Roxio
2012-04-13 23:20 - 2012-04-13 23:15 - 0000016 ____H C:\datafile
2012-04-13 23:05 - 2009-07-13 21:34 - 0000882 ___RH C:\Windows\System32\Drivers\etc\hosts
2012-04-13 22:59 - 2012-04-13 22:59 - 0012185 ____A C:\Windows\SysWOW64\hs_err_pid6296.log
2012-04-13 22:58 - 2012-04-13 22:58 - 0000000 ____D C:\Windows\Sun
2012-04-13 22:53 - 2012-04-13 22:53 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-04-13 22:52 - 2012-01-16 13:50 - 0000436 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-04-13 00:02 - 2012-04-12 22:17 - 649752286 ___AH C:\Users\Nina Ong\Downloads\Giant.38.avi
2012-04-12 23:43 - 2012-04-12 22:15 - 703478870 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_21 (1).avi
2012-04-12 23:42 - 2012-04-12 22:17 - 650584250 ___AH C:\Users\Nina Ong\Downloads\Giant.39.avi
2012-04-12 23:41 - 2012-04-12 22:15 - 651340316 ___AH C:\Users\Nina Ong\Downloads\Giant.32.avi
2012-04-12 23:38 - 2012-04-12 22:16 - 651277048 ___AH C:\Users\Nina Ong\Downloads\Giant.34.avi
2012-04-12 23:37 - 2012-04-12 22:16 - 650968622 ___AH C:\Users\Nina Ong\Downloads\Giant.37.avi
2012-04-12 23:32 - 2012-04-12 22:16 - 650828864 ___AH C:\Users\Nina Ong\Downloads\Giant.35.avi
2012-04-12 23:29 - 2012-04-12 22:17 - 649239428 ___AH C:\Users\Nina Ong\Downloads\Giant.40.avi
2012-04-12 22:16 - 2012-04-12 22:16 - 0000000 ___AH C:\Users\Nina Ong\Downloads\Giant.36.avi.5us2e01.partial
2012-04-12 22:15 - 2012-04-12 22:15 - 0000000 ___AH C:\Users\Nina Ong\Downloads\Giant.33.avi.hk98mjz.partial
2012-04-12 22:15 - 2012-04-12 22:15 - 0000000 ___AH C:\Users\Nina Ong\Downloads\Giant.31.avi.rii94bl.partial
2012-04-12 00:59 - 2012-04-12 00:20 - 705970692 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_28.avi
2012-04-12 00:58 - 2012-04-12 00:20 - 705078800 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_29.avi
2012-04-12 00:57 - 2012-04-12 00:20 - 705313118 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_27.avi
2012-04-12 00:53 - 2012-04-12 00:20 - 704169176 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_26.avi
2012-04-12 00:20 - 2012-04-11 23:33 - 704247234 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_23.avi
2012-04-12 00:17 - 2012-04-11 23:33 - 704218264 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_24.avi
2012-04-12 00:14 - 2012-04-11 23:33 - 704068608 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_22.avi
2012-04-12 00:08 - 2012-04-11 23:34 - 703982224 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_25.avi
2012-04-12 00:05 - 2012-04-11 23:00 - 704541852 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_20.avi
2012-04-11 23:57 - 2012-04-11 22:59 - 706728352 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_18.avi
2012-04-11 23:31 - 2012-04-11 22:40 - 705947974 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_17.avi
2012-04-11 23:27 - 2012-04-11 23:00 - 704712210 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_19.avi
2012-04-11 23:22 - 2012-04-11 22:40 - 705486830 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_16.avi
2012-04-11 23:00 - 2012-04-11 23:00 - 0000000 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_21.avi.yc9g8ms.partial
2012-04-11 22:58 - 2012-04-11 21:40 - 704823668 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_12.avi
2012-04-11 22:57 - 2012-04-11 21:39 - 651270744 ___AH C:\Users\Nina Ong\Downloads\Giant.30.avi
2012-04-11 22:54 - 2012-04-11 21:39 - 651136250 ___AH C:\Users\Nina Ong\Downloads\Giant.29.avi
2012-04-11 22:52 - 2012-04-11 21:39 - 650979330 ___AH C:\Users\Nina Ong\Downloads\Giant.27.avi
2012-04-11 22:50 - 2012-04-11 21:41 - 705617784 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_15.avi
2012-04-11 22:36 - 2012-04-11 21:41 - 705835030 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_14.avi
2012-04-11 22:35 - 2012-04-11 21:40 - 705534426 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_13.avi
2012-04-10 23:27 - 2012-04-10 23:27 - 0000129 ____A C:\Windows\System32\MRT.INI
2012-04-10 23:25 - 2011-03-08 22:25 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-10 21:56 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-04-10 00:38 - 2012-04-10 00:18 - 652081446 ___AH C:\Users\Nina Ong\Downloads\Giant.22.avi
2012-04-10 00:32 - 2012-04-09 23:57 - 651910674 ___AH C:\Users\Nina Ong\Downloads\Giant.26.avi
2012-04-10 00:28 - 2012-04-09 23:57 - 651137406 ___AH C:\Users\Nina Ong\Downloads\Giant.28.avi
2012-04-09 22:42 - 2012-04-09 22:42 - 0000000 ___HD C:\Users\Nina Ong\Application Data\Fingertapps
2012-04-09 22:42 - 2012-04-09 22:42 - 0000000 ___HD C:\Users\Nina Ong\AppData\Roaming\Fingertapps
2012-04-09 22:42 - 2011-02-26 05:20 - 0000000 ____D C:\Program Files (x86)\Dell Stage
2012-04-08 13:32 - 2012-04-08 12:29 - 704549030 ___AH C:\Users\Nina Ong\Downloads\VoDichThienHa.10000Kisses_11.avi
2012-04-04 15:56 - 2012-04-15 15:36 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 23:53 - 2012-04-03 23:28 - 274464297 ___AH C:\Users\Nina Ong\Downloads\TVBfanDivXumkt_05.avi.__a
2012-04-03 23:53 - 2012-04-03 23:25 - 272682892 ___AH C:\Users\Nina Ong\Downloads\TVBfanDivXumkt_04.avi.__a
2012-04-03 23:51 - 2012-04-03 23:24 - 272980428 ___AH C:\Users\Nina Ong\Downloads\TVBfanDivXumkt_03.avi.__b
2012-04-03 23:51 - 2012-04-03 23:23 - 272980428 ___AH C:\Users\Nina Ong\Downloads\TVBfanDivXumkt_03.avi.__a
2012-04-03 23:50 - 2012-04-03 23:29 - 274464297 ___AH C:\Users\Nina Ong\Downloads\TVBfanDivXumkt_05.avi.__b
2012-04-03 23:21 - 2012-04-03 23:04 - 4358144 ___AH C:\Users\Nina Ong\Downloads\Sayonarao - Akira Phan.mp3
2012-04-03 23:18 - 2012-04-03 23:07 - 3833856 ___AH C:\Users\Nina Ong\Downloads\Today I Miss You - Dai Nhan.mp3
2012-04-03 23:06 - 2012-04-03 23:01 - 4857856 ___AH C:\Users\Nina Ong\Downloads\Xin Loi Em - Noo Phuoc Thinh.mp3
2012-04-03 23:02 - 2012-04-03 22:49 - 4354048 ___AH C:\Users\Nina Ong\Downloads\Vuot Qua - Cao Thai Son.mp3
2012-04-03 22:51 - 2012-04-03 22:49 - 0774144 ___AH C:\Users\Nina Ong\Downloads\Dang Cay - Cao Thai Son.mp3
2012-04-03 22:49 - 2012-04-03 22:37 - 3338240 ___AH C:\Users\Nina Ong\Downloads\Vet Thuong Vo Hinh - Ho Quang Hieu.mp3
2012-04-03 22:48 - 2012-04-03 22:39 - 3440640 ___AH C:\Users\Nina Ong\Downloads\Vi Em Quay Lung - Ho Quang Hieu.mp3
2012-04-03 22:32 - 2012-04-03 22:18 - 4536320 ___AH C:\Users\Nina Ong\Downloads\Em La Hanh Phuc Trong Anh - Ho Quang Hieu.mp3
2012-04-03 22:20 - 2012-04-03 22:06 - 4009984 ___AH C:\Users\Nina Ong\Downloads\Buong Tay - Tang Nhat Tue.mp3
2012-04-03 22:17 - 2012-04-03 22:08 - 3567616 ___AH C:\Users\Nina Ong\Downloads\Dieu Em Lo So - Hien Thuc.mp3
2012-04-03 22:15 - 2012-04-03 22:04 - 4372480 ___AH C:\Users\Nina Ong\Downloads\Vi Ta Qua Yeu - Quoc Thien.mp3
2012-04-03 22:02 - 2012-04-03 21:50 - 4544512 ___AH C:\Users\Nina Ong\Downloads\Chia Cach Binh Yen - Quoc Thien.mp3
2012-04-03 22:00 - 2012-04-03 21:50 - 4608000 ___AH C:\Users\Nina Ong\Downloads\In Sau Trong Day Tim. - Nhat Tinh Anh.mp3
2012-04-03 11:30 - 2012-04-03 11:20 - 3747840 ___AH C:\Users\Nina Ong\Downloads\Mot lan cuoi thoi - Ho Ngoc Ha (1).mp3
2012-04-03 11:19 - 2012-04-03 11:06 - 5261312 ___AH C:\Users\Nina Ong\Downloads\Tim Lai Bau Troi - Tuan Hung.mp3
2012-04-03 11:16 - 2012-04-03 11:05 - 4364288 ___AH C:\Users\Nina Ong\Downloads\Angel - Mai Tien Dung ft. Toc Tien - Toc Tien.mp3
2012-04-03 11:06 - 2012-04-03 10:48 - 5488640 ___AH C:\Users\Nina Ong\Downloads\Xua Tan Niem Dau - Tuan Hung.mp3
2012-04-03 11:03 - 2012-04-03 10:50 - 3985408 ___AH C:\Users\Nina Ong\Downloads\Xep Vao Qua Khu - Bao Thy.mp3
2012-04-03 10:58 - 2011-03-04 22:40 - 0000000 ___HD C:\Users\Nina Ong\Application Data\Roxio Burn
2012-04-03 10:58 - 2011-03-04 22:40 - 0000000 ___HD C:\Users\Nina Ong\AppData\Roaming\Roxio Burn
2012-04-03 10:36 - 2012-04-03 10:20 - 3323904 ___AH C:\Users\Nina Ong\Downloads\Vai Chinh Vai Phu - Tu Quyen (1).mp3
2012-04-03 10:29 - 2012-04-03 10:15 - 3995648 ___AH C:\Users\Nina Ong\Downloads\Phoi Phai - Noo Phuoc Thinh.mp3
2012-04-02 21:27 - 2012-04-02 21:11 - 3602432 ___AH C:\Users\Nina Ong\Downloads\Guc Nga - Toc Tien.mp3
2012-04-02 10:38 - 2012-04-02 10:38 - 0000000 ___AH C:\Users\Nina Ong\Downloads\Vai Chinh Vai Phu - Tu Quyen.mp3.z09iopg.partial
2012-04-02 01:14 - 2012-04-02 00:36 - 4540416 ___AH C:\Users\Nina Ong\Downloads\Yeu Mai Yeu - Duong Trieu Vu ft. Bao Thy.mp3
2012-04-02 01:11 - 2012-04-02 00:34 - 4292608 ___AH C:\Users\Nina Ong\Downloads\Hua Mai Yeu Nhau - Akira Phan ft. Hee Lee.mp3
2012-04-02 01:10 - 2012-04-02 00:36 - 5548032 ___AH C:\Users\Nina Ong\Downloads\Mot Minh Anh Giu Lai - Minh Tuan.mp3
2012-04-02 00:59 - 2012-04-02 00:28 - 4509696 ___AH C:\Users\Nina Ong\Downloads\Hoang Hon Khoc - Luong The Minh.mp3
2012-04-02 00:56 - 2012-04-02 00:28 - 3616768 ___AH C:\Users\Nina Ong\Downloads\Bat Dau Mot Ket Thuc - Anh Minh.mp3
2012-04-02 00:55 - 2012-04-02 00:32 - 3317760 ___AH C:\Users\Nina Ong\Downloads\Co Nho De Quen - Le Anh Minh.mp3
2012-04-02 00:53 - 2012-04-02 00:33 - 1804560 ___AH C:\Users\Nina Ong\Downloads\Nho De Quen - The Men.mp3
2012-04-02 00:42 - 2012-04-02 00:35 - 1614760 ___AH C:\Users\Nina Ong\Downloads\Da Biet Khi Yeu - Bang Kieu.mp3
2012-04-02 00:24 - 2012-04-02 00:14 - 2988620 ___AH C:\Users\Nina Ong\Downloads\Trang Khoc - Bang Cuong.mp3
2012-04-02 00:18 - 2012-04-02 00:04 - 3864576 ___AH C:\Users\Nina Ong\Downloads\Chi Con Trong Mo - Minh Vuong M4U.mp3
2012-04-02 00:18 - 2012-04-02 00:03 - 4640768 ___AH C:\Users\Nina Ong\Downloads\Thu Cuoi - Yanbi ft. Mr T.mp3
2012-04-02 00:16 - 2012-04-01 23:54 - 4242760 ___AH C:\Users\Nina Ong\Downloads\Den Luc Phai Xa Nhau - Ung Hoang Phuc.mp3
2012-04-02 00:14 - 2012-04-01 23:55 - 4409344 ___AH C:\Users\Nina Ong\Downloads\Ngon Gio Lanh Lung - Ung Hoang Phuc.mp3
2012-04-02 00:11 - 2012-04-01 23:53 - 4511744 ___AH C:\Users\Nina Ong\Downloads\Tha Rang Em Cu Noi - Ly Hai.mp3
2012-04-02 00:03 - 2012-04-01 23:55 - 1105220 ___AH C:\Users\Nina Ong\Downloads\Biet Cach Nao Cho Quen - Ung Hoang Phuc.mp3
2012-04-02 00:02 - 2012-04-01 23:54 - 1483360 ___AH C:\Users\Nina Ong\Downloads\Tai Sao La Anh - Ly Hai.mp3
2012-03-31 22:44 - 2011-03-06 19:23 - 0000000 ___HD C:\Users\Nina Ong\My Documents\My Downloads
2012-03-31 22:44 - 2011-03-06 19:23 - 0000000 ___HD C:\Users\Nina Ong\Documents\My Downloads
2012-03-26 10:33 - 2011-03-04 22:07 - 0000402 __ASH C:\Users\Nina Ong\My Documents\desktop.ini
2012-03-26 10:33 - 2011-03-04 22:07 - 0000174 ___SH C:\Users\Nina Ong\Start Menu\Programs\Startup\desktop.ini
2012-03-26 10:33 - 2011-03-04 22:07 - 0000174 ___SH C:\Users\Nina Ong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-03-26 10:31 - 2009-07-13 23:45 - 0322312 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-26 00:03 - 2011-03-04 22:18 - 0000000 ___HD C:\Users\All Users\Yahoo! Companion
2012-03-26 00:03 - 2011-03-04 22:18 - 0000000 ___HD C:\Users\All Users\Application Data\Yahoo! Companion
2012-03-26 00:03 - 2011-03-04 22:18 - 0000000 ___HD C:\ProgramData\Yahoo! Companion
2012-03-22 23:37 - 2012-03-22 23:37 - 0000000 ___HD C:\Users\Nina Ong\Local Settings\Application Data\{F6C4FE64-B705-40D4-9827-82EB7741BF4B}
2012-03-22 23:37 - 2012-03-22 23:37 - 0000000 ___HD C:\Users\Nina Ong\Local Settings\{F6C4FE64-B705-40D4-9827-82EB7741BF4B}
2012-03-22 23:37 - 2012-03-22 23:37 - 0000000 ___HD C:\Users\Nina Ong\AppData\Local\{F6C4FE64-B705-40D4-9827-82EB7741BF4B}
2012-03-06 01:53 - 2012-04-15 18:28 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-06 00:59 - 2012-04-15 18:28 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-06 00:59 - 2012-04-15 18:28 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-04 21:56 - 2011-11-24 12:17 - 0000000 ___HD C:\Users\Nina Ong\Local Settings\Windows Live
2012-03-04 21:56 - 2011-11-24 12:17 - 0000000 ___HD C:\Users\Nina Ong\Local Settings\Application Data\Windows Live
2012-03-04 21:56 - 2011-11-24 12:17 - 0000000 ___HD C:\Users\Nina Ong\AppData\Local\Windows Live
2012-03-04 21:51 - 2012-03-04 21:51 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-03-01 01:46 - 2012-04-10 23:24 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-03-01 01:38 - 2012-04-10 23:24 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-03-01 01:33 - 2012-04-10 23:24 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-03-01 01:28 - 2012-04-10 23:24 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-03-01 00:37 - 2012-04-10 23:24 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-03-01 00:33 - 2012-04-10 23:24 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-03-01 00:29 - 2012-04-10 23:24 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-28 02:34 - 2012-04-10 23:27 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-28 02:02 - 2012-04-10 23:27 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-28 01:56 - 2012-04-10 23:27 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-28 01:50 - 2012-04-10 23:27 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-28 01:49 - 2012-04-10 23:27 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-28 01:48 - 2012-04-10 23:27 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-28 01:48 - 2012-04-10 23:27 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-28 01:47 - 2012-04-10 23:27 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-28 01:45 - 2012-04-10 23:27 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-28 01:43 - 2012-04-10 23:27 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-28 01:43 - 2012-04-10 23:27 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-28 01:42 - 2012-04-10 23:27 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-28 01:39 - 2012-04-10 23:27 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 20:52 - 2012-04-10 23:27 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 20:27 - 2012-04-10 23:27 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 20:18 - 2012-04-10 23:27 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 20:12 - 2012-04-10 23:27 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 20:11 - 2012-04-10 23:27 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 20:11 - 2012-04-10 23:27 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 20:09 - 2012-04-10 23:27 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 20:08 - 2012-04-10 23:27 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 20:06 - 2012-04-10 23:27 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 20:04 - 2012-04-10 23:27 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 20:03 - 2012-04-10 23:27 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 20:03 - 2012-04-10 23:27 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 19:59 - 2012-04-10 23:27 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-19 15:45 - 2012-02-19 15:45 - 0000000 ____D C:\Users\Nina Ong\Local Settings\ElevatedDiagnostics
2012-02-19 15:45 - 2012-02-19 15:45 - 0000000 ____D C:\Users\Nina Ong\Local Settings\Application Data\ElevatedDiagnostics
2012-02-19 15:45 - 2012-02-19 15:45 - 0000000 ____D C:\Users\Nina Ong\AppData\Local\ElevatedDiagnostics
2012-02-19 15:45 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\NDF
2012-02-19 15:42 - 2012-02-19 15:42 - 0017920 __ASH C:\Users\Nina Ong\My Documents\Thumbs.db
2012-02-19 15:42 - 2012-02-19 15:42 - 0017920 __ASH C:\Users\Nina Ong\Documents\Thumbs.db
2012-02-17 01:38 - 2012-03-25 23:12 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-17 00:34 - 2012-03-25 23:12 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 23:58 - 2012-03-25 23:12 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 23:57 - 2012-03-25 23:12 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-10 01:36 - 2012-03-25 23:20 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-10 00:38 - 2012-03-25 23:20 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-02 23:34 - 2012-03-25 23:20 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-31 07:44 - 2012-04-15 18:24 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-01-25 01:38 - 2012-03-25 23:12 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-25 01:38 - 2012-03-25 23:12 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-25 01:33 - 2012-03-25 23:12 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 3892.52 MB
Available physical RAM: 3277.21 MB
Total Pagefile: 3890.67 MB
Available Pagefile: 3270.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:451 GB) (Free:363.29 GB) NTFS
3 Drive e: (TRANSCEND) (Removable) (Total:15.1 GB) (Free:11.59 GB) FAT32
4 Drive f: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 15 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 101 MB 31 KB
Partition 2 Primary 14 GB 101 MB
Partition 3 Primary 451 GB 14 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 101 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 F RECOVERY NTFS Partition 14 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 451 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E TRANSCEND FAT32 Removable 15 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2011-11-24 05:12

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:02 PM

Posted 17 April 2012 - 12:37 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 isiDTV

isiDTV
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 17 April 2012 - 03:50 PM

HI Gringo,

The PC is a lot more stable. I am not seeing any popups or encountering any restart although it takes a while for the computer to fully start.

--------------------

ComboFix 12-04-15.02 - Nina Ong 04/17/2012 2:05.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2499 [GMT -5:00]
Running from: c:\users\Nina Ong\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\91u3A5SsGxKwL6
c:\programdata\beaabdfecaeefccdct.exe
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-03-17 to 2012-04-17 )))))))))))))))))))))))))))))))
.
.
2012-04-17 07:35 . 2012-04-17 07:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-17 06:15 . 2012-04-17 06:16 -------- d-----w- C:\FRST
2012-04-17 04:10 . 2012-03-14 01:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-17 04:10 . 2012-03-14 01:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5E61EE88-40E2-4B85-974D-E660BDFAFAD6}\mpengine.dll
2012-04-16 04:50 . 2012-04-16 04:50 -------- d-s---w- c:\windows\SysWow64\Microsoft
2012-04-15 23:28 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-15 23:28 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-15 23:28 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-15 23:25 . 2012-04-15 23:25 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BEF7D49A-1DE9-47A8-B09E-9B91B4E26DC5}\gapaengine.dll
2012-04-15 23:24 . 2012-01-31 12:44 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-04-15 23:22 . 2012-04-15 23:22 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-04-15 23:22 . 2012-04-15 23:22 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-15 22:09 . 2012-04-15 22:09 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-15 20:36 . 2012-04-15 20:36 -------- d-----w- c:\users\Nina Ong\AppData\Roaming\Malwarebytes
2012-04-15 20:36 . 2012-04-15 20:36 -------- d-----w- c:\programdata\Malwarebytes
2012-04-15 20:36 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-15 20:36 . 2012-04-15 20:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-14 03:58 . 2012-04-14 03:58 -------- d-----w- c:\windows\Sun
2012-04-14 03:53 . 2012-04-14 03:53 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-04-11 04:24 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 04:24 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 04:24 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 04:24 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 04:24 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 04:24 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 04:24 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-10 03:42 . 2012-04-10 03:42 -------- d--h--w- c:\users\Nina Ong\AppData\Roaming\Fingertapps
2012-03-26 04:20 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-26 04:20 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-26 04:20 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-26 04:20 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-03-26 04:20 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-03-26 04:20 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-03-26 04:20 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-03-26 04:16 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-03-26 04:16 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-03-26 04:12 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-26 04:12 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-26 04:12 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-26 04:12 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-26 04:12 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-26 04:12 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-26 04:12 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-01-12 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"Mega Manager"="c:\program files (x86)\Megaupload\Mega Manager\MegaManager.exe" [2010-11-03 2113024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-11-24 559616]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
2;2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2010-07-31 25072]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-08-06 12:47]
.
2012-04-17 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-08-06 12:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-04-06 3203440]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-01-25 1802472]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{824580C9-FD54-4095-95EE-D83B8AF7D3FB}: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{824580C9-FD54-4095-95EE-D83B8AF7D3FB}\269627E65697: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-beaabdfecaeefccdct - c:\programdata\beaabdfecaeefccdct.exe
Wow6432Node-HKU-Default-Run-Mshost Manager - \svchost.exe
Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
Wow6432Node-HKU-Default-Run-beaabdfecaeefccdct - c:\programdata\beaabdfecaeefccdct.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-04-17 02:49:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-17 07:49
.
Pre-Run: 390,009,163,776 bytes free
Post-Run: 389,778,628,608 bytes free
.
- - End Of File - - AA7A028F459BF35EC8AA38DD1A3083E1

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:02 PM

Posted 17 April 2012 - 06:33 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:02 PM

Posted 19 April 2012 - 11:23 PM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 isiDTV

isiDTV
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 20 April 2012 - 12:15 AM

Sorry about that. I had connection problem with the ISP. It is resolve now. Below are the logs:

TDSSKILLER:

01:32:25.0386 4712 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
01:32:25.0402 4712 ============================================================
01:32:25.0402 4712 Current date / time: 2012/04/18 01:32:25.0402
01:32:25.0402 4712 SystemInfo:
01:32:25.0402 4712
01:32:25.0402 4712 OS Version: 6.1.7601 ServicePack: 1.0
01:32:25.0402 4712 Product type: Workstation
01:32:25.0402 4712 ComputerName: NINA-PC
01:32:25.0402 4712 UserName: Nina Ong
01:32:25.0402 4712 Windows directory: C:\Windows
01:32:25.0402 4712 System windows directory: C:\Windows
01:32:25.0402 4712 Running under WOW64
01:32:25.0402 4712 Processor architecture: Intel x64
01:32:25.0402 4712 Number of processors: 2
01:32:25.0402 4712 Page size: 0x1000
01:32:25.0402 4712 Boot type: Normal boot
01:32:25.0402 4712 ============================================================
01:32:27.0976 4712 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:32:27.0976 4712 Drive \Device\Harddisk1\DR1 - Size: 0x3C7800000 (15.12 Gb), SectorSize: 0x200, Cylinders: 0x7B5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
01:32:27.0976 4712 \Device\Harddisk0\DR0:
01:32:27.0976 4712 MBR used
01:32:27.0976 4712 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x1D4C000
01:32:27.0976 4712 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7EFCD, BlocksNum 0x38606863
01:32:27.0976 4712 \Device\Harddisk1\DR1:
01:32:27.0976 4712 MBR used
01:32:27.0976 4712 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1E3BFE0
01:32:28.0023 4712 Initialize success
01:32:28.0023 4712 ============================================================
01:32:42.0063 4588 ============================================================
01:32:42.0063 4588 Scan started
01:32:42.0063 4588 Mode: Manual; SigCheck; TDLFS;
01:32:42.0063 4588 ============================================================
01:32:42.0655 4588 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
01:32:42.0858 4588 1394ohci - ok
01:32:42.0967 4588 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
01:32:43.0014 4588 ACPI - ok
01:32:43.0061 4588 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
01:32:43.0155 4588 AcpiPmi - ok
01:32:43.0279 4588 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
01:32:43.0326 4588 adp94xx - ok
01:32:43.0357 4588 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
01:32:43.0404 4588 adpahci - ok
01:32:43.0451 4588 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
01:32:43.0482 4588 adpu320 - ok
01:32:43.0529 4588 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
01:32:43.0607 4588 AeLookupSvc - ok
01:32:43.0701 4588 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
01:32:43.0763 4588 AERTFilters - ok
01:32:43.0903 4588 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
01:32:44.0028 4588 AFD - ok
01:32:44.0122 4588 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
01:32:44.0169 4588 agp440 - ok
01:32:44.0200 4588 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
01:32:44.0293 4588 ALG - ok
01:32:44.0371 4588 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
01:32:44.0403 4588 aliide - ok
01:32:44.0418 4588 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
01:32:44.0434 4588 amdide - ok
01:32:44.0481 4588 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
01:32:44.0543 4588 AmdK8 - ok
01:32:44.0621 4588 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
01:32:44.0668 4588 AmdPPM - ok
01:32:44.0730 4588 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
01:32:44.0777 4588 amdsata - ok
01:32:44.0824 4588 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
01:32:44.0871 4588 amdsbs - ok
01:32:44.0902 4588 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
01:32:44.0949 4588 amdxata - ok
01:32:44.0995 4588 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
01:32:45.0198 4588 AppID - ok
01:32:45.0276 4588 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
01:32:45.0385 4588 AppIDSvc - ok
01:32:45.0417 4588 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
01:32:45.0526 4588 Appinfo - ok
01:32:45.0604 4588 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
01:32:45.0651 4588 arc - ok
01:32:45.0666 4588 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
01:32:45.0697 4588 arcsas - ok
01:32:45.0729 4588 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
01:32:45.0838 4588 AsyncMac - ok
01:32:45.0963 4588 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
01:32:45.0978 4588 atapi - ok
01:32:46.0025 4588 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
01:32:46.0150 4588 AudioEndpointBuilder - ok
01:32:46.0181 4588 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
01:32:46.0259 4588 AudioSrv - ok
01:32:46.0353 4588 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
01:32:46.0446 4588 AxInstSV - ok
01:32:46.0540 4588 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
01:32:46.0602 4588 b06bdrv - ok
01:32:46.0696 4588 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
01:32:46.0789 4588 b57nd60a - ok
01:32:46.0945 4588 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys
01:32:47.0039 4588 BCM42RLY - ok
01:32:47.0226 4588 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
01:32:47.0320 4588 BCM43XX - ok
01:32:47.0382 4588 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys
01:32:47.0429 4588 BcmVWL - ok
01:32:47.0460 4588 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
01:32:47.0491 4588 BDESVC - ok
01:32:47.0554 4588 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
01:32:47.0632 4588 Beep - ok
01:32:47.0741 4588 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
01:32:47.0850 4588 BFE - ok
01:32:48.0037 4588 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
01:32:48.0225 4588 BITS - ok
01:32:48.0318 4588 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
01:32:48.0349 4588 blbdrive - ok
01:32:48.0505 4588 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
01:32:48.0552 4588 bowser - ok
01:32:48.0630 4588 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:32:48.0693 4588 BrFiltLo - ok
01:32:48.0739 4588 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:32:48.0771 4588 BrFiltUp - ok
01:32:48.0880 4588 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
01:32:48.0973 4588 BridgeMP - ok
01:32:49.0051 4588 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
01:32:49.0161 4588 Browser - ok
01:32:49.0223 4588 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
01:32:49.0270 4588 Brserid - ok
01:32:49.0363 4588 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
01:32:49.0426 4588 BrSerWdm - ok
01:32:49.0457 4588 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
01:32:49.0519 4588 BrUsbMdm - ok
01:32:49.0629 4588 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
01:32:49.0660 4588 BrUsbSer - ok
01:32:49.0816 4588 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
01:32:49.0863 4588 BthEnum - ok
01:32:50.0034 4588 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
01:32:50.0112 4588 BTHMODEM - ok
01:32:50.0206 4588 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
01:32:50.0268 4588 BthPan - ok
01:32:50.0362 4588 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
01:32:50.0471 4588 BTHPORT - ok
01:32:50.0627 4588 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
01:32:50.0689 4588 bthserv - ok
01:32:50.0767 4588 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
01:32:50.0830 4588 BTHUSB - ok
01:32:50.0955 4588 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys
01:32:51.0001 4588 btusbflt - ok
01:32:51.0189 4588 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys
01:32:51.0235 4588 btwaudio - ok
01:32:51.0485 4588 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\drivers\btwavdt.sys
01:32:51.0563 4588 btwavdt - ok
01:32:51.0750 4588 btwdins (10ffb5fa51d5713d872b41a59dfc2213) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
01:32:51.0906 4588 btwdins - ok
01:32:52.0031 4588 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
01:32:52.0047 4588 btwl2cap - ok
01:32:52.0109 4588 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
01:32:52.0156 4588 btwrchid - ok
01:32:52.0187 4588 catchme - ok
01:32:52.0312 4588 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
01:32:52.0421 4588 cdfs - ok
01:32:52.0561 4588 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
01:32:52.0624 4588 cdrom - ok
01:32:52.0749 4588 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
01:32:52.0842 4588 CertPropSvc - ok
01:32:52.0951 4588 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
01:32:53.0014 4588 circlass - ok
01:32:53.0092 4588 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
01:32:53.0123 4588 CLFS - ok
01:32:53.0232 4588 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:32:53.0295 4588 clr_optimization_v2.0.50727_32 - ok
01:32:53.0419 4588 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:32:53.0451 4588 clr_optimization_v2.0.50727_64 - ok
01:32:53.0544 4588 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:32:53.0622 4588 clr_optimization_v4.0.30319_32 - ok
01:32:53.0794 4588 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:32:53.0841 4588 clr_optimization_v4.0.30319_64 - ok
01:32:53.0981 4588 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
01:32:54.0043 4588 CmBatt - ok
01:32:54.0199 4588 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
01:32:54.0231 4588 cmdide - ok
01:32:54.0355 4588 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
01:32:54.0465 4588 CNG - ok
01:32:54.0589 4588 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
01:32:54.0636 4588 Compbatt - ok
01:32:54.0761 4588 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
01:32:54.0823 4588 CompositeBus - ok
01:32:54.0870 4588 COMSysApp - ok
01:32:54.0964 4588 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
01:32:55.0011 4588 crcdisk - ok
01:32:55.0213 4588 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
01:32:55.0354 4588 CryptSvc - ok
01:32:55.0619 4588 CtClsFlt (fbe228abeab2be13b9c3a3a112d4d8dc) C:\Windows\system32\DRIVERS\CtClsFlt.sys
01:32:55.0681 4588 CtClsFlt - ok
01:32:56.0009 4588 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
01:32:56.0181 4588 cvhsvc - ok
01:32:56.0337 4588 dc3d (23d4b856725f5fc3c4f410c150ab107b) C:\Windows\system32\DRIVERS\dc3d.sys
01:32:56.0368 4588 dc3d - ok
01:32:56.0555 4588 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
01:32:56.0664 4588 DcomLaunch - ok
01:32:56.0851 4588 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
01:32:56.0976 4588 defragsvc - ok
01:32:57.0117 4588 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
01:32:57.0179 4588 DfsC - ok
01:32:57.0382 4588 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
01:32:57.0507 4588 Dhcp - ok
01:32:57.0709 4588 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
01:32:57.0834 4588 discache - ok
01:32:57.0943 4588 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
01:32:57.0990 4588 Disk - ok
01:32:58.0177 4588 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
01:32:58.0240 4588 Dnscache - ok
01:32:58.0443 4588 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
01:32:58.0552 4588 dot3svc - ok
01:32:58.0724 4588 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
01:32:58.0833 4588 DPS - ok
01:32:59.0004 4588 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
01:32:59.0067 4588 drmkaud - ok
01:32:59.0270 4588 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
01:32:59.0332 4588 DXGKrnl - ok
01:32:59.0441 4588 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
01:32:59.0535 4588 EapHost - ok
01:32:59.0987 4588 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
01:33:00.0128 4588 ebdrv - ok
01:33:00.0268 4588 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
01:33:00.0346 4588 EFS - ok
01:33:00.0440 4588 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
01:33:00.0533 4588 ehRecvr - ok
01:33:00.0564 4588 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
01:33:00.0627 4588 ehSched - ok
01:33:00.0830 4588 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
01:33:00.0939 4588 elxstor - ok
01:33:01.0064 4588 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
01:33:01.0110 4588 ErrDev - ok
01:33:01.0235 4588 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
01:33:01.0344 4588 EventSystem - ok
01:33:01.0485 4588 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
01:33:01.0547 4588 exfat - ok
01:33:01.0594 4588 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
01:33:01.0688 4588 fastfat - ok
01:33:01.0922 4588 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
01:33:02.0124 4588 Fax - ok
01:33:02.0312 4588 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
01:33:02.0374 4588 fdc - ok
01:33:02.0514 4588 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
01:33:02.0592 4588 fdPHost - ok
01:33:02.0702 4588 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
01:33:02.0795 4588 FDResPub - ok
01:33:02.0998 4588 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
01:33:03.0045 4588 FileInfo - ok
01:33:03.0201 4588 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
01:33:03.0310 4588 Filetrace - ok
01:33:03.0435 4588 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
01:33:03.0466 4588 flpydisk - ok
01:33:03.0513 4588 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
01:33:03.0575 4588 FltMgr - ok
01:33:03.0747 4588 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
01:33:03.0825 4588 FontCache - ok
01:33:03.0918 4588 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:33:03.0950 4588 FontCache3.0.0.0 - ok
01:33:04.0090 4588 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
01:33:04.0121 4588 FsDepends - ok
01:33:04.0293 4588 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
01:33:04.0340 4588 Fs_Rec - ok
01:33:04.0527 4588 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
01:33:04.0574 4588 fvevol - ok
01:33:04.0823 4588 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
01:33:04.0854 4588 gagp30kx - ok
01:33:05.0010 4588 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
01:33:05.0088 4588 GameConsoleService - ok
01:33:05.0166 4588 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
01:33:05.0213 4588 GoToAssist - ok
01:33:05.0385 4588 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
01:33:05.0525 4588 gpsvc - ok
01:33:05.0728 4588 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
01:33:05.0775 4588 hcw85cir - ok
01:33:05.0900 4588 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
01:33:05.0962 4588 HDAudBus - ok
01:33:06.0165 4588 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
01:33:06.0212 4588 HECIx64 - ok
01:33:06.0414 4588 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
01:33:06.0477 4588 HidBatt - ok
01:33:06.0633 4588 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
01:33:06.0680 4588 HidBth - ok
01:33:06.0851 4588 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
01:33:06.0929 4588 HidIr - ok
01:33:07.0054 4588 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
01:33:07.0148 4588 hidserv - ok
01:33:07.0319 4588 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
01:33:07.0350 4588 HidUsb - ok
01:33:07.0413 4588 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
01:33:07.0522 4588 hkmsvc - ok
01:33:07.0631 4588 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
01:33:07.0709 4588 HomeGroupListener - ok
01:33:07.0787 4588 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
01:33:07.0881 4588 HomeGroupProvider - ok
01:33:08.0006 4588 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
01:33:08.0037 4588 HpSAMD - ok
01:33:08.0427 4588 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
01:33:08.0567 4588 HTTP - ok
01:33:08.0723 4588 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
01:33:08.0754 4588 hwpolicy - ok
01:33:08.0895 4588 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
01:33:08.0926 4588 i8042prt - ok
01:33:09.0098 4588 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
01:33:09.0144 4588 iaStor - ok
01:33:09.0285 4588 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
01:33:09.0363 4588 iaStorV - ok
01:33:09.0472 4588 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:33:09.0566 4588 idsvc - ok
01:33:10.0517 4588 igfx (31569a2e836c12014148bf7342716946) C:\Windows\system32\DRIVERS\igdkmd64.sys
01:33:10.0876 4588 igfx - ok
01:33:11.0079 4588 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
01:33:11.0126 4588 iirsp - ok
01:33:11.0235 4588 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
01:33:11.0360 4588 IKEEXT - ok
01:33:11.0594 4588 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
01:33:11.0640 4588 Impcd - ok
01:33:12.0140 4588 IntcAzAudAddService (6e4ccb3aff07e2b9f2a937385c84b573) C:\Windows\system32\drivers\RTKVHD64.sys
01:33:12.0218 4588 IntcAzAudAddService - ok
01:33:12.0327 4588 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys
01:33:12.0389 4588 IntcDAud - ok
01:33:12.0436 4588 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
01:33:12.0467 4588 intelide - ok
01:33:12.0576 4588 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
01:33:12.0639 4588 intelppm - ok
01:33:12.0732 4588 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
01:33:12.0842 4588 IPBusEnum - ok
01:33:12.0966 4588 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:33:13.0060 4588 IpFilterDriver - ok
01:33:13.0278 4588 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
01:33:13.0403 4588 iphlpsvc - ok
01:33:13.0606 4588 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
01:33:13.0668 4588 IPMIDRV - ok
01:33:13.0762 4588 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
01:33:13.0840 4588 IPNAT - ok
01:33:13.0918 4588 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
01:33:13.0965 4588 IRENUM - ok
01:33:14.0058 4588 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
01:33:14.0090 4588 isapnp - ok
01:33:14.0136 4588 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
01:33:14.0199 4588 iScsiPrt - ok
01:33:14.0292 4588 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
01:33:14.0324 4588 kbdclass - ok
01:33:14.0417 4588 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
01:33:14.0448 4588 kbdhid - ok
01:33:14.0526 4588 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:33:14.0589 4588 KeyIso - ok
01:33:14.0636 4588 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
01:33:14.0682 4588 KSecDD - ok
01:33:14.0760 4588 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
01:33:14.0792 4588 KSecPkg - ok
01:33:14.0963 4588 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
01:33:15.0041 4588 ksthunk - ok
01:33:15.0228 4588 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
01:33:15.0353 4588 KtmRm - ok
01:33:15.0525 4588 L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys
01:33:15.0540 4588 L1C - ok
01:33:15.0665 4588 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
01:33:15.0774 4588 LanmanServer - ok
01:33:15.0946 4588 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
01:33:16.0024 4588 LanmanWorkstation - ok
01:33:16.0149 4588 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
01:33:16.0242 4588 lltdio - ok
01:33:16.0430 4588 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
01:33:16.0523 4588 lltdsvc - ok
01:33:16.0648 4588 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
01:33:16.0726 4588 lmhosts - ok
01:33:16.0866 4588 LMS (23d990150d56b670a62b21b9abdd45ee) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
01:33:17.0022 4588 LMS - ok
01:33:17.0132 4588 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
01:33:17.0178 4588 LSI_FC - ok
01:33:17.0334 4588 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
01:33:17.0381 4588 LSI_SAS - ok
01:33:17.0600 4588 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:33:17.0631 4588 LSI_SAS2 - ok
01:33:17.0818 4588 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:33:17.0865 4588 LSI_SCSI - ok
01:33:17.0990 4588 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
01:33:18.0068 4588 luafv - ok
01:33:18.0270 4588 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
01:33:18.0302 4588 MBAMProtector - ok
01:33:18.0692 4588 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
01:33:18.0879 4588 MBAMService - ok
01:33:19.0004 4588 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
01:33:19.0082 4588 Mcx2Svc - ok
01:33:19.0144 4588 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
01:33:19.0191 4588 megasas - ok
01:33:19.0222 4588 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
01:33:19.0269 4588 MegaSR - ok
01:33:19.0300 4588 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
01:33:19.0394 4588 MMCSS - ok
01:33:19.0487 4588 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
01:33:19.0581 4588 Modem - ok
01:33:19.0706 4588 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
01:33:19.0799 4588 monitor - ok
01:33:20.0002 4588 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
01:33:20.0049 4588 mouclass - ok
01:33:20.0142 4588 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
01:33:20.0205 4588 mouhid - ok
01:33:20.0252 4588 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
01:33:20.0298 4588 mountmgr - ok
01:33:20.0423 4588 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
01:33:20.0470 4588 MpFilter - ok
01:33:20.0532 4588 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
01:33:20.0564 4588 mpio - ok
01:33:20.0626 4588 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
01:33:20.0673 4588 MpNWMon - ok
01:33:20.0782 4588 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
01:33:20.0876 4588 mpsdrv - ok
01:33:21.0266 4588 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
01:33:21.0468 4588 MpsSvc - ok
01:33:21.0593 4588 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
01:33:21.0671 4588 MRxDAV - ok
01:33:21.0796 4588 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:33:21.0905 4588 mrxsmb - ok
01:33:22.0139 4588 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:33:22.0233 4588 mrxsmb10 - ok
01:33:22.0358 4588 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:33:22.0420 4588 mrxsmb20 - ok
01:33:22.0732 4588 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
01:33:22.0763 4588 msahci - ok
01:33:22.0966 4588 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
01:33:22.0997 4588 msdsm - ok
01:33:23.0091 4588 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
01:33:23.0184 4588 MSDTC - ok
01:33:23.0387 4588 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
01:33:23.0465 4588 Msfs - ok
01:33:23.0590 4588 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
01:33:23.0652 4588 mshidkmdf - ok
01:33:23.0684 4588 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
01:33:23.0730 4588 msisadrv - ok
01:33:23.0840 4588 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
01:33:23.0949 4588 MSiSCSI - ok
01:33:24.0042 4588 msiserver - ok
01:33:24.0105 4588 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
01:33:24.0214 4588 MSKSSRV - ok
01:33:24.0464 4588 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
01:33:24.0495 4588 MsMpSvc - ok
01:33:24.0651 4588 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
01:33:24.0760 4588 MSPCLOCK - ok
01:33:24.0932 4588 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
01:33:25.0010 4588 MSPQM - ok
01:33:25.0134 4588 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
01:33:25.0166 4588 MsRPC - ok
01:33:25.0353 4588 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
01:33:25.0400 4588 mssmbios - ok
01:33:25.0602 4588 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
01:33:25.0665 4588 MSTEE - ok
01:33:25.0790 4588 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
01:33:25.0836 4588 MTConfig - ok
01:33:26.0039 4588 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
01:33:26.0086 4588 Mup - ok
01:33:26.0226 4588 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
01:33:26.0351 4588 napagent - ok
01:33:26.0570 4588 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
01:33:26.0648 4588 NativeWifiP - ok
01:33:26.0882 4588 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
01:33:26.0975 4588 NDIS - ok
01:33:27.0194 4588 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
01:33:27.0303 4588 NdisCap - ok
01:33:27.0428 4588 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
01:33:27.0490 4588 NdisTapi - ok
01:33:27.0568 4588 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
01:33:27.0646 4588 Ndisuio - ok
01:33:27.0724 4588 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
01:33:27.0802 4588 NdisWan - ok
01:33:27.0849 4588 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
01:33:27.0911 4588 NDProxy - ok
01:33:28.0286 4588 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
01:33:28.0364 4588 NetBIOS - ok
01:33:28.0551 4588 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
01:33:28.0644 4588 NetBT - ok
01:33:28.0722 4588 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:33:28.0785 4588 Netlogon - ok
01:33:28.0894 4588 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
01:33:29.0050 4588 Netman - ok
01:33:29.0253 4588 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
01:33:29.0346 4588 netprofm - ok
01:33:29.0518 4588 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:33:29.0549 4588 NetTcpPortSharing - ok
01:33:29.0674 4588 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
01:33:29.0721 4588 nfrd960 - ok
01:33:29.0939 4588 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
01:33:29.0986 4588 NisDrv - ok
01:33:30.0111 4588 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
01:33:30.0173 4588 NisSrv - ok
01:33:30.0329 4588 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
01:33:30.0438 4588 NlaSvc - ok
01:33:30.0579 4588 nmservice (cd569fa91ec6f59d045c19d0d3850f44) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
01:33:31.0078 4588 nmservice - ok
01:33:31.0265 4588 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
01:33:31.0608 4588 NOBU - ok
01:33:31.0749 4588 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
01:33:31.0811 4588 Npfs - ok
01:33:31.0952 4588 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
01:33:32.0045 4588 nsi - ok
01:33:32.0186 4588 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
01:33:32.0264 4588 nsiproxy - ok
01:33:32.0544 4588 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
01:33:32.0654 4588 Ntfs - ok
01:33:32.0778 4588 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
01:33:32.0888 4588 Null - ok
01:33:33.0106 4588 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
01:33:33.0137 4588 nvraid - ok
01:33:33.0293 4588 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
01:33:33.0324 4588 nvstor - ok
01:33:33.0402 4588 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
01:33:33.0434 4588 nv_agp - ok
01:33:33.0465 4588 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
01:33:33.0527 4588 ohci1394 - ok
01:33:33.0605 4588 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:33:33.0683 4588 ose - ok
01:33:33.0948 4588 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:33:34.0385 4588 osppsvc - ok
01:33:34.0650 4588 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
01:33:34.0728 4588 p2pimsvc - ok
01:33:34.0916 4588 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
01:33:34.0978 4588 p2psvc - ok
01:33:35.0165 4588 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
01:33:35.0196 4588 Parport - ok
01:33:35.0243 4588 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
01:33:35.0290 4588 partmgr - ok
01:33:35.0399 4588 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
01:33:35.0477 4588 PcaSvc - ok
01:33:35.0586 4588 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
01:33:35.0727 4588 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
01:33:35.0883 4588 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
01:33:35.0930 4588 pci - ok
01:33:36.0008 4588 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
01:33:36.0039 4588 pciide - ok
01:33:36.0117 4588 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
01:33:36.0179 4588 pcmcia - ok
01:33:36.0320 4588 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
01:33:36.0366 4588 pcw - ok
01:33:36.0538 4588 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
01:33:36.0647 4588 PEAUTH - ok
01:33:36.0897 4588 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
01:33:36.0975 4588 PerfHost - ok
01:33:37.0146 4588 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
01:33:37.0302 4588 pla - ok
01:33:37.0443 4588 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
01:33:37.0521 4588 PlugPlay - ok
01:33:37.0677 4588 pnarp (fb83b6c62dff5abe36304351d2bed581) C:\Windows\system32\DRIVERS\pnarp.sys
01:33:37.0724 4588 pnarp - ok
01:33:37.0864 4588 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
01:33:37.0926 4588 PNRPAutoReg - ok
01:33:38.0082 4588 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
01:33:38.0129 4588 PNRPsvc - ok
01:33:38.0285 4588 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
01:33:38.0457 4588 PolicyAgent - ok
01:33:38.0644 4588 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
01:33:38.0722 4588 Power - ok
01:33:38.0972 4588 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
01:33:39.0050 4588 PptpMiniport - ok
01:33:39.0237 4588 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
01:33:39.0268 4588 Processor - ok
01:33:39.0502 4588 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
01:33:39.0627 4588 ProfSvc - ok
01:33:39.0752 4588 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:33:39.0798 4588 ProtectedStorage - ok
01:33:39.0954 4588 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
01:33:40.0032 4588 Psched - ok
01:33:40.0344 4588 purendis (1b3434642ce3c26e6f24d3a76d749c2a) C:\Windows\system32\DRIVERS\purendis.sys
01:33:40.0376 4588 purendis - ok
01:33:40.0485 4588 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
01:33:40.0547 4588 PxHlpa64 - ok
01:33:40.0719 4588 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
01:33:40.0812 4588 ql2300 - ok
01:33:40.0922 4588 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
01:33:40.0968 4588 ql40xx - ok
01:33:41.0109 4588 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
01:33:41.0218 4588 QWAVE - ok
01:33:41.0405 4588 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
01:33:41.0483 4588 QWAVEdrv - ok
01:33:41.0670 4588 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
01:33:41.0748 4588 RasAcd - ok
01:33:41.0904 4588 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
01:33:41.0982 4588 RasAgileVpn - ok
01:33:42.0045 4588 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
01:33:42.0138 4588 RasAuto - ok
01:33:42.0248 4588 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:33:42.0341 4588 Rasl2tp - ok
01:33:42.0466 4588 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
01:33:42.0606 4588 RasMan - ok
01:33:42.0856 4588 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
01:33:42.0950 4588 RasPppoe - ok
01:33:43.0028 4588 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
01:33:43.0121 4588 RasSstp - ok
01:33:43.0324 4588 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
01:33:43.0402 4588 rdbss - ok
01:33:43.0542 4588 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
01:33:43.0574 4588 rdpbus - ok
01:33:43.0714 4588 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:33:43.0792 4588 RDPCDD - ok
01:33:43.0948 4588 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
01:33:44.0026 4588 RDPENCDD - ok
01:33:44.0166 4588 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
01:33:44.0213 4588 RDPREFMP - ok
01:33:44.0307 4588 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
01:33:44.0385 4588 RDPWD - ok
01:33:44.0525 4588 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
01:33:44.0556 4588 rdyboost - ok
01:33:44.0619 4588 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
01:33:44.0712 4588 RemoteAccess - ok
01:33:44.0759 4588 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
01:33:44.0868 4588 RemoteRegistry - ok
01:33:45.0024 4588 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
01:33:45.0056 4588 RFCOMM - ok
01:33:45.0337 4588 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
01:33:45.0509 4588 RoxMediaDB12OEM - ok
01:33:45.0714 4588 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
01:33:45.0794 4588 RoxWatch12 - ok
01:33:45.0965 4588 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
01:33:46.0044 4588 RpcEptMapper - ok
01:33:46.0341 4588 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
01:33:46.0403 4588 RpcLocator - ok
01:33:46.0653 4588 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
01:33:46.0731 4588 RpcSs - ok
01:33:46.0887 4588 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
01:33:46.0949 4588 rspndr - ok
01:33:47.0183 4588 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys
01:33:47.0214 4588 RSUSBSTOR - ok
01:33:47.0433 4588 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:33:47.0480 4588 SamSs - ok
01:33:47.0620 4588 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
01:33:47.0651 4588 sbp2port - ok
01:33:47.0870 4588 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
01:33:47.0963 4588 SCardSvr - ok
01:33:48.0182 4588 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
01:33:48.0244 4588 scfilter - ok
01:33:48.0494 4588 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
01:33:48.0634 4588 Schedule - ok
01:33:48.0821 4588 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
01:33:48.0884 4588 SCPolicySvc - ok
01:33:49.0055 4588 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
01:33:49.0102 4588 SDRSVC - ok
01:33:49.0196 4588 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
01:33:49.0305 4588 SeaPort - ok
01:33:49.0414 4588 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
01:33:49.0476 4588 secdrv - ok
01:33:49.0508 4588 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
01:33:49.0586 4588 seclogon - ok
01:33:49.0757 4588 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
01:33:49.0835 4588 SENS - ok
01:33:49.0866 4588 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
01:33:49.0929 4588 SensrSvc - ok
01:33:50.0022 4588 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
01:33:50.0054 4588 Serenum - ok
01:33:50.0272 4588 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
01:33:50.0303 4588 Serial - ok
01:33:50.0397 4588 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
01:33:50.0428 4588 sermouse - ok
01:33:50.0490 4588 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
01:33:50.0568 4588 SessionEnv - ok
01:33:50.0600 4588 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
01:33:50.0646 4588 sffdisk - ok
01:33:50.0678 4588 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
01:33:50.0724 4588 sffp_mmc - ok
01:33:50.0740 4588 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
01:33:50.0802 4588 sffp_sd - ok
01:33:50.0849 4588 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
01:33:50.0865 4588 sfloppy - ok
01:33:50.0974 4588 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
01:33:51.0005 4588 Sftfs - ok
01:33:51.0239 4588 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
01:33:51.0426 4588 sftlist - ok
01:33:51.0582 4588 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
01:33:51.0629 4588 Sftplay - ok
01:33:51.0692 4588 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
01:33:51.0723 4588 Sftredir - ok
01:33:51.0801 4588 SftService (38f88f0df46c4d42125ef721abd7f6b9) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
01:33:52.0050 4588 SftService - ok
01:33:52.0238 4588 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
01:33:52.0253 4588 Sftvol - ok
01:33:52.0440 4588 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
01:33:52.0612 4588 sftvsa - ok
01:33:52.0784 4588 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
01:33:52.0940 4588 SharedAccess - ok
01:33:53.0127 4588 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
01:33:53.0252 4588 ShellHWDetection - ok
01:33:53.0392 4588 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:33:53.0408 4588 SiSRaid2 - ok
01:33:53.0486 4588 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
01:33:53.0517 4588 SiSRaid4 - ok
01:33:53.0548 4588 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
01:33:53.0626 4588 Smb - ok
01:33:53.0737 4588 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
01:33:53.0778 4588 SNMPTRAP - ok
01:33:53.0903 4588 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
01:33:53.0934 4588 spldr - ok
01:33:54.0137 4588 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
01:33:54.0309 4588 Spooler - ok
01:33:54.0590 4588 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
01:33:54.0792 4588 sppsvc - ok
01:33:54.0964 4588 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
01:33:55.0058 4588 sppuinotify - ok
01:33:55.0370 4588 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
01:33:55.0448 4588 srv - ok
01:33:55.0635 4588 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
01:33:55.0697 4588 srv2 - ok
01:33:55.0775 4588 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
01:33:55.0822 4588 srvnet - ok
01:33:55.0916 4588 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
01:33:56.0025 4588 SSDPSRV - ok
01:33:56.0212 4588 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
01:33:56.0306 4588 SstpSvc - ok
01:33:56.0462 4588 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
01:33:56.0477 4588 stexstor - ok
01:33:56.0633 4588 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
01:33:56.0727 4588 stisvc - ok
01:33:56.0820 4588 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
01:33:56.0914 4588 stllssvr - ok
01:33:57.0086 4588 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
01:33:57.0132 4588 swenum - ok
01:33:57.0304 4588 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
01:33:57.0413 4588 swprv - ok
01:33:57.0554 4588 SynTP (c25866bdf0e818e02bb8e76845d26e54) C:\Windows\system32\DRIVERS\SynTP.sys
01:33:57.0616 4588 SynTP - ok
01:33:57.0897 4588 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
01:33:58.0022 4588 SysMain - ok
01:33:58.0100 4588 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
01:33:58.0146 4588 TabletInputService - ok
01:33:58.0209 4588 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
01:33:58.0318 4588 TapiSrv - ok
01:33:58.0427 4588 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
01:33:58.0505 4588 TBS - ok
01:33:58.0786 4588 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
01:33:58.0895 4588 Tcpip - ok
01:33:59.0179 4588 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
01:33:59.0256 4588 TCPIP6 - ok
01:33:59.0514 4588 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
01:33:59.0577 4588 tcpipreg - ok
01:33:59.0717 4588 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
01:33:59.0780 4588 TDPIPE - ok
01:33:59.0873 4588 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
01:33:59.0904 4588 TDTCP - ok
01:33:59.0951 4588 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
01:34:00.0014 4588 tdx - ok
01:34:00.0045 4588 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
01:34:00.0076 4588 TermDD - ok
01:34:00.0123 4588 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
01:34:00.0216 4588 TermService - ok
01:34:00.0341 4588 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
01:34:00.0388 4588 Themes - ok
01:34:00.0466 4588 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
01:34:00.0544 4588 THREADORDER - ok
01:34:00.0622 4588 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
01:34:00.0716 4588 TrkWks - ok
01:34:00.0872 4588 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
01:34:00.0981 4588 TrustedInstaller - ok
01:34:01.0152 4588 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:34:01.0230 4588 tssecsrv - ok
01:34:01.0340 4588 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
01:34:01.0371 4588 TsUsbFlt - ok
01:34:01.0496 4588 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
01:34:01.0574 4588 tunnel - ok
01:34:01.0776 4588 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
01:34:01.0839 4588 uagp35 - ok
01:34:02.0042 4588 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
01:34:02.0120 4588 udfs - ok
01:34:02.0322 4588 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
01:34:02.0369 4588 UI0Detect - ok
01:34:02.0556 4588 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
01:34:02.0588 4588 uliagpkx - ok
01:34:02.0619 4588 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
01:34:02.0666 4588 umbus - ok
01:34:02.0790 4588 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
01:34:02.0837 4588 UmPass - ok
01:34:03.0180 4588 UNS (cbdee152d73200ee49031a26310b9d3e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
01:34:03.0430 4588 UNS - ok
01:34:03.0695 4588 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
01:34:03.0804 4588 upnphost - ok
01:34:03.0981 4588 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
01:34:04.0011 4588 usbccgp - ok
01:34:04.0078 4588 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
01:34:04.0125 4588 usbcir - ok
01:34:04.0172 4588 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
01:34:04.0218 4588 usbehci - ok
01:34:04.0343 4588 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
01:34:04.0421 4588 usbhub - ok
01:34:04.0515 4588 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
01:34:04.0530 4588 usbohci - ok
01:34:04.0562 4588 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
01:34:04.0608 4588 usbprint - ok
01:34:04.0655 4588 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:34:04.0702 4588 USBSTOR - ok
01:34:04.0749 4588 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
01:34:04.0796 4588 usbuhci - ok
01:34:04.0905 4588 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
01:34:04.0952 4588 usbvideo - ok
01:34:04.0983 4588 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
01:34:05.0108 4588 UxSms - ok
01:34:05.0295 4588 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:34:05.0342 4588 VaultSvc - ok
01:34:05.0466 4588 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
01:34:05.0498 4588 vdrvroot - ok
01:34:05.0636 4588 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
01:34:05.0746 4588 vds - ok
01:34:05.0886 4588 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
01:34:05.0902 4588 vga - ok
01:34:05.0964 4588 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
01:34:06.0042 4588 VgaSave - ok
01:34:06.0167 4588 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
01:34:06.0229 4588 vhdmp - ok
01:34:06.0385 4588 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
01:34:06.0432 4588 viaide - ok
01:34:06.0526 4588 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
01:34:06.0557 4588 volmgr - ok
01:34:06.0604 4588 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
01:34:06.0650 4588 volmgrx - ok
01:34:06.0728 4588 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
01:34:06.0791 4588 volsnap - ok
01:34:06.0853 4588 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
01:34:06.0900 4588 vsmraid - ok
01:34:07.0040 4588 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
01:34:07.0181 4588 VSS - ok
01:34:07.0306 4588 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
01:34:07.0352 4588 vwifibus - ok
01:34:07.0384 4588 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
01:34:07.0430 4588 vwififlt - ok
01:34:07.0571 4588 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
01:34:07.0618 4588 vwifimp - ok
01:34:07.0727 4588 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
01:34:07.0820 4588 W32Time - ok
01:34:08.0023 4588 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
01:34:08.0054 4588 WacomPen - ok
01:34:08.0179 4588 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:34:08.0257 4588 WANARP - ok
01:34:08.0273 4588 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:34:08.0335 4588 Wanarpv6 - ok
01:34:08.0522 4588 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
01:34:08.0897 4588 WatAdminSvc - ok
01:34:09.0209 4588 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
01:34:09.0380 4588 wbengine - ok
01:34:09.0568 4588 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
01:34:09.0630 4588 WbioSrvc - ok
01:34:09.0770 4588 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
01:34:09.0864 4588 wcncsvc - ok
01:34:09.0942 4588 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
01:34:10.0004 4588 WcsPlugInService - ok
01:34:10.0176 4588 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
01:34:10.0207 4588 Wd - ok
01:34:10.0394 4588 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
01:34:10.0472 4588 Wdf01000 - ok
01:34:10.0550 4588 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
01:34:10.0644 4588 WdiServiceHost - ok
01:34:10.0644 4588 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
01:34:10.0675 4588 WdiSystemHost - ok
01:34:10.0862 4588 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
01:34:10.0956 4588 WebClient - ok
01:34:11.0159 4588 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
01:34:11.0299 4588 Wecsvc - ok
01:34:11.0424 4588 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
01:34:11.0518 4588 wercplsupport - ok
01:34:11.0627 4588 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
01:34:11.0705 4588 WerSvc - ok
01:34:11.0798 4588 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
01:34:11.0861 4588 WfpLwf - ok
01:34:11.0954 4588 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
01:34:11.0986 4588 WimFltr - ok
01:34:12.0064 4588 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
01:34:12.0095 4588 WIMMount - ok
01:34:12.0142 4588 WinDefend - ok
01:34:12.0157 4588 WinHttpAutoProxySvc - ok
01:34:12.0282 4588 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
01:34:12.0391 4588 Winmgmt - ok
01:34:12.0563 4588 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
01:34:12.0734 4588 WinRM - ok
01:34:12.0875 4588 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
01:34:12.0937 4588 WinUsb - ok
01:34:13.0156 4588 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
01:34:13.0296 4588 Wlansvc - ok
01:34:13.0390 4588 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
01:34:13.0436 4588 wlcrasvc - ok
01:34:13.0686 4588 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:34:13.0873 4588 wlidsvc - ok
01:34:14.0029 4588 wltrysvc (de816a0624d54d68e1fb8a9028dcf81a) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
01:34:14.0123 4588 wltrysvc ( UnsignedFile.Multi.Generic ) - warning
01:34:14.0123 4588 wltrysvc - detected UnsignedFile.Multi.Generic (1)
01:34:14.0232 4588 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
01:34:14.0279 4588 WmiAcpi - ok
01:34:14.0388 4588 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
01:34:14.0450 4588 wmiApSrv - ok
01:34:14.0466 4588 WMPNetworkSvc - ok
01:34:14.0560 4588 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
01:34:14.0653 4588 WPCSvc - ok
01:34:14.0684 4588 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
01:34:14.0747 4588 WPDBusEnum - ok
01:34:14.0809 4588 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
01:34:14.0887 4588 ws2ifsl - ok
01:34:14.0981 4588 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
01:34:15.0059 4588 wscsvc - ok
01:34:15.0074 4588 WSearch - ok
01:34:15.0262 4588 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
01:34:15.0418 4588 wuauserv - ok
01:34:15.0589 4588 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
01:34:15.0683 4588 WudfPf - ok
01:34:15.0745 4588 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:34:15.0823 4588 WUDFRd - ok
01:34:15.0870 4588 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
01:34:15.0948 4588 wudfsvc - ok
01:34:15.0995 4588 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
01:34:16.0104 4588 WwanSvc - ok
01:34:16.0229 4588 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
01:34:16.0494 4588 YahooAUService - ok
01:34:16.0525 4588 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
01:34:16.0775 4588 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
01:34:16.0775 4588 \Device\Harddisk0\DR0 - detected TDSS File System (1)
01:34:16.0790 4588 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
01:34:19.0832 4588 \Device\Harddisk1\DR1 - ok
01:34:19.0864 4588 Boot (0x1200) (968d613a98673a9b1e5aff3358e72170) \Device\Harddisk0\DR0\Partition0
01:34:19.0864 4588 \Device\Harddisk0\DR0\Partition0 - ok
01:34:19.0879 4588 Boot (0x1200) (441dc663796587e8b8be88b968c2443b) \Device\Harddisk0\DR0\Partition1
01:34:19.0879 4588 \Device\Harddisk0\DR0\Partition1 - ok
01:34:19.0895 4588 Boot (0x1200) (3c6e3fd99a366f414d8ac9208d0a3bdc) \Device\Harddisk1\DR1\Partition0
01:34:19.0895 4588 \Device\Harddisk1\DR1\Partition0 - ok
01:34:19.0895 4588 ============================================================
01:34:19.0895 4588 Scan finished
01:34:19.0895 4588 ============================================================
01:34:19.0910 4296 Detected object count: 2
01:34:19.0910 4296 Actual detected object count: 2
01:34:35.0479 4296 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user
01:34:35.0479 4296 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:34:35.0479 4296 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
01:34:35.0479 4296 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


****************************************************************************

aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-18 01:36:16
-----------------------------
01:36:16.154 OS Version: Windows x64 6.1.7601 Service Pack 1
01:36:16.154 Number of processors: 2 586 0x2505
01:36:16.170 ComputerName: NINA-PC UserName:
01:36:21.552 Initialize success
01:36:54.113 AVAST engine defs: 12041701
01:37:10.836 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:37:10.836 Disk 0 Vendor: ST950032 D005 Size: 476940MB BusType: 3
01:37:10.867 Disk 0 MBR read successfully
01:37:10.867 Disk 0 MBR scan
01:37:10.867 Disk 0 Windows VISTA default MBR code
01:37:10.867 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
01:37:10.945 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 208845
01:37:10.992 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461837 MB offset 30928845
01:37:11.070 Disk 0 scanning C:\Windows\system32\drivers
01:37:29.728 Service scanning
01:38:23.173 Modules scanning
01:38:23.189 Disk 0 trace - called modules:
01:38:23.220 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
01:38:23.719 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ae5740]
01:38:23.719 3 CLASSPNP.SYS[fffff88001d8a43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004914050]
01:38:26.387 AVAST engine scan C:\Windows
01:38:34.000 AVAST engine scan C:\Windows\system32
01:43:47.670 AVAST engine scan C:\Windows\system32\drivers
01:44:09.697 AVAST engine scan C:\Users\Nina Ong
01:48:37.799 AVAST engine scan C:\ProgramData
01:51:55.108 Scan finished successfully
01:52:18.305 Disk 0 MBR has been saved successfully to "E:\Nina\MBR.dat"
01:52:18.337 The log file has been saved successfully to "E:\Nina\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:02 PM

Posted 20 April 2012 - 12:37 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 isiDTV

isiDTV
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 21 April 2012 - 12:07 PM

Hi Gringo,

I had to give the laptop back to my friend. Will not be able to finish cleaning up the malwares. Thank you very much for your help.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:02 PM

Posted 21 April 2012 - 02:03 PM

Hello

they should let it get completely cleaned - but thanks for letting me know


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:02 PM

Posted 23 April 2012 - 11:25 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users