Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran Combofix and now I can't boot Windows 7


  • This topic is locked This topic is locked
19 replies to this topic

#1 gmonkey

gmonkey

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 17 April 2012 - 11:33 PM

I was working to remove what appeared to be several viruses using starting with SMART HDD. I did a bucnh of things that ended up with me no longer being able to boot.

1) I removed SMART HDD successfully using RKill, TDSS Killer (which found Rootkit.Boot.pihar.B) I finally ran MBAM cleanly and got most of my shortcuts back.
2) Norton was then alerting on Trojan Gen2B. and I was seeing google redirects. I ran those other tools to no avail.
3) I then ran aswMBR which altered on several things including consrv.dll.
4) I tried Running combofix( I know... BAD!) and it stalled on pass 48. I then followed a thread that had a Cfscript to run combofix that seemed to address consrv.dll. That ran successfully to completion however I can't boot now.
5) Today I ran FRST64 and have included that log file

I have the following logs I can post and have posted combofix below as that was what preceded my issue as well as FRST64 as that is where I am now. - Thanks in advance for your help!

TDSSkiller
aswMBR
Combofix
FRST64


ComboFix 12-04-16.02 - Kerry 04/17/2012 2:12.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1871 [GMT -4:00]
Running from: c:\users\Kerry\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Kerry\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\consrv.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\DZnLsDQ6M3j736
c:\users\Kerry\WINDOWS
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2012-03-17 to 2012-04-17 )))))))))))))))))))))))))))))))
.
.
2012-04-17 06:28 . 2012-04-17 06:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-16 22:40 . 2012-04-16 22:40 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-16 22:10 . 2012-04-17 06:08 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-16 21:50 . 2012-04-17 04:52 -------- d-----w- c:\users\Kerry\AppData\Local\NPE
2012-04-16 21:21 . 2012-04-16 21:21 -------- d-----w- c:\users\Kerry\AppData\Roaming\Tific
2012-04-14 00:51 . 2010-08-21 04:59 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-04-14 00:45 . 2012-04-14 00:45 -------- d-----w- c:\programdata\White Sky, Inc
2012-04-13 19:06 . 2012-04-13 19:06 -------- d-----w- c:\users\Kerry\AppData\Roaming\Malwarebytes
2012-04-13 18:57 . 2012-04-13 18:57 -------- d-----w- c:\programdata\Malwarebytes
2012-04-13 18:57 . 2012-04-13 19:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-13 18:57 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-13 18:21 . 2012-04-13 18:21 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4fc54bb81cd19a201\DSETUP.dll
2012-04-13 18:21 . 2012-04-13 18:21 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4fc54bb81cd19a201\DXSETUP.exe
2012-04-13 18:21 . 2012-04-13 18:21 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4fc54bb81cd19a201\dsetup32.dll
2012-04-13 02:43 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 02:43 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-13 02:43 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-13 02:43 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 02:43 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 02:43 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-13 02:43 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-21 00:50 . 2012-03-21 00:51 -------- d-----w- c:\program files\iTunes
2012-03-21 00:50 . 2012-03-21 00:51 -------- d-----w- c:\program files (x86)\iTunes
2012-03-21 00:50 . 2012-03-21 00:50 -------- d-----w- c:\program files\iPod
2012-03-21 00:48 . 2012-03-21 00:48 -------- d-----w- c:\program files\Bonjour
2012-03-21 00:48 . 2012-03-21 00:48 -------- d-----w- c:\program files (x86)\Bonjour
2012-03-21 00:47 . 2012-03-21 00:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-03-21 00:47 . 2012-03-21 00:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-03-21 00:47 . 2012-03-21 00:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-03-21 00:47 . 2012-03-21 00:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-03-21 00:47 . 2012-03-21 00:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-03-21 00:47 . 2012-03-21 00:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-03-21 00:47 . 2012-03-21 00:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-03-21 00:47 . 2012-03-21 00:47 -------- d-----w- c:\program files (x86)\QuickTime
2012-03-21 00:45 . 2012-03-21 00:45 -------- d-----w- c:\program files (x86)\Apple Software Update
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-12 12:48 . 2012-04-11 14:54 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7DD382EB-B349-4079-B429-9E5A23243B19}\offreg.dll
2012-03-14 03:27 . 2012-04-10 16:17 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7DD382EB-B349-4079-B429-9E5A23243B19}\mpengine.dll
2012-02-23 13:18 . 2009-12-11 05:24 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 15:34 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 15:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 15:34 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 15:34 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 15:34 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 15:34 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 15:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-14 15:34 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 15:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 15:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2010-06-30 1689144]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-12 39408]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-05-14 307768]
"SansaDispatch"="c:\users\Kerry\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-05-08 79872]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-03-02 119152]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2012-3-30 5572168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Connectify;Connectify;c:\program files (x86)\Connectify\Connectifyd.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-12 135664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-03-30 65608]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-12 135664]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 PTAPCBUS;Pantech Android USB Composite Device (PTAPC);c:\windows\system32\DRIVERS\PTAPCBUS.sys [x]
R3 PTAPCMDM;Pantech Android USB Modem Drivers (PTAPC);c:\windows\system32\DRIVERS\PTAPCMDM.sys [x]
R3 PTAPCVSP;Pantech Android USB Serial Port (PTAPC);c:\windows\system32\DRIVERS\PTAPCVSP.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-05-25 43032]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 STSService;STSService;c:\program files (x86)\SoundTaxi Media Suite\STSService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 GIDv2;GIDv2; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
S3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 15:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 14:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-12 19:59]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-12 19:59]
.
2012-04-13 c:\windows\Tasks\HPCeeScheduleForKerry.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 02:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 171520]
"VX3000"="c:\windows\vVX3000.exe" [2010-03-02 762736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"combofix"="c:\combo-fix\CF8791.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
keriomailserver
videoacceleratorengine
RapiMgr
{a7447300-8075-4b0d-83f1-3d75c8ebc623}
atmeltpm
stacsv
enethusb
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office10\EXCEL.EXE/3000
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 205.135.25.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Connectify - c:\program files (x86)\Connectify\Connectify.exe
Wow6432Node-HKLM-Run-NoteBurner - c:\program files (x86)\NoteBurner\VTBurnerGUI.exe
Wow6432Node-HKLM-Run-RgWtsvfNRFiS.exe - c:\programdata\RgWtsvfNRFiS.exe
Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
Wow6432Node-HKU-Default-Run-ccdeeeacebfddct - c:\programdata\ccdeeeacebfddct.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Clifford Adventure - c:\windows\system32\Clifford Uninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2012-04-17 02:38:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-17 06:38
.
Pre-Run: 143,347,531,776 bytes free
Post-Run: 142,525,128,704 bytes free
.
- - End Of File - - 043362194DE40B312986B3F5F2EB423F


FRST64:
Scan result of Farbar Recovery Scan Tool Version: 16-04-2012
Ran by SYSTEM at 17-04-2012 23:29:18
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [495104 2009-07-14] (Conexant Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2009-08-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [VX3000] C:\Windows\vVX3000.exe [762736 2010-03-01] (Microsoft Corporation)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2399632 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe" [468264 2009-06-23] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [581480 2009-05-12] (Symantec Corporation)
HKLM-x32\...\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [119152 2010-03-01] (Microsoft Corporation)
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
HKLM-x32\...\Run: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s [395528 2011-07-05] (StrikeForce Technologies Inc.)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1689144 2010-06-29] (Hewlett-Packard)
HKU\Default\...\Policies\system: [WallpaperStyle] 2
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1689144 2010-06-29] (Hewlett-Packard)
HKU\Default User\...\Policies\system: [WallpaperStyle] 2
HKU\Kerry\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1689144 2010-06-29] (Hewlett-Packard)
HKU\Kerry\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2010-02-22] (Hewlett-Packard Company)
HKU\Kerry\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-02-12] (Google Inc.)
HKU\Kerry\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /c [307768 2010-05-14] ()
HKU\Kerry\...\Run: [SansaDispatch] C:\Users\Kerry\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [79872 2011-05-08] (SanDisk Corporation)
HKU\Kerry\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17148552 2012-02-29] (Skype Technologies S.A.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 205.135.25.1
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 ADVService; "C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe" [25704 2011-11-23] (Amazon.com)
2 atmeltpm; C:\Windows\System32\caboagp.dll [6656 2009-07-13] (Oak Technology Inc.)
2 BBUpdate; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [249648 2011-06-15] (Microsoft Corporation)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [86072 2011-09-09] (Hewlett-Packard Company)
2 IDVaultSvc; "C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe" [65608 2012-03-30] (White Sky, Inc.)
2 IntuitUpdateService; "C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe" [13672 2010-08-23] (Intuit Inc.)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-01-21] ()
2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [158856 2012-01-31] (Skype Technologies)
3 WMZuneComm; "C:\Program Files\Zune\WMZuneComm.exe" [306400 2011-08-05] (Microsoft Corporation)
3 ZuneNetworkSvc; "C:\Program Files\Zune\ZuneNss.exe" [8277728 2011-08-05] (Microsoft Corporation)
3 ZuneWlanCfgSvc; "C:\Program Files\Zune\ZuneWlanCfgSvc.exe" [467680 2011-08-05] (Microsoft Corporation)
2 Connectify; C:\Program Files (x86)\Connectify\Connectifyd.exe [x]
3 STSService; "C:\Program Files (x86)\SoundTaxi Media Suite\STSService.exe" [x]

========================== Drivers (Whitelisted) =============

3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 connctfy; C:\Windows\System32\Drivers\connctfy.sys [34880 2010-08-11] (Connectify)
3 connctfyMP; C:\Windows\System32\DRIVERS\connctfy.sys [34880 2010-08-11] (Connectify)
1 GIDv2; C:\Windows\System32\Drivers\GIDv2.sys [29288 2011-07-05] (StrikeForce Technologies, Inc.)
3 lvpepf64; C:\Windows\System32\DRIVERS\lv302a64.sys [16032 2007-05-09] (Logitech Inc.)
3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V64.SYS [1127328 2007-05-09] (Logitech Inc.)
3 PTAPCBUS; C:\Windows\System32\Drivers\PTAPCBUS.sys [103040 2011-06-23] (DEVGURU Co., LTD.)
3 PTAPCMDM; C:\Windows\System32\Drivers\PTAPCMDM.sys [183424 2011-06-23] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 PTAPCVSP; C:\Windows\System32\Drivers\PTAPCVSP.sys [183424 2011-06-23] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 SMSIVZAM5X64; \??\C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [43032 2009-05-25] (Smith Micro Inc.)
3 SndTAudio; C:\Windows\System32\Drivers\SndTAudio.sys [34040 2010-12-23] (Windows ® Codename Longhorn DDK provider)
3 VX3000; C:\Windows\System32\Drivers\VX3000.sys [2060144 2010-03-01] (Microsoft Corporation)
3 catchme; \??\C:\Combo-Fix\catchme.sys [x]
4 eabfiltr; [x]
3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: keriomailserver
NETSVC: videoacceleratorengine
NETSVC: RapiMgr
NETSVC: {a7447300-8075-4b0d-83f1-3d75c8ebc623}
NETSVC: atmeltpm
NETSVC: stacsv
NETSVC: enethusb

============ One Month Created Files and Folders ==============

2012-04-17 23:29 - 2009-07-13 21:08 - 0000000 ____D C:\FRST
2012-04-16 22:38 - 2009-07-13 17:38 - 0021768 ____A C:\ComboFix.txt
2012-04-16 22:29 - 2012-04-16 22:29 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-04-16 22:29 - 2012-04-16 22:29 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-04-16 22:29 - 2012-04-16 22:29 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-04-16 22:29 - 2012-04-16 22:29 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-04-16 22:29 - 2012-04-16 22:29 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-04-16 22:29 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-04-16 22:29 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-04-16 22:29 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-04-16 22:29 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-04-16 22:29 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-04-16 21:30 - 2012-04-16 16:27 - 0002946 ____A C:\Users\Kerry\Desktop\aswMBR.txt
2012-04-16 21:30 - 2012-04-13 11:05 - 0000512 ____A C:\Users\Kerry\Desktop\MBR.dat
2012-04-16 20:59 - 2012-04-16 13:21 - 0277352 ____A C:\Windows\Minidump\041712-26130-01.dmp
2012-04-16 20:41 - 2012-04-17 02:31 - 0000732 ____A C:\Users\Kerry\AppData\Roaming\SMRBackup250.dat
2012-04-16 20:41 - 1999-04-02 12:37 - 0694038 ____A C:\Windows\ntbtlog.txt
2012-04-16 20:38 - 2012-01-21 08:04 - 0371097 ____A C:\Users\Kerry\Desktop\Base Filtering Engine.reg
2012-04-16 16:49 - 2012-04-17 11:30 - 0000000 ____D C:\Qoobox
2012-04-16 16:49 - 2010-12-03 04:36 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-04-16 16:49 - 2010-06-29 20:12 - 0208896 ____A C:\Windows\MBR.exe
2012-04-16 16:49 - 2009-12-13 19:26 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-04-16 16:49 - 2009-07-13 23:50 - 0080412 ____A C:\Windows\grep.exe
2012-04-16 16:49 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\ERDNT
2012-04-16 16:49 - 2009-07-13 21:32 - 0256000 ____A C:\Windows\PEV.exe
2012-04-16 16:49 - 2009-07-13 19:20 - 0098816 ____A C:\Windows\sed.exe
2012-04-16 16:49 - 2009-07-13 17:39 - 0068096 ____A C:\Windows\zip.exe
2012-04-16 16:49 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-04-16 16:46 - 2011-08-05 13:44 - 4465601 ____R (Swearware) C:\Users\Kerry\Desktop\Combo-Fix.exe
2012-04-16 16:26 - 2012-04-16 14:37 - 8337971 ____A C:\Users\Kerry\Downloads\AustralianShoresAntonGorlin.themepack
2012-04-16 16:25 - 2011-12-15 06:35 - 0000000 ____D C:\Users\Kerry\Desktop\Anti virus tools
2012-04-16 16:01 - 2012-02-20 20:52 - 0004126 ____A C:\Users\Kerry\Desktop\unhide.txt
2012-04-16 15:16 - 2011-09-28 18:55 - 0000000 ____D C:\Users\Kerry\AppData\Local\{7F63512D-ED26-46E4-AF84-AC34107962E7}
2012-04-16 15:15 - 2012-04-16 13:47 - 0000000 ____D C:\Users\Kerry\AppData\Local\{F40122A8-63BC-4D31-B4D6-FAB09EF5BA8C}
2012-04-16 14:56 - 2012-04-16 14:41 - 0134314 ____A C:\TDSSKiller.2.7.28.0_16.04.2012_18.56.15_log.txt
2012-04-16 14:40 - 2012-04-16 14:56 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-16 14:37 - 2012-01-29 09:30 - 4731392 ____A (AVAST Software) C:\Users\Kerry\Downloads\aswMBR.exe
2012-04-16 14:36 - 2012-02-06 11:14 - 2052353 ____A C:\Users\Kerry\Downloads\tdsskiller.zip
2012-04-16 14:36 - 2010-05-14 07:50 - 0137370 ____A C:\TDSSKiller.2.7.28.0_16.04.2012_18.36.32_log.txt
2012-04-16 14:28 - 2012-04-16 13:36 - 0277352 ____A C:\Windows\Minidump\041612-27440-01.dmp
2012-04-16 14:26 - 2012-03-14 07:29 - 0000000 ____D C:\Users\Kerry\AppData\Local\{17B1831B-6036-4268-AA0F-8D4A27632059}
2012-04-16 14:25 - - 0002309 ____A C:\Users\All Users\Start Menu\Programs\Startup\Constant Guard.lnk
2012-04-16 14:23 - - 0000882 ____A C:\Windows\System32\Drivers\etc\hosts.bak
2012-04-16 14:12 - 2012-04-17 03:48 - 1584156 ____A C:\Windows\ntbtlog.txt.bak
2012-04-16 14:10 - 2009-07-13 17:40 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-16 14:09 - 2012-04-16 13:27 - 0277352 ____A C:\Windows\Minidump\041612-24180-01.dmp
2012-04-16 14:06 - 2012-04-15 07:15 - 0277352 ____A C:\Windows\Minidump\041612-117952-01.dmp
2012-04-16 13:52 - 2012-04-16 14:15 - 0000168 ____A C:\Users\All Users\-DZnLsDQ6M3j736r
2012-04-16 13:52 - 2012-04-16 14:15 - 0000168 ____A C:\ProgramData\-DZnLsDQ6M3j736r
2012-04-16 13:52 - - 0000000 ____A C:\Users\All Users\-DZnLsDQ6M3j736
2012-04-16 13:52 - - 0000000 ____A C:\ProgramData\-DZnLsDQ6M3j736
2012-04-16 13:50 - 2010-02-19 08:32 - 2804712 ____A (Symantec Corporation) C:\Users\Kerry\Downloads\NPE.exe
2012-04-16 13:50 - 2009-12-13 21:24 - 0000000 ____D C:\Users\Kerry\AppData\Local\NPE
2012-04-16 13:47 - 2012-03-02 08:22 - 0000000 ____D C:\Users\Kerry\AppData\Local\{BCCE9AD2-F3F8-4BD4-8670-8E8F0B9D1E0B}
2012-04-16 13:47 - 2011-08-04 13:04 - 0000000 ____D C:\Users\Kerry\AppData\Local\{F3D94036-DD60-4DCC-AA2F-1CC302636D43}
2012-04-16 13:43 - 2012-04-16 13:40 - 0277352 ____A C:\Windows\Minidump\041612-25864-01.dmp
2012-04-16 13:40 - 2012-04-16 14:09 - 0277352 ____A C:\Windows\Minidump\041612-24336-01.dmp
2012-04-16 13:36 - 2012-04-16 13:25 - 0277296 ____A C:\Windows\Minidump\041612-25989-01.dmp
2012-04-16 13:33 - 2012-04-16 14:28 - 0277352 ____A C:\Windows\Minidump\041612-27612-01.dmp
2012-04-16 13:31 - 2012-02-23 17:56 - 0000000 ____D C:\Users\Kerry\AppData\Local\{24E93699-F69C-43E3-99F0-15D8C28991D7}
2012-04-16 13:31 - 2011-08-27 13:14 - 0000000 ____D C:\Users\Kerry\AppData\Local\{5D14B6BC-B2C4-4DA5-BC26-A87BC7650683}
2012-04-16 13:27 - 2012-04-16 06:54 - 0277352 ____A C:\Windows\Minidump\041612-23322-01.dmp
2012-04-16 13:25 - 2012-04-16 13:43 - 0277352 ____A C:\Windows\Minidump\041612-25942-01.dmp
2012-04-16 13:21 - 2012-04-16 04:07 - 0277352 ____A C:\Windows\Minidump\041612-86174-01.dmp
2012-04-16 13:21 - 2009-12-13 21:27 - 0000000 ____D C:\Users\Kerry\AppData\Roaming\Tific
2012-04-16 07:11 - 2011-12-03 17:01 - 0000000 ____D C:\Users\Kerry\AppData\Local\{56B47BC6-1FCC-4DEE-A294-1B472AB26591}
2012-04-16 07:11 - 2011-08-20 05:36 - 0000000 ____D C:\Users\Kerry\AppData\Local\{DC2A2098-0BFC-44E6-8ED6-293EBF321F4E}
2012-04-16 06:54 - 2012-04-16 14:07 - 0277352 ____A C:\Windows\Minidump\041612-21481-01.dmp
2012-04-16 06:51 - 2012-04-16 13:33 - 0277352 ____A C:\Windows\Minidump\041612-30856-01.dmp
2012-04-16 04:15 - 2011-11-21 07:32 - 0000000 ____D C:\Users\Kerry\AppData\Local\{608EEDD7-6268-4C99-A971-9BA659770E5D}
2012-04-16 04:14 - 2011-09-18 03:57 - 0000000 ____D C:\Users\Kerry\AppData\Local\{FA194BCA-3050-4704-A3F3-C620A0394B26}
2012-04-16 04:11 - 2011-12-29 08:18 - 0000000 ____D C:\Users\Kerry\AppData\Local\{D0C30099-FEAE-4EA1-BE1A-0DBD5F95674B}
2012-04-16 04:10 - 2011-11-16 11:12 - 0000000 ____D C:\Users\Kerry\AppData\Local\{1DB90866-A6A0-4526-8E57-21195032CBB2}
2012-04-16 04:07 - 2012-04-16 06:51 - 0861120 ____A C:\Windows\Minidump\041612-31215-01.dmp
2012-04-15 07:19 - 2011-12-07 09:30 - 0000000 ____D C:\Users\Kerry\AppData\Local\{1605B3AE-C88A-4EFA-9034-FB4B1ED020D9}
2012-04-15 07:18 - 2011-09-20 06:32 - 0000000 ____D C:\Users\Kerry\AppData\Local\{10E84879-E540-4823-98E8-485F89A91964}
2012-04-15 07:15 - 2012-04-14 12:44 - 0886560 ____A C:\Windows\Minidump\041512-68468-01.dmp
2012-04-14 12:51 - 2011-12-14 19:28 - 0000000 ____D C:\Users\Kerry\AppData\Local\{D46D26B1-6E2D-4B25-99F9-74534DCF228A}
2012-04-14 12:50 - 2012-03-07 07:45 - 0000000 ____D C:\Users\Kerry\AppData\Local\{0249AC28-C1CA-481F-8096-BA685FE5328D}
2012-04-14 12:44 - 2012-04-12 18:09 - 0832880 ____A C:\Windows\Minidump\041412-35100-01.dmp
2012-04-13 17:32 - 2012-04-15 07:19 - 0000000 ____D C:\Users\Kerry\AppData\Local\{16069A69-00DD-462A-8749-592B0D982F0B}
2012-04-13 17:32 - 2012-02-05 20:18 - 0000000 ____D C:\Users\Kerry\AppData\Local\{DDA70FD6-DEE3-4044-A84C-F0F53FD925FF}
2012-04-13 16:51 - 2009-07-13 17:47 - 0034152 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-04-13 16:47 - 2012-04-16 22:29 - 0000000 ____D C:\Users\Kerry\AppData\Local\ID Vault
2012-04-13 16:47 - 2010-03-30 06:59 - 0000000 ____D C:\Users\All Users\IsolatedStorage
2012-04-13 16:47 - 2010-03-30 06:59 - 0000000 ____D C:\ProgramData\IsolatedStorage
2012-04-13 16:46 - 2011-07-05 06:25 - 0446752 ____N (StrikeForce Technologies Inc.) C:\Windows\System32\GIDHookLogon64.dll
2012-04-13 16:46 - 2011-07-05 06:24 - 0065816 ____N (StrikeForce Technologies Inc.) C:\Windows\System32\GIDLogonCP64.dll
2012-04-13 16:46 - 2011-07-05 06:23 - 0467224 ____N (StrikeForce Technologies Inc.) C:\Windows\System32\GIDHOOK64.DLL
2012-04-13 16:46 - 2011-07-05 06:23 - 0102160 ____N (StrikeForce Technologies Inc.) C:\Windows\System32\GIDBIN3.DLL
2012-04-13 16:46 - 2011-03-08 04:24 - 0000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite
2012-04-13 16:46 - 2011-02-08 07:56 - 0000000 ____D C:\Program Files (x86)\SFT
2012-04-13 16:46 - 2010-08-25 15:57 - 0206608 ____N (StrikeForce Technologies Inc.) C:\Windows\System32\GIDBIN1.DLL
2012-04-13 16:46 - 2010-08-20 20:59 - 0029288 ____N (StrikeForce Technologies, Inc.) C:\Windows\System32\Drivers\gidv2.sys
2012-04-13 16:46 - 2010-03-19 02:46 - 0000000 ____D C:\Users\Kerry\AppData\Roaming\ID Vault
2012-04-13 16:46 - 2009-07-13 21:08 - 0000000 ____D C:\Users\All Users\GID
2012-04-13 16:46 - 2009-07-13 21:08 - 0000000 ____D C:\ProgramData\GID
2012-04-13 16:46 - 2009-07-13 17:40 - 0109064 ____N C:\Windows\System32\EasyHook64.dll
2012-04-13 16:45 - 2010-09-18 04:39 - 0000000 ____D C:\Users\All Users\White Sky, Inc
2012-04-13 16:45 - 2010-09-18 04:39 - 0000000 ____D C:\ProgramData\White Sky, Inc
2012-04-13 16:43 - 2011-11-01 07:19 - 0000000 ____D C:\Users\Kerry\AppData\Local\{B1C9F588-086C-49DA-A199-F71BBF3B34C4}
2012-04-13 16:42 - 2012-02-25 10:11 - 0000000 ____D C:\Users\Kerry\AppData\Local\{23EFF8A2-17E6-4B0A-871D-1CC7736E20B6}
2012-04-13 11:06 - 2009-12-10 21:18 - 0000000 ____D C:\Users\Kerry\AppData\Roaming\Malwarebytes
2012-04-13 11:06 - 2009-12-10 21:11 - 0000361 ____A C:\rkill.log
2012-04-13 11:05 - 2012-02-11 09:06 - 1008141 ____A C:\Users\Kerry\Desktop\iExplore.exe
2012-04-13 11:04 - 2010-02-09 05:34 - 1008141 ____A C:\Users\Kerry\Downloads\iExplore.exe
2012-04-13 10:57 - 2011-10-04 10:32 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-13 10:57 - 2011-08-02 12:08 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-13 10:57 - 2011-08-02 12:08 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-13 10:57 - 2007-05-09 18:50 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-13 10:38 - 2010-04-15 14:41 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Kerry\Downloads\mbam-setup-1.61.0.1400.exe
2012-04-13 10:34 - 2012-03-06 08:27 - 0000000 ____D C:\Users\Kerry\AppData\Local\{3858BBCF-198F-41BF-894A-EEBE8C94F363}
2012-04-13 10:34 - 2011-07-02 03:21 - 0000000 ____D C:\Users\Kerry\AppData\Local\{2CA69CD1-4BD5-4058-A1EA-4D04CB7D52EC}
2012-04-13 10:15 - 2012-03-20 15:40 - 0000000 ____D C:\Users\Kerry\AppData\Local\{8E755FAB-18B4-42ED-B2D8-44C33A20C5AB}
2012-04-13 10:14 - 2011-08-11 16:57 - 0000000 ____D C:\Users\Kerry\AppData\Local\{07D1BD95-80CE-448A-B7C9-0B9D0805A3B1}
2012-04-12 18:44 - 2012-02-27 23:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-12 18:44 - 2012-02-27 22:56 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-12 18:44 - 2012-02-27 22:48 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-12 18:44 - 2012-02-27 22:45 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-12 18:44 - 2012-02-27 22:42 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-12 18:44 - 2012-02-27 17:52 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-12 18:44 - 2012-02-27 17:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-12 18:44 - 2012-02-27 17:09 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-12 18:44 - 2012-02-27 17:06 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-12 18:44 - 2012-02-27 17:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-12 18:44 - 2011-11-19 08:49 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-12 18:44 - 2011-11-19 08:49 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-12 18:44 - 2011-11-19 08:49 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-12 18:44 - 2011-11-19 08:49 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-12 18:44 - 2011-11-19 08:49 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-12 18:44 - 2011-11-19 08:49 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-12 18:44 - 2011-11-19 08:49 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-12 18:44 - 2011-11-19 08:49 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-12 18:44 - 2011-05-02 21:29 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-12 18:44 - 2011-05-02 20:30 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-12 18:44 - 2010-11-20 05:27 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-12 18:44 - 2010-11-20 04:21 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-12 18:44 - 2009-07-13 17:41 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-12 18:44 - 2009-07-13 17:41 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-12 18:44 - 2009-07-13 17:38 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-12 18:44 - 2009-07-13 17:16 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-04-12 18:44 - 2009-07-13 17:16 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-12 18:44 - 2009-07-13 17:16 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-12 18:44 - 2009-07-13 17:14 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-12 18:43 - 2009-07-13 17:47 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-12 18:43 - 2009-07-13 17:41 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-12 18:43 - 2009-07-13 17:38 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-12 18:43 - 2009-07-13 17:33 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-12 18:43 - 2009-07-13 17:16 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-12 18:43 - 2009-07-13 17:14 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-12 18:43 - 2009-07-13 17:11 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-12 18:38 - 2012-03-22 07:43 - 0000000 ____D C:\Users\Kerry\AppData\Local\{E0A2512D-A5E2-4D54-9134-81D0E7FF85A2}
2012-04-12 18:38 - 2012-03-09 05:29 - 0000000 ____D C:\Users\Kerry\AppData\Local\{C3052EE0-BFA1-4ABA-A17C-D1D6D7B6A72C}
2012-04-12 18:35 - 2009-12-25 13:09 - 0000798 ____A C:\Users\Kerry\AppData\Roaming\result.db
2012-04-12 18:33 - 2012-04-16 13:50 - 2041069 ____A C:\Users\Kerry\Downloads\setup (1).zip
2012-04-12 18:32 - 2012-04-12 18:33 - 2041069 ____A C:\Users\Kerry\Downloads\setup.zip
2012-04-12 18:10 - 2011-11-23 10:58 - 0000000 ____D C:\Users\Kerry\AppData\Local\{A13A5B19-5D05-4F4A-B0B1-FC893A7A90D7}
2012-04-12 18:09 - 2012-04-11 12:06 - 0792608 ____A C:\Windows\Minidump\041212-16988-01.dmp
2012-04-12 04:22 - 2011-10-25 02:43 - 0000000 ____D C:\Users\Kerry\AppData\Local\{5CDDE8FF-9309-4B26-80EC-651FC484D1FA}
2012-04-11 13:32 - 2012-04-10 08:11 - 0727112 ____A C:\Windows\Minidump\041112-15069-01.dmp
2012-04-11 12:06 - 2012-04-11 13:32 - 0731768 ____A C:\Windows\Minidump\041112-18766-01.dmp
2012-04-11 06:53 - 2011-10-17 10:23 - 0000000 ____D C:\Users\Kerry\AppData\Local\{586BD1CA-038A-453F-8F71-58CDEB97BEEA}
2012-04-10 14:19 - 2011-10-28 13:31 - 0026624 ____A C:\Users\Kerry\Documents\mit friday.doc
2012-04-10 10:04 - 2012-04-09 10:31 - 0767072 ____A C:\Windows\Minidump\041012-16816-01.dmp
2012-04-10 08:12 - 2011-11-13 05:30 - 0000000 ____D C:\Users\Kerry\AppData\Local\{C9D57254-A27B-4B82-80AD-D7C00A06A468}
2012-04-10 08:11 - 2012-04-10 10:04 - 0767056 ____A C:\Windows\Minidump\041012-17035-01.dmp
2012-04-09 14:46 - 2012-04-01 16:41 - 0767056 ____A C:\Windows\Minidump\040912-17222-01.dmp
2012-04-09 10:31 - 2012-04-09 14:46 - 0731768 ____A C:\Windows\Minidump\040912-22027-01.dmp
2012-04-09 08:00 - 2011-05-18 05:50 - 0000000 ____D C:\Users\Kerry\AppData\Local\{E9757881-A1D3-4057-B227-B0559665A5E9}
2012-04-06 15:14 - 2010-03-09 20:30 - 0040960 ____A C:\Users\Kerry\Documents\ann deserts.doc
2012-04-06 14:55 - 2011-05-10 19:06 - 0000000 ____D C:\Users\Kerry\AppData\Local\{32B0534B-90A6-4506-B830-764B5A66018A}
2012-04-05 13:56 - 2011-10-16 13:04 - 0000000 ____D C:\Users\Kerry\AppData\Local\{55FCF2FF-8212-4B62-A78F-00175178359A}
2012-04-02 04:09 - 2012-02-06 07:53 - 0002082 ____A C:\Users\Kerry\Downloads\CalendarEvent.ics
2012-04-02 03:17 - 2012-01-24 17:54 - 0000000 ____D C:\Users\Kerry\AppData\Local\{1B35DB4B-7019-4703-B2A3-98CD49A9E7EB}
2012-04-01 16:41 - 2012-04-01 07:40 - 0848968 ____A C:\Windows\Minidump\040112-17752-01.dmp
2012-04-01 07:42 - 2012-04-14 12:51 - 0000000 ____D C:\Users\Kerry\AppData\Local\{D4713278-41C0-4B52-87E1-2AC48A8A8469}
2012-04-01 07:40 - 2012-03-31 07:40 - 0767112 ____A C:\Windows\Minidump\040112-17128-01.dmp
2012-03-31 14:43 - 2012-03-29 05:49 - 0731912 ____A C:\Windows\Minidump\033112-17331-01.dmp
2012-03-31 07:42 - 2011-09-23 09:59 - 0000000 ____D C:\Users\Kerry\AppData\Local\{2E6070F0-52F9-4978-97E4-1295ED8411EE}
2012-03-31 07:40 - 2012-03-31 14:43 - 0731912 ____A C:\Windows\Minidump\033112-18127-01.dmp
2012-03-30 05:55 - 2011-06-11 19:01 - 0000000 ____D C:\Users\Kerry\AppData\Local\{48038F2F-AA77-40A5-B7CF-374967879E97}
2012-03-29 14:55 - 2011-06-25 08:17 - 0000000 ____D C:\Users\Kerry\AppData\Local\{6C9698A1-55BA-472B-B1C6-546A816CFAE7}
2012-03-29 06:48 - 2012-03-29 03:26 - 0729864 ____A C:\Windows\Minidump\032912-17082-01.dmp
2012-03-29 05:49 - 2012-03-29 02:53 - 0731840 ____A C:\Windows\Minidump\032912-26192-01.dmp
2012-03-29 03:26 - 2012-03-28 05:43 - 0731912 ____A C:\Windows\Minidump\032912-16723-01.dmp
2012-03-29 02:55 - 2011-12-01 04:28 - 0000000 ____D C:\Users\Kerry\AppData\Local\{DF9086F3-C95A-472A-BAA8-F13AF51ACDAB}
2012-03-29 02:53 - 2012-03-29 06:48 - 0767056 ____A C:\Windows\Minidump\032912-18111-01.dmp
2012-03-28 05:46 - 2011-11-25 09:19 - 0000000 ____D C:\Users\Kerry\AppData\Local\{C4F85E80-BAED-4013-86BC-A8845367B629}
2012-03-28 05:46 - 2011-11-11 17:28 - 0000000 ____D C:\Users\Kerry\AppData\Local\{99456F35-70BE-4A1D-A329-D224DFE0914D}
2012-03-28 05:43 - 2012-03-27 04:45 - 0766912 ____A C:\Windows\Minidump\032812-17347-01.dmp
2012-03-27 04:45 - 2012-03-25 09:19 - 0729864 ____A C:\Windows\Minidump\032712-15943-01.dmp
2012-03-27 04:03 - 2012-03-11 07:19 - 0000000 ____D C:\Users\Kerry\AppData\Local\{D614B520-2AAA-4DCE-AE7B-63AB79144283}
2012-03-27 04:03 - 2012-01-24 05:53 - 0000000 ____D C:\Users\Kerry\AppData\Local\{6C6D02DC-DE65-4056-80DE-8949865AFCC3}
2012-03-25 10:18 - 2010-06-01 09:14 - 0024576 ____A C:\Users\Kerry\Documents\Peanut Butter Cookies.doc
2012-03-25 09:36 - 2011-01-11 11:52 - 0025088 ____A C:\Users\Kerry\Documents\Notice of Religious Exemption to Vaccinations.doc
2012-03-25 09:19 - 2012-03-21 10:33 - 0731928 ____A C:\Windows\Minidump\032512-18049-01.dmp
2012-03-25 05:41 - 2009-11-03 04:25 - 0025088 ____A C:\Users\Kerry\Documents\Breakfast HCG 3.doc
2012-03-25 04:15 - 2012-02-01 09:01 - 0000000 ____D C:\Users\Kerry\AppData\Local\{D2995865-A016-431F-898F-2751D62081AF}
2012-03-25 04:15 - 2011-07-16 17:16 - 0000000 ____D C:\Users\Kerry\AppData\Local\{CD5FB685-6A97-4552-AE16-B2D65BA2B4A9}
2012-03-22 07:43 - 2012-03-15 06:18 - 0000000 ____D C:\Users\Kerry\AppData\Local\{CE6E8DC5-9B01-4F02-A8FA-C20AC3C9B1E2}
2012-03-22 07:43 - 2011-12-19 12:31 - 0000000 ____D C:\Users\Kerry\AppData\Local\{E096DEFF-328F-45CE-8DE2-A3B31D22D932}
2012-03-22 07:43 - 2011-12-01 04:28 - 0000000 ____D C:\Users\Kerry\AppData\Local\{DA5DB284-586F-4C3B-B225-B66E0853B5EE}
2012-03-22 07:43 - 2011-09-22 03:41 - 0000000 ____D C:\Users\Kerry\AppData\Local\{ABC1C162-8E9C-4DB3-A247-14B08D6ECA17}
2012-03-21 12:30 - 2012-03-16 13:30 - 0731912 ____A C:\Windows\Minidump\032112-17409-01.dmp
2012-03-21 10:32 - 2012-03-21 12:30 - 0766912 ____A C:\Windows\Minidump\032112-17784-01.dmp
2012-03-21 04:12 - 2011-12-04 07:16 - 0000000 ____D C:\Users\Kerry\AppData\Local\{0F02038C-F640-4A7B-B17A-141BC44D8A66}
2012-03-21 04:12 - 2011-10-09 06:31 - 0000000 ____D C:\Users\Kerry\AppData\Local\{AB1847C5-91E6-41A8-9A20-3979EC59EF9B}
2012-03-20 16:50 - 2012-04-13 10:11 - 0000000 ____D C:\Program Files\iPod
2012-03-20 16:50 - 2012-04-13 10:11 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-03-20 16:50 - 2012-03-20 16:50 - 0000000 ____D C:\Program Files\iTunes
2012-03-20 16:48 - 2010-02-16 19:59 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-03-20 16:48 - - 0000000 ____D C:\Program Files\Bonjour
2012-03-20 16:47 - 2010-08-15 05:23 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-03-20 16:45 - 2012-02-20 19:10 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-03-20 15:40 - 2012-03-01 17:52 - 0000000 ____D C:\Users\Kerry\AppData\Local\{C0791640-23BA-473E-8EF9-FBD70E48E0DC}
2012-03-20 15:40 - 2012-02-28 16:33 - 0000000 ____D C:\Users\Kerry\AppData\Local\{8D9B0257-141F-4CBA-A828-7FF09DF78E07}
2012-03-19 14:18 - 2012-02-21 12:31 - 0000000 ____D C:\Users\Kerry\AppData\Local\{F87E1BAC-01EF-41F3-BB5F-59DEF88FB955}
2012-03-19 14:18 - 2011-06-08 17:53 - 0000000 ____D C:\Users\Kerry\AppData\Local\{331B228B-22CC-46C3-8809-6E6E58E8E843}
2012-03-18 15:43 - 2011-11-20 07:12 - 0000000 ____D C:\Users\Kerry\AppData\Local\{4280EAD3-C7A2-4E7E-AF6B-6256BE0A9971}
2012-03-18 15:43 - 2011-10-12 04:26 - 0000000 ____D C:\Users\Kerry\AppData\Local\{111F868D-9531-433E-B7EC-A6E8583FE909}

============ 3 Months Modified Files and Folders =============

2012-04-17 23:29 - 2012-04-17 23:29 - 0000000 ____D C:\FRST
2012-04-17 07:52 - 2009-12-03 21:00 - 0000000 ____D C:\Users\All Users\Recovery
2012-04-17 07:52 - 2009-12-03 21:00 - 0000000 ____D C:\ProgramData\Recovery
2012-04-17 03:48 - 2012-04-16 20:41 - 0694038 ____A C:\Windows\ntbtlog.txt
2012-04-17 03:47 - 2009-12-03 20:37 - 2361802752 __ASH C:\hiberfil.sys
2012-04-17 03:17 - 2009-12-03 20:46 - 1099164 ____A C:\Windows\WindowsUpdate.log
2012-04-17 02:31 - 2012-02-06 11:16 - 0000000 ____D C:\Users\Kerry\AppData\Roaming\Skype
2012-04-17 02:25 - 2010-02-12 11:59 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-16 22:46 - 2012-04-16 14:10 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-16 22:42 - 2009-07-13 20:45 - 0023248 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-16 22:42 - 2009-07-13 20:45 - 0023248 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-16 22:39 - 2012-04-16 16:49 - 0000000 ____D C:\Qoobox
2012-04-16 22:39 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-04-16 22:39 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Default
2012-04-16 22:38 - 2012-04-16 22:38 - 0021768 ____A C:\ComboFix.txt
2012-04-16 22:37 - 2012-04-16 16:49 - 0000000 ____D C:\Windows\ERDNT
2012-04-16 22:31 - 2009-12-03 21:06 - 0000290 ____A C:\Users\All Users\hpqp.ini
2012-04-16 22:31 - 2009-12-03 21:06 - 0000290 ____A C:\ProgramData\hpqp.ini
2012-04-16 22:30 - 2010-02-12 11:59 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-16 22:30 - 2010-01-01 16:22 - 1272056 ____A C:\Windows\PFRO.log
2012-04-16 22:30 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-16 22:30 - 2009-07-13 20:51 - 0162037 ____A C:\Windows\setupact.log
2012-04-16 22:30 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-04-16 22:29 - 2012-04-16 22:29 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-04-16 22:29 - 2012-04-16 22:29 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-04-16 22:29 - 2012-04-16 22:29 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-04-16 22:29 - 2012-04-16 22:29 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-04-16 22:29 - 2012-04-16 22:29 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-04-16 22:29 - 2012-04-16 22:29 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-04-16 22:29 - 2012-04-16 22:29 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-04-16 22:29 - 2012-04-16 22:29 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-04-16 22:29 - 2012-04-16 22:29 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-04-16 22:29 - 2012-04-16 22:29 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-04-16 22:29 - 2009-07-13 18:34 - 71565312 ____A C:\Windows\System32\config\software.bak
2012-04-16 22:29 - 2009-07-13 18:34 - 20709376 ____A C:\Windows\System32\config\system.bak
2012-04-16 22:29 - 2009-07-13 18:34 - 0524288 ____A C:\Windows\System32\config\default.bak
2012-04-16 22:29 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\security.bak
2012-04-16 22:29 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\sam.bak
2012-04-16 22:28 - 2009-12-10 21:09 - 0000000 ____D C:\users\Kerry
2012-04-16 22:11 - 2009-12-10 21:15 - 0000372 ____A C:\Users\All Users\HPWALog.txt
2012-04-16 22:11 - 2009-12-10 21:15 - 0000372 ____A C:\ProgramData\HPWALog.txt
2012-04-16 22:06 - 2009-08-17 10:45 - 0000000 ____D C:\Users\All Users\Norton
2012-04-16 22:06 - 2009-08-17 10:45 - 0000000 ____D C:\ProgramData\Norton
2012-04-16 21:30 - 2012-04-16 21:30 - 0002946 ____A C:\Users\Kerry\Desktop\aswMBR.txt
2012-04-16 21:30 - 2012-04-16 21:30 - 0000512 ____A C:\Users\Kerry\Desktop\MBR.dat
2012-04-16 20:59 - 2012-04-16 20:59 - 0277352 ____A C:\Windows\Minidump\041712-26130-01.dmp
2012-04-16 20:59 - 2011-02-21 06:13 - 560052933 ____A C:\Windows\MEMORY.DMP
2012-04-16 20:59 - 2011-02-21 06:13 - 0000000 ____D C:\Windows\Minidump
2012-04-16 20:52 - 2012-04-16 13:50 - 0000000 ____D C:\Users\Kerry\AppData\Local\NPE
2012-04-16 20:41 - 2012-04-16 20:41 - 0000732 ____A C:\Users\Kerry\AppData\Roaming\SMRBackup250.dat
2012-04-16 20:38 - 2012-04-16 20:38 - 0371097 ____A C:\Users\Kerry\Desktop\Base Filtering Engine.reg
2012-04-16 20:23 - 2012-04-13 16:47 - 0000000 ____D C:\Users\Kerry\AppData\Local\ID Vault
2012-04-16 16:46 - 2012-04-16 16:46 - 4465601 ____R (Swearware) C:\Users\Kerry\Desktop\Combo-Fix.exe
2012-04-16 16:36 - 2010-01-01 04:53 - 0000000 ____D C:\Users\Kerry\Documents\scouting
2012-04-16 16:36 - 2009-12-26 19:48 - 0000000 ____D C:\Users\Kerry\Documents\sped
2012-04-16 16:27 - 2012-04-16 16:25 - 0000000 ____D C:\Users\Kerry\Desktop\Anti virus tools
2012-04-16 16:26 - 2012-04-16 16:26 - 8337971 ____A C:\Users\Kerry\Downloads\AustralianShoresAntonGorlin.themepack
2012-04-16 16:14 - 2012-04-16 16:01 - 0004126 ____A C:\Users\Kerry\Desktop\unhide.txt
2012-04-16 15:56 - 2012-04-13 11:06 - 0000361 ____A C:\rkill.log
2012-04-16 15:54 - 2012-04-16 14:12 - 1584156 ____A C:\Windows\ntbtlog.txt.bak
2012-04-16 15:17 - 2012-04-16 15:16 - 0000000 ____D C:\Users\Kerry\AppData\Local\{7F63512D-ED26-46E4-AF84-AC34107962E7}
2012-04-16 15:16 - 2012-04-16 15:15 - 0000000 ____D C:\Users\Kerry\AppData\Local\{F40122A8-63BC-4D31-B4D6-FAB09EF5BA8C}
2012-04-16 15:15 - 2009-12-13 19:06 - 0000000 ____D C:\Users\Kerry\Tracing
2012-04-16 14:56 - 2012-04-16 14:56 - 0134314 ____A C:\TDSSKiller.2.7.28.0_16.04.2012_18.56.15_log.txt
2012-04-16 14:41 - 2012-04-16 14:36 - 0137370 ____A C:\TDSSKiller.2.7.28.0_16.04.2012_18.36.32_log.txt
2012-04-16 14:40 - 2012-04-16 14:40 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-16 14:37 - 2012-04-16 14:37 - 4731392 ____A (AVAST Software) C:\Users\Kerry\Downloads\aswMBR.exe
2012-04-16 14:36 - 2012-04-16 14:36 - 2052353 ____A C:\Users\Kerry\Downloads\tdsskiller.zip
2012-04-16 14:28 - 2012-04-16 14:28 - 0277352 ____A C:\Windows\Minidump\041612-27440-01.dmp
2012-04-16 14:26 - 2012-04-16 14:26 - 0000000 ____D C:\Users\Kerry\AppData\Local\{17B1831B-6036-4268-AA0F-8D4A27632059}
2012-04-16 14:23 - 2012-04-16 14:23 - 0000882 ____A C:\Windows\System32\Drivers\etc\hosts.bak
2012-04-16 14:15 - 2012-04-16 13:52 - 0000168 ____A C:\Users\All Users\-DZnLsDQ6M3j736r
2012-04-16 14:15 - 2012-04-16 13:52 - 0000168 ____A C:\ProgramData\-DZnLsDQ6M3j736r
2012-04-16 14:15 - 2012-04-16 13:52 - 0000000 ____A C:\Users\All Users\-DZnLsDQ6M3j736
2012-04-16 14:15 - 2012-04-16 13:52 - 0000000 ____A C:\ProgramData\-DZnLsDQ6M3j736
2012-04-16 14:09 - 2012-04-16 14:09 - 0277352 ____A C:\Windows\Minidump\041612-24180-01.dmp
2012-04-16 14:07 - 2012-04-16 14:06 - 0277352 ____A C:\Windows\Minidump\041612-117952-01.dmp
2012-04-16 13:50 - 2012-04-16 13:50 - 2804712 ____A (Symantec Corporation) C:\Users\Kerry\Downloads\NPE.exe
2012-04-16 13:47 - 2012-04-16 13:47 - 0000000 ____D C:\Users\Kerry\AppData\Local\{F3D94036-DD60-4DCC-AA2F-1CC302636D43}
2012-04-16 13:47 - 2012-04-16 13:47 - 0000000 ____D C:\Users\Kerry\AppData\Local\{BCCE9AD2-F3F8-4BD4-8670-8E8F0B9D1E0B}
2012-04-16 13:43 - 2012-04-16 13:43 - 0277352 ____A C:\Windows\Minidump\041612-25864-01.dmp
2012-04-16 13:40 - 2012-04-16 13:40 - 0277352 ____A C:\Windows\Minidump\041612-24336-01.dmp
2012-04-16 13:36 - 2012-04-16 13:36 - 0277296 ____A C:\Windows\Minidump\041612-25989-01.dmp
2012-04-16 13:33 - 2012-04-16 13:33 - 0277352 ____A C:\Windows\Minidump\041612-27612-01.dmp
2012-04-16 13:31 - 2012-04-16 13:31 - 0000000 ____D C:\Users\Kerry\AppData\Local\{5D14B6BC-B2C4-4DA5-BC26-A87BC7650683}
2012-04-16 13:31 - 2012-04-16 13:31 - 0000000 ____D C:\Users\Kerry\AppData\Local\{24E93699-F69C-43E3-99F0-15D8C28991D7}
2012-04-16 13:27 - 2012-04-16 13:27 - 0277352 ____A C:\Windows\Minidump\041612-23322-01.dmp
2012-04-16 13:25 - 2012-04-16 13:25 - 0277352 ____A C:\Windows\Minidump\041612-25942-01.dmp
2012-04-16 13:21 - 2012-04-16 13:21 - 0277352 ____A C:\Windows\Minidump\041612-86174-01.dmp
2012-04-16 13:21 - 2012-04-16 13:21 - 0000000 ____D C:\Users\Kerry\AppData\Roaming\Tific
2012-04-16 07:11 - 2012-04-16 07:11 - 0000000 ____D C:\Users\Kerry\AppData\Local\{DC2A2098-0BFC-44E6-8ED6-293EBF321F4E}
2012-04-16 07:11 - 2012-04-16 07:11 - 0000000 ____D C:\Users\Kerry\AppData\Local\{56B47BC6-1FCC-4DEE-A294-1B472AB26591}
2012-04-16 06:54 - 2012-04-16 06:54 - 0277352 ____A C:\Windows\Minidump\041612-21481-01.dmp
2012-04-16 06:51 - 2012-04-16 06:51 - 0277352 ____A C:\Windows\Minidump\041612-30856-01.dmp
2012-04-16 04:15 - 2012-04-16 04:15 - 0000000 ____D C:\Users\Kerry\AppData\Local\{608EEDD7-6268-4C99-A971-9BA659770E5D}
2012-04-16 04:15 - 2012-04-16 04:14 - 0000000 ____D C:\Users\Kerry\AppData\Local\{FA194BCA-3050-4704-A3F3-C620A0394B26}
2012-04-16 04:11 - 2012-04-16 04:11 - 0000000 ____D C:\Users\Kerry\AppData\Local\{D0C30099-FEAE-4EA1-BE1A-0DBD5F95674B}
2012-04-16 04:10 - 2012-04-16 04:10 - 0000000 ____D C:\Users\Kerry\AppData\Local\{1DB90866-A6A0-4526-8E57-21195032CBB2}
2012-04-16 04:07 - 2012-04-16 04:07 - 0861120 ____A C:\Windows\Minidump\041612-31215-01.dmp
2012-04-15 07:19 - 2012-04-15 07:19 - 0000000 ____D C:\Users\Kerry\AppData\Local\{1605B3AE-C88A-4EFA-9034-FB4B1ED020D9}
2012-04-15 07:18 - 2012-04-15 07:18 - 0000000 ____D C:\Users\Kerry\AppData\Local\{10E84879-E540-4823-98E8-485F89A91964}
2012-04-15 07:15 - 2012-04-15 07:15 - 0886560 ____A C:\Windows\Minidump\041512-68468-01.dmp
2012-04-14 12:55 - 2012-04-13 16:46 - 0000000 ____D C:\Users\Kerry\AppData\Roaming\ID Vault
2012-04-14 12:51 - 2012-04-14 12:51 - 0000000 ____D C:\Users\Kerry\AppData\Local\{D46D26B1-6E2D-4B25-99F9-74534DCF228A}
2012-04-14 12:51 - 2012-04-14 12:50 - 0000000 ____D C:\Users\Kerry\AppData\Local\{0249AC28-C1CA-481F-8096-BA685FE5328D}
2012-04-14 12:44 - 2012-04-14 12:44 - 0832880 ____A C:\Windows\Minidump\041412-35100-01.dmp
2012-04-13 17:34 - 2009-07-13 21:13 - 0729744 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-13 17:32 - 2012-04-13 17:32 - 0000000 ____D C:\Users\Kerry\AppData\Local\{DDA70FD6-DEE3-4044-A84C-F0F53FD925FF}
2012-04-13 17:32 - 2012-04-13 17:32 - 0000000 ____D C:\Users\Kerry\AppData\Local\{16069A69-00DD-462A-8749-592B0D982F0B}
2012-04-13 16:47 - 2012-04-13 16:47 - 0000000 ____D C:\Users\All Users\IsolatedStorage
2012-04-13 16:47 - 2012-04-13 16:47 - 0000000 ____D C:\ProgramData\IsolatedStorage
2012-04-13 16:47 - 2012-04-13 16:46 - 0000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite
2012-04-13 16:47 - 2009-12-10 21:10 - 0000000 ____D C:\Users\Kerry\AppData\LocalLow
2012-04-13 16:46 - 2012-04-16 14:25 - 0002309 ____A C:\Users\All Users\Start Menu\Programs\Startup\Constant Guard.lnk
2012-04-13 16:46 - 2012-04-13 16:46 - 0000000 ____D C:\Users\All Users\GID
2012-04-13 16:46 - 2012-04-13 16:46 - 0000000 ____D C:\ProgramData\GID
2012-04-13 16:46 - 2012-04-13 16:46 - 0000000 ____D C:\Program Files (x86)\SFT
2012-04-13 16:45 - 2012-04-13 16:45 - 0000000 ____D C:\Users\All Users\White Sky, Inc
2012-04-13 16:45 - 2012-04-13 16:45 - 0000000 ____D C:\ProgramData\White Sky, Inc
2012-04-13 16:43 - 2012-04-13 16:43 - 0000000 ____D C:\Users\Kerry\AppData\Local\{B1C9F588-086C-49DA-A199-F71BBF3B34C4}
2012-04-13 16:43 - 2012-04-13 16:42 - 0000000 ____D C:\Users\Kerry\AppData\Local\{23EFF8A2-17E6-4B0A-871D-1CC7736E20B6}
2012-04-13 11:06 - 2012-04-13 11:06 - 0000000 ____D C:\Users\Kerry\AppData\Roaming\Malwarebytes
2012-04-13 11:06 - 2012-04-13 10:57 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-13 11:05 - 2012-04-13 11:05 - 1008141 ____A C:\Users\Kerry\Desktop\iExplore.exe
2012-04-13 11:04 - 2012-04-13 11:04 - 1008141 ____A C:\Users\Kerry\Downloads\iExplore.exe
2012-04-13 10:57 - 2012-04-13 10:57 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-13 10:57 - 2012-04-13 10:57 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-13 10:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-13 10:38 - 2012-04-13 10:38 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Kerry\Downloads\mbam-setup-1.61.0.1400.exe
2012-04-13 10:35 - 2012-04-13 10:34 - 0000000 ____D C:\Users\Kerry\AppData\Local\{2CA69CD1-4BD5-4058-A1EA-4D04CB7D52EC}
2012-04-13 10:34 - 2012-04-13 10:34 - 0000000 ____D C:\Users\Kerry\AppData\Local\{3858BBCF-198F-41BF-894A-EEBE8C94F363}
2012-04-13 10:15 - 2012-04-13 10:15 - 0000000 ____D C:\Users\Kerry\AppData\Local\{8E755FAB-18B4-42ED-B2D8-44C33A20C5AB}
2012-04-13 10:15 - 2012-04-13 10:14 - 0000000 ____D C:\Users\Kerry\AppData\Local\{07D1BD95-80CE-448A-B7C9-0B9D0805A3B1}
2012-04-12 18:44 - 2009-12-13 19:24 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-12 18:38 - 2012-04-12 18:38 - 0000000 ____D C:\Users\Kerry\AppData\Local\{E0A2512D-A5E2-4D54-9134-81D0E7FF85A2}
2012-04-12 18:38 - 2012-04-12 18:38 - 0000000 ____D C:\Users\Kerry\AppData\Local\{C3052EE0-BFA1-4ABA-A17C-D1D6D7B6A72C}
2012-04-12 18:35 - 2012-04-12 18:35 - 0000798 ____A C:\Users\Kerry\AppData\Roaming\result.db
2012-04-12 18:33 - 2012-04-12 18:33 - 2041069 ____A C:\Users\Kerry\Downloads\setup (1).zip
2012-04-12 18:33 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-04-12 18:32 - 2012-04-12 18:32 - 2041069 ____A C:\Users\Kerry\Downloads\setup.zip
2012-04-12 18:11 - 2012-04-12 18:10 - 0000000 ____D C:\Users\Kerry\AppData\Local\{A13A5B19-5D05-4F4A-B0B1-FC893A7A90D7}
2012-04-12 18:11 - 2010-12-02 10:07 - 0000000 ____D C:\Users\Kerry\AppData\Local\Windows Live
2012-04-12 18:09 - 2012-04-12 18:09 - 0792608 ____A C:\Windows\Minidump\041212-16988-01.dmp
2012-04-12 18:09 - 2011-08-18 12:03 - 0000332 ____A C:\Windows\Tasks\HPCeeScheduleForKerry.job
2012-04-12 11:21 - 2012-01-05 07:26 - 0000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-04-12 11:21 - 2009-12-23 20:56 - 0000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-04-12 04:24 - 2012-04-12 04:22 - 0000000 ____D C:\Users\Kerry\AppData\Local\{5CDDE8FF-9309-4B26-80EC-651FC484D1FA}
2012-04-11 13:32 - 2012-04-11 13:32 - 0727112 ____A C:\Windows\Minidump\041112-15069-01.dmp
2012-04-11 12:06 - 2012-04-11 12:06 - 0731768 ____A C:\Windows\Minidump\041112-18766-01.dmp
2012-04-11 06:55 - 2012-04-11 06:53 - 0000000 ____D C:\Users\Kerry\AppData\Local\{586BD1CA-038A-453F-8F71-58CDEB97BEEA}
2012-04-10 14:19 - 2012-04-10 14:19 - 0026624 ____A C:\Users\Kerry\Documents\mit friday.doc
2012-04-10 10:04 - 2012-04-10 10:04 - 0767072 ____A C:\Windows\Minidump\041012-16816-01.dmp
2012-04-10 08:12 - 2012-04-10 08:12 - 0000000 ____D C:\Users\Kerry\AppData\Local\{C9D57254-A27B-4B82-80AD-D7C00A06A468}
2012-04-10 08:11 - 2012-04-10 08:11 - 0767056 ____A C:\Windows\Minidump\041012-17035-01.dmp
2012-04-09 14:46 - 2012-04-09 14:46 - 0767056 ____A C:\Windows\Minidump\040912-17222-01.dmp
2012-04-09 11:42 - 2010-08-27 18:06 - 0000000 ____D C:\Users\Kerry\Documents\My Digital Editions
2012-04-09 10:31 - 2012-04-09 10:31 - 0731768 ____A C:\Windows\Minidump\040912-22027-01.dmp
2012-04-09 10:31 - 2009-07-13 21:08 - 0032614 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-09 08:01 - 2012-04-09 08:00 - 0000000 ____D C:\Users\Kerry\AppData\Local\{E9757881-A1D3-4057-B227-B0559665A5E9}
2012-04-08 14:55 - 2012-04-05 13:56 - 0000000 ____D C:\Users\Kerry\AppData\Local\{55FCF2FF-8212-4B62-A78F-00175178359A}
2012-04-06 15:23 - 2012-04-06 15:14 - 0040960 ____A C:\Users\Kerry\Documents\ann deserts.doc
2012-04-06 14:55 - 2012-04-06 14:55 - 0000000 ____D C:\Users\Kerry\AppData\Local\{32B0534B-90A6-4506-B830-764B5A66018A}
2012-04-04 12:28 - 2012-04-02 03:17 - 0000000 ____D C:\Users\Kerry\AppData\Local\{1B35DB4B-7019-4703-B2A3-98CD49A9E7EB}
2012-04-04 11:56 - 2012-04-13 10:57 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-02 04:09 - 2012-04-02 04:09 - 0002082 ____A C:\Users\Kerry\Downloads\CalendarEvent.ics
2012-04-01 16:41 - 2012-04-01 16:41 - 0848968 ____A C:\Windows\Minidump\040112-17752-01.dmp
2012-04-01 13:25 - 2012-02-06 11:29 - 0010988 ____A C:\Windows\System32\lvcoinst.log
2012-04-01 07:42 - 2012-04-01 07:42 - 0000000 ____D C:\Users\Kerry\AppData\Local\{D4713278-41C0-4B52-87E1-2AC48A8A8469}
2012-04-01 07:40 - 2012-04-01 07:40 - 0767112 ____A C:\Windows\Minidump\040112-17128-01.dmp
2012-03-31 14:43 - 2012-03-31 14:43 - 0731912 ____A C:\Windows\Minidump\033112-17331-01.dmp
2012-03-31 07:43 - 2012-03-31 07:42 - 0000000 ____D C:\Users\Kerry\AppData\Local\{2E6070F0-52F9-4978-97E4-1295ED8411EE}
2012-03-31 07:40 - 2012-03-31 07:40 - 0731912 ____A C:\Windows\Minidump\033112-18127-01.dmp
2012-03-30 05:55 - 2012-03-30 05:55 - 0000000 ____D C:\Users\Kerry\AppData\Local\{48038F2F-AA77-40A5-B7CF-374967879E97}
2012-03-29 14:55 - 2012-03-29 14:55 - 0000000 ____D C:\Users\Kerry\AppData\Local\{6C9698A1-55BA-472B-B1C6-546A816CFAE7}
2012-03-29 06:48 - 2012-03-29 06:48 - 0729864 ____A C:\Windows\Minidump\032912-17082-01.dmp
2012-03-29 05:49 - 2012-03-29 05:49 - 0731840 ____A C:\Windows\Minidump\032912-26192-01.dmp
2012-03-29 03:26 - 2012-03-29 03:26 - 0731912 ____A C:\Windows\Minidump\032912-16723-01.dmp
2012-03-29 02:55 - 2012-03-29 02:55 - 0000000 ____D C:\Users\Kerry\AppData\Local\{DF9086F3-C95A-472A-BAA8-F13AF51ACDAB}
2012-03-29 02:53 - 2012-03-29 02:53 - 0767056 ____A C:\Windows\Minidump\032912-18111-01.dmp
2012-03-28 06:09 - 2012-03-11 07:57 - 0043520 ____A C:\Users\Kerry\Documents\Candy Sale 2012.xls
2012-03-28 05:46 - 2012-03-28 05:46 - 0000000 ____D C:\Users\Kerry\AppData\Local\{C4F85E80-BAED-4013-86BC-A8845367B629}
2012-03-28 05:46 - 2012-03-28 05:46 - 0000000 ____D C:\Users\Kerry\AppData\Local\{99456F35-70BE-4A1D-A329-D224DFE0914D}
2012-03-28 05:43 - 2012-03-28 05:43 - 0766912 ____A C:\Windows\Minidump\032812-17347-01.dmp
2012-03-27 04:45 - 2012-03-27 04:45 - 0729864 ____A C:\Windows\Minidump\032712-15943-01.dmp
2012-03-27 04:03 - 2012-03-27 04:03 - 0000000 ____D C:\Users\Kerry\AppData\Local\{D614B520-2AAA-4DCE-AE7B-63AB79144283}
2012-03-27 04:03 - 2012-03-27 04:03 - 0000000 ____D C:\Users\Kerry\AppData\Local\{6C6D02DC-DE65-4056-80DE-8949865AFCC3}
2012-03-25 11:05 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-03-25 10:18 - 2012-03-25 10:18 - 0024576 ____A C:\Users\Kerry\Documents\Peanut Butter Cookies.doc
2012-03-25 09:38 - 2012-03-25 09:36 - 0025088 ____A C:\Users\Kerry\Documents\Notice of Religious Exemption to Vaccinations.doc
2012-03-25 09:19 - 2012-03-25 09:19 - 0731928 ____A C:\Windows\Minidump\032512-18049-01.dmp
2012-03-25 05:41 - 2012-03-25 05:41 - 0025088 ____A C:\Users\Kerry\Documents\Breakfast HCG 3.doc
2012-03-25 04:15 - 2012-03-25 04:15 - 0000000 ____D C:\Users\Kerry\AppData\Local\{D2995865-A016-431F-898F-2751D62081AF}
2012-03-25 04:15 - 2012-03-25 04:15 - 0000000 ____D C:\Users\Kerry\AppData\Local\{CD5FB685-6A97-4552-AE16-B2D65BA2B4A9}
2012-03-22 07:43 - 2012-03-22 07:43 - 0000000 ____D C:\Users\Kerry\AppData\Local\{E096DEFF-328F-45CE-8DE2-A3B31D22D932}
2012-03-22 07:43 - 2012-03-22 07:43 - 0000000 ____D C:\Users\Kerry\AppData\Local\{DA5DB284-586F-4C3B-B225-B66E0853B5EE}
2012-03-22 07:43 - 2012-03-22 07:43 - 0000000 ____D C:\Users\Kerry\AppData\Local\{CE6E8DC5-9B01-4F02-A8FA-C20AC3C9B1E2}
2012-03-22 07:43 - 2012-03-22 07:43 - 0000000 ____D C:\Users\Kerry\AppData\Local\{ABC1C162-8E9C-4DB3-A247-14B08D6ECA17}
2012-03-21 12:30 - 2012-03-21 12:30 - 0731912 ____A C:\Windows\Minidump\032112-17409-01.dmp
2012-03-21 10:33 - 2012-03-21 10:32 - 0766912 ____A C:\Windows\Minidump\032112-17784-01.dmp
2012-03-21 04:12 - 2012-03-21 04:12 - 0000000 ____D C:\Users\Kerry\AppData\Local\{AB1847C5-91E6-41A8-9A20-3979EC59EF9B}
2012-03-21 04:12 - 2012-03-21 04:12 - 0000000 ____D C:\Users\Kerry\AppData\Local\{0F02038C-F640-4A7B-B17A-141BC44D8A66}
2012-03-20 16:51 - 2012-03-20 16:50 - 0000000 ____D C:\Program Files\iTunes
2012-03-20 16:51 - 2012-03-20 16:50 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-03-20 16:50 - 2012-03-20 16:50 - 0000000 ____D C:\Program Files\iPod
2012-03-20 16:48 - 2012-03-20 16:48 - 0000000 ____D C:\Program Files\Bonjour
2012-03-20 16:48 - 2012-03-20 16:48 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-03-20 16:47 - 2012-03-20 16:47 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-03-20 16:45 - 2012-03-20 16:45 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-03-20 15:41 - 2012-03-20 15:40 - 0000000 ____D C:\Users\Kerry\AppData\Local\{C0791640-23BA-473E-8EF9-FBD70E48E0DC}
2012-03-20 15:40 - 2012-03-20 15:40 - 0000000 ____D C:\Users\Kerry\AppData\Local\{8D9B0257-141F-4CBA-A828-7FF09DF78E07}
2012-03-19 14:18 - 2012-03-19 14:18 - 0000000 ____D C:\Users\Kerry\AppData\Local\{F87E1BAC-01EF-41F3-BB5F-59DEF88FB955}
2012-03-19 14:18 - 2012-03-19 14:18 - 0000000 ____D C:\Users\Kerry\AppData\Local\{331B228B-22CC-46C3-8809-6E6E58E8E843}
2012-03-18 15:43 - 2012-03-18 15:43 - 0000000 ____D C:\Users\Kerry\AppData\Local\{4280EAD3-C7A2-4E7E-AF6B-6256BE0A9971}
2012-03-18 15:43 - 2012-03-18 15:43 - 0000000 ____D C:\Users\Kerry\AppData\Local\{111F868D-9531-433E-B7EC-A6E8583FE909}
2012-03-16 18:10 - 2012-03-16 18:09 - 0731912 ____A C:\Windows\Minidump\031612-15475-01.dmp
2012-03-16 14:58 - 2012-03-16 14:58 - 0731912 ____A C:\Windows\Minidump\031612-20514-01.dmp
2012-03-16 13:30 - 2012-03-16 13:30 - 0766912 ____A C:\Windows\Minidump\031612-22230-01.dmp
2012-03-16 10:36 - 2012-03-16 10:36 - 0732000 ____A C:\Windows\Minidump\031612-15943-01.dmp
2012-03-16 08:13 - 2012-03-16 08:13 - 0731912 ____A C:\Windows\Minidump\031612-16130-01.dmp
2012-03-16 07:25 - 2009-07-13 20:45 - 0347648 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-16 07:12 - 2012-03-16 07:11 - 0000000 ____D C:\Users\Kerry\AppData\Local\{89A43756-4B32-4C46-8EED-BD90BE60DC4F}
2012-03-16 07:11 - 2012-03-16 07:11 - 0000000 ____D C:\Users\Kerry\AppData\Local\{5DF33E65-638E-4B7B-B796-9C92C10AD14F}
2012-03-15 19:11 - 2012-03-15 19:10 - 0783776 ____A C:\Windows\Minidump\031512-15787-01.dmp
2012-03-15 18:44 - 2012-03-15 18:44 - 0000000 ____D C:\Users\Kerry\AppData\Local\{A0D0980C-3A45-4D31-9600-5934360F1ED3}
2012-03-15 18:44 - 2012-03-15 06:18 - 0000000 ____D C:\Users\Kerry\AppData\Local\{4CE8C92A-7F8A-4EFF-8C67-1E2215B48B4C}
2012-03-15 06:18 - 2012-03-15 06:18 - 0000000 ____D C:\Users\Kerry\AppData\Local\{CE6CB0F5-8D8F-4CA3-B092-5180549D0380}
2012-03-14 13:55 - 2012-03-14 13:55 - 0731912 ____A C:\Windows\Minidump\031412-14976-01.dmp
2012-03-14 12:47 - 2012-03-14 12:47 - 0797296 ____A C:\Windows\Minidump\031412-15225-01.dmp
2012-03-14 11:00 - 2012-03-14 11:00 - 0731840 ____A C:\Windows\Minidump\031412-16910-01.dmp
2012-03-14 07:29 - 2012-03-14 07:29 - 0000000 ____D C:\Users\Kerry\AppData\Local\{B7DB2B6E-32EA-497D-8E18-2527F3A57FDB}
2012-03-14 07:29 - 2012-03-14 07:29 - 0000000 ____D C:\Users\Kerry\AppData\Local\{17738610-125C-4546-9578-F28023D87FC2}
2012-03-13 15:35 - 2009-08-17 10:29 - 0000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2012-03-13 15:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Help
2012-03-13 15:32 - 2009-08-17 10:27 - 0000000 ____D C:\Program Files (x86)\Hewlett-Packard
2012-03-13 15:30 - 2012-03-13 15:30 - 0000000 ____D C:\Users\All Users\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-03-13 15:30 - 2012-03-13 15:30 - 0000000 ____D C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-03-13 15:29 - 2009-07-16 15:15 - 0000000 ____D C:\SwSetup
2012-03-13 14:42 - 2012-03-13 14:42 - 0731912 ____A C:\Windows\Minidump\031312-15241-01.dmp
2012-03-13 11:42 - 2012-03-13 11:42 - 0731912 ____A C:\Windows\Minidump\031312-15178-01.dmp
2012-03-13 08:42 - 2012-03-13 08:41 - 0731912 ____A C:\Windows\Minidump\031312-17347-01.dmp
2012-03-13 07:41 - 2012-03-13 07:41 - 0000000 ____D C:\Users\Kerry\AppData\Local\{B76A1737-7911-4513-B2BD-9C04E9E4CE1C}
2012-03-13 07:41 - 2012-03-13 07:41 - 0000000 ____D C:\Users\Kerry\AppData\Local\{1808CBF6-5E9D-4F49-A68F-F5F25E3E8863}
2012-03-12 17:53 - 2009-12-25 13:09 - 0000000 ____D C:\Users\Kerry\Documents\My Media
2012-03-12 11:30 - 2010-03-07 04:27 - 0921624 ____A C:\img2-001.raw
2012-03-12 09:33 - 2012-03-12 09:32 - 0000000 ____D C:\Users\Kerry\AppData\Local\{D55D6112-C3B0-407D-AA5B-1E0D48E5382C}
2012-03-12 09:32 - 2012-03-12 09:32 - 0000000 ____D C:\Users\Kerry\AppData\Local\{FA894C0D-1E4F-48DB-A76F-A51ED92C2D39}
2012-03-11 09:17 - 2012-03-11 09:17 - 0731912 ____A C:\Windows\Minidump\031112-17050-01.dmp
2012-03-11 07:32 - 2012-03-11 07:29 - 0058880 ____A C:\Users\Kerry\Documents\Back to Crispy kale chips.doc
2012-03-11 07:19 - 2012-03-11 07:19 - 0000000 ____D C:\Users\Kerry\AppData\Local\{D5EB98BC-8B4C-4EB7-B3B8-42C433165F6E}
2012-03-11 07:19 - 2012-03-11 07:19 - 0000000 ____D C:\Users\Kerry\AppData\Local\{0362FD3D-EB3B-4D69-964B-4AACC442E383}
2012-03-10 17:28 - 2012-03-10 17:28 - 0731912 ____A C:\Windows\Minidump\031012-15459-01.dmp
2012-03-10 13:10 - 2012-03-10 13:09 - 0000000 ____D C:\Users\Kerry\AppData\Local\{E809F8DA-8A12-439D-9E6A-95B33A3C1C5F}
2012-03-10 13:09 - 2012-03-10 13:09 - 0000000 ____D C:\Users\Kerry\AppData\Local\{6401D808-5F45-4CA5-9289-8A1DD4DF42AD}
2012-03-09 17:30 - 2012-03-09 17:30 - 0000000 ____D C:\Users\Kerry\AppData\Local\{9220B997-EAB1-48C6-B89E-A55B70AC3DB3}
2012-03-09 17:30 - 2012-03-09 17:30 - 0000000 ____D C:\Users\Kerry\AppData\Local\{895F8A52-C59C-43F5-8264-14E58F5A8036}
2012-03-09 17:30 - 2012-03-09 17:29 - 0000000 ____D C:\Users\Kerry\AppData\Local\{91382E69-70F7-441F-917E-7412DE6BCB92}
2012-03-09 17:29 - 2012-03-09 17:29 - 0000000 ____D C:\Users\Kerry\AppData\Local\{944BE44F-22E0-414D-8210-EC057182E194}
2012-03-09 12:35 - 2012-03-09 12:35 - 0031232 ____A C:\Users\Kerry\Documents\1776.xls
2012-03-09 12:28 - 2012-03-09 12:18 - 0076288 ____A C:\Users\Kerry\Documents\2012 pack 1776.doc
2012-03-09 05:29 - 2012-03-09 05:29 - 0000000 ____D C:\Users\Kerry\AppData\Local\{C28DD570-6B36-415A-8788-63746A6A0CE6}
2012-03-09 05:29 - 2012-03-09 05:28 - 0000000 ____D C:\Users\Kerry\AppData\Local\{2B689EC7-8BAC-4AD9-8A10-BC93C97145A9}
2012-03-07 12:02 - 2012-02-06 11:16 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-03-07 07:45 - 2012-03-07 07:45 - 0000000 ____D C:\Users\Kerry\AppData\Local\{01E8FEEF-7067-421F-9DE8-BAAACC3C6A0D}
2012-03-07 07:45 - 2012-03-07 07:43 - 0000000 ____D C:\Users\Kerry\AppData\Local\{A85EAC98-6ECF-4BC6-85C3-FEADB724EA0D}
2012-03-06 08:27 - 2012-03-06 08:27 - 0000000 ____D C:\Users\Kerry\AppData\Local\{375D3533-DD75-4C80-83D0-5EE461ECB931}
2012-03-06 08:27 - 2012-03-06 08:26 - 0000000 ____D C:\Users\Kerry\AppData\Local\{49741364-F2ED-4E58-A4B7-8E008FD199FE}
2012-03-05 22:53 - 2012-04-12 18:44 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-05 21:59 - 2012-04-12 18:44 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-05 21:59 - 2012-04-12 18:44 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-04 12:27 - 2012-03-04 12:26 - 0000000 ____D C:\Users\Kerry\AppData\Local\{1CF07522-FC05-4330-A58B-AB7E481E1385}
2012-03-04 12:26 - 2012-03-04 12:26 - 0000000 ____D C:\Users\Kerry\AppData\Local\{61476123-6216-421A-A387-CA537350422C}
2012-03-04 12:26 - 2012-03-04 12:25 - 0000000 ____D C:\Users\Kerry\AppData\Local\{23073E2E-8D22-4242-9A91-0E24BF1EC7EB}
2012-03-03 12:55 - 2012-03-03 12:55 - 0000000 ____D C:\Users\Kerry\AppData\Local\{5F12C075-69FF-4F4C-A3AD-74FBF60409E7}
2012-03-03 12:55 - 2012-03-03 12:55 - 0000000 ____D C:\Users\Kerry\AppData\Local\{43F3F589-5563-4C59-BF5F-B655A82E78C7}
2012-03-02 09:06 - 2012-03-02 08:54 - 0025088 ____A C:\Users\Kerry\Documents\Candy sales at Duxbury #4.doc
2012-03-02 08:52 - 2012-03-02 08:52 - 0024064 ____A C:\Users\Kerry\Documents\Candy sales at Duxbury #3.doc
2012-03-02 08:42 - 2012-03-02 08:42 - 0024064 ____A C:\Users\Kerry\Documents\Candy sales at Duxbury #2.doc
2012-03-02 08:41 - 2012-03-02 08:32 - 0024064 ____A C:\Users\Kerry\Documents\CANDY SALES AT the Post Office 2012.doc
2012-03-02 08:22 - 2012-03-02 08:22 - 0000000 ____D C:\Users\Kerry\AppData\Local\{BC6BE062-C0E2-4CCC-AF06-C65D0B00631D}
2012-03-02 08:22 - 2012-03-02 08:22 - 0000000 ____D C:\Users\Kerry\AppData\Local\{6F607021-19C9-4781-8B90-58B7300B1A49}
2012-03-02 08:22 - 2012-03-01 17:52 - 0000000 ____D C:\Users\Kerry\AppData\Local\{E5FB70E9-AA07-4FEA-A237-F6B900944434}
2012-03-02 08:22 - 2012-02-28 16:33 - 0000000 ____D C:\Users\Kerry\AppData\Local\{AA36ED25-F8F8-4D4C-8CB5-CF592C9EB161}
2012-03-01 17:52 - 2012-03-01 17:52 - 0000000 ____D C:\Users\Kerry\AppData\Local\{C03716FC-16F8-4566-BE7F-7238B8134328}
2012-03-01 15:21 - 2011-04-08 15:00 - 0046592 ____A C:\Users\Kerry\Documents\Candy Sale 2011.xls
2012-03-01 15:13 - 2012-03-01 15:13 - 0233984 ____A C:\Users\Kerry\Documents\candy sign up.doc
2012-03-01 05:52 - 2012-03-01 05:52 - 0000000 ____D C:\Users\Kerry\AppData\Local\{4D3DB1FC-2F80-498A-B870-29EDE6DD0BB3}
2012-02-29 22:46 - 2012-04-12 18:43 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:38 - 2012-04-12 18:43 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 22:33 - 2012-04-12 18:43 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 22:28 - 2012-04-12 18:43 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 21:37 - 2012-04-12 18:43 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 21:33 - 2012-04-12 18:43 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:29 - 2012-04-12 18:43 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-29 08:21 - 2012-02-29 08:21 - 0000000 ____D C:\Users\Kerry\AppData\Local\{F5428CE5-FC8D-491A-B28D-6DAD7F7AD979}
2012-02-29 08:21 - 2012-02-29 08:20 - 0000000 ____D C:\Users\Kerry\AppData\Local\{A2D46D9C-DAE9-4507-8878-CDB24EC291B5}
2012-02-29 08:20 - 2012-02-29 08:18 - 0000000 ____D C:\Users\Kerry\AppData\Local\{E480A4AB-2264-41EC-B226-6D026BAF38EE}
2012-02-28 16:33 - 2012-02-28 16:33 - 0000000 ____D C:\Users\Kerry\AppData\Local\{8D1F4BDF-4E2D-4E38-A934-2EF357B62ECF}
2012-02-28 16:19 - 2012-02-28 16:19 - 0000000 ____D C:\Users\Kerry\AppData\Local\{A0E780DF-46BC-46B1-A05A-39B19B94A6AE}
2012-02-28 16:19 - 2012-02-28 16:19 - 0000000 ____D C:\Users\Kerry\AppData\Local\{56965F4B-7DC0-4D02-A6B8-ABD7BB2F2780}
2012-02-28 16:19 - 2012-02-28 16:19 - 0000000 ____D C:\Users\Kerry\AppData\Local\{514D9A9E-D383-4631-B15A-515193D9F447}
2012-02-28 16:19 - 2012-02-28 16:19 - 0000000 ____D C:\Users\Kerry\AppData\Local\{4A082988-591B-42B2-B9E4-E22A3EDCEE63}
2012-02-28 05:12 - 2012-02-28 05:12 - 0024064 ____A C:\Users\Kerry\Documents\Viola size.doc
2012-02-28 04:18 - 2012-02-28 04:18 - 0000000 ____D C:\Users\Kerry\AppData\Local\{C93AA71C-ED8B-4620-AE54-0B554DF38F16}
2012-02-28 04:18 - 2012-02-28 04:18 - 0000000 ____D C:\Users\Kerry\AppData\Local\{83B3A2A5-2395-412A-B6CF-B139425053A2}
2012-02-27 23:34 - 2012-04-12 18:44 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 23:02 - 2012-04-12 18:44 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 22:56 - 2012-04-12 18:44 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 22:50 - 2012-04-12 18:44 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 22:49 - 2012-04-12 18:44 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 22:48 - 2012-04-12 18:44 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 22:48 - 2012-04-12 18:44 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 22:47 - 2012-04-12 18:44 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 22:45 - 2012-04-12 18:44 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 22:43 - 2012-04-12 18:44 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 22:43 - 2012-04-12 18:44 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 22:42 - 2012-04-12 18:44 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 22:39 - 2012-04-12 18:44 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 17:52 - 2012-04-12 18:44 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 17:27 - 2012-04-12 18:44 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 17:18 - 2012-04-12 18:44 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 17:12 - 2012-04-12 18:44 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 17:11 - 2012-04-12 18:44 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 17:11 - 2012-04-12 18:44 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 17:09 - 2012-04-12 18:44 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 17:08 - 2012-04-12 18:44 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 17:06 - 2012-04-12 18:44 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 17:04 - 2012-04-12 18:44 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 17:03 - 2012-04-12 18:44 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 17:03 - 2012-04-12 18:44 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 16:59 - 2012-04-12 18:44 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-27 07:51 - 2012-02-27 07:45 - 0075776 ____A C:\Users\Kerry\Documents\HCG RECIEPIES.doc
2012-02-27 07:01 - 2012-02-27 07:01 - 0000000 ____D C:\Users\Kerry\AppData\Local\{BA497116-E61F-453E-A7D2-D3118C7B479C}
2012-02-27 07:01 - 2012-02-27 07:01 - 0000000 ____D C:\Users\Kerry\AppData\Local\{B46628F1-8CC6-458B-B498-C375021679BB}
2012-02-26 08:38 - 2012-02-26 08:38 - 0000000 ____D C:\Users\Kerry\AppData\Local\{4A6D685D-3ECE-4A90-91AC-C799398ADBC8}
2012-02-26 08:38 - 2012-02-26 08:38 - 0000000 ____D C:\Users\Kerry\AppData\Local\{0551C9EC-D9A4-4723-9514-55D431A7E6F1}
2012-02-25 10:11 - 2012-02-25 10:11 - 0000000 ____D C:\Users\Kerry\AppData\Local\{233C538F-9142-49DB-9D96-1EE3838D5D4F}
2012-02-25 10:11 - 2012-02-25 10:10 - 0000000 ____D C:\Users\Kerry\AppData\Local\{E15B258D-627F-40C8-805A-87B0121674C1}
2012-02-23 17:56 - 2012-02-23 17:56 - 0000000 ____D C:\Users\Kerry\AppData\Local\{4131B82E-BD3C-4D72-BE18-8495175565D1}
2012-02-23 17:56 - 2012-02-23 17:56 - 0000000 ____D C:\Users\Kerry\AppData\Local\{24AB4E2C-ED6F-49A3-81BD-55953AEE72BB}
2012-02-23 17:40 - 2012-02-22 11:22 - 0000000 ____D C:\Users\Kerry\AppData\Local\{E522F740-FBB2-4353-B884-E1B7818EC1DD}
2012-02-23 05:18 - 2009-12-10 21:24 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-22 06:45 - 2012-02-22 06:45 - 0000000 ____D C:\Users\Kerry\AppData\Local\{E368D604-B80D-41EF-9F1A-B043ACB9089C}
2012-02-21 12:31 - 2012-02-21 12:30 - 0000000 ____D C:\Users\Kerry\AppData\Local\{F75CD98E-9A51-484D-BDE7-26D936212BD4}
2012-02-21 12:30 - 2012-02-21 00:29 - 0000000 ____D C:\Users\Kerry\AppData\Local\{D76DA037-CD4A-4F9D-B564-45B14AB35606}
2012-02-21 00:30 - 2012-02-21 00:30 - 0000000 ____D C:\Users\Kerry\AppData\Local\{197CF32B-5578-438C-8DD1-87BE5EBE8C67}
2012-02-21 00:30 - 2012-02-21 00:29 - 0000000 ____D C:\Users\Kerry\AppData\Local\{FAE9B44E-E87F-4092-93B5-E4840F516B86}
2012-02-21 00:27 - 2012-01-28 16:02 - 0000000 ___RD C:\Users\Kerry\Podcasts
2012-02-21 00:27 - 2009-12-10 21:15 - 0000174 ___SH C:\Users\Kerry\Start Menu\Programs\Startup\desktop.ini
2012-02-21 00:27 - 2009-12-10 21:15 - 0000174 ___SH C:\Users\Kerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-21 00:26 - 2011-08-17 06:12 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-20 20:52 - 2012-02-20 20:52 - 0000013 ____A C:\Users\Kerry\Desktop\smuggs.txt
2012-02-20 20:48 - 2012-02-20 20:48 - 0000000 ____D C:\Users\Kerry\AppData\Local\{49A4E010-4058-4732-8938-A229B36BC62B}
2012-02-20 19:10 - 2012-02-20 19:10 - 0000000 ____D C:\Users\All Users\Amazon
2012-02-20 19:10 - 2012-02-20 19:10 - 0000000 ____D C:\ProgramData\Amazon
2012-02-20 19:10 - 2012-02-20 19:10 - 0000000 ____D C:\Program Files (x86)\Amazon
2012-02-20 19:09 - 2009-08-17 12:33 - 0000000 ____D C:\Windows\Downloaded Installations
2012-02-20 08:16 - 2012-02-20 08:16 - 0000000 ____D C:\Users\Kerry\AppData\Local\{AEC8428E-ED1A-4ACE-A41E-21F896D48C98}
2012-02-20 08:16 - 2012-02-20 08:16 - 0000000 ____D C:\Users\Kerry\AppData\Local\{ACAF4503-6EC9-4837-8022-3D0F82AB479C}
2012-02-19 18:35 - 2012-02-19 18:35 - 0000000 ____D C:\Users\Kerry\AppData\Local\{E5EF23B8-2F9E-49EC-B7CD-4E7249CE6053}
2012-02-19 18:00 - 2012-02-19 17:53 - 0025600 ____A C:\Users\Kerry\Documents\eye creams.doc
2012-02-19 16:54 - 2010-04-17 06:19 - 0000021 ____A C:\Users\All Users\hpqp.txt
2012-02-19 16:54 - 2010-04-17 06:19 - 0000021 ____A C:\ProgramData\hpqp.txt
2012-02-19 16:25 - 2012-02-19 16:25 - 0000000 ____D C:\Users\Kerry\AppData\Local\{C894A373-3A94-45FE-BD3D-002B21C89266}
2012-02-19 15:32 - 2012-02-19 15:31 - 0000000 ____D C:\Users\Kerry\AppData\Local\{3B814A25-2571-480B-AF7B-DFBBA42B6C27}
2012-02-19 14:05 - 2012-02-19 14:05 - 0000000 ____D C:\Users\Kerry\AppData\Local\{7003B228-D2F9-4F7D-AC6D-C1FCE95B974A}
2012-02-19 12:01 - 2012-02-19 12:01 - 0000000 ____D C:\Users\Kerry\AppData\Local\{64CB4981-E2DE-4ACB-A841-F44FD67BAF0C}
2012-02-19 12:01 - 2012-02-19 12:00 - 0000000 ____D C:\Users\Kerry\AppData\Local\{9F29BEBB-2322-4C41-A853-A5CBBEDB12E6}
2012-02-19 08:38 - 2012-02-19 08:38 - 0000000 ____D C:\Users\Kerry\AppData\Local\{0FBE0C43-33A8-4DDD-9231-285B287993F0}
2012-02-18 17:09 - 2012-02-18 17:09 - 0000000 ____D C:\Users\Kerry\AppData\Local\{E028BC8D-9AE9-47E9-9952-53D003D33A6E}
2012-02-18 17:09 - 2012-02-18 17:09 - 0000000 ____D C:\Users\Kerry\AppData\Local\{8588B818-C532-4006-A20A-C21E3ED44F5B}
2012-02-18 13:57 - 2012-02-17 17:43 - 0000000 ____D C:\Users\Kerry\AppData\Local\{2537E188-21DE-47B8-A67A-DABE7176A990}
2012-02-16 22:38 - 2012-03-14 07:34 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-14 07:34 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-14 07:34 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-14 07:34 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-15 08:42 - 2012-02-15 08:42 - 0000000 ____D C:\Users\Kerry\AppData\Local\{682B1D9D-8E7E-48AD-803A-E1A81BFB6D3A}
2012-02-15 08:42 - 2012-02-15 08:42 - 0000000 ____D C:\Users\Kerry\AppData\Local\{2B0230EE-9C39-4774-98A5-C94647F32D33}
2012-02-14 18:42 - 2012-02-14 18:42 - 0000000 ____D C:\Users\Kerry\AppData\Local\{EC7F4E2B-92A9-401F-BBBD-2F882BA8A647}
2012-02-14 18:42 - 2012-02-14 18:41 - 0000000 ____D C:\Users\Kerry\AppData\Local\{54755EE1-F26A-474A-A905-5E553303CB58}
2012-02-14 15:31 - 2012-02-14 15:31 - 0025088 ____A C:\Users\Kerry\Documents\sam parent statement 2012.doc
2012-02-14 06:41 - 2012-02-14 06:41 - 0000000 ____D C:\Users\Kerry\AppData\Local\{C96311BD-AAF0-473E-B213-2143737E4D6A}
2012-02-14 06:41 - 2012-02-13 08:59 - 0000000 ____D C:\Users\Kerry\AppData\Local\{FA9908CA-D8C6-491E-9B8E-810E1162F78A}
2012-02-13 12:26 - 2012-02-13 12:26 - 0000000 ____D C:\Users\Kerry\AppData\Local\{931CAB8A-A26C-4864-AEDE-3DE0C9F925F7}
2012-02-13 12:26 - 2012-02-13 12:26 - 0000000 ____D C:\Users\Kerry\AppData\Local\{473B11A0-48F9-4C0C-95FD-8565AB9E306B}
2012-02-12 08:00 - 2012-02-12 08:00 - 0000000 ____D C:\Users\Kerry\AppData\Local\{E2726D1A-F170-4102-9B36-EC1370E162E9}
2012-02-12 08:00 - 2012-02-12 08:00 - 0000000 ____D C:\Users\Kerry\AppData\Local\{1869FF87-6847-4C82-B5FD-A93BFFAAFEED}
2012-02-11 18:43 - 2012-02-11 18:42 - 0000000 ____D C:\Users\Kerry\AppData\Local\{9D4E86A6-9EAD-4A7A-BF34-5DFC9521D21E}
2012-02-11 18:42 - 2012-02-11 18:42 - 0000000 ____D C:\Users\Kerry\AppData\Local\{59DA0BC5-F344-4344-931D-1D00D3D1014C}
2012-02-11 09:06 - 2012-02-05 11:13 - 0000000 ____D C:\Users\Kerry\Desktop\Egypt project
2012-02-11 06:42 - 2012-02-11 06:42 - 0000000 ____D C:\Users\Kerry\AppData\Local\{6E2A85FC-65EB-4787-8F96-F9F293AF41C5}
2012-02-11 06:42 - 2012-02-11 06:41 - 0000000 ____D C:\Users\Kerry\AppData\Local\{837A3459-7160-4197-BB61-52C75372ACE5}
2012-02-09 22:36 - 2012-03-14 07:34 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-03-14 07:34 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-09 05:29 - 2012-02-09 05:29 - 0000000 ____D C:\Users\Kerry\AppData\Local\{E72F0086-09E2-4258-B03C-FA582C191805}
2012-02-09 05:29 - 2012-02-09 05:29 - 0000000 ____D C:\Users\Kerry\AppData\Local\{2E7700DC-07AA-47FB-95ED-291F4973CC4C}
2012-02-08 19:52 - 2012-02-08 19:52 - 0049152 ____A C:\Users\Kerry\Documents\resize.doc
2012-02-08 15:19 - 2012-02-08 15:13 - 0024576 ____A C:\Users\Kerry\Documents\homework sam letter.doc
2012-02-08 08:43 - 2012-02-08 08:43 - 0000000 ____D C:\Users\Kerry\AppData\Local\{6C6E11CE-71DB-4DD0-942C-93494ACB6866}
2012-02-08 08:43 - 2012-02-08 08:43 - 0000000 ____D C:\Users\Kerry\AppData\Local\{64380211-3404-45FE-8C32-30420C7CC02B}
2012-02-07 11:24 - 2012-02-07 11:24 - 0000000 ____D C:\Users\Kerry\AppData\Local\{9F6D6156-CA0F-4CBB-9CBC-BE08480D08F4}
2012-02-07 11:24 - 2012-02-07 11:24 - 0000000 ____D C:\Users\Kerry\AppData\Local\{5B34D8CA-E671-4E59-83B6-9C7375454493}
2012-02-06 15:48 - 2012-02-06 15:18 - 0030208 ____A C:\Users\Kerry\Documents\jake iguana homework.doc
2012-02-06 11:29 - 2012-02-06 11:29 - 0000000 ____D C:\Program Files\Common Files\logishrd
2012-02-06 11:16 - 2012-02-06 11:16 - 0000000 ____D C:\Users\All Users\Skype
2012-02-06 11:16 - 2012-02-06 11:16 - 0000000 ____D C:\ProgramData\Skype
2012-02-06 11:14 - 2012-02-06 11:14 - 0943752 ____A (Skype Technologies S.A.) C:\Users\Kerry\Downloads\SkypeSetup.exe
2012-02-06 08:19 - 2012-02-06 08:19 - 0000000 ____D C:\Users\Kerry\AppData\Local\{1C74460E-611D-4289-8D6E-3B9787AB97E9}
2012-02-06 08:19 - 2012-02-06 08:19 - 0000000 ____D C:\Users\Kerry\AppData\Local\{0ADFFE43-6385-4EBC-92A7-E94CD1639B52}
2012-02-06 07:53 - 2012-02-06 07:53 - 0001787 ____A C:\Users\Kerry\Downloads\BasherFiveTwoTheTrueStoryofF16Fighter9780307764966.acsm
2012-02-05 20:18 - 2012-02-05 20:18 - 0000000 ____D C:\Users\Kerry\AppData\Local\{DC7312AA-8C80-4D7D-A3C1-ECD65A81A287}
2012-02-05 20:18 - 2012-02-05 20:18 - 0000000 ____D C:\Users\Kerry\AppData\Local\{ADA3CADE-D3C3-4B84-BB3E-367F38060985}
2012-02-05 08:17 - 2012-02-05 08:17 - 0000000 ____D C:\Users\Kerry\AppData\Local\{A3F5D920-066F-4204-9A97-8C7E77B70FDC}
2012-02-05 08:17 - 2012-02-02 10:43 - 0000000 ____D C:\Users\Kerry\AppData\Local\{A6466D10-C6D6-4BA1-B43F-2688BBBEE755}
2012-02-04 11:08 - 2012-02-04 09:34 - 0022528 ____A C:\Users\Kerry\Documents\Our one and only fundraiser to begin at the Derby weigh in on.doc
2012-02-04 09:05 - 2011-05-11 06:34 - 0029184 ____A C:\Users\Kerry\Documents\candy follow up.doc
2012-02-04 08:57 - 2012-02-04 08:57 - 0000000 ____D C:\Users\Kerry\AppData\Local\{BB8D054A-E347-47CA-9E9A-7163764A94AC}
2012-02-04 08:57 - 2012-02-04 08:57 - 0000000 ____D C:\Users\Kerry\AppData\Local\{7B1055A5-5E36-4456-B666-FC1D1F83C595}
2012-02-03 07:55 - 2012-02-03 07:55 - 0074240 ____A C:\Users\Kerry\Documents\Check Balance tavern in marshfield.doc
2012-02-03 07:51 - 2012-02-03 07:50 - 0000000 ____D C:\Users\Kerry\AppData\Local\{C159120F-3A9D-40EA-A0EF-F57617A7898E}
2012-02-02 20:34 - 2012-03-14 07:34 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-02 10:43 - 2012-02-02 10:43 - 0000000 ____D C:\Users\Kerry\AppData\Local\{44E96A71-6B75-43FF-9EB1-238D9A336E94}
2012-02-01 21:01 - 2012-02-01 21:01 - 0000000 ____D C:\Users\Kerry\AppData\Local\{23F3054C-6B95-4360-8BFD-B99F8DE76AE4}
2012-02-01 21:01 - 2012-02-01 21:01 - 0000000 ____D C:\Users\Kerry\AppData\Local\{130C69F7-0EE9-42A2-A4BE-266F4C778717}
2012-02-01 09:01 - 2012-02-01 09:01 - 0000000 ____D C:\Users\Kerry\AppData\Local\{D24BFB14-1D2F-4666-966A-321E55583901}
2012-02-01 09:01 - 2012-02-01 09:00 - 0000000 ____D C:\Users\Kerry\AppData\Local\{B03EC801-593E-412A-8E0D-425B2C344B55}
2012-01-31 08:32 - 2012-01-31 08:30 - 0025600 ____A C:\Users\Kerry\Documents\To Town Hall of Duxbury.doc
2012-01-31 08:08 - 2012-01-31 08:08 - 0000000 ____D C:\Users\Kerry\AppData\Local\{7CFAB53B-9C99-46D7-B21A-63BC3970D3CA}
2012-01-31 08:08 - 2012-01-31 08:07 - 0000000 ____D C:\Users\Kerry\AppData\Local\{515CEBA5-0C1B-448D-969F-1C8010C8BF74}
2012-01-30 16:48 - 2012-01-30 16:48 - 0000000 ____D C:\Users\Kerry\AppData\Local\{8F6A6BCB-902E-4972-B174-95959977C308}
2012-01-30 16:48 - 2012-01-30 16:48 - 0000000 ____D C:\Users\Kerry\AppData\Local\{76B86A0F-F93F-4BE8-B6B0-6EF674B2A678}
2012-01-30 16:46 - 2012-01-30 13:12 - 0031744 ____A C:\Users\Kerry\Documents\Jake final.doc
2012-01-30 09:12 - 2012-01-30 08:36 - 0028160 ____A C:\Users\Kerry\Documents\Questions I would like to be answered in the school.doc
2012-01-30 08:27 - 2012-01-30 08:24 - 0026624 ____A C:\Users\Kerry\Documents\eval should answer these qusestions.doc
2012-01-30 03:42 - 2012-01-30 03:42 - 0000000 ____D C:\Users\Kerry\AppData\Local\{1DCDC5AE-98D0-45C8-ACC8-799C1370D871}
2012-01-30 03:42 - 2012-01-30 03:41 - 0000000 ____D C:\Users\Kerry\AppData\Local\{672B692A-41D1-419A-A246-7015F6C30F4F}
2012-01-30 03:41 - 2012-01-30 03:41 - 0000000 ____D C:\Users\Kerry\AppData\Local\{75B31AFF-01C8-4705-913E-0065F3255FF1}
2012-01-30 03:41 - 2012-01-29 04:56 - 0000000 ____D C:\Users\Kerry\AppData\Local\{D35A4A3D-A5E2-4062-B450-16B08DA89804}
2012-01-29 10:09 - 2012-01-29 09:31 - 0000000 ____D C:\Users\Kerry\Documents\Sam Projects
2012-01-29 09:30 - 2012-01-29 09:30 - 0512196 ____A C:\Users\Kerry\Downloads\1934_egypt_ppt.zip
2012-01-29 04:57 - 2012-01-29 04:56 - 0000000 ____D C:\Users\Kerry\AppData\Local\{5A736BE0-D45F-4FD7-A5CB-2F6AFD8FBD71}
2012-01-28 16:08 - 2012-01-28 16:08 - 0000000 ____D C:\Windows\System32\ms-MY
2012-01-28 16:08 - 2012-01-28 16:08 - 0000000 ____A C:\Windows\System32\Drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2012-01-28 16:08 - 2012-01-28 16:08 - 0000000 ____A C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2012-01-28 16:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-TW
2012-01-28 16:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-CN
2012-01-28 16:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sv-SE
2012-01-28 16:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ru-RU
2012-01-28 16:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pt-PT
2012-01-28 16:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pt-BR
2012-01-28 16:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pl-PL
2012-01-28 16:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\nl-NL
2012-01-28 16:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\nb-NO
2012-01-28 16:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ko-KR
2012-01-28 16:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ja-JP
2012-01-28 16:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\it-IT
2012-01-28 16:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\hu-HU
2012-01-28 16:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\fr-FR
2012-01-28 16:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\fi-FI
2012-01-28 16:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\es-ES
2012-01-28 16:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\el-GR
2012-01-28 16:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\de-DE
2012-01-28 16:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\da-DK
2012-01-28 16:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2012-01-28 16:02 - 2012-01-28 16:00 - 0000000 ____D C:\Program Files\Zune
2012-01-28 05:56 - 2012-01-28 05:56 - 0001774 ____A C:\Users\Kerry\Downloads\SkeletonKey9781429536165.acsm
2012-01-28 05:36 - 2012-01-28 05:36 - 0000000 ____D C:\Users\Kerry\AppData\Local\{FA825E04-6208-42E7-A79B-4B584BF3595A}
2012-01-28 05:36 - 2012-01-28 05:36 - 0000000 ____D C:\Users\Kerry\AppData\Local\{83479AF4-1C02-45B3-A06C-62C27BF65FAF}
2012-01-27 09:41 - 2012-01-27 09:41 - 0000000 ____D C:\Users\Kerry\AppData\Local\{B8E9DB77-F5BE-42B4-ACF8-40A763D2B3FF}
2012-01-27 09:41 - 2012-01-27 09:41 - 0000000 ____D C:\Users\Kerry\AppData\Local\{9ECB028B-F486-41B0-B19D-870002DFE48C}
2012-01-26 14:22 - 2010-04-24 05:08 - 0000000 ____D C:\Users\Kerry\AppData\Local\CrashDumps
2012-01-26 03:24 - 2012-01-26 03:24 - 0000000 ____D C:\Users\Kerry\AppData\Local\{1275CB37-31FC-443A-8424-56992CF0DECA}
2012-01-26 03:24 - 2012-01-26 03:23 - 0000000 ____D C:\Users\Kerry\AppData\Local\{8632EA9E-BB05-49DF-AB36-D67EEE0276E3}
2012-01-24 22:38 - 2012-03-14 07:34 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 22:38 - 2012-03-14 07:34 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 22:33 - 2012-03-14 07:34 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-24 17:54 - 2012-01-24 17:54 - 0000000 ____D C:\Users\Kerry\AppData\Local\{1B29478E-F54E-41E0-857D-85D08AC9FB41}
2012-01-24 17:54 - 2012-01-24 17:54 - 0000000 ____D C:\Users\Kerry\AppData\Local\{1748A7DE-130E-4804-A330-BE5FCA8EBEC3}
2012-01-24 07:32 - 2012-01-24 06:06 - 1319307 ____A C:\Users\Kerry\Desktop\2012 IEP Page 1.pdf - Adobe Reader.pdf
2012-01-24 05:56 - 2012-01-24 05:56 - 1261550 ____A C:\Users\Kerry\Documents\2012 IEP Page 1.pdf - Adobe Reader.pdf
2012-01-24 05:53 - 2012-01-24 05:53 - 0000000 ____D C:\Users\Kerry\AppData\Local\{D5B28E1D-5C0F-46C4-B317-433A7A6E9210}
2012-01-24 05:53 - 2012-01-24 05:53 - 0000000 ____D C:\Users\Kerry\AppData\Local\{6A583A97-02C1-48C5-AC96-F62A1AB83843}
2012-01-23 08:00 - 2012-01-23 07:59 - 0000000 ____D C:\Users\Kerry\AppData\Local\{CD159BFA-1AF6-4D73-8ADA-3971B991F1F6}
2012-01-23 07:59 - 2012-01-23 07:58 - 0000000 ____D C:\Users\Kerry\AppData\Local\{8769F2D2-C1FF-413D-B338-3BDF038F8E96}
2012-01-22 15:15 - 2012-01-22 14:59 - 0027136 ____A C:\Users\Kerry\Documents\jake book list.doc
2012-01-22 06:20 - 2012-01-22 06:20 - 0000000 ____D C:\Users\Kerry\AppData\Local\{DDD6D4FB-929D-4081-8D22-D808A3D716E4}
2012-01-22 06:20 - 2012-01-22 06:20 - 0000000 ____D C:\Users\Kerry\AppData\Local\{198FE103-DEDA-4B4E-A91D-FBBBFF825F96}
2012-01-21 19:23 - 2012-01-21 19:23 - 0000000 ____D C:\Users\Kerry\AppData\Local\{66694737-5F38-40FB-9C3C-53F0C820AEC8}
2012-01-21 19:23 - 2012-01-21 06:06 - 0000000 ____D C:\Users\Kerry\AppData\Local\{F4031DBD-DE38-478C-A42E-026C24C457B8}
2012-01-21 08:04 - 2012-01-21 08:04 - 0000219 ____A C:\Users\Kerry\Desktop\Back.url
2012-01-21 06:07 - 2012-01-21 06:07 - 0000000 ____D C:\Users\Kerry\AppData\Local\{B710664E-2974-4BDD-84D7-36E00F4D476A}
2012-01-20 09:03 - 2012-01-20 09:03 - 0000000 ____D C:\Users\Kerry\AppData\Local\{1258A876-9576-4044-9FB5-5CB0DB9D82F4}
2012-01-19 03:41 - 2012-01-19 03:41 - 0000000 ____D C:\Users\Kerry\AppData\Local\{84B4416E-3742-4367-9B1E-E6B2D6CA4AE1}
2012-01-19 03:41 - 2012-01-19 03:41 - 0000000 ____D C:\Users\Kerry\AppData\Local\{4E625F11-0D38-406C-B712-5E84D70C94F2}

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 21%
Total physical RAM: 3003.19 MB
Available physical RAM: 2346.01 MB
Total Pagefile: 3001.34 MB
Available Pagefile: 2343.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:220.78 GB) (Free:133.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:11.91 GB) (Free:2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: () (Removable) (Total:3.73 GB) (Free:3.64 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 3819 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 220 GB 200 MB
Partition 3 Primary 11 GB 220 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 220 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 11 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3818 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 3818 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-09 09:01

======================= End Of Log ==========================

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:50 AM

Posted 17 April 2012 - 11:47 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ==> ZeroAccess
2 atmeltpm; C:\Windows\System32\caboagp.dll [6656 2009-07-13] (Oak Technology Inc.)
C:\Windows\System32\caboagp.dll
NETSVC: atmeltpm


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gmonkey

gmonkey
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 18 April 2012 - 12:00 AM

Contents of Fixlog.txt

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 16-04-2012
Ran by SYSTEM at 2012-04-18 00:58:26 R:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
atmeltpm service deleted successfully.
C:\Windows\System32\caboagp.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs atmeltpm Deleted successfully.

==== End of Fixlog ====

#4 gmonkey

gmonkey
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 18 April 2012 - 12:37 AM

I should add that running that script has enabled me to boot up again

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:50 AM

Posted 18 April 2012 - 05:39 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gmonkey

gmonkey
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 18 April 2012 - 10:07 AM

Seems to be working like a champ right now! :) Thanks Gringo

Combofix log:


ComboFix 12-04-16.02 - Kerry 04/18/2012 8:43.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1878 [GMT -4:00]
Running from: c:\users\Kerry\Desktop\Combo-Fix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kerry\AppData\Roaming\result.db
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))
.
.
2012-04-18 13:00 . 2012-04-18 13:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-18 07:29 . 2012-04-18 07:30 -------- d-----w- C:\FRST
2012-04-18 05:48 . 2012-04-18 05:48 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-16 22:40 . 2012-04-16 22:40 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-16 21:50 . 2012-04-17 04:52 -------- d-----w- c:\users\Kerry\AppData\Local\NPE
2012-04-16 21:21 . 2012-04-16 21:21 -------- d-----w- c:\users\Kerry\AppData\Roaming\Tific
2012-04-14 00:51 . 2010-08-21 04:59 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-04-14 00:45 . 2012-04-14 00:45 -------- d-----w- c:\programdata\White Sky, Inc
2012-04-13 19:06 . 2012-04-13 19:06 -------- d-----w- c:\users\Kerry\AppData\Roaming\Malwarebytes
2012-04-13 18:57 . 2012-04-13 18:57 -------- d-----w- c:\programdata\Malwarebytes
2012-04-13 18:57 . 2012-04-13 19:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-13 18:57 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-13 18:21 . 2012-04-13 18:21 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4fc54bb81cd19a201\DSETUP.dll
2012-04-13 18:21 . 2012-04-13 18:21 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4fc54bb81cd19a201\DXSETUP.exe
2012-04-13 18:21 . 2012-04-13 18:21 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4fc54bb81cd19a201\dsetup32.dll
2012-04-13 02:43 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 02:43 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-13 02:43 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-13 02:43 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 02:43 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 02:43 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-13 02:43 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 14:54 . 2012-04-12 12:48 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7DD382EB-B349-4079-B429-9E5A23243B19}\offreg.dll
2012-04-10 16:17 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7DD382EB-B349-4079-B429-9E5A23243B19}\mpengine.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-21 00:50 . 2012-03-21 00:51 -------- d-----w- c:\program files\iTunes
2012-03-21 00:50 . 2012-03-21 00:51 -------- d-----w- c:\program files (x86)\iTunes
2012-03-21 00:50 . 2012-03-21 00:50 -------- d-----w- c:\program files\iPod
2012-03-21 00:48 . 2012-03-21 00:48 -------- d-----w- c:\program files\Bonjour
2012-03-21 00:48 . 2012-03-21 00:48 -------- d-----w- c:\program files (x86)\Bonjour
2012-03-21 00:47 . 2012-03-21 00:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-03-21 00:47 . 2012-03-21 00:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-03-21 00:47 . 2012-03-21 00:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-03-21 00:47 . 2012-03-21 00:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-03-21 00:47 . 2012-03-21 00:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-03-21 00:47 . 2012-03-21 00:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-03-21 00:47 . 2012-03-21 00:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-03-21 00:47 . 2012-03-21 00:47 -------- d-----w- c:\program files (x86)\QuickTime
2012-03-21 00:45 . 2012-03-21 00:45 -------- d-----w- c:\program files (x86)\Apple Software Update
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-18 05:47 . 2011-06-17 12:29 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-23 13:18 . 2009-12-11 05:24 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 15:34 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 15:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 15:34 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 15:34 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 15:34 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 15:34 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 15:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-14 15:34 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 15:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 15:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-17_06.30.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-04-18 12:42 64478 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-11 05:11 . 2012-04-18 12:42 21816 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2706499287-1759843255-3125479961-1001_UserData.bin
+ 2010-01-30 23:07 . 2012-04-17 11:19 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2010-01-30 23:07 . 2011-12-04 20:46 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2009-12-04 04:49 . 2012-04-18 07:52 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-04 04:49 . 2012-04-17 00:16 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-04 04:49 . 2012-04-18 07:52 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-04 04:49 . 2012-04-17 00:16 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-18 07:52 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-17 00:16 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-17 06:30 . 2012-04-17 06:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-18 12:40 . 2012-04-18 12:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-17 06:30 . 2012-04-17 06:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-18 12:40 . 2012-04-18 12:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-18 05:47 . 2012-04-18 05:47 157472 c:\windows\SysWOW64\javaws.exe
- 2011-11-07 20:10 . 2011-10-03 10:06 157472 c:\windows\SysWOW64\javaws.exe
+ 2012-04-18 05:47 . 2012-04-18 05:47 149280 c:\windows\SysWOW64\javaw.exe
+ 2012-04-18 05:47 . 2012-04-18 05:47 149280 c:\windows\SysWOW64\java.exe
- 2009-07-14 04:54 . 2012-04-17 05:10 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-18 05:39 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 02:36 . 2012-04-14 01:34 626530 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-18 12:47 626530 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-14 01:34 107878 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-18 12:47 107878 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-04-18 12:39 313864 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-17 06:29 313864 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-18 05:48 . 2012-04-18 05:48 207360 c:\windows\Installer\9bf02.msi
- 2009-07-14 04:54 . 2012-04-17 05:10 3801088 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-18 05:39 3801088 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-18 05:39 4308992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-17 05:10 4308992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-17 22:02 . 2012-04-18 12:39 2585232 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-02-21 08:24 . 2012-04-17 06:29 3002497 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2706499287-1759843255-3125479961-1001-12288.dat
+ 2012-02-21 08:24 . 2012-04-18 12:39 3002497 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2706499287-1759843255-3125479961-1001-12288.dat
+ 2009-07-14 02:34 . 2012-04-17 15:31 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-04-13 18:11 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-04-18 05:46 . 2012-04-18 05:46 12938752 c:\windows\Installer\9bef2.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2010-06-30 1689144]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-12 39408]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-05-14 307768]
"SansaDispatch"="c:\users\Kerry\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-05-08 79872]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-03-02 119152]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2012-3-30 5572168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Connectify;Connectify;c:\program files (x86)\Connectify\Connectifyd.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-12 135664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-12 135664]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 PTAPCBUS;Pantech Android USB Composite Device (PTAPC);c:\windows\system32\DRIVERS\PTAPCBUS.sys [x]
R3 PTAPCMDM;Pantech Android USB Modem Drivers (PTAPC);c:\windows\system32\DRIVERS\PTAPCMDM.sys [x]
R3 PTAPCVSP;Pantech Android USB Serial Port (PTAPC);c:\windows\system32\DRIVERS\PTAPCVSP.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-05-25 43032]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 STSService;STSService;c:\program files (x86)\SoundTaxi Media Suite\STSService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 GIDv2;GIDv2; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-03-30 65608]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
S3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 15:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 14:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-12 19:59]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-12 19:59]
.
2012-04-18 c:\windows\Tasks\HPCeeScheduleForKerry.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 02:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 171520]
"VX3000"="c:\windows\vVX3000.exe" [2010-03-02 762736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
keriomailserver
videoacceleratorengine
RapiMgr
{a7447300-8075-4b0d-83f1-3d75c8ebc623}
stacsv
enethusb
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-18 09:22:35
ComboFix-quarantined-files.txt 2012-04-18 13:22
ComboFix2.txt 2012-04-17 06:38
.
Pre-Run: 143,164,678,144 bytes free
Post-Run: 143,112,859,648 bytes free
.
- - End Of File - - A9719DC3BD2B6621F74593044A8CA601

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:50 AM

Posted 18 April 2012 - 10:12 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gmonkey

gmonkey
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 18 April 2012 - 10:42 AM

TDSSKiller log:


11:29:09.0616 3716 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
11:29:11.0629 3716 ============================================================
11:29:11.0629 3716 Current date / time: 2012/04/18 11:29:11.0629
11:29:11.0629 3716 SystemInfo:
11:29:11.0629 3716
11:29:11.0629 3716 OS Version: 6.1.7601 ServicePack: 1.0
11:29:11.0629 3716 Product type: Workstation
11:29:11.0629 3716 ComputerName: KERRY-PC
11:29:11.0629 3716 UserName: Kerry
11:29:11.0629 3716 Windows directory: C:\Windows
11:29:11.0629 3716 System windows directory: C:\Windows
11:29:11.0629 3716 Running under WOW64
11:29:11.0629 3716 Processor architecture: Intel x64
11:29:11.0629 3716 Number of processors: 2
11:29:11.0629 3716 Page size: 0x1000
11:29:11.0629 3716 Boot type: Normal boot
11:29:11.0629 3716 ============================================================
11:29:14.0546 3716 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x17A883, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x5, Type 'K0', Flags 0x00000040
11:29:14.0562 3716 \Device\Harddisk0\DR0:
11:29:14.0562 3716 MBR used
11:29:14.0562 3716 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
11:29:14.0562 3716 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B98F000
11:29:14.0562 3716 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B9F3000, BlocksNum 0x17D2000
11:29:14.0640 3716 Initialize success
11:29:14.0640 3716 ============================================================
11:29:31.0893 4064 ============================================================
11:29:31.0893 4064 Scan started
11:29:31.0893 4064 Mode: Manual;
11:29:31.0893 4064 ============================================================
11:29:34.0155 4064 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:29:34.0171 4064 1394ohci - ok
11:29:34.0218 4064 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:29:34.0218 4064 ACPI - ok
11:29:34.0233 4064 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:29:34.0233 4064 AcpiPmi - ok
11:29:34.0421 4064 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:29:34.0421 4064 AdobeARMservice - ok
11:29:34.0467 4064 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:29:34.0483 4064 adp94xx - ok
11:29:34.0545 4064 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:29:34.0545 4064 adpahci - ok
11:29:34.0592 4064 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:29:34.0592 4064 adpu320 - ok
11:29:34.0748 4064 ADVService (96a0ff09e226b023dc6aca253aacee2e) C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
11:29:34.0748 4064 ADVService - ok
11:29:34.0779 4064 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:29:34.0779 4064 AeLookupSvc - ok
11:29:34.0873 4064 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:29:34.0873 4064 AFD - ok
11:29:34.0967 4064 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:29:34.0982 4064 agp440 - ok
11:29:34.0998 4064 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:29:34.0998 4064 ALG - ok
11:29:35.0013 4064 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:29:35.0029 4064 aliide - ok
11:29:35.0029 4064 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:29:35.0029 4064 amdide - ok
11:29:35.0076 4064 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:29:35.0076 4064 AmdK8 - ok
11:29:35.0107 4064 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:29:35.0107 4064 AmdPPM - ok
11:29:35.0154 4064 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:29:35.0154 4064 amdsata - ok
11:29:35.0201 4064 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:29:35.0201 4064 amdsbs - ok
11:29:35.0216 4064 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:29:35.0232 4064 amdxata - ok
11:29:35.0279 4064 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:29:35.0279 4064 AppID - ok
11:29:35.0310 4064 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:29:35.0310 4064 AppIDSvc - ok
11:29:35.0372 4064 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:29:35.0388 4064 Appinfo - ok
11:29:35.0481 4064 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:29:35.0481 4064 Apple Mobile Device - ok
11:29:35.0591 4064 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:29:35.0591 4064 arc - ok
11:29:35.0622 4064 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:29:35.0622 4064 arcsas - ok
11:29:35.0684 4064 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:29:35.0684 4064 AsyncMac - ok
11:29:35.0715 4064 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:29:35.0715 4064 atapi - ok
11:29:35.0840 4064 athr (96abf88241f90ff647e55c934c55c2f1) C:\Windows\system32\DRIVERS\athrx.sys
11:29:35.0856 4064 athr - ok
11:29:35.0996 4064 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:29:36.0012 4064 AudioEndpointBuilder - ok
11:29:36.0027 4064 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:29:36.0027 4064 AudioSrv - ok
11:29:36.0090 4064 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:29:36.0105 4064 AxInstSV - ok
11:29:36.0183 4064 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:29:36.0183 4064 b06bdrv - ok
11:29:36.0246 4064 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:29:36.0246 4064 b57nd60a - ok
11:29:36.0402 4064 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
11:29:36.0402 4064 BBSvc - ok
11:29:36.0464 4064 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
11:29:36.0464 4064 BBUpdate - ok
11:29:36.0511 4064 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:29:36.0511 4064 BDESVC - ok
11:29:36.0589 4064 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:29:36.0589 4064 Beep - ok
11:29:36.0698 4064 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:29:36.0714 4064 BFE - ok
11:29:37.0135 4064 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120402.001\BHDrvx64.sys
11:29:37.0151 4064 BHDrvx64 - ok
11:29:37.0275 4064 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
11:29:37.0322 4064 BITS - ok
11:29:37.0525 4064 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:29:37.0525 4064 blbdrive - ok
11:29:37.0650 4064 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
11:29:37.0650 4064 Bonjour Service - ok
11:29:37.0712 4064 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:29:37.0712 4064 bowser - ok
11:29:37.0743 4064 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:29:37.0743 4064 BrFiltLo - ok
11:29:37.0775 4064 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:29:37.0775 4064 BrFiltUp - ok
11:29:37.0821 4064 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
11:29:37.0821 4064 BridgeMP - ok
11:29:37.0853 4064 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:29:37.0868 4064 Browser - ok
11:29:37.0915 4064 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:29:37.0915 4064 Brserid - ok
11:29:37.0962 4064 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:29:37.0962 4064 BrSerWdm - ok
11:29:37.0977 4064 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:29:37.0977 4064 BrUsbMdm - ok
11:29:38.0009 4064 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:29:38.0009 4064 BrUsbSer - ok
11:29:38.0040 4064 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:29:38.0040 4064 BTHMODEM - ok
11:29:38.0071 4064 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:29:38.0071 4064 bthserv - ok
11:29:38.0118 4064 catchme - ok
11:29:38.0165 4064 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
11:29:38.0180 4064 CAXHWAZL - ok
11:29:38.0227 4064 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:29:38.0227 4064 cdfs - ok
11:29:38.0289 4064 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:29:38.0289 4064 cdrom - ok
11:29:38.0367 4064 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:29:38.0367 4064 CertPropSvc - ok
11:29:38.0383 4064 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:29:38.0383 4064 circlass - ok
11:29:38.0445 4064 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:29:38.0461 4064 CLFS - ok
11:29:38.0539 4064 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:29:38.0555 4064 clr_optimization_v2.0.50727_32 - ok
11:29:38.0601 4064 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:29:38.0601 4064 clr_optimization_v2.0.50727_64 - ok
11:29:38.0711 4064 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:29:38.0711 4064 clr_optimization_v4.0.30319_32 - ok
11:29:38.0773 4064 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:29:38.0773 4064 clr_optimization_v4.0.30319_64 - ok
11:29:38.0913 4064 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:29:38.0913 4064 CmBatt - ok
11:29:38.0945 4064 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:29:38.0945 4064 cmdide - ok
11:29:38.0991 4064 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:29:39.0007 4064 CNG - ok
11:29:39.0085 4064 CnxtHdAudService (a44dfdb81dc62b11760881175e5b2266) C:\Windows\system32\drivers\CHDRT64.sys
11:29:39.0085 4064 CnxtHdAudService - ok
11:29:39.0210 4064 Com4QLBEx (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
11:29:39.0210 4064 Com4QLBEx - ok
11:29:39.0257 4064 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:29:39.0257 4064 Compbatt - ok
11:29:39.0303 4064 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:29:39.0303 4064 CompositeBus - ok
11:29:39.0335 4064 COMSysApp - ok
11:29:39.0397 4064 connctfy (23244e9703b61cca447aca48d4e49511) C:\Windows\system32\DRIVERS\connctfy.sys
11:29:39.0397 4064 connctfy - ok
11:29:39.0413 4064 connctfyMP (23244e9703b61cca447aca48d4e49511) C:\Windows\system32\DRIVERS\connctfy.sys
11:29:39.0413 4064 connctfyMP - ok
11:29:39.0491 4064 Connectify - ok
11:29:39.0537 4064 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:29:39.0537 4064 crcdisk - ok
11:29:39.0600 4064 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
11:29:39.0600 4064 CryptSvc - ok
11:29:39.0678 4064 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:29:39.0678 4064 DcomLaunch - ok
11:29:39.0818 4064 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:29:39.0818 4064 defragsvc - ok
11:29:39.0881 4064 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:29:39.0881 4064 DfsC - ok
11:29:39.0959 4064 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:29:39.0959 4064 Dhcp - ok
11:29:39.0990 4064 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:29:39.0990 4064 discache - ok
11:29:40.0037 4064 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:29:40.0037 4064 Disk - ok
11:29:40.0083 4064 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:29:40.0083 4064 Dnscache - ok
11:29:40.0130 4064 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:29:40.0130 4064 dot3svc - ok
11:29:40.0177 4064 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:29:40.0177 4064 DPS - ok
11:29:40.0239 4064 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:29:40.0239 4064 drmkaud - ok
11:29:40.0286 4064 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:29:40.0302 4064 DXGKrnl - ok
11:29:40.0395 4064 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:29:40.0395 4064 EapHost - ok
11:29:40.0489 4064 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:29:40.0520 4064 ebdrv - ok
11:29:40.0614 4064 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:29:40.0614 4064 EFS - ok
11:29:40.0707 4064 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:29:40.0707 4064 ehRecvr - ok
11:29:40.0770 4064 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:29:40.0770 4064 ehSched - ok
11:29:41.0097 4064 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:29:41.0097 4064 elxstor - ok
11:29:41.0253 4064 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:29:41.0269 4064 ErrDev - ok
11:29:41.0316 4064 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:29:41.0316 4064 EventSystem - ok
11:29:41.0378 4064 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:29:41.0394 4064 exfat - ok
11:29:41.0409 4064 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:29:41.0425 4064 fastfat - ok
11:29:41.0597 4064 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:29:41.0612 4064 Fax - ok
11:29:41.0675 4064 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:29:41.0675 4064 fdc - ok
11:29:41.0721 4064 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:29:41.0721 4064 fdPHost - ok
11:29:41.0768 4064 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:29:41.0768 4064 FDResPub - ok
11:29:41.0862 4064 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:29:41.0862 4064 FileInfo - ok
11:29:42.0018 4064 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:29:42.0018 4064 Filetrace - ok
11:29:42.0065 4064 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:29:42.0065 4064 flpydisk - ok
11:29:42.0111 4064 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:29:42.0111 4064 FltMgr - ok
11:29:42.0189 4064 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:29:42.0205 4064 FontCache - ok
11:29:42.0267 4064 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:29:42.0283 4064 FontCache3.0.0.0 - ok
11:29:42.0330 4064 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:29:42.0330 4064 FsDepends - ok
11:29:42.0377 4064 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:29:42.0377 4064 Fs_Rec - ok
11:29:42.0439 4064 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:29:42.0455 4064 fvevol - ok
11:29:42.0548 4064 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:29:42.0548 4064 gagp30kx - ok
11:29:42.0626 4064 GameConsoleService (e53ee18a21c025deabcfe0f72fc481bb) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
11:29:42.0626 4064 GameConsoleService - ok
11:29:42.0689 4064 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:29:42.0689 4064 GEARAspiWDM - ok
11:29:42.0735 4064 GIDv2 (9ba22aee7f531ef9ce085cc2e1112bc4) C:\Windows\system32\drivers\GIDv2.sys
11:29:42.0735 4064 GIDv2 - ok
11:29:42.0798 4064 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:29:42.0813 4064 gpsvc - ok
11:29:42.0985 4064 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:29:43.0001 4064 gupdate - ok
11:29:43.0063 4064 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:29:43.0063 4064 gupdatem - ok
11:29:43.0141 4064 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:29:43.0141 4064 gusvc - ok
11:29:43.0266 4064 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:29:43.0266 4064 hcw85cir - ok
11:29:43.0328 4064 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:29:43.0344 4064 HdAudAddService - ok
11:29:43.0375 4064 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:29:43.0375 4064 HDAudBus - ok
11:29:43.0406 4064 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:29:43.0406 4064 HidBatt - ok
11:29:43.0422 4064 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:29:43.0437 4064 HidBth - ok
11:29:43.0469 4064 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:29:43.0469 4064 HidIr - ok
11:29:43.0500 4064 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
11:29:43.0500 4064 hidserv - ok
11:29:43.0531 4064 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:29:43.0547 4064 HidUsb - ok
11:29:43.0578 4064 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:29:43.0578 4064 hkmsvc - ok
11:29:43.0625 4064 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:29:43.0640 4064 HomeGroupListener - ok
11:29:43.0671 4064 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:29:43.0671 4064 HomeGroupProvider - ok
11:29:43.0812 4064 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
11:29:43.0812 4064 HP Support Assistant Service - ok
11:29:43.0859 4064 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
11:29:43.0859 4064 HPDrvMntSvc.exe - ok
11:29:43.0937 4064 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
11:29:43.0937 4064 HpqKbFiltr - ok
11:29:43.0983 4064 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
11:29:43.0999 4064 hpqwmiex - ok
11:29:44.0061 4064 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:29:44.0061 4064 HpSAMD - ok
11:29:44.0139 4064 HsfXAudioService (447256d1c026654c5cd3cc17e7b20631) C:\Windows\SysWOW64\XAudio64.dll
11:29:44.0139 4064 HsfXAudioService - ok
11:29:44.0186 4064 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
11:29:44.0217 4064 HSF_DPV - ok
11:29:44.0264 4064 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:29:44.0264 4064 HTTP - ok
11:29:44.0311 4064 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:29:44.0311 4064 hwpolicy - ok
11:29:44.0342 4064 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:29:44.0358 4064 i8042prt - ok
11:29:44.0436 4064 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:29:44.0436 4064 iaStorV - ok
11:29:44.0561 4064 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:29:44.0561 4064 idsvc - ok
11:29:44.0919 4064 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120417.001\IDSvia64.sys
11:29:44.0919 4064 IDSVia64 - ok
11:29:45.0060 4064 IDVaultSvc (9eb85e7ee5d408fbd7968e695d088570) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
11:29:45.0075 4064 IDVaultSvc - ok
11:29:45.0731 4064 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:29:45.0793 4064 igfx - ok
11:29:46.0043 4064 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:29:46.0043 4064 iirsp - ok
11:29:46.0152 4064 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:29:46.0167 4064 IKEEXT - ok
11:29:46.0292 4064 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:29:46.0292 4064 intelide - ok
11:29:46.0339 4064 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:29:46.0339 4064 intelppm - ok
11:29:46.0557 4064 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
11:29:46.0557 4064 IntuitUpdateService - ok
11:29:46.0698 4064 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:29:46.0698 4064 IPBusEnum - ok
11:29:46.0776 4064 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:29:46.0776 4064 IpFilterDriver - ok
11:29:46.0854 4064 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:29:46.0869 4064 iphlpsvc - ok
11:29:46.0916 4064 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:29:46.0916 4064 IPMIDRV - ok
11:29:46.0963 4064 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:29:46.0963 4064 IPNAT - ok
11:29:47.0228 4064 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
11:29:47.0228 4064 iPod Service - ok
11:29:47.0369 4064 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:29:47.0369 4064 IRENUM - ok
11:29:47.0431 4064 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:29:47.0431 4064 isapnp - ok
11:29:47.0478 4064 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:29:47.0478 4064 iScsiPrt - ok
11:29:47.0525 4064 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:29:47.0525 4064 kbdclass - ok
11:29:47.0634 4064 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:29:47.0634 4064 kbdhid - ok
11:29:47.0899 4064 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:29:47.0899 4064 KeyIso - ok
11:29:48.0008 4064 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:29:48.0008 4064 KSecDD - ok
11:29:48.0117 4064 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:29:48.0117 4064 KSecPkg - ok
11:29:48.0195 4064 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:29:48.0195 4064 ksthunk - ok
11:29:48.0258 4064 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:29:48.0273 4064 KtmRm - ok
11:29:48.0351 4064 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
11:29:48.0351 4064 LanmanServer - ok
11:29:48.0398 4064 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:29:48.0398 4064 LanmanWorkstation - ok
11:29:48.0570 4064 LightScribeService (47269f0de1e5089c6f23bc1ec48cfc31) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
11:29:48.0570 4064 LightScribeService - ok
11:29:48.0648 4064 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:29:48.0648 4064 lltdio - ok
11:29:48.0695 4064 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:29:48.0726 4064 lltdsvc - ok
11:29:48.0773 4064 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:29:48.0773 4064 lmhosts - ok
11:29:48.0819 4064 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:29:48.0835 4064 LSI_FC - ok
11:29:48.0866 4064 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:29:48.0866 4064 LSI_SAS - ok
11:29:48.0882 4064 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:29:48.0882 4064 LSI_SAS2 - ok
11:29:48.0929 4064 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:29:48.0929 4064 LSI_SCSI - ok
11:29:48.0960 4064 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:29:48.0960 4064 luafv - ok
11:29:49.0053 4064 lvpepf64 (4cb64d7458abd8396bcd389a69c8fc80) C:\Windows\system32\DRIVERS\lv302a64.sys
11:29:49.0053 4064 lvpepf64 - ok
11:29:49.0100 4064 LVUSBS64 (0034f69d0007d3f77f6b96fa51228e85) C:\Windows\system32\drivers\LVUSBS64.sys
11:29:49.0100 4064 LVUSBS64 - ok
11:29:49.0178 4064 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:29:49.0178 4064 Mcx2Svc - ok
11:29:49.0241 4064 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
11:29:49.0241 4064 mdmxsdk - ok
11:29:49.0272 4064 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:29:49.0272 4064 megasas - ok
11:29:49.0350 4064 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:29:49.0350 4064 MegaSR - ok
11:29:49.0428 4064 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:29:49.0428 4064 MMCSS - ok
11:29:49.0631 4064 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:29:49.0631 4064 Modem - ok
11:29:49.0771 4064 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:29:49.0771 4064 monitor - ok
11:29:49.0818 4064 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:29:49.0818 4064 mouclass - ok
11:29:49.0865 4064 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:29:49.0880 4064 mouhid - ok
11:29:49.0927 4064 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:29:49.0927 4064 mountmgr - ok
11:29:50.0021 4064 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:29:50.0021 4064 mpio - ok
11:29:50.0099 4064 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:29:50.0099 4064 mpsdrv - ok
11:29:50.0223 4064 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:29:50.0239 4064 MpsSvc - ok
11:29:50.0301 4064 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:29:50.0317 4064 MRxDAV - ok
11:29:50.0457 4064 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:29:50.0457 4064 mrxsmb - ok
11:29:50.0613 4064 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:29:50.0613 4064 mrxsmb10 - ok
11:29:50.0691 4064 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:29:50.0691 4064 mrxsmb20 - ok
11:29:50.0754 4064 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:29:50.0754 4064 msahci - ok
11:29:50.0847 4064 MSCamSvc (a6b263e97096dc2d1f8e7f55e72cde9d) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
11:29:50.0847 4064 MSCamSvc - ok
11:29:50.0894 4064 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:29:50.0910 4064 msdsm - ok
11:29:50.0988 4064 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:29:50.0988 4064 MSDTC - ok
11:29:51.0097 4064 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:29:51.0097 4064 Msfs - ok
11:29:51.0175 4064 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:29:51.0175 4064 mshidkmdf - ok
11:29:51.0315 4064 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:29:51.0315 4064 msisadrv - ok
11:29:51.0362 4064 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:29:51.0362 4064 MSiSCSI - ok
11:29:51.0378 4064 msiserver - ok
11:29:51.0425 4064 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:29:51.0425 4064 MSKSSRV - ok
11:29:51.0425 4064 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:29:51.0425 4064 MSPCLOCK - ok
11:29:51.0456 4064 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:29:51.0456 4064 MSPQM - ok
11:29:51.0565 4064 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:29:51.0581 4064 MsRPC - ok
11:29:51.0674 4064 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:29:51.0674 4064 mssmbios - ok
11:29:51.0705 4064 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:29:51.0705 4064 MSTEE - ok
11:29:51.0815 4064 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:29:51.0815 4064 MTConfig - ok
11:29:51.0877 4064 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:29:51.0877 4064 Mup - ok
11:29:52.0298 4064 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
11:29:52.0314 4064 N360 - ok
11:29:52.0626 4064 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:29:52.0641 4064 napagent - ok
11:29:52.0953 4064 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:29:52.0953 4064 NativeWifiP - ok
11:29:53.0437 4064 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120417.032\ENG64.SYS
11:29:53.0437 4064 NAVENG - ok
11:29:53.0687 4064 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120417.032\EX64.SYS
11:29:53.0702 4064 NAVEX15 - ok
11:29:54.0014 4064 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:29:54.0030 4064 NDIS - ok
11:29:54.0186 4064 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:29:54.0186 4064 NdisCap - ok
11:29:54.0248 4064 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:29:54.0248 4064 NdisTapi - ok
11:29:54.0311 4064 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:29:54.0311 4064 Ndisuio - ok
11:29:54.0357 4064 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:29:54.0357 4064 NdisWan - ok
11:29:54.0451 4064 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:29:54.0451 4064 NDProxy - ok
11:29:54.0498 4064 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:29:54.0498 4064 NetBIOS - ok
11:29:54.0591 4064 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:29:54.0607 4064 NetBT - ok
11:29:54.0669 4064 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:29:54.0669 4064 Netlogon - ok
11:29:54.0747 4064 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:29:54.0747 4064 Netman - ok
11:29:54.0857 4064 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:29:54.0872 4064 netprofm - ok
11:29:55.0044 4064 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:29:55.0059 4064 NetTcpPortSharing - ok
11:29:55.0387 4064 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
11:29:55.0418 4064 netw5v64 - ok
11:29:55.0605 4064 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:29:55.0605 4064 nfrd960 - ok
11:29:55.0668 4064 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:29:55.0668 4064 NlaSvc - ok
11:29:55.0793 4064 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:29:55.0793 4064 Npfs - ok
11:29:55.0855 4064 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:29:55.0855 4064 nsi - ok
11:29:55.0933 4064 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:29:55.0933 4064 nsiproxy - ok
11:29:56.0261 4064 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:29:56.0276 4064 Ntfs - ok
11:29:56.0588 4064 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:29:56.0588 4064 Null - ok
11:29:56.0651 4064 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:29:56.0651 4064 nvraid - ok
11:29:56.0713 4064 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:29:56.0713 4064 nvstor - ok
11:29:56.0760 4064 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:29:56.0760 4064 nv_agp - ok
11:29:56.0885 4064 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:29:56.0885 4064 ohci1394 - ok
11:29:56.0978 4064 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:29:56.0978 4064 p2pimsvc - ok
11:29:57.0072 4064 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:29:57.0087 4064 p2psvc - ok
11:29:57.0197 4064 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:29:57.0197 4064 Parport - ok
11:29:57.0306 4064 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:29:57.0306 4064 partmgr - ok
11:29:57.0415 4064 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:29:57.0415 4064 PcaSvc - ok
11:29:57.0618 4064 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:29:57.0618 4064 pci - ok
11:29:57.0899 4064 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:29:57.0899 4064 pciide - ok
11:29:58.0242 4064 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:29:58.0242 4064 pcmcia - ok
11:29:58.0585 4064 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:29:58.0585 4064 pcw - ok
11:29:58.0913 4064 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:29:58.0928 4064 PEAUTH - ok
11:29:59.0162 4064 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:29:59.0162 4064 PerfHost - ok
11:29:59.0521 4064 PID_PEPI (37ea62238e17ae88e4713d9246ca1c1c) C:\Windows\system32\DRIVERS\LV302V64.SYS
11:29:59.0537 4064 PID_PEPI - ok
11:29:59.0895 4064 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:29:59.0942 4064 pla - ok
11:30:00.0207 4064 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:30:00.0207 4064 PlugPlay - ok
11:30:00.0239 4064 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:30:00.0254 4064 PNRPAutoReg - ok
11:30:00.0301 4064 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:30:00.0301 4064 PNRPsvc - ok
11:30:00.0426 4064 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
11:30:00.0426 4064 Point64 - ok
11:30:00.0644 4064 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:30:00.0644 4064 PolicyAgent - ok
11:30:00.0925 4064 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:30:00.0925 4064 Power - ok
11:30:01.0019 4064 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:30:01.0019 4064 PptpMiniport - ok
11:30:01.0098 4064 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:30:01.0098 4064 Processor - ok
11:30:01.0191 4064 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
11:30:01.0191 4064 ProfSvc - ok
11:30:01.0269 4064 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:30:01.0285 4064 ProtectedStorage - ok
11:30:01.0410 4064 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:30:01.0410 4064 Psched - ok
11:30:01.0472 4064 PTAPCBUS (475a16f67798a9ffe9366f20551eef95) C:\Windows\system32\DRIVERS\PTAPCBUS.sys
11:30:01.0488 4064 PTAPCBUS - ok
11:30:01.0519 4064 PTAPCMDM (3954bdf96e224c590b8f6a3730e3f9a6) C:\Windows\system32\DRIVERS\PTAPCMDM.sys
11:30:01.0519 4064 PTAPCMDM - ok
11:30:01.0534 4064 PTAPCVSP (784a2938956eaeef4582278d6eae99e7) C:\Windows\system32\DRIVERS\PTAPCVSP.sys
11:30:01.0550 4064 PTAPCVSP - ok
11:30:01.0690 4064 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:30:01.0706 4064 ql2300 - ok
11:30:01.0878 4064 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:30:01.0878 4064 ql40xx - ok
11:30:01.0956 4064 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:30:01.0971 4064 QWAVE - ok
11:30:02.0002 4064 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:30:02.0002 4064 QWAVEdrv - ok
11:30:02.0034 4064 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:30:02.0034 4064 RasAcd - ok
11:30:02.0080 4064 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:30:02.0080 4064 RasAgileVpn - ok
11:30:02.0143 4064 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:30:02.0158 4064 RasAuto - ok
11:30:02.0205 4064 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:30:02.0205 4064 Rasl2tp - ok
11:30:02.0283 4064 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:30:02.0283 4064 RasMan - ok
11:30:02.0314 4064 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:30:02.0314 4064 RasPppoe - ok
11:30:02.0361 4064 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:30:02.0361 4064 RasSstp - ok
11:30:02.0455 4064 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:30:02.0455 4064 rdbss - ok
11:30:02.0533 4064 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:30:02.0533 4064 rdpbus - ok
11:30:02.0626 4064 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:30:02.0626 4064 RDPCDD - ok
11:30:02.0658 4064 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:30:02.0658 4064 RDPENCDD - ok
11:30:02.0704 4064 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:30:02.0704 4064 RDPREFMP - ok
11:30:02.0845 4064 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
11:30:02.0876 4064 RDPWD - ok
11:30:02.0923 4064 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:30:02.0923 4064 rdyboost - ok
11:30:02.0970 4064 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:30:02.0970 4064 RemoteAccess - ok
11:30:03.0016 4064 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:30:03.0032 4064 RemoteRegistry - ok
11:30:03.0172 4064 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
11:30:03.0188 4064 RichVideo - ok
11:30:03.0235 4064 RimUsb - ok
11:30:03.0297 4064 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
11:30:03.0297 4064 RimVSerPort - ok
11:30:03.0328 4064 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
11:30:03.0328 4064 ROOTMODEM - ok
11:30:03.0360 4064 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:30:03.0360 4064 RpcEptMapper - ok
11:30:03.0484 4064 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:30:03.0484 4064 RpcLocator - ok
11:30:03.0672 4064 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:30:03.0672 4064 RpcSs - ok
11:30:03.0843 4064 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:30:03.0843 4064 rspndr - ok
11:30:03.0906 4064 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\System32\Drivers\RtsUStor.sys
11:30:03.0906 4064 RSUSBSTOR - ok
11:30:03.0968 4064 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:30:03.0968 4064 RTL8167 - ok
11:30:03.0999 4064 RtsUIR - ok
11:30:04.0046 4064 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:30:04.0046 4064 SamSs - ok
11:30:04.0218 4064 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:30:04.0218 4064 sbp2port - ok
11:30:04.0280 4064 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:30:04.0296 4064 SCardSvr - ok
11:30:04.0327 4064 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:30:04.0327 4064 scfilter - ok
11:30:04.0592 4064 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:30:04.0608 4064 Schedule - ok
11:30:04.0701 4064 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:30:04.0701 4064 SCPolicySvc - ok
11:30:04.0810 4064 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
11:30:04.0810 4064 sdbus - ok
11:30:04.0904 4064 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:30:04.0935 4064 SDRSVC - ok
11:30:05.0029 4064 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:30:05.0029 4064 secdrv - ok
11:30:05.0076 4064 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:30:05.0076 4064 seclogon - ok
11:30:05.0107 4064 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
11:30:05.0122 4064 SENS - ok
11:30:05.0154 4064 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:30:05.0154 4064 SensrSvc - ok
11:30:05.0278 4064 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:30:05.0278 4064 Serenum - ok
11:30:05.0403 4064 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:30:05.0403 4064 Serial - ok
11:30:05.0450 4064 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:30:05.0450 4064 sermouse - ok
11:30:05.0528 4064 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:30:05.0544 4064 SessionEnv - ok
11:30:05.0575 4064 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:30:05.0575 4064 sffdisk - ok
11:30:05.0575 4064 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:30:05.0590 4064 sffp_mmc - ok
11:30:05.0606 4064 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:30:05.0606 4064 sffp_sd - ok
11:30:05.0668 4064 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:30:05.0668 4064 sfloppy - ok
11:30:05.0746 4064 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:30:05.0746 4064 SharedAccess - ok
11:30:05.0840 4064 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:30:05.0856 4064 ShellHWDetection - ok
11:30:05.0902 4064 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:30:05.0902 4064 SiSRaid2 - ok
11:30:05.0918 4064 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:30:05.0934 4064 SiSRaid4 - ok
11:30:06.0027 4064 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files (x86)\Skype\Updater\Updater.exe
11:30:06.0043 4064 SkypeUpdate - ok
11:30:06.0074 4064 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:30:06.0074 4064 Smb - ok
11:30:06.0168 4064 SMSIVZAM5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS
11:30:06.0168 4064 SMSIVZAM5X64 - ok
11:30:06.0230 4064 SndTAudio (b94f8f3de86aa0986de54f1c3391419c) C:\Windows\system32\drivers\SndTAudio.sys
11:30:06.0246 4064 SndTAudio - ok
11:30:06.0308 4064 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:30:06.0324 4064 SNMPTRAP - ok
11:30:06.0370 4064 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:30:06.0370 4064 spldr - ok
11:30:06.0542 4064 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:30:06.0558 4064 Spooler - ok
11:30:06.0729 4064 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:30:06.0760 4064 sppsvc - ok
11:30:06.0963 4064 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:30:06.0979 4064 sppuinotify - ok
11:30:07.0322 4064 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0501000.01D\SRTSP64.SYS
11:30:07.0322 4064 SRTSP - ok
11:30:07.0494 4064 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0502000.00D\SRTSPX64.SYS
11:30:07.0494 4064 SRTSPX - ok
11:30:07.0650 4064 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:30:07.0650 4064 srv - ok
11:30:07.0962 4064 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:30:07.0962 4064 srv2 - ok
11:30:08.0149 4064 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:30:08.0149 4064 SrvHsfHDA - ok
11:30:08.0289 4064 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:30:08.0305 4064 SrvHsfV92 - ok
11:30:08.0476 4064 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:30:08.0492 4064 SrvHsfWinac - ok
11:30:08.0632 4064 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:30:08.0648 4064 srvnet - ok
11:30:08.0695 4064 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:30:08.0710 4064 SSDPSRV - ok
11:30:08.0788 4064 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:30:08.0788 4064 SstpSvc - ok
11:30:08.0976 4064 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:30:08.0976 4064 stexstor - ok
11:30:09.0178 4064 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:30:09.0194 4064 stisvc - ok
11:30:09.0241 4064 STSService - ok
11:30:09.0366 4064 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:30:09.0366 4064 swenum - ok
11:30:09.0553 4064 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:30:09.0584 4064 swprv - ok
11:30:10.0130 4064 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS
11:30:10.0130 4064 SymDS - ok
11:30:10.0411 4064 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS
11:30:10.0411 4064 SymEFA - ok
11:30:10.0598 4064 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
11:30:10.0598 4064 SymEvent - ok
11:30:10.0676 4064 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS
11:30:10.0676 4064 SymIRON - ok
11:30:10.0910 4064 SymNetS (81d134628a98a22b6e054e971af525dc) C:\Windows\System32\Drivers\N360x64\0501000.01D\SYMNETS.SYS
11:30:10.0910 4064 SymNetS - ok
11:30:10.0972 4064 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
11:30:10.0972 4064 SynTP - ok
11:30:11.0160 4064 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:30:11.0175 4064 SysMain - ok
11:30:11.0222 4064 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:30:11.0238 4064 TabletInputService - ok
11:30:11.0253 4064 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:30:11.0269 4064 TapiSrv - ok
11:30:11.0300 4064 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:30:11.0316 4064 TBS - ok
11:30:11.0440 4064 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:30:11.0456 4064 Tcpip - ok
11:30:11.0487 4064 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:30:11.0503 4064 TCPIP6 - ok
11:30:11.0550 4064 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:30:11.0550 4064 tcpipreg - ok
11:30:11.0596 4064 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:30:11.0596 4064 TDPIPE - ok
11:30:11.0628 4064 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:30:11.0628 4064 TDTCP - ok
11:30:11.0674 4064 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:30:11.0674 4064 tdx - ok
11:30:11.0721 4064 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:30:11.0721 4064 TermDD - ok
11:30:11.0784 4064 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:30:11.0799 4064 TermService - ok
11:30:11.0846 4064 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:30:11.0846 4064 Themes - ok
11:30:11.0877 4064 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:30:11.0877 4064 THREADORDER - ok
11:30:11.0893 4064 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:30:11.0908 4064 TrkWks - ok
11:30:11.0971 4064 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:30:11.0971 4064 TrustedInstaller - ok
11:30:12.0049 4064 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:30:12.0049 4064 tssecsrv - ok
11:30:12.0111 4064 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:30:12.0111 4064 TsUsbFlt - ok
11:30:12.0189 4064 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:30:12.0189 4064 tunnel - ok
11:30:12.0220 4064 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:30:12.0220 4064 uagp35 - ok
11:30:12.0267 4064 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:30:12.0267 4064 udfs - ok
11:30:12.0330 4064 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:30:12.0330 4064 UI0Detect - ok
11:30:12.0392 4064 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:30:12.0392 4064 uliagpkx - ok
11:30:12.0470 4064 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
11:30:12.0470 4064 umbus - ok
11:30:12.0501 4064 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:30:12.0501 4064 UmPass - ok
11:30:12.0657 4064 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:30:12.0673 4064 upnphost - ok
11:30:12.0798 4064 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
11:30:12.0798 4064 USBAAPL64 - ok
11:30:12.0860 4064 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
11:30:12.0860 4064 usbaudio - ok
11:30:12.0922 4064 usbbus (5fcc71487888589a9244af54cfefab29) C:\Windows\system32\DRIVERS\lgx64bus.sys
11:30:12.0922 4064 usbbus - ok
11:30:12.0969 4064 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:30:12.0969 4064 usbccgp - ok
11:30:13.0000 4064 USBCCID - ok
11:30:13.0063 4064 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:30:13.0063 4064 usbcir - ok
11:30:13.0078 4064 UsbDiag (3fb6e423f7567c92c32ea786f5fd0c69) C:\Windows\system32\DRIVERS\lgx64diag.sys
11:30:13.0078 4064 UsbDiag - ok
11:30:13.0172 4064 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:30:13.0172 4064 usbehci - ok
11:30:13.0281 4064 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:30:13.0281 4064 usbhub - ok
11:30:13.0344 4064 USBModem (78d551f5b93488b4666f5fc8dd4815f3) C:\Windows\system32\DRIVERS\lgx64modem.sys
11:30:13.0344 4064 USBModem - ok
11:30:13.0437 4064 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
11:30:13.0437 4064 usbohci - ok
11:30:13.0780 4064 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:30:13.0780 4064 usbprint - ok
11:30:13.0843 4064 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:30:13.0843 4064 usbscan - ok
11:30:14.0108 4064 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:30:14.0108 4064 USBSTOR - ok
11:30:14.0202 4064 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
11:30:14.0202 4064 usbuhci - ok
11:30:14.0280 4064 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:30:14.0280 4064 UxSms - ok
11:30:14.0358 4064 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:30:14.0358 4064 VaultSvc - ok
11:30:14.0451 4064 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:30:14.0451 4064 vdrvroot - ok
11:30:14.0670 4064 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:30:14.0670 4064 vds - ok
11:30:14.0919 4064 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:30:14.0935 4064 vga - ok
11:30:15.0013 4064 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:30:15.0028 4064 VgaSave - ok
11:30:15.0169 4064 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:30:15.0169 4064 vhdmp - ok
11:30:15.0247 4064 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:30:15.0247 4064 viaide - ok
11:30:15.0309 4064 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:30:15.0309 4064 volmgr - ok
11:30:15.0372 4064 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:30:15.0387 4064 volmgrx - ok
11:30:15.0450 4064 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:30:15.0450 4064 volsnap - ok
11:30:15.0512 4064 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:30:15.0512 4064 vsmraid - ok
11:30:15.0840 4064 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:30:15.0871 4064 VSS - ok
11:30:16.0105 4064 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:30:16.0105 4064 vwifibus - ok
11:30:16.0136 4064 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:30:16.0136 4064 vwififlt - ok
11:30:16.0152 4064 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
11:30:16.0152 4064 vwifimp - ok
11:30:16.0292 4064 VX3000 (c366ae91d2cc2c1c25380061d235c36b) C:\Windows\system32\DRIVERS\VX3000.sys
11:30:16.0323 4064 VX3000 - ok
11:30:16.0510 4064 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:30:16.0526 4064 W32Time - ok
11:30:16.0620 4064 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:30:16.0620 4064 WacomPen - ok
11:30:16.0698 4064 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:30:16.0698 4064 WANARP - ok
11:30:16.0729 4064 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:30:16.0729 4064 Wanarpv6 - ok
11:30:16.0978 4064 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:30:16.0994 4064 WatAdminSvc - ok
11:30:17.0493 4064 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:30:17.0509 4064 wbengine - ok
11:30:17.0836 4064 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:30:17.0868 4064 WbioSrvc - ok
11:30:17.0930 4064 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:30:17.0930 4064 wcncsvc - ok
11:30:17.0961 4064 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:30:17.0961 4064 WcsPlugInService - ok
11:30:18.0039 4064 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:30:18.0039 4064 Wd - ok
11:30:18.0195 4064 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:30:18.0195 4064 Wdf01000 - ok
11:30:18.0258 4064 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:30:18.0258 4064 WdiServiceHost - ok
11:30:18.0273 4064 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:30:18.0273 4064 WdiSystemHost - ok
11:30:18.0367 4064 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:30:18.0398 4064 WebClient - ok
11:30:18.0429 4064 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:30:18.0445 4064 Wecsvc - ok
11:30:18.0460 4064 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:30:18.0460 4064 wercplsupport - ok
11:30:18.0492 4064 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:30:18.0492 4064 WerSvc - ok
11:30:18.0570 4064 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:30:18.0570 4064 WfpLwf - ok
11:30:18.0632 4064 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:30:18.0632 4064 WIMMount - ok
11:30:18.0710 4064 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
11:30:18.0710 4064 winachsf - ok
11:30:18.0804 4064 WinDefend - ok
11:30:18.0819 4064 WinHttpAutoProxySvc - ok
11:30:18.0882 4064 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:30:18.0897 4064 Winmgmt - ok
11:30:19.0474 4064 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:30:19.0537 4064 WinRM - ok
11:30:19.0802 4064 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:30:19.0802 4064 WinUsb - ok
11:30:20.0020 4064 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:30:20.0036 4064 Wlansvc - ok
11:30:20.0301 4064 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:30:20.0317 4064 wlidsvc - ok
11:30:20.0566 4064 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:30:20.0566 4064 WmiAcpi - ok
11:30:20.0660 4064 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:30:20.0660 4064 wmiApSrv - ok
11:30:20.0722 4064 WMPNetworkSvc - ok
11:30:20.0910 4064 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) C:\Program Files\Zune\WMZuneComm.exe
11:30:20.0910 4064 WMZuneComm - ok
11:30:21.0066 4064 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:30:21.0081 4064 WPCSvc - ok
11:30:21.0112 4064 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:30:21.0128 4064 WPDBusEnum - ok
11:30:21.0190 4064 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:30:21.0190 4064 ws2ifsl - ok
11:30:21.0237 4064 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
11:30:21.0237 4064 wscsvc - ok
11:30:21.0253 4064 WSearch - ok
11:30:21.0596 4064 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
11:30:21.0612 4064 wuauserv - ok
11:30:21.0939 4064 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:30:21.0955 4064 WudfPf - ok
11:30:22.0064 4064 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:30:22.0064 4064 WUDFRd - ok
11:30:22.0158 4064 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:30:22.0158 4064 wudfsvc - ok
11:30:22.0282 4064 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:30:22.0298 4064 WwanSvc - ok
11:30:22.0392 4064 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
11:30:22.0392 4064 XAudio - ok
11:30:22.0454 4064 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
11:30:22.0454 4064 yukonw7 - ok
11:30:23.0234 4064 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) C:\Program Files\Zune\ZuneNss.exe
11:30:23.0281 4064 ZuneNetworkSvc - ok
11:30:23.0468 4064 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
11:30:23.0468 4064 ZuneWlanCfgSvc - ok
11:30:23.0499 4064 MBR (0x1B8) (af00fc1920e1cf861b39b90a4375edf3) \Device\Harddisk0\DR0
11:30:23.0562 4064 \Device\Harddisk0\DR0 - ok
11:30:23.0593 4064 Boot (0x1200) (99cf70e9dd0f071ff7ba5f2b5383713e) \Device\Harddisk0\DR0\Partition0
11:30:23.0593 4064 \Device\Harddisk0\DR0\Partition0 - ok
11:30:23.0624 4064 Boot (0x1200) (0e6dbfb4129cc87bd864137addc7ed8e) \Device\Harddisk0\DR0\Partition1
11:30:23.0640 4064 \Device\Harddisk0\DR0\Partition1 - ok
11:30:23.0686 4064 Boot (0x1200) (9a1ebdaf5d8f3b00f58ed5d042b7686b) \Device\Harddisk0\DR0\Partition2
11:30:23.0749 4064 \Device\Harddisk0\DR0\Partition2 - ok
11:30:23.0749 4064 ============================================================
11:30:23.0749 4064 Scan finished
11:30:23.0749 4064 ============================================================
11:30:23.0764 1956 Detected object count: 0
11:30:23.0764 1956 Actual detected object count: 0
11:30:49.0863 4004 Deinitialize success


aswMBR Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-18 11:31:02
-----------------------------
11:31:02.062 OS Version: Windows x64 6.1.7601 Service Pack 1
11:31:02.062 Number of processors: 2 586 0x170A
11:31:02.062 ComputerName: KERRY-PC UserName: Kerry
11:31:02.858 Initialize success
11:32:21.813 AVAST engine defs: 12041801
11:32:29.862 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:32:29.862 Disk 0 Vendor: Size: 0MB BusType: 0
11:32:29.894 Disk 0 MBR read successfully
11:32:29.894 Disk 0 MBR scan
11:32:29.909 Disk 0 Windows 7 default MBR code
11:32:29.909 Disk 0 MBR hidden
11:32:29.925 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
11:32:29.940 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 226078 MB offset 409600
11:32:29.987 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12196 MB offset 463417344
11:32:30.050 Disk 0 scanning C:\Windows\system32\drivers
11:32:44.170 Service scanning
11:33:13.778 Modules scanning
11:33:13.794 Disk 0 trace - called modules:
11:33:13.825 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
11:33:13.841 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003395060]
11:33:13.841 3 CLASSPNP.SYS[fffff880011c543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002e80060]
11:33:14.839 AVAST engine scan C:\Windows
11:33:18.989 AVAST engine scan C:\Windows\system32
11:33:22.484 File: C:\Windows\system32\asusgsb.dll **INFECTED** Win64:ZAccess-E [Rtk]
11:33:24.122 File: C:\Windows\system32\avg7rsw.dll **INFECTED** Win64:ZAccess-E [Rtk]
11:33:32.656 File: C:\Windows\system32\ctsfm2k.dll **INFECTED** Win64:ZAccess-E [Rtk]
11:34:36.428 File: C:\Windows\system32\NVNET.dll **INFECTED** Win64:ZAccess-E [Rtk]
11:35:09.908 File: C:\Windows\system32\vclone.dll **INFECTED** Win64:ZAccess-E [Rtk]
11:35:27.957 File: C:\Windows\system32\zppinger.dll **INFECTED** Win64:ZAccess-E [Rtk]
11:36:56.394 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
11:36:56.737 File: C:\Windows\assembly\temp\U\80000064.@ **INFECTED** Win32:Malware-gen
11:37:04.211 AVAST engine scan C:\Windows\system32\drivers
11:37:50.624 AVAST engine scan C:\Users\Kerry
11:39:20.575 Disk 0 MBR has been saved successfully to "C:\Users\Kerry\Desktop\MBR.dat"
11:39:20.591 The log file has been saved successfully to "C:\Users\Kerry\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:50 AM

Posted 18 April 2012 - 11:13 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
C:\Windows\assembly\temp\U

File::
C:\Windows\system32\asusgsb.dll 
C:\Windows\system32\avg7rsw.dll 
C:\Windows\system32\ctsfm2k.dll 
C:\Windows\system32\NVNET.dll 
C:\Windows\system32\vclone.dll 
C:\Windows\system32\zppinger.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gmonkey

gmonkey
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 18 April 2012 - 12:19 PM

As combo-fix was creating a restore point it popped the following error:
"The contents of folder c:\windows\erdnt\Hiv-backup could not be completely deleted"
-I clicked OK and it continued to run.
-Got to stage 2 and then the following Error " pev3XE has stopped working" A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available. I clicked "Close Program"
-It then continued to run without issue


ComboFix 12-04-16.02 - Kerry 04/18/2012 12:34:53.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1784 [GMT -4:00]
Running from: c:\users\Kerry\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Kerry\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\asusgsb.dll"
"c:\windows\system32\avg7rsw.dll"
"c:\windows\system32\ctsfm2k.dll"
"c:\windows\system32\NVNET.dll"
"c:\windows\system32\vclone.dll"
"c:\windows\system32\zppinger.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\temp\U
c:\windows\assembly\temp\U\00000001.@
c:\windows\assembly\temp\U\00000004.@
c:\windows\assembly\temp\U\000000c0.@
c:\windows\assembly\temp\U\000000cb.@
c:\windows\assembly\temp\U\000000cf.@
c:\windows\assembly\temp\U\80000000.@
c:\windows\assembly\temp\U\80000004.@
c:\windows\assembly\temp\U\800000c0.@
c:\windows\assembly\temp\U\800000cb.@
c:\windows\assembly\temp\U\800000cf.@
c:\windows\system32\asusgsb.dll
c:\windows\system32\avg7rsw.dll
c:\windows\system32\ctsfm2k.dll
c:\windows\system32\NVNET.dll
c:\windows\system32\vclone.dll
c:\windows\system32\zppinger.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))
.
.
2012-04-18 16:50 . 2012-04-18 16:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-18 14:17 . 2012-04-18 14:17 -------- d-----w- c:\windows\en
2012-04-18 14:14 . 2012-04-18 14:14 -------- d-----w- c:\program files\Windows Live
2012-04-18 07:29 . 2012-04-18 07:30 -------- d-----w- C:\FRST
2012-04-18 05:48 . 2012-04-18 05:48 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-16 22:40 . 2012-04-16 22:40 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-16 21:50 . 2012-04-17 04:52 -------- d-----w- c:\users\Kerry\AppData\Local\NPE
2012-04-16 21:21 . 2012-04-16 21:21 -------- d-----w- c:\users\Kerry\AppData\Roaming\Tific
2012-04-14 00:51 . 2010-08-21 04:59 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-04-14 00:45 . 2012-04-14 00:45 -------- d-----w- c:\programdata\White Sky, Inc
2012-04-13 19:06 . 2012-04-13 19:06 -------- d-----w- c:\users\Kerry\AppData\Roaming\Malwarebytes
2012-04-13 18:57 . 2012-04-13 18:57 -------- d-----w- c:\programdata\Malwarebytes
2012-04-13 18:57 . 2012-04-13 19:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-13 18:57 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-13 18:21 . 2012-04-13 18:21 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4fc54bb81cd19a201\DSETUP.dll
2012-04-13 18:21 . 2012-04-13 18:21 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4fc54bb81cd19a201\DXSETUP.exe
2012-04-13 18:21 . 2012-04-13 18:21 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4fc54bb81cd19a201\dsetup32.dll
2012-04-13 02:43 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 02:43 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-13 02:43 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-13 02:43 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 02:43 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 02:43 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-13 02:43 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 14:54 . 2012-04-12 12:48 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7DD382EB-B349-4079-B429-9E5A23243B19}\offreg.dll
2012-04-10 16:17 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7DD382EB-B349-4079-B429-9E5A23243B19}\mpengine.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-21 00:50 . 2012-03-21 00:51 -------- d-----w- c:\program files\iTunes
2012-03-21 00:50 . 2012-03-21 00:51 -------- d-----w- c:\program files (x86)\iTunes
2012-03-21 00:50 . 2012-03-21 00:50 -------- d-----w- c:\program files\iPod
2012-03-21 00:48 . 2012-03-21 00:48 -------- d-----w- c:\program files\Bonjour
2012-03-21 00:48 . 2012-03-21 00:48 -------- d-----w- c:\program files (x86)\Bonjour
2012-03-21 00:47 . 2012-03-21 00:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-03-21 00:47 . 2012-03-21 00:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-03-21 00:47 . 2012-03-21 00:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-03-21 00:47 . 2012-03-21 00:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-03-21 00:47 . 2012-03-21 00:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-03-21 00:47 . 2012-03-21 00:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-03-21 00:47 . 2012-03-21 00:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-03-21 00:47 . 2012-03-21 00:47 -------- d-----w- c:\program files (x86)\QuickTime
2012-03-21 00:45 . 2012-03-21 00:45 -------- d-----w- c:\program files (x86)\Apple Software Update
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-18 05:47 . 2011-06-17 12:29 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 22:37 . 2012-03-08 22:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-23 13:18 . 2009-12-11 05:24 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 15:34 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 15:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 15:34 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 15:34 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 15:34 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 15:34 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 15:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-14 15:34 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 15:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 15:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-17_06.30.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-17 18:30 . 2012-04-18 13:41 64086 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-18 16:54 64494 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-11 05:11 . 2012-04-18 16:54 22008 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2706499287-1759843255-3125479961-1001_UserData.bin
- 2010-01-30 23:07 . 2011-12-04 20:46 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2010-01-30 23:07 . 2012-04-17 11:19 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2009-12-04 04:49 . 2012-04-17 00:16 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-04 04:49 . 2012-04-18 13:43 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-04 04:49 . 2012-04-17 00:16 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-04 04:49 . 2012-04-18 13:43 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-18 13:43 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-17 00:16 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-18 14:13 . 2012-04-18 14:13 23552 c:\windows\Installer\21d426.msp
+ 2010-12-02 18:09 . 2010-12-02 18:09 29696 c:\windows\Installer\21d421.msi
+ 2012-04-18 14:13 . 2012-04-18 14:13 60416 c:\windows\Installer\21d41b.msp
+ 2012-04-18 14:13 . 2012-04-18 14:13 29184 c:\windows\Installer\21d3bc.msp
+ 2011-08-16 07:16 . 2011-08-16 07:16 67072 c:\windows\Installer\21d3b6.msi
+ 2012-04-18 14:12 . 2012-04-18 14:12 39936 c:\windows\Installer\21d28c.msp
+ 2010-12-02 18:08 . 2010-12-02 18:08 74240 c:\windows\Installer\21d287.msi
+ 2012-04-13 18:21 . 2012-04-13 18:21 26112 c:\windows\Installer\21d27e.msi
- 2011-08-16 07:20 . 2011-08-16 07:20 80395 c:\windows\Installer\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}\MsblIco.Exe
+ 2012-04-18 14:15 . 2012-04-18 14:15 80395 c:\windows\Installer\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}\MsblIco.Exe
+ 2012-04-18 14:25 . 2012-04-18 14:25 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\17a2afe9e92c7eaf86ba583b5f43f812\WindowsLiveWriter.ni.exe
+ 2012-04-18 14:25 . 2012-04-18 14:25 80896 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1c78c244b8033acc827956db14bd4f1e\WindowsLive.Writer.Passport.ni.dll
+ 2012-04-18 16:51 . 2012-04-18 16:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-17 06:30 . 2012-04-17 06:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-18 16:51 . 2012-04-18 16:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-17 06:30 . 2012-04-17 06:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-07 20:10 . 2011-10-03 10:06 157472 c:\windows\SysWOW64\javaws.exe
+ 2012-04-18 05:47 . 2012-04-18 05:47 157472 c:\windows\SysWOW64\javaws.exe
+ 2012-04-18 05:47 . 2012-04-18 05:47 149280 c:\windows\SysWOW64\javaw.exe
+ 2012-04-18 05:47 . 2012-04-18 05:47 149280 c:\windows\SysWOW64\java.exe
- 2009-07-14 04:54 . 2012-04-17 05:10 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-18 13:40 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 02:36 . 2012-04-18 16:32 626530 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-14 01:34 626530 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-18 16:32 107878 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-14 01:34 107878 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-04-18 16:50 313864 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-17 06:29 313864 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-18 05:48 . 2012-04-18 05:48 207360 c:\windows\Installer\9bf02.msi
+ 2010-12-02 18:09 . 2010-12-02 18:09 153600 c:\windows\Installer\21d416.msi
+ 2012-04-18 14:13 . 2012-04-18 14:13 509952 c:\windows\Installer\21d3ff.msp
+ 2012-04-18 14:13 . 2012-04-18 14:13 635904 c:\windows\Installer\21d3f5.msp
+ 2012-04-18 14:13 . 2012-04-18 14:13 468480 c:\windows\Installer\21d3d9.msp
+ 2012-04-18 14:13 . 2012-04-18 14:13 625664 c:\windows\Installer\21d3ca.msp
+ 2012-04-18 14:13 . 2012-04-18 14:13 205824 c:\windows\Installer\21d3b1.msp
+ 2010-12-02 18:09 . 2010-12-02 18:09 775168 c:\windows\Installer\21d3a8.msi
+ 2012-04-18 14:12 . 2012-04-18 14:12 715264 c:\windows\Installer\21d2e1.msp
+ 2012-04-18 14:12 . 2012-04-18 14:12 136704 c:\windows\Installer\21d2c3.msp
+ 2010-12-02 18:07 . 2010-12-02 18:07 429056 c:\windows\Installer\21d2be.msi
+ 2012-04-18 14:25 . 2012-04-18 14:25 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\a6fb51744921e46bcb668824786e8287\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-04-18 14:25 . 2012-04-18 14:25 122368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e69ebc47847db9102611374af36403b1\WindowsLive.Writer.Extensibility.ni.dll
+ 2012-04-18 14:25 . 2012-04-18 14:25 156672 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e5d7d83a5dadc3af9a6b9625eb0db9dc\WindowsLive.Writer.HtmlParser.ni.dll
+ 2012-04-18 14:25 . 2012-04-18 14:25 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d701b054e9a57d35661106e3129008cb\WindowsLive.Writer.Mshtml.ni.dll
+ 2012-04-18 14:25 . 2012-04-18 14:25 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b28c0d3b4a7e0daf5aef6c47d42d8af4\WindowsLive.Writer.SpellChecker.ni.dll
+ 2012-04-18 14:25 . 2012-04-18 14:25 374272 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ad9253672ba424757bb3546364e647e5\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2012-04-18 14:25 . 2012-04-18 14:25 101376 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8cba3ac89cc2bb34cbe39bb00709c1da\WindowsLive.Writer.Api.ni.dll
+ 2012-04-18 14:25 . 2012-04-18 14:25 891392 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\88c7a220bd93de68022850749e092a74\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-04-18 14:25 . 2012-04-18 14:25 665600 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\721c6efc6712f9acf006a0473f758151\WindowsLive.Writer.Interop.ni.dll
+ 2012-04-18 14:25 . 2012-04-18 14:25 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6ef8139565fd5dcb17bcc273c6dc1ae0\WindowsLive.Writer.BrowserControl.ni.dll
+ 2012-04-18 14:25 . 2012-04-18 14:25 780800 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5df97542d20b8fddbe83723f71ad63d1\WindowsLive.Writer.Controls.ni.dll
+ 2012-04-18 14:25 . 2012-04-18 14:25 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\593b5448f127bca7f5c06907769a78d6\WindowsLive.Writer.FileDestinations.ni.dll
+ 2012-04-18 14:25 . 2012-04-18 14:25 871424 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\40987d55c7eac08478b5e14f1dc77c5e\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-04-18 14:25 . 2012-04-18 14:25 146432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\365fc1ad8068147966183bebb2789ab5\WindowsLive.Writer.Instrumentation.ni.dll
+ 2012-04-18 14:25 . 2012-04-18 14:25 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\41840d318bedd3f3cf820c99b85f7725\WindowsLive.Client.ni.dll
+ 2009-07-14 04:54 . 2012-04-18 13:40 3801088 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-17 05:10 3801088 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-17 05:10 4308992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-18 13:40 4308992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-17 22:02 . 2012-04-18 13:37 2585312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-02-21 08:24 . 2012-04-18 16:50 3842940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2706499287-1759843255-3125479961-1001-12288.dat
+ 2012-04-18 14:13 . 2012-04-18 14:13 2146304 c:\windows\Installer\21d410.msp
+ 2010-12-02 18:08 . 2010-12-02 18:08 4250112 c:\windows\Installer\21d405.msi
+ 2010-12-02 18:08 . 2010-12-02 18:08 4175360 c:\windows\Installer\21d3fa.msi
+ 2010-12-02 18:08 . 2010-12-02 18:08 3410944 c:\windows\Installer\21d3ef.msi
+ 2012-04-18 14:13 . 2012-04-18 14:13 5124096 c:\windows\Installer\21d3e9.msp
+ 2011-08-16 07:16 . 2011-08-16 07:16 6661632 c:\windows\Installer\21d3df.msi
+ 2010-12-02 18:08 . 2010-12-02 18:08 1070592 c:\windows\Installer\21d3cf.msi
+ 2010-12-02 18:07 . 2010-12-02 18:07 1492992 c:\windows\Installer\21d3c1.msi
+ 2012-04-18 14:13 . 2012-04-18 14:13 3734016 c:\windows\Installer\21d3a0.msp
+ 2012-04-18 14:13 . 2012-04-18 14:13 2957312 c:\windows\Installer\21d35b.msp
+ 2010-12-02 18:08 . 2010-12-02 18:08 8313856 c:\windows\Installer\21d341.msi
+ 2012-04-18 14:13 . 2012-04-18 14:13 5868544 c:\windows\Installer\21d33c.msp
+ 2012-04-18 14:12 . 2012-04-18 14:12 5535744 c:\windows\Installer\21d31f.msp
+ 2012-04-18 14:12 . 2012-04-18 14:12 3312128 c:\windows\Installer\21d305.msp
+ 2010-12-02 18:08 . 2010-12-02 18:08 8332288 c:\windows\Installer\21d2e9.msi
+ 2011-08-16 07:16 . 2011-08-16 07:16 2310656 c:\windows\Installer\21d2d9.msi
+ 2012-04-18 14:12 . 2012-04-18 14:12 1139712 c:\windows\Installer\21d2d4.msp
+ 2010-12-02 18:07 . 2010-12-02 18:07 4004864 c:\windows\Installer\21d2c8.msi
+ 2012-04-18 14:12 . 2012-04-18 14:12 2932224 c:\windows\Installer\21d2b9.msp
+ 2010-12-02 18:07 . 2010-12-02 18:07 7710720 c:\windows\Installer\21d2a5.msi
+ 2012-04-18 14:12 . 2012-04-18 14:12 4426240 c:\windows\Installer\21d2a0.msp
+ 2010-12-02 18:07 . 2010-12-02 18:07 9433088 c:\windows\Installer\21d291.msi
+ 2012-04-18 14:25 . 2012-04-18 14:25 2193408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a724add261acf0344e45068d5b27c66a\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-04-18 14:25 . 2012-04-18 14:25 7025152 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\56cbcc886f21818df024d05a0d44ad10\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-04-18 14:25 . 2012-04-18 14:25 1285632 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\468c893374af1c2a332119ff0de5bc26\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2012-04-18 14:25 . 2012-04-18 14:25 1346560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3de55a3b00709c87b1b685da6b763d77\WindowsLive.Writer.Localization.ni.dll
+ 2009-07-14 02:34 . 2012-04-17 15:31 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-04-13 18:11 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-04-18 05:46 . 2012-04-18 05:46 12938752 c:\windows\Installer\9bef2.msi
+ 2010-12-02 18:08 . 2010-12-02 18:08 11846656 c:\windows\Installer\21d397.msi
+ 2012-04-18 14:13 . 2012-04-18 14:13 14624256 c:\windows\Installer\21d390.msp
+ 2010-12-02 18:08 . 2010-12-02 18:08 34193408 c:\windows\Installer\21d365.msi
+ 2010-12-02 18:08 . 2010-12-02 18:08 13850624 c:\windows\Installer\21d325.msi
+ 2011-08-16 07:16 . 2011-08-16 07:16 22647296 c:\windows\Installer\21d30c.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2010-06-30 1689144]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-12 39408]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-05-14 307768]
"SansaDispatch"="c:\users\Kerry\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-05-08 79872]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-03-02 119152]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2012-3-30 5572168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Connectify;Connectify;c:\program files (x86)\Connectify\Connectifyd.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-12 135664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-12 135664]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 PTAPCBUS;Pantech Android USB Composite Device (PTAPC);c:\windows\system32\DRIVERS\PTAPCBUS.sys [x]
R3 PTAPCMDM;Pantech Android USB Modem Drivers (PTAPC);c:\windows\system32\DRIVERS\PTAPCMDM.sys [x]
R3 PTAPCVSP;Pantech Android USB Serial Port (PTAPC);c:\windows\system32\DRIVERS\PTAPCVSP.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-05-25 43032]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 STSService;STSService;c:\program files (x86)\SoundTaxi Media Suite\STSService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 GIDv2;GIDv2; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-03-30 65608]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
S3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 15:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 14:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-12 19:59]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-12 19:59]
.
2012-04-18 c:\windows\Tasks\HPCeeScheduleForKerry.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 02:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 171520]
"VX3000"="c:\windows\vVX3000.exe" [2010-03-02 762736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
keriomailserver
videoacceleratorengine
RapiMgr
{a7447300-8075-4b0d-83f1-3d75c8ebc623}
stacsv
enethusb
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2012-04-18 13:16:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-18 17:16
ComboFix2.txt 2012-04-17 06:38
.
Pre-Run: 145,053,368,320 bytes free
Post-Run: 145,058,627,584 bytes free
.
- - End Of File - - 24FFAAB948EA7249B905D5417B784DAC

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:50 AM

Posted 18 April 2012 - 12:22 PM

Hello

How is everything running at this time?




I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gmonkey

gmonkey
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 18 April 2012 - 12:41 PM

Additional combofix Log file posted below

It seems stable - I had to completely remove Norton AV as even when disabling combo-fix wouldn't run. I'm not sure if I still have the trojan gen2 or not as I haven't re-installed it. Assuming that it's clean , It seems the only thing is that after running Unhide (post SMART HDD) I have my startmenu folders back, but they're all empty

Acrobat.com
Activate Norton Online Backup
Adobe AIR
Adobe Digital Editions
Adobe Reader X (10.1.3)
Amazon Unbox Video
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
Bing Bar
BlackBerry USB Drivers
Clifford Thinking Adventures
Compatibility Pack for the 2007 Office system
Constant Guard Protection Suite
CyberLink DVD Suite
D3DX10
Dora Backpack
Google Toolbar for Internet Explorer
Google Update Helper
GuardedID
Hewlett-Packard ACLM.NET v1.1.2.0
Homepage Protection
HP Advisor
HP Customer Experience Enhancements
HP DVD Play 3.7
HP Games
HP Product Detection
HP Quick Launch Buttons
HP Setup
HP Support Assistant
HP Update
HP User Guides 0156
HP Wireless Assistant
iSEEK AnswerWorks English Runtime
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
LabelPrint
LG USB Modem driver
LightScribe System Software
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Corporation
Microsoft Live Search Toolbar
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
Network Play System (Patching)
Octoshape add-in for Adobe Flash Player
OverDrive Media Console
Pantech USB Driver for Android phones ver1
Power2Go
PowerDirector
PowerRecover
ProductTools_ND
QLBCASL
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Realtek USB 2.0 Card Reader
Roblox for Kerry
Safari
Sansa Updater
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Sid Meier's Civilization 4
Skype Click to Call
Skype™ 5.8
SmartWebPrinting
Spelling Dictionaries Support For Adobe Reader 9
The Sims Hot Date
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wmaiper
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wmaiper
TurboTax 2010 wrapper
Typing Instructor for Kids 3
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Visual C++ 8.0 Runtime Setup Package (x64)
VZAccess Manager
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:50 AM

Posted 18 April 2012 - 12:50 PM

Hello

If running unhide did not work then the shortcuts are going to have to be remade

Using Avast as an example it can be done this way

Posted Image

  • Open Windows Explorer, navigate to Avast folder in Program Files
  • Right click on Avast ".exe" file, click "Create shortcut":

Posted Image

  • Copy that shortcut, go back to Start menu.
  • Right click on avast!Free Antivirus, click "Paste".
  • You'll see Avast shortcut recreated replacing (empty) entry.

Alternatively....
...you paste that shortcut in:
(XP) - C:\Documents and Settings\All Users\Start Menu\Programs\Avast
(Vista/7) - C:\Program Data\Start Menu\Programs\Avast




Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gmonkey

gmonkey
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 18 April 2012 - 01:19 PM

Seems to be runnig fine although I haven't reinstalled any Antivirus as I'm not sure I'm done running combo-fix

MBAM log:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.18.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kerry :: KERRY-PC [limited]

4/18/2012 2:11:38 PM
mbam-log-2012-04-18 (14-11-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201037
Time elapsed: 1 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Hijack THis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:16:51 PM, on 4/18/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\vVX3000.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Kerry\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\SFT\GuardedID\GIDD.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: HelloWorldBHO - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Constant Guard Protection Suite (COM) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files (x86)\Constant Guard Protection Suite\NativeBHO.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /c
O4 - HKCU\..\Run: [SansaDispatch] C:\Users\Kerry\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Global Startup: Constant Guard.lnk = C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\nwprovau.dll' missing
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Connectify - Unknown owner - C:\Program Files (x86)\Connectify\Connectifyd.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: CGPS Service (IDVaultSvc) - White Sky, Inc. - C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: STSService - Unknown owner - C:\Program Files (x86)\SoundTaxi Media Suite\STSService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13421 bytes

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:50 AM

Posted 18 April 2012 - 01:25 PM

Greetings

reinstall anything that needs to be reinstalled now

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
      O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
      O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
      O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\Run: [SansaDispatch] C:\Users\Kerry\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users