Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Redirection


  • This topic is locked This topic is locked
26 replies to this topic

#1 harveypuggle

harveypuggle

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 02 May 2012 - 07:39 PM

When I use google search I get redirected to various sites such as hapili and monster. Sometimes new tabs with other sites will open at random also. I've tried running MBAM. Nothing else unusual is going on.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:38 AM

Posted 02 May 2012 - 08:13 PM

Hello amd welcome..
Which Browser(s) is this occurring with?

Please run these next...
Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

>>>

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 harveypuggle

harveypuggle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 02 May 2012 - 10:29 PM

This is occurring with both Firefox and Chrome. I had to reboot after using TDSSKiller.

MiniToolBox by Farbar Version: 18-01-2012
Ran by Katie (administrator) on 02-05-2012 at 19:50:55
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.


========================= IE Proxy Settings: ==============================

Proxy is enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Dell Wireless 1397 WLAN Mini-Card = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : ShinyLimey
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Dell Wireless 1397 WLAN Mini-Card
Physical Address. . . . . . . . . : 70-1A-04-64-54-79
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d41b:3c50:e1ce:3486%12(Preferred)
IPv4 Address. . . . . . . . . . . : 172.16.0.151(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, May 02, 2012 5:53:32 PM
Lease Expires . . . . . . . . . . : Thursday, May 03, 2012 5:53:32 PM
Default Gateway . . . . . . . . . : 172.16.0.1
DHCP Server . . . . . . . . . . . : 172.16.0.1
DHCPv6 IAID . . . . . . . . . . . : 225450500
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-7D-BE-94-00-25-64-6C-01-FF
DNS Servers . . . . . . . . . . . : 172.16.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-25-64-6C-01-FF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.dhcp.public.spl.org:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.ip3networks.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{5D1D6D98-87F2-415F-8B7D-050E11DB8AE2}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{EB78FC8C-5F60-4B0F-8905-3905462CAA3A}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Pinging google.com [173.194.33.2] with 32 bytes of data:
Reply from 173.194.33.2: bytes=32 time=10ms TTL=55
Reply from 173.194.33.2: bytes=32 time=11ms TTL=55

Ping statistics for 173.194.33.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 10ms, Maximum = 11ms, Average = 10ms

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=32ms TTL=50
Reply from 72.30.38.140: bytes=32 time=75ms TTL=50

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 32ms, Maximum = 75ms, Average = 53ms

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...70 1a 04 64 54 79 ......Dell Wireless 1397 WLAN Mini-Card
11...00 25 64 6c 01 ff ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
15...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.16.0.1 172.16.0.151 30
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
172.16.0.0 255.255.255.0 On-link 172.16.0.151 286
172.16.0.151 255.255.255.255 On-link 172.16.0.151 286
172.16.0.255 255.255.255.255 On-link 172.16.0.151 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 172.16.0.151 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 172.16.0.151 286
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
12 286 fe80::/64 On-link
12 286 fe80::d41b:3c50:e1ce:3486/128
On-link
1 306 ff00::/8 On-link
12 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 mswsock.dll [File Not found] ()
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
x64-Catalog5 02 mswsock.dll [File Not found] ()
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/02/2012 07:36:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: ping.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc964
Faulting module name: jscript9.dll_unloaded, version: 0.0.0.0, time stamp: 0x4f4c2b71
Exception code: 0xc0000005
Fault offset: 0x6b2dc505
Faulting process id: 0x14f4
Faulting application start time: 0xping.exe0
Faulting application path: ping.exe1
Faulting module path: ping.exe2
Report Id: ping.exe3

Error: (05/02/2012 07:24:41 PM) (Source: Application Error) (User: )
Description: Faulting application name: ping.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc964
Faulting module name: jscript9.dll_unloaded, version: 0.0.0.0, time stamp: 0x4f4c2b71
Exception code: 0xc0000005
Fault offset: 0x6b2dc505
Faulting process id: 0x191c
Faulting application start time: 0xping.exe0
Faulting application path: ping.exe1
Faulting module path: ping.exe2
Report Id: ping.exe3

Error: (05/02/2012 06:39:31 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (05/02/2012 06:39:02 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (05/02/2012 04:26:43 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (05/02/2012 04:26:43 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (05/02/2012 04:23:21 PM) (Source: CVHSVC) (User: )
Description: Information only.
Scenario SCN_ does not exist in FFB.XML

Error: (05/02/2012 00:32:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec4b137
Exception code: 0xc0000005
Fault offset: 0x000000000008bf12
Faulting process id: 0xc84
Faulting application start time: 0xsvchost.exe_Dnscache0
Faulting application path: svchost.exe_Dnscache1
Faulting module path: svchost.exe_Dnscache2
Report Id: svchost.exe_Dnscache3

Error: (05/02/2012 00:19:10 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec4b137
Exception code: 0xc0000005
Fault offset: 0x000000000008bf12
Faulting process id: 0x8e4
Faulting application start time: 0xsvchost.exe_Dnscache0
Faulting application path: svchost.exe_Dnscache1
Faulting module path: svchost.exe_Dnscache2
Report Id: svchost.exe_Dnscache3

Error: (05/02/2012 08:11:20 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_Dnscache, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec4b137
Exception code: 0xc0000005
Fault offset: 0x000000000008bf12
Faulting process id: 0x4a4
Faulting application start time: 0xsvchost.exe_Dnscache0
Faulting application path: svchost.exe_Dnscache1
Faulting module path: svchost.exe_Dnscache2
Report Id: svchost.exe_Dnscache3


System errors:
=============
Error: (05/02/2012 07:51:41 PM) (Source: Microsoft-Windows-DNS-Client) (User: Katie)
Description: There was an error while attempting to read the local hosts file.

Error: (05/02/2012 07:51:35 PM) (Source: Microsoft-Windows-DNS-Client) (User: Katie)
Description: There was an error while attempting to read the local hosts file.

Error: (05/02/2012 07:51:27 PM) (Source: Microsoft-Windows-DNS-Client) (User: Katie)
Description: There was an error while attempting to read the local hosts file.

Error: (05/02/2012 07:51:20 PM) (Source: Microsoft-Windows-DNS-Client) (User: SYSTEM)
Description: There was an error while attempting to read the local hosts file.

Error: (05/02/2012 07:50:54 PM) (Source: Microsoft-Windows-DNS-Client) (User: SYSTEM)
Description: There was an error while attempting to read the local hosts file.

Error: (05/02/2012 07:49:39 PM) (Source: Microsoft-Windows-DNS-Client) (User: SYSTEM)
Description: There was an error while attempting to read the local hosts file.

Error: (05/02/2012 07:45:15 PM) (Source: Microsoft-Windows-DNS-Client) (User: SYSTEM)
Description: There was an error while attempting to read the local hosts file.

Error: (05/02/2012 07:42:03 PM) (Source: Microsoft-Windows-DNS-Client) (User: SYSTEM)
Description: There was an error while attempting to read the local hosts file.

Error: (05/02/2012 07:38:18 PM) (Source: Microsoft-Windows-DNS-Client) (User: SYSTEM)
Description: There was an error while attempting to read the local hosts file.

Error: (05/02/2012 07:37:38 PM) (Source: Microsoft-Windows-DNS-Client) (User: SYSTEM)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================
Error: (05/02/2012 07:36:37 PM) (Source: Application Error)(User: )
Description: ping.exe6.1.7600.163854a5bc964jscript9.dll_unloaded0.0.0.04f4c2b71c00000056b2dc50514f401cd28d4f6bd0ad3C:\Windows\SysWOW64\ping.exejscript9.dllcdc42d92-94c8-11e1-beb9-0025646c01ff

Error: (05/02/2012 07:24:41 PM) (Source: Application Error)(User: )
Description: ping.exe6.1.7600.163854a5bc964jscript9.dll_unloaded0.0.0.04f4c2b71c00000056b2dc505191c01cd28d30d7b437fC:\Windows\SysWOW64\ping.exejscript9.dll22f88a91-94c7-11e1-beb9-0025646c01ff

Error: (05/02/2012 06:39:31 PM) (Source: SideBySide)(User: )
Description: c:\program files (x86)\microsoft\search enhancement pack\search helper\SearchHelper.dllc:\program files (x86)\microsoft\search enhancement pack\search helper\SearchHelper.dll2

Error: (05/02/2012 06:39:02 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (05/02/2012 04:26:43 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/02/2012 04:26:43 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/02/2012 04:23:21 PM) (Source: CVHSVC)(User: )
Description: Scenario SCN_ does not exist in FFB.XML

Error: (05/02/2012 00:32:08 PM) (Source: Application Error)(User: )
Description: svchost.exe_Dnscache6.1.7600.163854a5bc3c1ntdll.dll6.1.7600.169154ec4b137c0000005000000000008bf12c8401cd289874616ec0C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll80f6517d-948d-11e1-beb9-0025646c01ff

Error: (05/02/2012 00:19:10 PM) (Source: Application Error)(User: )
Description: svchost.exe_Dnscache6.1.7600.163854a5bc3c1ntdll.dll6.1.7600.169154ec4b137c0000005000000000008bf128e401cd2875d53cbc96C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dllb13c8088-948b-11e1-beb9-0025646c01ff

Error: (05/02/2012 08:11:20 AM) (Source: Application Error)(User: )
Description: svchost.exe_Dnscache6.1.7600.163854a5bc3c1ntdll.dll6.1.7600.169154ec4b137c0000005000000000008bf124a401cd2874c4d40ab9C:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll121ef27f-9469-11e1-beb9-0025646c01ff


=========================== Installed Programs ============================

µTorrent (Version: 1.8.5)
7-Zip 9.20
Adobe Bridge 1.0 (Version: 001.000.000)
Adobe Common File Installer (Version: 1.00.0000)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.233)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.2.202.233)
Adobe Help Center 1.0 (Version: 001.000.000)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Reader 9.1.2 (Version: 9.1.2)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
Adobe Stock Photos 1.0 (Version: 001.000.000)
Advanced Audio FX Engine (Version: 1.12.05)
Anvil Studio 2011 (Version: 11.06.04)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Audacity 1.3.13 (Unicode)
avast! Free Antivirus (Version: 5.0.396.0)
Babylon toolbar on IE
Big Fish Games: Game Manager (Version: 1.5.1.0)
Bing Bar (Version: 7.0.822.0)
Bonjour (Version: 3.0.0.10)
Catan (remove only)
CDisplayEx 1.4
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
ConvertHelper 2.2
ConvertXtoDVD 4.1.19.365 (Version: 4.1.19.365)
Dell DataSafe Local Backup - Support Software (Version: 9.4.60)
Dell DataSafe Local Backup (Version: 9.4.60)
Dell Dock (Version: 2.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Support Software) (Version: 2.5.09100)
Dell Touchpad (Version: 7.102.101.221)
Dell Webcam Central (Version: 1.40.05)
Dell Wireless WLAN Card Utility (Version: 5.30.21.0)
Disney-Pixar WALL-E (Version: 1.00.0000)
Disney Toontown Online (Version: )
Download Updater (AOL LLC)
Facebook Plug-In
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
Fish Tycoon
GIMP 2.6.8
Google Chrome (Version: 18.0.1025.162)
GoToAssist 8.0.0.514
IDT Audio (Version: 1.0.6217.0)
Intel® Graphics Media Accelerator Driver
Japanese Fonts Support For Adobe Reader 9 (Version: 9.0.0)
Java Auto Updater (Version: 2.0.1.2)
Java™ 6 Update 14 (64-bit) (Version: 6.0.140)
Java™ 6 Update 18 (Version: 6.0.180)
Junk Mail filter update (Version: 14.0.8089.726)
Kudos 2-in-1
LG United Mobile Driver (Version: 3.6.0.0)
Live! Cam Avatar Creator (Version: 4.6.3009.1)
Mahjong Max (Version: 1.0)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office Click-to-Run 2010 (Beta) (Version: 14.0.4536.1000)
Microsoft Office Home and Business 2010 (Beta) - English (Version: 14.0.4541.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.58299)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Works (Version: 9.7.0621)
Microsoft WorldWide Telescope (Version: 2.8.15)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mozilla Firefox 13.0 (x86 en-US) (Version: 13.0)
Mozilla Maintenance Service (Version: 13.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
OpenAL
OpenOffice.org 3.2 (Version: 3.2.9483)
Origin (Version: 8.2.5.2532)
Paint.NET v3.5.1 (Version: 3.51.0)
Peggle Deluxe (Version: 1.0)
Plants vs. Zombies
PowerDVD DX (Version: 8.3.5424)
Quickset64 (Version: 9.6.6)
RCT3 Soaked (Version: 1.00.000)
RedNotebook 1.1.1
RollerCoaster Tycoon® 3 (Version: 1.00.000)
Roxio Burn (Version: 1.0)
Roxio Burn (Version: 1.0.0)
Roxio Update Manager (Version: 6.0.0)
Seagate Dashboard (Version: 1.1.0.1421)
SHOUTcast Source DSP 1.9.1 (remove only)
Skype™ 5.5 (Version: 5.5.113)
Songbird 1.10.2 (Build 2199)
Spore
Steam (Version: 1.0.0.0)
swMSM (Version: 12.0.0.1)
Synthesia (remove only)
The Sims™ 3 (Version: 1.0.632)
TI Connect 1.6 (Version: 1.6)
Ultimate Video Converter (Version: 1.7.6.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
VLC media player 1.1.11 (Version: 1.1.11)
WhatPulse 1.7.1 (Version: 1.7.1)
WinCDEmu (Version: 3.3)
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0) (Version: 06/11/2009 1.0.0.0)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1) (Version: 09/02/2009 1.0.0.1)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Wireless-N 150 USB Adapter WNA1000 (Version: 1.00.0000)
World's Best Board Games 2009

========================= Memory info: ===================================

Percentage of memory in use: 56%
Total physical RAM: 3034.36 MB
Available physical RAM: 1329.97 MB
Total Pagefile: 6066.87 MB
Available Pagefile: 3466.89 MB
Total Virtual: 4095.88 MB
Available Virtual: 3928.59 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:9.64 GB) NTFS

========================= Users: ========================================

User accounts for \\

Administrator Guest Katie


**** End of log ****
19:56:30.0606 4236 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
19:56:31.0354 4236 ============================================================
19:56:31.0354 4236 Current date / time: 2012/05/02 19:56:31.0354
19:56:31.0354 4236 SystemInfo:
19:56:31.0354 4236
19:56:31.0354 4236 OS Version: 6.1.7600 ServicePack: 0.0
19:56:31.0354 4236 Product type: Workstation
19:56:31.0354 4236 ComputerName: SHINYLIMEY
19:56:31.0355 4236 UserName: Katie
19:56:31.0355 4236 Windows directory: C:\Windows
19:56:31.0355 4236 System windows directory: C:\Windows
19:56:31.0355 4236 Running under WOW64
19:56:31.0355 4236 Processor architecture: Intel x64
19:56:31.0355 4236 Number of processors: 2
19:56:31.0355 4236 Page size: 0x1000
19:56:31.0355 4236 Boot type: Normal boot
19:56:31.0355 4236 ============================================================
19:56:33.0244 4236 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:56:33.0253 4236 ============================================================
19:56:33.0253 4236 \Device\Harddisk0\DR0:
19:56:33.0254 4236 MBR partitions:
19:56:33.0254 4236 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
19:56:33.0254 4236 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465170
19:56:33.0254 4236 ============================================================
19:56:33.0295 4236 C: <-> \Device\Harddisk0\DR0\Partition1
19:56:33.0296 4236 ============================================================
19:56:33.0296 4236 Initialize success
19:56:33.0296 4236 ============================================================
19:58:53.0112 1196 ============================================================
19:58:53.0112 1196 Scan started
19:58:53.0112 1196 Mode: Manual;
19:58:53.0112 1196 ============================================================
19:59:02.0151 1196 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
19:59:02.0163 1196 1394ohci - ok
19:59:02.0213 1196 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
19:59:02.0230 1196 ACPI - ok
19:59:02.0255 1196 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
19:59:02.0256 1196 AcpiPmi - ok
19:59:02.0327 1196 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
19:59:02.0330 1196 Adobe LM Service - ok
19:59:02.0464 1196 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:59:02.0485 1196 AdobeFlashPlayerUpdateSvc - ok
19:59:02.0564 1196 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:59:02.0598 1196 adp94xx - ok
19:59:02.0672 1196 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:59:02.0689 1196 adpahci - ok
19:59:02.0735 1196 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:59:02.0747 1196 adpu320 - ok
19:59:02.0802 1196 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:59:02.0804 1196 AeLookupSvc - ok
19:59:02.0895 1196 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe
19:59:02.0898 1196 AESTFilters - ok
19:59:02.0979 1196 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
19:59:02.0999 1196 AFD - ok
19:59:03.0059 1196 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
19:59:03.0062 1196 agp440 - ok
19:59:03.0098 1196 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:59:03.0100 1196 ALG - ok
19:59:03.0114 1196 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
19:59:03.0116 1196 aliide - ok
19:59:03.0125 1196 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
19:59:03.0127 1196 amdide - ok
19:59:03.0153 1196 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:59:03.0155 1196 AmdK8 - ok
19:59:03.0166 1196 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:59:03.0168 1196 AmdPPM - ok
19:59:03.0217 1196 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
19:59:03.0220 1196 amdsata - ok
19:59:03.0257 1196 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:59:03.0271 1196 amdsbs - ok
19:59:03.0302 1196 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
19:59:03.0304 1196 amdxata - ok
19:59:03.0349 1196 Andbus (48cd7e6520d47d62eab0e6ce3ec30c65) C:\Windows\system32\DRIVERS\lgandbus64.sys
19:59:03.0351 1196 Andbus - ok
19:59:03.0388 1196 AndDiag (08cbacc00d15dcdbbaae1a7c8f231c61) C:\Windows\system32\DRIVERS\lganddiag64.sys
19:59:03.0391 1196 AndDiag - ok
19:59:03.0423 1196 AndGps (cea9a4cd6b3a83428ce8501240833668) C:\Windows\system32\DRIVERS\lgandgps64.sys
19:59:03.0425 1196 AndGps - ok
19:59:03.0445 1196 ANDModem (e2b5663e547fa5e756b253efa8ec8286) C:\Windows\system32\DRIVERS\lgandmodem64.sys
19:59:03.0447 1196 ANDModem - ok
19:59:03.0523 1196 ApfiltrService (3cc4531f11648a6081a7ba3aa4924d04) C:\Windows\system32\DRIVERS\Apfiltr.sys
19:59:03.0534 1196 ApfiltrService - ok
19:59:03.0576 1196 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
19:59:03.0579 1196 AppID - ok
19:59:03.0603 1196 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:59:03.0605 1196 AppIDSvc - ok
19:59:03.0633 1196 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
19:59:03.0635 1196 Appinfo - ok
19:59:03.0744 1196 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:59:03.0747 1196 Apple Mobile Device - ok
19:59:03.0765 1196 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:59:03.0998 1196 arc - ok
19:59:04.0021 1196 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:59:04.0024 1196 arcsas - ok
19:59:04.0144 1196 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:59:04.0146 1196 aspnet_state - ok
19:59:04.0210 1196 aswFsBlk (c3e0543c36af8f31090a3923db4c61c6) C:\Windows\system32\drivers\aswFsBlk.sys
19:59:04.0212 1196 aswFsBlk - ok
19:59:04.0247 1196 aswMonFlt (ae46fb7db6695ab59e4dfcb6d78e922e) C:\Windows\system32\drivers\aswMonFlt.sys
19:59:04.0249 1196 aswMonFlt - ok
19:59:04.0269 1196 aswRdr (2a986614f2af226414913fed3816ad4b) C:\Windows\system32\drivers\aswRdr.sys
19:59:04.0271 1196 aswRdr - ok
19:59:04.0303 1196 aswSP (02b7435061ef9e2e2b2a7920942fd3a6) C:\Windows\system32\drivers\aswSP.sys
19:59:04.0319 1196 aswSP - ok
19:59:04.0349 1196 aswTdi (7f544e7b863f81bfb26ee6a4324204af) C:\Windows\system32\drivers\aswTdi.sys
19:59:04.0351 1196 aswTdi - ok
19:59:04.0385 1196 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:59:04.0387 1196 AsyncMac - ok
19:59:04.0405 1196 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
19:59:04.0406 1196 atapi - ok
19:59:04.0495 1196 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
19:59:04.0511 1196 AudioEndpointBuilder - ok
19:59:04.0524 1196 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
19:59:04.0531 1196 AudioSrv - ok
19:59:04.0615 1196 avast! Antivirus (d9b051cb58c052c29f9584bad86baa1e) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
19:59:04.0618 1196 avast! Antivirus - ok
19:59:04.0629 1196 avast! Mail Scanner (d9b051cb58c052c29f9584bad86baa1e) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
19:59:04.0630 1196 avast! Mail Scanner - ok
19:59:04.0639 1196 avast! Web Scanner (d9b051cb58c052c29f9584bad86baa1e) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
19:59:04.0640 1196 avast! Web Scanner - ok
19:59:04.0720 1196 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
19:59:04.0737 1196 AxInstSV - ok
19:59:04.0818 1196 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:59:04.0838 1196 b06bdrv - ok
19:59:04.0896 1196 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:59:04.0903 1196 b57nd60a - ok
19:59:04.0963 1196 BazisVirtualCDBus (59727f8026a6e6f5656db6b7c04822e6) C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys
19:59:04.0977 1196 BazisVirtualCDBus - ok
19:59:05.0096 1196 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
19:59:05.0109 1196 BBSvc - ok
19:59:05.0204 1196 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
19:59:05.0215 1196 BBUpdate - ok
19:59:05.0234 1196 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
19:59:05.0236 1196 BCM42RLY - ok
19:59:05.0456 1196 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
19:59:05.0502 1196 BCM43XX - ok
19:59:05.0652 1196 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:59:05.0655 1196 BDESVC - ok
19:59:05.0704 1196 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:59:05.0706 1196 Beep - ok
19:59:05.0800 1196 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
19:59:05.0850 1196 BITS - ok
19:59:05.0885 1196 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:59:05.0888 1196 blbdrive - ok
19:59:06.0246 1196 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:59:06.0263 1196 Bonjour Service - ok
19:59:06.0333 1196 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
19:59:06.0336 1196 bowser - ok
19:59:06.0366 1196 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:59:06.0368 1196 BrFiltLo - ok
19:59:06.0403 1196 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:59:06.0405 1196 BrFiltUp - ok
19:59:06.0445 1196 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
19:59:06.0462 1196 Browser - ok
19:59:06.0503 1196 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:59:06.0544 1196 Brserid - ok
19:59:06.0553 1196 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:59:06.0556 1196 BrSerWdm - ok
19:59:06.0563 1196 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:59:06.0565 1196 BrUsbMdm - ok
19:59:06.0575 1196 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:59:06.0577 1196 BrUsbSer - ok
19:59:06.0605 1196 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:59:06.0607 1196 BTHMODEM - ok
19:59:06.0666 1196 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:59:06.0669 1196 bthserv - ok
19:59:06.0708 1196 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:59:06.0711 1196 cdfs - ok
19:59:06.0758 1196 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
19:59:06.0774 1196 cdrom - ok
19:59:06.0799 1196 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
19:59:06.0802 1196 CertPropSvc - ok
19:59:06.0840 1196 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:59:06.0842 1196 circlass - ok
19:59:06.0884 1196 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:59:06.0921 1196 CLFS - ok
19:59:07.0136 1196 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:59:07.0139 1196 clr_optimization_v2.0.50727_32 - ok
19:59:07.0198 1196 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:59:07.0201 1196 clr_optimization_v2.0.50727_64 - ok
19:59:07.0302 1196 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:59:07.0329 1196 clr_optimization_v4.0.30319_32 - ok
19:59:07.0389 1196 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:59:07.0405 1196 clr_optimization_v4.0.30319_64 - ok
19:59:07.0455 1196 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:59:07.0457 1196 CmBatt - ok
19:59:07.0475 1196 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
19:59:07.0477 1196 cmdide - ok
19:59:07.0543 1196 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
19:59:07.0555 1196 CNG - ok
19:59:07.0584 1196 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:59:07.0586 1196 Compbatt - ok
19:59:07.0615 1196 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:59:07.0617 1196 CompositeBus - ok
19:59:07.0635 1196 COMSysApp - ok
19:59:07.0661 1196 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:59:07.0662 1196 crcdisk - ok
19:59:07.0707 1196 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
19:59:07.0723 1196 CryptSvc - ok
19:59:07.0757 1196 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
19:59:07.0771 1196 CtClsFlt - ok
19:59:07.0913 1196 cvhsvc (9f38feb92d18468012543e1afcf79bbc) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:59:07.0936 1196 cvhsvc - ok
19:59:08.0015 1196 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
19:59:08.0026 1196 DcomLaunch - ok
19:59:08.0085 1196 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:59:08.0090 1196 defragsvc - ok
19:59:08.0173 1196 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
19:59:08.0180 1196 DfsC - ok
19:59:08.0440 1196 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
19:59:08.0447 1196 Dhcp - ok
19:59:08.0481 1196 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:59:08.0484 1196 discache - ok
19:59:08.0511 1196 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:59:08.0513 1196 Disk - ok
19:59:08.0526 1196 DNIMp50a64 - ok
19:59:08.0536 1196 DNISp50a64 - ok
19:59:08.0596 1196 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
19:59:08.0609 1196 Dnscache - ok
19:59:08.0741 1196 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
19:59:08.0756 1196 DockLoginService - ok
19:59:08.0808 1196 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
19:59:08.0817 1196 dot3svc - ok
19:59:08.0859 1196 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
19:59:08.0863 1196 DPS - ok
19:59:08.0904 1196 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:59:08.0909 1196 drmkaud - ok
19:59:09.0022 1196 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
19:59:09.0048 1196 DXGKrnl - ok
19:59:09.0064 1196 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:59:09.0067 1196 EapHost - ok
19:59:09.0300 1196 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:59:09.0374 1196 ebdrv - ok
19:59:09.0515 1196 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
19:59:09.0519 1196 EFS - ok
19:59:09.0633 1196 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
19:59:09.0647 1196 ehRecvr - ok
19:59:09.0682 1196 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:59:09.0698 1196 ehSched - ok
19:59:09.0790 1196 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:59:09.0798 1196 elxstor - ok
19:59:09.0810 1196 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
19:59:09.0811 1196 ErrDev - ok
19:59:09.0876 1196 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:59:09.0893 1196 EventSystem - ok
19:59:09.0933 1196 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:59:09.0947 1196 exfat - ok
19:59:09.0983 1196 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:59:09.0995 1196 fastfat - ok
19:59:10.0011 1196 FastUserSwitchingCompatibility - ok
19:59:10.0087 1196 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
19:59:10.0101 1196 Fax - ok
19:59:10.0108 1196 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:59:10.0110 1196 fdc - ok
19:59:10.0124 1196 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:59:10.0126 1196 fdPHost - ok
19:59:10.0138 1196 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:59:10.0140 1196 FDResPub - ok
19:59:10.0152 1196 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:59:10.0154 1196 FileInfo - ok
19:59:10.0174 1196 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:59:10.0175 1196 Filetrace - ok
19:59:10.0202 1196 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:59:10.0203 1196 flpydisk - ok
19:59:10.0250 1196 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
19:59:10.0280 1196 FltMgr - ok
19:59:10.0408 1196 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
19:59:10.0453 1196 FontCache - ok
19:59:11.0039 1196 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:59:11.0041 1196 FontCache3.0.0.0 - ok
19:59:11.0086 1196 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:59:11.0088 1196 FsDepends - ok
19:59:11.0136 1196 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
19:59:11.0137 1196 Fs_Rec - ok
19:59:11.0216 1196 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:59:11.0227 1196 fvevol - ok
19:59:11.0262 1196 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:59:11.0264 1196 gagp30kx - ok
19:59:11.0317 1196 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\Drivers\GEARAspiWDM.sys
19:59:11.0319 1196 GEARAspiWDM - ok
19:59:11.0397 1196 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
19:59:11.0399 1196 GoToAssist - ok
19:59:11.0485 1196 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
19:59:11.0507 1196 gpsvc - ok
19:59:11.0544 1196 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:59:11.0546 1196 hcw85cir - ok
19:59:11.0613 1196 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
19:59:11.0630 1196 HdAudAddService - ok
19:59:11.0688 1196 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:59:11.0704 1196 HDAudBus - ok
19:59:11.0712 1196 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:59:11.0715 1196 HidBatt - ok
19:59:11.0750 1196 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:59:11.0753 1196 HidBth - ok
19:59:11.0762 1196 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:59:11.0766 1196 HidIr - ok
19:59:11.0794 1196 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
19:59:11.0797 1196 hidserv - ok
19:59:11.0841 1196 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
19:59:11.0843 1196 HidUsb - ok
19:59:11.0870 1196 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
19:59:11.0874 1196 hkmsvc - ok
19:59:11.0901 1196 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
19:59:11.0908 1196 HomeGroupListener - ok
19:59:11.0947 1196 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
19:59:11.0959 1196 HomeGroupProvider - ok
19:59:11.0995 1196 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:59:11.0998 1196 HpSAMD - ok
19:59:12.0094 1196 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
19:59:12.0118 1196 HTTP - ok
19:59:12.0137 1196 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
19:59:12.0139 1196 hwpolicy - ok
19:59:12.0184 1196 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:59:12.0188 1196 i8042prt - ok
19:59:12.0265 1196 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
19:59:12.0299 1196 iaStorV - ok
19:59:12.0437 1196 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:59:12.0442 1196 IDriverT - ok
19:59:12.0586 1196 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:59:12.0612 1196 idsvc - ok
19:59:13.0665 1196 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:59:13.0934 1196 igfx - ok
19:59:14.0100 1196 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:59:14.0102 1196 iirsp - ok
19:59:14.0194 1196 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
19:59:14.0211 1196 IKEEXT - ok
19:59:14.0221 1196 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
19:59:14.0223 1196 intelide - ok
19:59:14.0273 1196 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:59:14.0275 1196 intelppm - ok
19:59:14.0296 1196 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:59:14.0299 1196 IPBusEnum - ok
19:59:14.0310 1196 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:59:14.0312 1196 IpFilterDriver - ok
19:59:14.0354 1196 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:59:14.0357 1196 IPMIDRV - ok
19:59:14.0368 1196 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:59:14.0371 1196 IPNAT - ok
19:59:14.0394 1196 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:59:14.0396 1196 IRENUM - ok
19:59:14.0402 1196 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
19:59:14.0404 1196 isapnp - ok
19:59:14.0461 1196 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
19:59:14.0496 1196 iScsiPrt - ok
19:59:14.0691 1196 jswpsapi (78d233d835a8876035ac559afe02b940) C:\Program Files (x86)\NETGEAR\WNA1000\jswpsapi.exe
19:59:14.0724 1196 jswpsapi - ok
19:59:14.0893 1196 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:59:14.0896 1196 kbdclass - ok
19:59:14.0925 1196 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
19:59:14.0928 1196 kbdhid - ok
19:59:14.0963 1196 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:59:14.0966 1196 KeyIso - ok
19:59:15.0021 1196 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
19:59:15.0024 1196 KSecDD - ok
19:59:15.0066 1196 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
19:59:15.0081 1196 KSecPkg - ok
19:59:15.0112 1196 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:59:15.0114 1196 ksthunk - ok
19:59:15.0183 1196 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:59:15.0208 1196 KtmRm - ok
19:59:15.0461 1196 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
19:59:15.0472 1196 LanmanServer - ok
19:59:15.0508 1196 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
19:59:15.0525 1196 LanmanWorkstation - ok
19:59:15.0564 1196 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:59:15.0567 1196 lltdio - ok
19:59:15.0621 1196 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:59:15.0640 1196 lltdsvc - ok
19:59:15.0663 1196 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:59:15.0666 1196 lmhosts - ok
19:59:15.0717 1196 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:59:15.0734 1196 LSI_FC - ok
19:59:15.0747 1196 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:59:15.0750 1196 LSI_SAS - ok
19:59:15.0769 1196 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:59:15.0771 1196 LSI_SAS2 - ok
19:59:15.0799 1196 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:59:15.0802 1196 LSI_SCSI - ok
19:59:15.0828 1196 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:59:15.0830 1196 luafv - ok
19:59:15.0875 1196 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
19:59:15.0879 1196 Mcx2Svc - ok
19:59:15.0897 1196 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:59:15.0898 1196 megasas - ok
19:59:15.0933 1196 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:59:15.0943 1196 MegaSR - ok
19:59:15.0976 1196 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:59:15.0979 1196 MMCSS - ok
19:59:16.0015 1196 MMRTKRNL (5f22132c9153639762708909f156b33d) C:\Windows\system32\datasvr2.dll
19:59:16.0017 1196 MMRTKRNL ( Backdoor.Multi.ZAccess.gen ) - infected
19:59:16.0017 1196 MMRTKRNL - detected Backdoor.Multi.ZAccess.gen (0)
19:59:16.0038 1196 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:59:16.0040 1196 Modem - ok
19:59:16.0076 1196 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:59:16.0077 1196 monitor - ok
19:59:16.0105 1196 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:59:16.0108 1196 mouclass - ok
19:59:16.0145 1196 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:59:16.0146 1196 mouhid - ok
19:59:16.0168 1196 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
19:59:16.0171 1196 mountmgr - ok
19:59:16.0300 1196 MozillaMaintenance (faf39f88ec64160d901848ea08cf6eb1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:59:16.0303 1196 MozillaMaintenance - ok
19:59:16.0345 1196 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
19:59:16.0359 1196 mpio - ok
19:59:16.0397 1196 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:59:16.0400 1196 mpsdrv - ok
19:59:16.0433 1196 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
19:59:16.0448 1196 MRxDAV - ok
19:59:16.0524 1196 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:59:16.0537 1196 mrxsmb - ok
19:59:16.0629 1196 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:59:16.0648 1196 mrxsmb10 - ok
19:59:16.0673 1196 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:59:16.0690 1196 mrxsmb20 - ok
19:59:16.0712 1196 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
19:59:16.0717 1196 msahci - ok
19:59:16.0746 1196 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
19:59:16.0761 1196 msdsm - ok
19:59:16.0799 1196 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:59:16.0814 1196 MSDTC - ok
19:59:16.0859 1196 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:59:16.0861 1196 Msfs - ok
19:59:16.0886 1196 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:59:16.0888 1196 mshidkmdf - ok
19:59:16.0899 1196 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
19:59:16.0902 1196 msisadrv - ok
19:59:16.0932 1196 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:59:16.0946 1196 MSiSCSI - ok
19:59:16.0954 1196 msiserver - ok
19:59:16.0985 1196 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:59:16.0987 1196 MSKSSRV - ok
19:59:17.0029 1196 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:59:17.0030 1196 MSPCLOCK - ok
19:59:17.0050 1196 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:59:17.0052 1196 MSPQM - ok
19:59:17.0090 1196 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
19:59:17.0104 1196 MsRPC - ok
19:59:17.0127 1196 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:59:17.0129 1196 mssmbios - ok
19:59:17.0151 1196 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:59:17.0153 1196 MSTEE - ok
19:59:17.0170 1196 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:59:17.0172 1196 MTConfig - ok
19:59:17.0200 1196 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:59:17.0202 1196 Mup - ok
19:59:17.0263 1196 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
19:59:17.0272 1196 napagent - ok
19:59:17.0316 1196 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:59:17.0323 1196 NativeWifiP - ok
19:59:17.0417 1196 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
19:59:17.0446 1196 NDIS - ok
19:59:17.0674 1196 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:59:17.0676 1196 NdisCap - ok
19:59:17.0707 1196 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:59:17.0710 1196 NdisTapi - ok
19:59:17.0750 1196 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
19:59:17.0752 1196 Ndisuio - ok
19:59:17.0774 1196 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:59:17.0788 1196 NdisWan - ok
19:59:17.0797 1196 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
19:59:17.0798 1196 NDProxy - ok
19:59:17.0817 1196 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:59:17.0819 1196 NetBIOS - ok
19:59:17.0850 1196 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
19:59:17.0860 1196 NetBT - ok
19:59:17.0896 1196 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:59:17.0898 1196 Netlogon - ok
19:59:17.0960 1196 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:59:17.0976 1196 Netman - ok
19:59:18.0110 1196 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:59:18.0127 1196 NetMsmqActivator - ok
19:59:18.0134 1196 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:59:18.0136 1196 NetPipeActivator - ok
19:59:18.0186 1196 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:59:18.0207 1196 netprofm - ok
19:59:18.0232 1196 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:59:18.0234 1196 NetTcpActivator - ok
19:59:18.0242 1196 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:59:18.0245 1196 NetTcpPortSharing - ok
19:59:18.0329 1196 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:59:18.0332 1196 nfrd960 - ok
19:59:18.0377 1196 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
19:59:18.0405 1196 NlaSvc - ok
19:59:18.0430 1196 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:59:18.0432 1196 Npfs - ok
19:59:18.0443 1196 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:59:18.0445 1196 nsi - ok
19:59:18.0458 1196 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:59:18.0460 1196 nsiproxy - ok
19:59:18.0609 1196 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
19:59:18.0671 1196 Ntfs - ok
19:59:18.0821 1196 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:59:18.0823 1196 Null - ok
19:59:18.0885 1196 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
19:59:18.0900 1196 nvraid - ok
19:59:18.0956 1196 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
19:59:18.0970 1196 nvstor - ok
19:59:19.0009 1196 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
19:59:19.0015 1196 nv_agp - ok
19:59:19.0025 1196 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
19:59:19.0027 1196 ohci1394 - ok
19:59:19.0090 1196 ose (067db5b067722997fcafe1858163d411) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:59:19.0105 1196 ose - ok
19:59:19.0439 1196 osppsvc (458169ba54ccf47d178dcb40d8158a7d) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:59:19.0578 1196 osppsvc - ok
19:59:19.0933 1196 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:59:19.0952 1196 p2pimsvc - ok
19:59:19.0993 1196 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:59:20.0007 1196 p2psvc - ok
19:59:20.0066 1196 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:59:20.0069 1196 Parport - ok
19:59:20.0088 1196 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
19:59:20.0091 1196 partmgr - ok
19:59:20.0118 1196 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:59:20.0132 1196 PcaSvc - ok
19:59:20.0158 1196 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
19:59:20.0173 1196 pci - ok
19:59:20.0181 1196 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
19:59:20.0182 1196 pciide - ok
19:59:20.0211 1196 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:59:20.0224 1196 pcmcia - ok
19:59:20.0261 1196 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:59:20.0264 1196 pcw - ok
19:59:20.0329 1196 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:59:20.0341 1196 PEAUTH - ok
19:59:20.0448 1196 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:59:20.0451 1196 PerfHost - ok
19:59:20.0681 1196 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
19:59:20.0752 1196 pla - ok
19:59:20.0919 1196 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
19:59:20.0931 1196 PlugPlay - ok
19:59:20.0959 1196 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:59:20.0964 1196 PNRPAutoReg - ok
19:59:21.0001 1196 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:59:21.0005 1196 PNRPsvc - ok
19:59:21.0055 1196 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
19:59:21.0067 1196 PolicyAgent - ok
19:59:21.0124 1196 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:59:21.0131 1196 Power - ok
19:59:21.0211 1196 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
19:59:21.0214 1196 PptpMiniport - ok
19:59:21.0238 1196 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:59:21.0241 1196 Processor - ok
19:59:21.0270 1196 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
19:59:21.0283 1196 ProfSvc - ok
19:59:21.0321 1196 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:59:21.0324 1196 ProtectedStorage - ok
19:59:21.0349 1196 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
19:59:21.0351 1196 Psched - ok
19:59:21.0402 1196 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
19:59:21.0405 1196 PxHlpa64 - ok
19:59:21.0523 1196 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:59:21.0558 1196 ql2300 - ok
19:59:21.0691 1196 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:59:21.0694 1196 ql40xx - ok
19:59:21.0737 1196 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:59:21.0747 1196 QWAVE - ok
19:59:21.0769 1196 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:59:21.0772 1196 QWAVEdrv - ok
19:59:21.0787 1196 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:59:21.0790 1196 RasAcd - ok
19:59:21.0832 1196 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:59:21.0834 1196 RasAgileVpn - ok
19:59:21.0860 1196 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:59:21.0864 1196 RasAuto - ok
19:59:22.0104 1196 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:59:22.0108 1196 Rasl2tp - ok
19:59:22.0151 1196 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
19:59:22.0168 1196 RasMan - ok
19:59:22.0185 1196 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:59:22.0188 1196 RasPppoe - ok
19:59:22.0217 1196 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:59:22.0219 1196 RasSstp - ok
19:59:22.0251 1196 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
19:59:22.0277 1196 rdbss - ok
19:59:22.0343 1196 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:59:22.0345 1196 rdpbus - ok
19:59:22.0366 1196 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:59:22.0368 1196 RDPCDD - ok
19:59:22.0395 1196 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:59:22.0397 1196 RDPENCDD - ok
19:59:22.0409 1196 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:59:22.0411 1196 RDPREFMP - ok
19:59:22.0468 1196 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
19:59:22.0480 1196 RDPWD - ok
19:59:22.0513 1196 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
19:59:22.0571 1196 rdyboost - ok
19:59:22.0618 1196 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:59:22.0635 1196 RemoteAccess - ok
19:59:22.0680 1196 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:59:22.0694 1196 RemoteRegistry - ok
19:59:22.0715 1196 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:59:22.0720 1196 RpcEptMapper - ok
19:59:22.0744 1196 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:59:22.0748 1196 RpcLocator - ok
19:59:22.0803 1196 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
19:59:22.0808 1196 RpcSs - ok
19:59:22.0821 1196 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:59:22.0823 1196 rspndr - ok
19:59:22.0876 1196 RSUSBSTOR (4a25dc970c58104602ed274dacafd784) C:\Windows\system32\Drivers\RtsUStor.sys
19:59:22.0888 1196 RSUSBSTOR - ok
19:59:22.0935 1196 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:59:22.0948 1196 RTL8167 - ok
19:59:22.0989 1196 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:59:22.0992 1196 SamSs - ok
19:59:23.0031 1196 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
19:59:23.0034 1196 sbp2port - ok
19:59:23.0076 1196 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:59:23.0089 1196 SCardSvr - ok
19:59:23.0105 1196 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
19:59:23.0107 1196 scfilter - ok
19:59:23.0224 1196 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
19:59:23.0255 1196 Schedule - ok
19:59:23.0297 1196 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
19:59:23.0300 1196 SCPolicySvc - ok
19:59:23.0330 1196 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
19:59:23.0343 1196 SDRSVC - ok
19:59:23.0467 1196 SeagateDashboardService (16b44d246835eac156f8daf0aa4f530c) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
19:59:23.0469 1196 SeagateDashboardService - ok
19:59:23.0540 1196 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:59:23.0543 1196 secdrv - ok
19:59:23.0574 1196 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
19:59:23.0579 1196 seclogon - ok
19:59:23.0589 1196 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
19:59:23.0595 1196 SENS - ok
19:59:23.0604 1196 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:59:23.0609 1196 SensrSvc - ok
19:59:23.0638 1196 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:59:23.0639 1196 Serenum - ok
19:59:23.0663 1196 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:59:23.0665 1196 Serial - ok
19:59:23.0672 1196 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:59:23.0675 1196 sermouse - ok
19:59:23.0711 1196 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
19:59:23.0714 1196 SessionEnv - ok
19:59:23.0720 1196 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
19:59:23.0722 1196 sffdisk - ok
19:59:23.0730 1196 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:59:23.0732 1196 sffp_mmc - ok
19:59:23.0746 1196 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:59:23.0748 1196 sffp_sd - ok
19:59:23.0755 1196 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:59:23.0758 1196 sfloppy - ok
19:59:23.0906 1196 sftfs (6532f56e1bd7fe50e1352b909530c651) C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftfslh.sys
19:59:23.0925 1196 sftfs - ok
19:59:23.0983 1196 sftlist (596e6f76832e9bc6275f805f81c08085) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:59:24.0002 1196 sftlist - ok
19:59:24.0048 1196 sftplay (e6ff02b1bd81ea2f6894066d5cb6d91e) C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftplaylh.sys
19:59:24.0058 1196 sftplay - ok
19:59:24.0437 1196 Sftredir (cffb30b10c66f9a8c6a70d105bd4de8d) C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:59:24.0438 1196 Sftredir - ok
19:59:24.0613 1196 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
19:59:24.0657 1196 SftService - ok
19:59:24.0712 1196 sftvol (baf32ef413025559c23754afcabca90a) C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftvollh.sys
19:59:24.0714 1196 sftvol - ok
19:59:24.0772 1196 sftvsa (741c2e8439e06670a9ba754ab27dd4a7) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:59:24.0784 1196 sftvsa - ok
19:59:24.0927 1196 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:59:24.0953 1196 SharedAccess - ok
19:59:25.0028 1196 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
19:59:25.0053 1196 ShellHWDetection - ok
19:59:25.0132 1196 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:59:25.0135 1196 SiSRaid2 - ok
19:59:25.0146 1196 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:59:25.0150 1196 SiSRaid4 - ok
19:59:25.0199 1196 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:59:25.0202 1196 Smb - ok
19:59:25.0278 1196 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:59:25.0283 1196 SNMPTRAP - ok
19:59:25.0291 1196 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:59:25.0304 1196 spldr - ok
19:59:25.0406 1196 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
19:59:25.0451 1196 Spooler - ok
19:59:25.0711 1196 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
19:59:25.0779 1196 sppsvc - ok
19:59:25.0922 1196 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:59:25.0930 1196 sppuinotify - ok
19:59:26.0025 1196 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
19:59:26.0037 1196 sprtsvc_DellSupportCenter - ok
19:59:26.0183 1196 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
19:59:26.0183 1196 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
19:59:26.0185 1196 sptd ( LockedFile.Multi.Generic ) - warning
19:59:26.0186 1196 sptd - detected LockedFile.Multi.Generic (1)
19:59:26.0272 1196 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
19:59:26.0293 1196 srv - ok
19:59:26.0911 1196 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
19:59:26.0953 1196 srv2 - ok
19:59:27.0001 1196 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
19:59:27.0015 1196 srvnet - ok
19:59:27.0058 1196 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:59:27.0071 1196 SSDPSRV - ok
19:59:27.0096 1196 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:59:27.0104 1196 SstpSvc - ok
19:59:27.0210 1196 STacSV (444109453a2b87e6c16bcda5953e81a9) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
19:59:27.0221 1196 STacSV - ok
19:59:27.0303 1196 Steam Client Service - ok
19:59:27.0346 1196 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:59:27.0348 1196 stexstor - ok
19:59:27.0404 1196 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
19:59:27.0425 1196 STHDA - ok
19:59:27.0495 1196 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
19:59:27.0510 1196 stisvc - ok
19:59:27.0522 1196 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:59:27.0525 1196 swenum - ok
19:59:27.0589 1196 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:59:27.0609 1196 swprv - ok
19:59:27.0751 1196 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
19:59:27.0793 1196 SysMain - ok
19:59:27.0917 1196 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
19:59:27.0935 1196 TabletInputService - ok
19:59:27.0972 1196 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
19:59:27.0990 1196 TapiSrv - ok
19:59:28.0014 1196 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:59:28.0020 1196 TBS - ok
19:59:28.0203 1196 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
19:59:28.0241 1196 Tcpip - ok
19:59:28.0478 1196 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
19:59:28.0491 1196 TCPIP6 - ok
19:59:28.0602 1196 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
19:59:28.0604 1196 tcpipreg - ok
19:59:28.0643 1196 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:59:28.0876 1196 TDPIPE - ok
19:59:28.0911 1196 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
19:59:28.0913 1196 TDTCP - ok
19:59:28.0962 1196 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
19:59:28.0968 1196 tdx - ok
19:59:28.0994 1196 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
19:59:28.0997 1196 TermDD - ok
19:59:29.0075 1196 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
19:59:29.0101 1196 TermService - ok
19:59:29.0124 1196 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:59:29.0129 1196 Themes - ok
19:59:29.0160 1196 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:59:29.0162 1196 THREADORDER - ok
19:59:29.0235 1196 TIEHDUSB (199c2e87d9a5ec58d0bcd94e893bf629) C:\Windows\system32\DRIVERS\tiehdusb.sys
19:59:29.0251 1196 TIEHDUSB - ok
19:59:29.0277 1196 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:59:29.0294 1196 TrkWks - ok
19:59:29.0360 1196 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
19:59:29.0374 1196 TrustedInstaller - ok
19:59:29.0410 1196 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:59:29.0412 1196 tssecsrv - ok
19:59:29.0457 1196 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
19:59:29.0460 1196 tunnel - ok
19:59:29.0487 1196 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:59:29.0489 1196 uagp35 - ok
19:59:29.0527 1196 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
19:59:29.0543 1196 udfs - ok
19:59:29.0595 1196 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:59:29.0598 1196 UI0Detect - ok
19:59:29.0624 1196 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:59:29.0626 1196 uliagpkx - ok
19:59:29.0651 1196 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
19:59:29.0653 1196 umbus - ok
19:59:29.0675 1196 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:59:29.0676 1196 UmPass - ok
19:59:29.0716 1196 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:59:29.0733 1196 upnphost - ok
19:59:29.0780 1196 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
19:59:29.0782 1196 USBAAPL64 - ok
19:59:29.0842 1196 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
19:59:29.0846 1196 usbaudio - ok
19:59:29.0890 1196 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
19:59:29.0897 1196 usbccgp - ok
19:59:29.0941 1196 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
19:59:29.0944 1196 usbcir - ok
19:59:29.0987 1196 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
19:59:29.0990 1196 usbehci - ok
19:59:30.0062 1196 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
19:59:30.0079 1196 usbhub - ok
19:59:30.0119 1196 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
19:59:30.0122 1196 usbohci - ok
19:59:30.0161 1196 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:59:30.0164 1196 usbprint - ok
19:59:30.0205 1196 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:59:30.0207 1196 usbscan - ok
19:59:30.0256 1196 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:59:30.0258 1196 USBSTOR - ok
19:59:30.0295 1196 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:59:30.0297 1196 usbuhci - ok
19:59:30.0367 1196 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
19:59:30.0380 1196 usbvideo - ok
19:59:30.0416 1196 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:59:30.0419 1196 UxSms - ok
19:59:30.0460 1196 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:59:30.0463 1196 VaultSvc - ok
19:59:30.0496 1196 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:59:30.0499 1196 vdrvroot - ok
19:59:30.0555 1196 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
19:59:30.0604 1196 vds - ok
19:59:30.0641 1196 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:59:30.0643 1196 vga - ok
19:59:30.0655 1196 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:59:30.0658 1196 VgaSave - ok
19:59:30.0682 1196 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
19:59:30.0687 1196 vhdmp - ok
19:59:30.0699 1196 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
19:59:30.0701 1196 viaide - ok
19:59:30.0733 1196 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
19:59:30.0735 1196 volmgr - ok
19:59:30.0769 1196 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
19:59:30.0785 1196 volmgrx - ok
19:59:30.0842 1196 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
19:59:30.0859 1196 volsnap - ok
19:59:31.0209 1196 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:59:31.0223 1196 vsmraid - ok
19:59:31.0387 1196 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
19:59:31.0419 1196 VSS - ok
19:59:31.0554 1196 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:59:31.0556 1196 vwifibus - ok
19:59:31.0580 1196 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:59:31.0582 1196 vwififlt - ok
19:59:31.0636 1196 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:59:31.0652 1196 W32Time - ok
19:59:31.0681 1196 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:59:31.0683 1196 WacomPen - ok
19:59:31.0719 1196 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:59:31.0726 1196 WANARP - ok
19:59:31.0732 1196 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:59:31.0734 1196 Wanarpv6 - ok
19:59:31.0883 1196 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:59:31.0911 1196 WatAdminSvc - ok
19:59:32.0162 1196 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
19:59:32.0196 1196 wbengine - ok
19:59:32.0338 1196 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:59:32.0350 1196 WbioSrvc - ok
19:59:32.0419 1196 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
19:59:32.0445 1196 wcncsvc - ok
19:59:32.0475 1196 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:59:32.0479 1196 WcsPlugInService - ok
19:59:32.0520 1196 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:59:32.0521 1196 Wd - ok
19:59:32.0581 1196 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:59:32.0605 1196 Wdf01000 - ok
19:59:32.0638 1196 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:59:32.0642 1196 WdiServiceHost - ok
19:59:32.0646 1196 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:59:32.0650 1196 WdiSystemHost - ok
19:59:32.0709 1196 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
19:59:32.0743 1196 WebClient - ok
19:59:32.0784 1196 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:59:32.0792 1196 Wecsvc - ok
19:59:32.0827 1196 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:59:32.0831 1196 wercplsupport - ok
19:59:32.0857 1196 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:59:32.0860 1196 WerSvc - ok
19:59:32.0917 1196 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:59:32.0918 1196 WfpLwf - ok
19:59:32.0969 1196 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
19:59:32.0983 1196 WimFltr - ok
19:59:33.0020 1196 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:59:33.0023 1196 WIMMount - ok
19:59:33.0048 1196 WinHttpAutoProxySvc - ok
19:59:33.0160 1196 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:59:33.0171 1196 Winmgmt - ok
19:59:33.0624 1196 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
19:59:33.0676 1196 WinRM - ok
19:59:33.0848 1196 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
19:59:33.0850 1196 WinUsb - ok
19:59:33.0942 1196 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:59:33.0965 1196 Wlansvc - ok
19:59:34.0043 1196 wltrysvc (13b0a570e1ae451c92da550085d72cf3) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
19:59:34.0044 1196 wltrysvc - ok
19:59:34.0090 1196 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:59:34.0093 1196 WmiAcpi - ok
19:59:34.0165 1196 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:59:34.0177 1196 wmiApSrv - ok
19:59:34.0190 1196 WMPNetworkSvc - ok
19:59:34.0228 1196 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:59:34.0233 1196 WPCSvc - ok
19:59:34.0255 1196 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
19:59:34.0272 1196 WPDBusEnum - ok
19:59:34.0304 1196 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:59:34.0306 1196 ws2ifsl - ok
19:59:34.0313 1196 WSearch - ok
19:59:34.0526 1196 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
19:59:34.0595 1196 wuauserv - ok
19:59:34.0745 1196 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
19:59:34.0763 1196 WudfPf - ok
19:59:34.0815 1196 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:59:34.0829 1196 WUDFRd - ok
19:59:34.0864 1196 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
19:59:34.0883 1196 wudfsvc - ok
19:59:34.0913 1196 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:59:34.0935 1196 WwanSvc - ok
19:59:34.0973 1196 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
19:59:35.0010 1196 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
19:59:35.0010 1196 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
19:59:35.0046 1196 Boot (0x1200) (a5a47f88a08d4a60ab8861a5e6c4609c) \Device\Harddisk0\DR0\Partition0
19:59:35.0048 1196 \Device\Harddisk0\DR0\Partition0 - ok
19:59:35.0065 1196 Boot (0x1200) (79b02ecf1d22474ee115a7b454f2bc68) \Device\Harddisk0\DR0\Partition1
19:59:35.0067 1196 \Device\Harddisk0\DR0\Partition1 - ok
19:59:35.0068 1196 ============================================================
19:59:35.0068 1196 Scan finished
19:59:35.0068 1196 ============================================================
19:59:35.0089 0656 Detected object count: 3
19:59:35.0089 0656 Actual detected object count: 3
20:01:29.0499 0656 C:\Windows\system32\datasvr2.dll - copied to quarantine
20:01:29.0508 0656 HKLM\SYSTEM\ControlSet001\services\MMRTKRNL - will be deleted on reboot
20:01:29.0521 0656 HKLM\SYSTEM\ControlSet002\services\MMRTKRNL - will be deleted on reboot
20:01:29.0643 0656 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\svchost:netsvcs - cured
20:01:29.0700 0656 C:\Windows\system32\datasvr2.dll - will be deleted on reboot
20:01:29.0700 0656 MMRTKRNL ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
20:01:29.0704 0656 sptd ( LockedFile.Multi.Generic ) - skipped by user
20:01:29.0704 0656 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
20:01:30.0024 0656 \Device\Harddisk0\DR0\# - copied to quarantine
20:01:30.0025 0656 \Device\Harddisk0\DR0 - copied to quarantine
20:01:30.0090 0656 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
20:01:30.0093 0656 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
20:01:30.0097 0656 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
20:01:30.0100 0656 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
20:01:30.0103 0656 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
20:01:30.0107 0656 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
20:01:30.0112 0656 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
20:01:30.0116 0656 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
20:01:30.0120 0656 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
20:01:30.0142 0656 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
20:01:30.0152 0656 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
20:01:30.0157 0656 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
20:01:30.0162 0656 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
20:01:30.0167 0656 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
20:01:30.0172 0656 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
20:01:30.0177 0656 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
20:01:30.0180 0656 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
20:01:30.0182 0656 \Device\Harddisk0\DR0 - ok
20:01:30.0539 0656 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
20:01:34.0885 6052 Deinitialize success

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.26.01

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Katie :: SHINYLIMEY [administrator]

5/2/2012 8:13:19 PM
mbam-log-2012-05-02 (20-13-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224425
Time elapsed: 5 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:38 AM

Posted 03 May 2012 - 09:56 AM

OK< that was a good clean.. Are you still getting Happili?

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 harveypuggle

harveypuggle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 04 May 2012 - 12:49 AM

I am still getting redirected to happili and other sites.

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.05.2012_19.56.31\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Kryptik.XEZ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.05.2012_19.56.31\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmasco.O trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.05.2012_19.56.31\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmasco.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.05.2012_19.56.31\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmasco.O trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.05.2012_19.56.31\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmasco.R trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.05.2012_19.56.31\mbr0000\tdlfs0000\tsk0011.dta a variant of Win32/Olmasco.Q trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.05.2012_19.56.31\mbr0000\tdlfs0000\tsk0012.dta Win64/Olmasco.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.05.2012_19.56.31\zaea0000\svc0000\tsk0000.dta Win64/Sirefef.W trojan cleaned by deleting - quarantined
C:\Users\Guest\AppData\Local\Mozilla\Firefox\Profiles\e5pb7ymc.default\Cache\7\F4\01D50d01 JS/Exploit.Pdfka.PKC.Gen trojan cleaned by deleting - quarantined
C:\Users\Katie\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon application deleted - quarantined
C:\Users\Katie\AppData\Local\Temp\plugtmp-35\plugin-lib.php JS/Exploit.Pdfka.OSV.Gen trojan cleaned by deleting - quarantined
C:\Users\Katie\Downloads\PicMorph.exe Win32/Toolbar.Zugo application deleted - quarantined
C:\Users\Katie\Downloads\winamp5581_full_emusic-7plus_en-us.exe Win32/OpenCandy application deleted - quarantined
C:\Users\Katie\Downloads\Prism Video Converter v1.20\Keygen.exe a variant of Win32/Keygen.AT application cleaned by deleting - quarantined
C:\Users\Katie\Downloads\SONY Vegas Pro v9.0c Build 896 x86 and x64 + WORKING KEYGEN ~\Keygen.exe a variant of Win32/Keygen.AR application cleaned by deleting - quarantined
C:\Windows\assembly\temp\U\80000000.@ Win64/Sirefef.W trojan cleaned by deleting - quarantined
C:\Windows\assembly\temp\U\80000032.@ a variant of Win32/Sirefef.EU trojan cleaned by deleting - quarantined
C:\Windows\assembly\temp\U\80000064.@ Win64/Sirefef.AC trojan cleaned by deleting - quarantined
C:\Windows\System32\FastUserSwitchingCompatibilityex.dll a variant of Win32/Routmo.N trojan cleaned by deleting - quarantined
C:\Windows\system64\consrv.dll Win64/Sirefef.G trojan cleaned by deleting - quarantined
C:\Windows\system64\vcdsecs.dll Win64/Sirefef.W trojan cleaned by deleting (after the next restart) - quarantined
Operating memory a variant of Win32/Sirefef.DN trojan

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:38 AM

Posted 04 May 2012 - 10:25 AM

The problem may be an add-on in Firefox called "performance cache" or another one.

Try disabling them one at a time and see which one was at fault.

How to disable extensions and plugins

Keeping your third-party plugins up to date


^^^^^^^
In Chrome it may be the Add ons/Plugins. try disabling them one at a time and see which one was at fault.

OR Disable All Extensions ,see if that worked,then you need to go back to one by one to see which ps the culprit.




Lets also see if there;' an MBR rootkit.
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Edited by boopme, 04 May 2012 - 10:27 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 harveypuggle

harveypuggle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 04 May 2012 - 11:49 PM

Disabling extensions in both browsers had no effect.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-04 21:38:19
-----------------------------
21:38:19.640 OS Version: Windows x64 6.1.7600
21:38:19.640 Number of processors: 2 586 0x170A
21:38:19.641 ComputerName: SHINYLIMEY UserName: Katie
21:38:21.204 Initialize success
21:41:27.354 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:41:27.358 Disk 0 Vendor: WDC_WD2500BEVT-75ZCT2 11.01A11 Size: 238475MB BusType: 11
21:41:27.620 Disk 0 MBR read successfully
21:41:27.625 Disk 0 MBR scan
21:41:27.630 Disk 0 Windows VISTA default MBR code
21:41:27.635 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
21:41:27.670 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
21:41:27.689 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 223434 MB offset 30801920
21:41:27.702 SubSystem.Windows: C:\Windows\system32\consrv.dll **SUSPICIOUS**
21:41:27.706 Disk 0 scanning C:\Windows\system32\drivers
21:41:39.761 Service scanning
21:41:58.794 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
21:42:03.816 Modules scanning
21:42:03.831 Disk 0 trace - called modules:
21:42:04.184 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80024342c0]<<spdo.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:42:04.194 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003426060]
21:42:04.203 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80032c0680]
21:42:04.217 \Driver\atapi[0xfffffa8003259060] -> IRP_MJ_CREATE -> 0xfffffa80024342c0
21:42:04.227 Scan finished successfully
21:47:54.059 Disk 0 MBR has been saved successfully to "C:\Program Files (x86)\Mozilla Firefox\MBR.dat"
21:47:54.066 The log file has been saved successfully to "C:\Program Files (x86)\Mozilla Firefox\aswMBR.txt"
21:48:03.738 Disk 0 MBR has been saved successfully to "C:\Users\Katie\Desktop\MBR.dat"
21:48:03.765 The log file has been saved successfully to "C:\Users\Katie\Desktop\aswMBR.txt"

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:38 AM

Posted 05 May 2012 - 12:39 AM

Hi harveypuggle!

Hope boopme doesn't mind me jumping in here to help.

Do you happen to have access to a USB flash drive?

Warmest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:38 AM

Posted 05 May 2012 - 09:44 AM

No problem by me ST!!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 harveypuggle

harveypuggle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 05 May 2012 - 04:46 PM

I do have access to a usb drive.

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:38 AM

Posted 06 May 2012 - 02:10 AM

Hi harveypuggle!

Okay, good to know! I'm going to be working with you now. I've requested a moderator to move this thread to the Malware forum for me.

We'll need to be utilizing your USB flash drive to put a utility onto it.

To ensure everything goes smoothly, please see the following:

----

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________


ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:
Special thanks to quietman7 for providing the above information.



NEXT:




Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:


Running FRST

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

Edited by Budapest, 06 May 2012 - 03:17 AM.
Moved from AII ~Budapest

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 harveypuggle

harveypuggle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 06 May 2012 - 02:40 PM

very Scan Tool Version: 06-05-2012
Ran by SYSTEM at 06-05-2012 12:29:18
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [309760 2009-03-10] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [494064 2009-06-18] ()
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [246504 2010-01-11] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui [2757512 2010-01-28] (ALWIL Software)
HKLM-x32\...\Run: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WNA1000\jswtrayutil.exe" [x]
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [x]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui [79112 2011-06-01] ()
HKLM-x32\...\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe [404568 2011-09-28] (LG Electronics)
HKU\Katie\...\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler [210208 2008-09-26] (Acresso Corporation)
HKU\Katie\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [740216 2012-02-22] (BitTorrent, Inc.)
HKU\Katie\...\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [x]
HKU\Katie\...\Run: [Google Update] "C:\Users\Katie\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-07-10] (Google Inc.)
HKU\Katie\...\Run: [Facebook Update] "C:\Users\Katie\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [137536 2011-08-19] (Facebook Inc.)
HKU\Katie\...\Run: [WhatPulse] C:\Program Files (x86)\WhatPulse\WhatPulse.exe [3990528 2011-11-15] (WhatPulse.org)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

3 Adobe LM Service; "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [72704 2009-12-29] (Adobe Systems)
2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
2 avast! Antivirus; "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [40384 2010-01-28] (ALWIL Software)
3 avast! Mail Scanner; "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [40384 2010-01-28] (ALWIL Software)
3 avast! Web Scanner; "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [40384 2010-01-28] (ALWIL Software)
2 BBUpdate; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [249648 2011-06-15] (Microsoft Corporation)
2 FastUserSwitchingCompatibility; C:\Windows\SysWow64\FastUserSwitchingCompatibilityex.dll [73748 2004-08-17] ()
3 jswpsapi; C:\Program Files (x86)\NETGEAR\WNA1000\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.)
2 MMRTKRNL; C:\Windows\System32\datasvr2.dll [6656 2009-07-13] (Oak Technology Inc.)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)

========================== Drivers (Whitelisted) =============

3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2010-12-07] (LG Electronics Inc.)
3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2010-12-07] (LG Electronics Inc.)
3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2010-12-07] (LG Electronics Inc.)
3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2010-12-07] (LG Electronics Inc.)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [22096 2010-01-28] (ALWIL Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [63568 2010-01-28] (ALWIL Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [28752 2010-01-28] (ALWIL Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [120912 2010-01-28] (ALWIL Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [51280 2010-01-28] (ALWIL Software)
3 BazisVirtualCDBus; C:\Windows\System32\Drivers\BazisVirtualCDBus.sys [168544 2010-07-06] (SysProgs.org)
3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl664.sys [2769400 2009-07-16] (Broadcom Corporation)
3 GEARAspiWDM; C:\Windows\SysWow64\Drivers\GEARAspiWDM.sys [15664 2012-01-19] (GEAR Software Inc.)
3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [10611552 2010-08-25] (Intel Corporation)
3 sftfs; \??\C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftfslh.sys [712536 2009-09-23] (Microsoft Corporation)
3 sftplay; \??\C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftplaylh.sys [261480 2009-09-23] (Microsoft Corporation)
3 sftvol; \??\C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftvollh.sys [17752 2009-09-23] (Microsoft Corporation)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-08-05] (Duplex Secure Ltd.)
3 DNIMp50a64; C:\Windows\System32\Drivers\DNIMp50a64.sys [x]
3 DNISp50a64; C:\Windows\System32\Drivers\DNISp50a64.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: MMRTKRNL

============ One Month Created Files and Folders ==============

2012-05-06 14:07 - 2012-05-06 14:06 - 1388155 ____A C:\Users\Katie\Downloads\FRST64(1).exe
2012-05-06 14:06 - 2011-05-02 17:58 - 0037311 ____A C:\Users\Katie\Downloads\FRST.txt
2012-05-06 14:06 - 2007-11-07 11:00 - 0000000 ____D C:\FRST
2012-05-06 14:05 - 2012-05-06 14:07 - 1388155 ____A C:\Users\Katie\Downloads\FRST64.exe
2012-05-04 23:37 - 2011-06-06 20:40 - 4731392 ____A (AVAST Software) C:\Users\Katie\Downloads\aswMBR.exe
2012-05-04 18:09 - 2011-09-13 00:59 - 0286528 ____A C:\Users\Katie\Desktop\Survey.png
2012-05-03 18:38 - 2011-11-24 23:29 - 0000000 ____D C:\Program Files (x86)\ESET
2012-05-03 00:06 - 2010-02-17 04:37 - 0000000 ____D C:\Users\Katie\Application Data\Spotify
2012-05-03 00:06 - 2010-02-17 04:37 - 0000000 ____D C:\Users\Katie\AppData\Roaming\Spotify
2012-05-02 22:01 - 2012-05-02 22:01 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-05-02 21:56 - 2012-05-03 22:56 - 0133968 ____A C:\TDSSKiller.2.7.34.0_02.05.2012_19.56.30_log.txt
2012-05-02 21:56 - 2012-01-31 23:20 - 0000000 ____D C:\Users\Katie\Downloads\tdsskiller
2012-05-02 21:53 - 2012-05-03 23:06 - 2055783 ____A C:\Users\Katie\Downloads\tdsskiller.zip
2012-04-30 23:41 - 2012-03-08 10:18 - 0015226 ____A C:\Users\Katie\Desktop\Chocolate Euphoria bars.odt
2012-04-28 18:20 - 2012-03-07 01:28 - 0152581 ____A C:\Users\Katie\Desktop\Shop 1.png
2012-04-27 00:43 - 2011-07-13 16:12 - 0879714 ____A C:\Users\Katie\Downloads\SecurityCheck.exe
2012-04-24 22:07 - 2012-05-05 16:39 - 8744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-24 21:55 - 2009-07-13 20:14 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-24 21:55 - - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-24 21:21 - 2009-07-13 20:40 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-24 21:20 - 2012-05-06 13:54 - 0000000 ____D C:\Windows\system64
2012-04-21 00:26 - 2012-05-02 22:01 - 0000237 ____A C:\user.js
2012-04-21 00:26 - 2011-09-02 00:18 - 0000000 ____D C:\Users\Katie\Application Data\Babylon
2012-04-21 00:26 - 2011-09-02 00:18 - 0000000 ____D C:\Users\Katie\AppData\Roaming\Babylon
2012-04-21 00:26 - 2011-06-21 19:36 - 0000000 ____D C:\Program Files (x86)\BabylonToolbar
2012-04-21 00:26 - 2010-04-30 17:53 - 0000000 ____D C:\Users\All Users\Premium
2012-04-21 00:26 - 2010-04-30 17:53 - 0000000 ____D C:\Users\All Users\Application Data\Premium
2012-04-21 00:26 - 2010-04-30 17:53 - 0000000 ____D C:\ProgramData\Premium
2012-04-21 00:26 - 2010-03-07 15:33 - 0000000 ____D C:\Users\Katie\Local Settings\Babylon
2012-04-21 00:26 - 2010-03-07 15:33 - 0000000 ____D C:\Users\Katie\Local Settings\Application Data\Babylon
2012-04-21 00:26 - 2010-03-07 15:33 - 0000000 ____D C:\Users\Katie\AppData\Local\Babylon
2012-04-21 00:26 - 2010-02-12 00:17 - 0000000 ____D C:\Users\All Users\InstallMate
2012-04-21 00:26 - 2010-02-12 00:17 - 0000000 ____D C:\Users\All Users\Application Data\InstallMate
2012-04-21 00:26 - 2010-02-12 00:17 - 0000000 ____D C:\ProgramData\InstallMate
2012-04-21 00:26 - 2009-07-14 00:08 - 0000000 ____D C:\Users\All Users\Babylon
2012-04-21 00:26 - 2009-07-14 00:08 - 0000000 ____D C:\Users\All Users\Application Data\Babylon
2012-04-21 00:26 - 2009-07-14 00:08 - 0000000 ____D C:\ProgramData\Babylon
2012-04-20 06:20 - 2012-04-20 06:20 - 0065536 __ASH C:\Windows\System32\config\components{6faaad05-7e4e-11e0-a9a8-0025646c01ff}.TxR.blf
2012-04-16 00:39 - 2012-03-09 00:07 - 0064244 ____A C:\Users\Katie\Desktop\center1.jpg
2012-04-15 13:02 - 2011-12-30 01:02 - 0001332 ____A C:\Users\Public\Desktop\Toontown Online.lnk
2012-04-15 13:02 - 2011-12-30 01:02 - 0001332 ____A C:\Users\All Users\Desktop\Toontown Online.lnk
2012-04-15 13:02 - 2009-07-13 23:54 - 0000000 ____D C:\Program Files (x86)\Disney
2012-04-15 13:01 - 2011-06-27 15:19 - 1271392 ____A C:\Users\Katie\Downloads\Toontown-setup.exe
2012-04-12 05:00 - 2012-03-22 09:19 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-12 05:00 - 2012-03-22 09:19 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-12 05:00 - 2012-03-22 09:19 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-12 05:00 - 2012-03-22 09:19 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-12 05:00 - 2012-03-22 09:19 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-12 05:00 - 2012-03-22 09:19 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-12 05:00 - 2012-03-22 09:19 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-12 05:00 - 2012-03-22 09:19 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-12 05:00 - 2012-02-28 02:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-12 05:00 - 2012-02-28 01:56 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-12 05:00 - 2012-02-28 01:48 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-12 05:00 - 2012-02-28 01:45 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-12 05:00 - 2012-02-28 01:42 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-12 05:00 - 2012-02-27 20:52 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-12 05:00 - 2012-02-27 20:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-12 05:00 - 2012-02-27 20:09 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-12 05:00 - 2012-02-27 20:06 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-12 05:00 - 2012-02-27 20:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-12 05:00 - 2011-05-03 00:21 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-12 05:00 - 2011-05-02 23:50 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-12 05:00 - 2010-12-21 01:16 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-12 05:00 - 2010-12-21 00:38 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-12 05:00 - 2009-07-13 20:41 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-12 05:00 - 2009-07-13 20:38 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-12 05:00 - 2009-07-13 20:16 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-12 05:00 - 2009-07-13 20:14 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-11 05:04 - 2009-07-13 20:41 - 5504880 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-11 05:04 - 2009-07-13 20:16 - 3958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-04-11 05:04 - 2009-07-13 20:16 - 3902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-11 05:00 - 2009-07-13 20:47 - 0022896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-11 05:00 - 2009-07-13 20:41 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-11 05:00 - 2009-07-13 20:38 - 0080896 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-11 05:00 - 2009-07-13 20:33 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-11 05:00 - 2009-07-13 20:16 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-11 05:00 - 2009-07-13 20:14 - 0158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-11 05:00 - 2009-07-13 20:11 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-10 01:07 - 2012-05-04 18:09 - 219514852 ____A C:\Users\Katie\Desktop\The.Big.C.S03E01.REAL.HDTV.x264-ASAP.mp4
2012-04-08 02:41 - 2012-02-26 23:19 - 0632231 ____A C:\Users\Katie\Desktop\light crown.jpg
2012-04-08 02:33 - 2011-09-02 00:08 - 0319945 ____A C:\Users\Katie\Desktop\purple desert.jpg

============ 3 Months Modified Files and Folders =============

2012-05-06 14:21 - 2009-10-31 02:53 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-05-06 14:21 - 2009-07-14 00:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-06 14:21 - 2009-07-13 23:51 - 0123995 ____A C:\Windows\setupact.log
2012-05-06 14:20 - 2011-08-19 01:26 - 0000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2853640266-1192888908-266652628-1000UA.job
2012-05-06 14:20 - 2009-10-31 04:38 - 2386317312 __ASH C:\hiberfil.sys
2012-05-06 14:20 - 2009-07-14 00:10 - 1786033 ____A C:\Windows\WindowsUpdate.log
2012-05-06 14:19 - 2009-12-25 16:05 - 0000000 ____D C:\Users\Katie\Application Data\uTorrent
2012-05-06 14:19 - 2009-12-25 16:05 - 0000000 ____D C:\Users\Katie\AppData\Roaming\uTorrent
2012-05-06 14:07 - 2012-05-06 14:07 - 1388155 ____A C:\Users\Katie\Downloads\FRST64(1).exe
2012-05-06 14:07 - 2012-04-24 21:55 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-05-06 14:06 - 2012-05-06 14:06 - 0037311 ____A C:\Users\Katie\Downloads\FRST.txt
2012-05-06 14:05 - 2012-05-06 14:05 - 1388155 ____A C:\Users\Katie\Downloads\FRST64.exe
2012-05-06 14:05 - 2011-07-10 23:25 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2853640266-1192888908-266652628-1000UA.job
2012-05-06 14:05 - 2011-07-10 23:25 - 0000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2853640266-1192888908-266652628-1000Core.job
2012-05-06 13:54 - 2009-07-14 00:13 - 0780132 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-06 12:29 - 2012-05-06 14:06 - 0000000 ____D C:\FRST
2012-05-06 02:20 - 2011-08-19 01:26 - 0000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2853640266-1192888908-266652628-1000Core.job
2012-05-05 16:39 - 2012-04-24 22:07 - 8744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-05 16:39 - 2012-04-24 21:55 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-05 16:39 - 2011-12-05 17:49 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-05 01:56 - 2009-07-13 23:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-05 01:56 - 2009-07-13 23:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-05 00:07 - 2011-07-10 23:25 - 0002403 ____A C:\Users\Katie\Desktop\Google Chrome.lnk
2012-05-04 23:47 - 2009-12-25 14:46 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-05-04 23:37 - 2012-05-04 23:37 - 4731392 ____A (AVAST Software) C:\Users\Katie\Downloads\aswMBR.exe
2012-05-04 23:28 - 2012-04-24 21:21 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-05-04 23:28 - 2011-08-13 01:10 - 0000000 ____D C:\Users\Default\Local Settings\SoftThinks
2012-05-04 23:28 - 2011-08-13 01:10 - 0000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2012-05-04 23:28 - 2011-08-13 01:10 - 0000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2012-05-04 23:28 - 2011-08-13 01:10 - 0000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2012-05-04 23:28 - 2011-08-13 01:10 - 0000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2012-05-04 23:28 - 2011-08-13 01:10 - 0000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2012-05-04 23:28 - 2009-12-27 00:06 - 0000000 ____D C:\Users\Katie\Application Data\SoftGrid Client
2012-05-04 23:28 - 2009-12-27 00:06 - 0000000 ____D C:\Users\Katie\AppData\Roaming\SoftGrid Client
2012-05-04 23:27 - 2012-03-17 01:36 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-04 18:09 - 2012-05-04 18:09 - 0286528 ____A C:\Users\Katie\Desktop\Survey.png
2012-05-04 01:10 - 2009-12-25 11:37 - 0000000 ____D C:\users\Katie
2012-05-04 01:09 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-05-03 23:07 - 2011-07-14 22:45 - 0000000 ____D C:\users\Guest
2012-05-03 23:06 - 2012-05-02 21:56 - 0000000 ____D C:\Users\Katie\Downloads\tdsskiller
2012-05-03 23:06 - 2011-07-23 19:29 - 0000000 ____D C:\Users\Katie\Application Data\vlc
2012-05-03 23:06 - 2011-07-23 19:29 - 0000000 ____D C:\Users\Katie\AppData\Roaming\vlc
2012-05-03 23:06 - 2010-12-03 18:35 - 0000000 ____D C:\Users\Katie\Downloads\SONY Vegas Pro v9.0c Build 896 x86 and x64 + WORKING KEYGEN ~
2012-05-03 23:06 - 2010-01-18 18:31 - 0000000 ____D C:\Users\Katie\Downloads\Prism Video Converter v1.20
2012-05-03 23:06 - 2009-12-27 00:02 - 0000000 ____D C:\Users\Public\Documents\SoftGrid Client
2012-05-03 23:06 - 2009-12-27 00:02 - 0000000 ____D C:\Users\All Users\Documents\SoftGrid Client
2012-05-03 23:06 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\registration
2012-05-03 18:38 - 2012-05-03 18:38 - 0000000 ____D C:\Program Files (x86)\ESET
2012-05-03 00:07 - 2012-05-03 00:06 - 0000000 ____D C:\Users\Katie\Application Data\Spotify
2012-05-03 00:07 - 2012-05-03 00:06 - 0000000 ____D C:\Users\Katie\AppData\Roaming\Spotify
2012-05-02 22:01 - 2012-05-02 22:01 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-05-02 22:01 - 2012-05-02 21:56 - 0133968 ____A C:\TDSSKiller.2.7.34.0_02.05.2012_19.56.30_log.txt
2012-05-02 21:53 - 2012-05-02 21:53 - 2055783 ____A C:\Users\Katie\Downloads\tdsskiller.zip
2012-05-02 00:20 - 2011-02-23 02:24 - 0000404 ____A C:\rkill.log
2012-04-30 23:41 - 2012-04-30 23:41 - 0015226 ____A C:\Users\Katie\Desktop\Chocolate Euphoria bars.odt
2012-04-28 18:20 - 2012-04-28 18:20 - 0152581 ____A C:\Users\Katie\Desktop\Shop 1.png
2012-04-27 00:43 - 2012-04-27 00:43 - 0879714 ____A C:\Users\Katie\Downloads\SecurityCheck.exe
2012-04-26 18:14 - 2009-10-31 04:38 - 0216922 ____A C:\Windows\PFRO.log
2012-04-26 01:08 - 2011-12-28 02:14 - 0001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-26 01:08 - 2011-12-28 02:14 - 0001071 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-26 01:08 - 2011-02-23 02:27 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-24 21:20 - 2012-04-24 21:20 - 0000000 ____D C:\Windows\system64
2012-04-24 21:18 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\tracing
2012-04-21 00:26 - 2012-04-21 00:26 - 0000237 ____A C:\user.js
2012-04-21 00:26 - 2012-04-21 00:26 - 0000000 ____D C:\Users\Katie\Local Settings\Babylon
2012-04-21 00:26 - 2012-04-21 00:26 - 0000000 ____D C:\Users\Katie\Local Settings\Application Data\Babylon
2012-04-21 00:26 - 2012-04-21 00:26 - 0000000 ____D C:\Users\Katie\Application Data\Babylon
2012-04-21 00:26 - 2012-04-21 00:26 - 0000000 ____D C:\Users\Katie\AppData\Roaming\Babylon
2012-04-21 00:26 - 2012-04-21 00:26 - 0000000 ____D C:\Users\Katie\AppData\Local\Babylon
2012-04-21 00:26 - 2012-04-21 00:26 - 0000000 ____D C:\Users\All Users\Premium
2012-04-21 00:26 - 2012-04-21 00:26 - 0000000 ____D C:\Users\All Users\InstallMate
2012-04-21 00:26 - 2012-04-21 00:26 - 0000000 ____D C:\Users\All Users\Babylon
2012-04-21 00:26 - 2012-04-21 00:26 - 0000000 ____D C:\Users\All Users\Application Data\Premium
2012-04-21 00:26 - 2012-04-21 00:26 - 0000000 ____D C:\Users\All Users\Application Data\InstallMate
2012-04-21 00:26 - 2012-04-21 00:26 - 0000000 ____D C:\Users\All Users\Application Data\Babylon
2012-04-21 00:26 - 2012-04-21 00:26 - 0000000 ____D C:\ProgramData\Premium
2012-04-21 00:26 - 2012-04-21 00:26 - 0000000 ____D C:\ProgramData\InstallMate
2012-04-21 00:26 - 2012-04-21 00:26 - 0000000 ____D C:\ProgramData\Babylon
2012-04-21 00:26 - 2012-04-21 00:26 - 0000000 ____D C:\Program Files (x86)\BabylonToolbar
2012-04-20 06:20 - 2012-04-20 06:20 - 0065536 __ASH C:\Windows\System32\config\components{6faaad05-7e4e-11e0-a9a8-0025646c01ff}.TxR.blf
2012-04-17 12:12 - 2009-07-14 00:08 - 0032574 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-16 00:39 - 2012-04-16 00:39 - 0064244 ____A C:\Users\Katie\Desktop\center1.jpg
2012-04-15 13:02 - 2012-04-15 13:02 - 0001332 ____A C:\Users\Public\Desktop\Toontown Online.lnk
2012-04-15 13:02 - 2012-04-15 13:02 - 0001332 ____A C:\Users\All Users\Desktop\Toontown Online.lnk
2012-04-15 13:02 - 2012-04-15 13:02 - 0000000 ____D C:\Program Files (x86)\Disney
2012-04-15 13:01 - 2012-04-15 13:01 - 1271392 ____A C:\Users\Katie\Downloads\Toontown-setup.exe
2012-04-12 21:41 - 2011-09-07 21:27 - 0000000 ____D C:\Users\Guest\Application Data\SoftGrid Client
2012-04-12 21:41 - 2011-09-07 21:27 - 0000000 ____D C:\Users\Guest\AppData\Roaming\SoftGrid Client
2012-04-11 05:01 - 2009-12-25 12:26 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-10 01:11 - 2012-04-10 01:07 - 219514852 ____A C:\Users\Katie\Desktop\The.Big.C.S03E01.REAL.HDTV.x264-ASAP.mp4
2012-04-08 02:41 - 2012-04-08 02:41 - 0632231 ____A C:\Users\Katie\Desktop\light crown.jpg
2012-04-08 02:33 - 2012-04-08 02:33 - 0319945 ____A C:\Users\Katie\Desktop\purple desert.jpg
2012-04-03 00:58 - 2012-04-03 00:58 - 0033820 ____A C:\Users\Katie\Desktop\crazy.gif
2012-04-01 23:18 - 2012-04-01 23:18 - 0054621 ____A C:\Users\Katie\Downloads\OmegleSpy.jar
2012-04-01 17:01 - 2012-04-01 17:01 - 0000277 ____A C:\Users\Katie\Desktop\omege survey.txt
2012-03-31 19:15 - 2012-03-31 17:24 - 0001057 ____A C:\Users\Katie\Application Data\vso_ts_preview.xml
2012-03-31 19:15 - 2012-03-31 17:24 - 0001057 ____A C:\Users\Katie\AppData\Roaming\vso_ts_preview.xml
2012-03-31 19:15 - 2012-03-31 17:24 - 0000000 ____D C:\Users\Katie\Application Data\Vso
2012-03-31 19:15 - 2012-03-31 17:24 - 0000000 ____D C:\Users\Katie\AppData\Roaming\Vso
2012-03-31 19:14 - 2012-03-31 17:31 - 0000000 ____D C:\Users\Katie\My Documents\ConvertXToDVD
2012-03-31 19:14 - 2012-03-31 17:31 - 0000000 ____D C:\Users\Katie\Documents\ConvertXToDVD
2012-03-31 19:06 - 2012-03-31 19:06 - 0000000 ____D C:\Users\All Users\vsosdk
2012-03-31 19:06 - 2012-03-31 19:06 - 0000000 ____D C:\Users\All Users\Application Data\vsosdk
2012-03-31 19:06 - 2012-03-31 19:06 - 0000000 ____D C:\ProgramData\vsosdk
2012-03-31 18:13 - 2012-03-31 18:13 - 0001190 ____A C:\Users\Katie\Desktop\ConvertXtoDVD 4.lnk
2012-03-31 18:13 - 2012-03-31 18:13 - 0000000 ____D C:\Program Files (x86)\VSO
2012-03-31 18:03 - 2012-03-31 18:03 - 0000000 ____D C:\Users\Katie\Desktop\CVTx2DVD
2012-03-31 17:34 - 2012-03-31 17:34 - 19809034 ____A C:\Users\Katie\Desktop\CVTx2DVD.rar
2012-03-31 17:34 - 2012-03-31 17:34 - 0099384 ____A C:\Users\Katie\Application Data\inst.exe
2012-03-31 17:34 - 2012-03-31 17:34 - 0099384 ____A C:\Users\Katie\AppData\Roaming\inst.exe
2012-03-31 17:34 - 2012-03-31 17:34 - 0082816 ____A (VSO Software) C:\Users\Katie\Application Data\pcouffin.sys
2012-03-31 17:34 - 2012-03-31 17:34 - 0082816 ____A (VSO Software) C:\Users\Katie\AppData\Roaming\pcouffin.sys
2012-03-31 17:34 - 2012-03-31 17:34 - 0007859 ____A C:\Users\Katie\Application Data\pcouffin.cat
2012-03-31 17:34 - 2012-03-31 17:34 - 0007859 ____A C:\Users\Katie\AppData\Roaming\pcouffin.cat
2012-03-31 17:34 - 2012-03-31 17:34 - 0001167 ____A C:\Users\Katie\Application Data\pcouffin.inf
2012-03-31 17:34 - 2012-03-31 17:34 - 0001167 ____A C:\Users\Katie\AppData\Roaming\pcouffin.inf
2012-03-31 17:34 - 2012-03-31 17:34 - 0000055 ____A C:\Users\Katie\Application Data\pcouffin.log
2012-03-31 17:34 - 2012-03-31 17:34 - 0000055 ____A C:\Users\Katie\AppData\Roaming\pcouffin.log
2012-03-31 17:34 - 2012-03-31 17:34 - 0000000 ____D C:\Users\Katie\My Documents\PcSetup
2012-03-31 17:34 - 2012-03-31 17:34 - 0000000 ____D C:\Users\Katie\Documents\PcSetup
2012-03-31 07:37 - 2011-08-25 16:28 - 0000000 ____D C:\Windows\rescache
2012-03-31 02:12 - 2012-03-31 02:10 - 19788784 ____A (VSO-Software ) C:\Users\Katie\Downloads\vsoConvertXtoDVD4_setup-avangate_5160.exe
2012-03-31 01:59 - 2012-03-31 01:59 - 0000000 ____D C:\Users\Katie\Desktop\Hedwig and the Angry Inch
2012-03-28 05:08 - 2009-12-27 00:01 - 0774348 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-03-26 01:59 - 2012-03-26 01:59 - 0790896 ____A C:\Windows\Minidump\032512-21013-01.dmp
2012-03-26 01:59 - 2010-06-14 18:31 - 0000000 ____D C:\Windows\Minidump
2012-03-25 23:18 - 2012-03-25 23:18 - 0010616 ____A C:\Users\Katie\Downloads\Unconfirmed 41370.crdownload
2012-03-25 23:18 - 2012-03-25 23:18 - 0010616 ____A C:\Users\Katie\Downloads\Unconfirmed 23703.crdownload
2012-03-25 03:26 - 2010-02-16 02:29 - 0000000 ____D C:\Program Files (x86)\Steam
2012-03-22 22:19 - 2012-03-22 22:13 - 0000000 ____D C:\Users\Katie\Desktop\Nip.Tuck.S02.WS.DVDRip.XviD-MEDiEVAL
2012-03-22 16:10 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-03-22 09:20 - 2012-03-22 09:12 - 0004058 ____A C:\Windows\IE9_main.log
2012-03-22 09:19 - 2012-03-22 09:19 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-03-22 09:19 - 2012-03-22 09:19 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-03-22 09:19 - 2012-03-22 09:19 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-03-22 09:19 - 2012-03-22 09:19 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-03-22 09:19 - 2012-03-22 09:19 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-03-22 09:19 - 2012-03-22 09:19 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-03-22 09:19 - 2012-03-22 09:19 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-03-22 09:19 - 2012-03-22 09:19 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-03-22 09:19 - 2012-03-22 09:19 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-03-22 09:19 - 2012-03-22 09:19 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-03-22 09:19 - 2012-03-22 09:19 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-03-22 09:19 - 2012-03-22 09:19 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-03-22 09:19 - 2012-03-22 09:19 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-03-22 09:19 - 2012-03-22 09:19 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-03-22 09:19 - 2012-03-22 09:19 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-03-22 09:19 - 2012-03-22 09:19 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-03-22 09:19 - 2012-03-22 09:19 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-03-22 09:19 - 2012-03-22 09:19 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-03-22 09:19 - 2012-03-22 09:19 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-03-22 09:19 - 2012-03-22 09:19 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-03-22 09:19 - 2012-03-22 09:19 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-03-22 09:19 - 2012-03-22 09:19 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-03-22 09:19 - 2012-03-22 09:19 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-03-22 09:19 - 2012-03-22 09:19 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-03-22 09:19 - 2012-03-22 09:19 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-03-19 22:24 - 2011-06-30 22:43 - 0000000 ____D C:\Users\Katie\Desktop\Games
2012-03-18 19:13 - 2012-03-17 22:33 - 0000077 ____A C:\Users\Katie\Desktop\KQ scores.txt
2012-03-17 01:36 - 2012-03-17 01:36 - 0000000 ____D C:\Users\All Users\Mozilla
2012-03-17 01:36 - 2012-03-17 01:36 - 0000000 ____D C:\Users\All Users\Application Data\Mozilla
2012-03-17 01:36 - 2012-03-17 01:36 - 0000000 ____D C:\ProgramData\Mozilla
2012-03-15 20:15 - 2012-03-15 20:14 - 76763504 ____A (Apple Inc.) C:\Users\Katie\Downloads\iTunes64Setup.exe
2012-03-15 05:21 - 2009-07-13 23:45 - 0346264 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-13 16:52 - 2009-07-14 00:32 - 0000000 ____D C:\Windows\System32\FxsTmp
2012-03-13 14:05 - 2011-10-19 18:54 - 0001212 ____A C:\Users\Guest\Application Data\wklnhst.dat
2012-03-13 14:05 - 2011-10-19 18:54 - 0001212 ____A C:\Users\Guest\AppData\Roaming\wklnhst.dat
2012-03-09 01:27 - 2011-08-07 23:44 - 0000000 ____D C:\Users\Katie\Local Settings\Songbird2
2012-03-09 01:27 - 2011-08-07 23:44 - 0000000 ____D C:\Users\Katie\Local Settings\Application Data\Songbird2
2012-03-09 01:27 - 2011-08-07 23:44 - 0000000 ____D C:\Users\Katie\AppData\Local\Songbird2
2012-03-09 00:59 - 2012-03-09 00:59 - 0001859 ____A C:\Users\Public\Desktop\Songbird.lnk
2012-03-09 00:59 - 2012-03-09 00:59 - 0001859 ____A C:\Users\All Users\Desktop\Songbird.lnk
2012-03-09 00:59 - 2012-03-09 00:59 - 0000000 ____D C:\Program Files (x86)\Songbird
2012-03-09 00:45 - 2012-03-09 00:45 - 0816048 ____A C:\Windows\Minidump\030812-58032-01.dmp
2012-03-09 00:24 - 2012-03-09 00:24 - 14611368 ____A (POTI, Inc.) C:\Users\Katie\Downloads\Songbird_1.10.2-2199_windows-i686-msvc8.exe
2012-03-09 00:20 - 2009-07-13 22:20 - 0000000 ___RD C:\users\Public
2012-03-09 00:07 - 2012-03-08 23:49 - 0010039 ____A C:\Users\Katie\Desktop\Best Choral Songs.odt
2012-03-08 10:18 - 2012-03-08 10:18 - 0000000 ____D C:\Users\Katie\Desktop\Charlie Bartlett
2012-03-07 01:28 - 2012-03-07 01:28 - 0115500 ____A C:\Users\Katie\Desktop\satapp1.png
2012-03-07 00:09 - 2012-03-04 23:34 - 0016109 ____A C:\Users\Katie\Desktop\CS Spiel.odt
2012-03-07 00:04 - 2012-03-07 00:04 - 0000009 ____A C:\Users\Katie\Desktop\rebmunytiruceslaicos.txt
2012-03-06 01:43 - 2012-04-11 05:04 - 5504880 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-06 00:59 - 2012-04-11 05:04 - 3958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-06 00:59 - 2012-04-11 05:04 - 3902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-04 02:41 - 2012-03-04 02:41 - 3345584 ____A C:\Users\Katie\Downloads\GLaDOS Sound files.zip
2012-03-03 01:50 - 2011-06-30 22:45 - 0000000 ____D C:\Users\Katie\Desktop\Comic Books
2012-03-01 01:54 - 2012-04-11 05:00 - 0022896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-03-01 01:45 - 2012-04-11 05:00 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-03-01 01:40 - 2012-04-11 05:00 - 0080896 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-03-01 01:35 - 2012-04-11 05:00 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-03-01 00:49 - 2012-04-11 05:00 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-03-01 00:45 - 2012-04-11 05:00 - 0158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-03-01 00:40 - 2012-04-11 05:00 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-28 22:43 - 2012-02-28 22:43 - 0045109 ____A C:\Users\Katie\Desktop\Katie17.jpg
2012-02-28 02:34 - 2012-04-12 05:00 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-28 02:02 - 2012-04-12 05:00 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-28 01:56 - 2012-04-12 05:00 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-28 01:50 - 2012-04-12 05:00 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-28 01:49 - 2012-04-12 05:00 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-28 01:48 - 2012-04-12 05:00 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-28 01:48 - 2012-04-12 05:00 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-28 01:47 - 2012-04-12 05:00 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-28 01:45 - 2012-04-12 05:00 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-28 01:43 - 2012-04-12 05:00 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-28 01:43 - 2012-04-12 05:00 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-28 01:42 - 2012-04-12 05:00 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-28 01:39 - 2012-04-12 05:00 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 20:52 - 2012-04-12 05:00 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 20:27 - 2012-04-12 05:00 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 20:18 - 2012-04-12 05:00 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 20:12 - 2012-04-12 05:00 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 20:11 - 2012-04-12 05:00 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 20:11 - 2012-04-12 05:00 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 20:09 - 2012-04-12 05:00 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 20:08 - 2012-04-12 05:00 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 20:06 - 2012-04-12 05:00 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 20:04 - 2012-04-12 05:00 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 20:03 - 2012-04-12 05:00 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 20:03 - 2012-04-12 05:00 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 19:59 - 2012-04-12 05:00 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-27 00:36 - 2012-02-27 00:27 - 738985592 ____A C:\Users\Katie\Desktop\Beginners.2010.LIMITED.BRRIP.XVID.AbSurdiTy.avi
2012-02-26 23:26 - 2012-02-26 23:26 - 0000000 ____D C:\Program Files (x86)\LG Electronics
2012-02-26 23:26 - 2009-10-31 02:49 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-02-26 23:25 - 2012-02-26 23:25 - 0000000 ____D C:\LGP999WA
2012-02-26 23:19 - 2012-02-26 23:19 - 0261208 ____A (LG Electronics) C:\Users\Katie\Downloads\B2CAppSetup.exe
2012-02-26 23:19 - 2012-02-26 23:19 - 0002413 ____A C:\Windows\SysWOW64\lgAxconfig.ini
2012-02-26 23:19 - 2012-02-26 23:19 - 0000821 ____A C:\Users\Katie\Desktop\LGMobile update.lnk
2012-02-26 23:19 - 2012-02-26 23:19 - 0000000 ____D C:\Users\All Users\LGMOBILEAX
2012-02-26 23:19 - 2012-02-26 23:19 - 0000000 ____D C:\Users\All Users\Application Data\LGMOBILEAX
2012-02-26 23:19 - 2012-02-26 23:19 - 0000000 ____D C:\ProgramData\LGMOBILEAX
2012-02-24 15:09 - 2009-12-25 16:05 - 0000000 ____D C:\Program Files (x86)\uTorrent
2012-02-23 12:18 - 2009-12-25 12:15 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-20 00:27 - 2009-10-31 02:46 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-02-19 02:36 - 2012-02-19 02:36 - 0000039 ____A C:\Users\Katie\Desktop\Watch.txt
2012-02-18 13:31 - 2012-02-18 13:29 - 0000010 ____A C:\Users\Katie\Desktop\Nana's Wifi Key.txt
2012-02-16 10:15 - 2009-12-25 11:41 - 0000402 __ASH C:\Users\Katie\My Documents\desktop.ini
2012-02-16 10:15 - 2009-12-25 11:41 - 0000174 ___SH C:\Users\Katie\Start Menu\Programs\Startup\desktop.ini
2012-02-16 10:15 - 2009-12-25 11:41 - 0000174 ___SH C:\Users\Katie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-16 09:41 - 2011-07-14 22:45 - 0000402 __ASH C:\Users\Guest\My Documents\desktop.ini
2012-02-16 09:41 - 2011-07-14 22:45 - 0000174 ___SH C:\Users\Guest\Start Menu\Programs\Startup\desktop.ini
2012-02-16 09:41 - 2011-07-14 22:45 - 0000174 ___SH C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-16 06:29 - 2009-10-31 03:01 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-15 13:01 - 2012-02-15 13:01 - 4547944 ____A (Apple, Inc.) C:\Windows\System32\usbaaplrc.dll
2012-02-15 13:01 - 2012-02-15 13:01 - 0052736 ____A (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl64.sys
2012-02-15 01:27 - 2012-03-14 05:17 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-15 00:44 - 2012-03-14 05:17 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-14 23:47 - 2012-03-14 05:17 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-14 23:46 - 2012-03-14 05:17 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-14 12:08 - 2011-10-19 18:54 - 0000000 ____D C:\Users\Guest\Application Data\Template
2012-02-14 12:08 - 2011-10-19 18:54 - 0000000 ____D C:\Users\Guest\AppData\Roaming\Template
2012-02-14 09:23 - 2012-02-14 09:23 - 0816048 ____A C:\Windows\Minidump\021412-22635-01.dmp
2012-02-14 03:03 - 2012-02-14 03:03 - 0790296 ____A C:\Windows\Minidump\021412-18642-01.dmp
2012-02-10 01:18 - 2012-03-14 05:18 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-10 01:17 - 2012-03-14 05:18 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-02-10 01:17 - 2012-03-14 05:18 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-02-10 01:17 - 2012-03-14 05:18 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-02-10 01:17 - 2012-03-14 05:18 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-02-10 00:41 - 2012-03-14 05:18 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-02-10 00:41 - 2012-03-14 05:18 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-10 00:41 - 2012-03-14 05:18 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-02-10 00:41 - 2012-03-14 05:18 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-02-10 00:41 - 2012-03-14 05:18 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe
[2009-07-13 18:50] - [2009-07-13 20:39] - 0030208 ____A (Microsoft Corporation) 6F8F1376A13114CC10C0E69274F5A4DE

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 3034.36 MB
Available physical RAM: 2508.89 MB
Total Pagefile: 3032.51 MB
Available Pagefile: 2501.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:7.95 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:10.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (HP v125w) (Removable) (Total:3.72 GB) (Free:3.65 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 3819 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 218 GB 14 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 14 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 218 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3819 MB 31 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F HP v125w FAT32 Removable 3819 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-29 06:32

======================= End Of Log ==========================

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:38 AM

Posted 07 May 2012 - 02:34 AM

Currently reviewing your log file. I'll have something posted for you shortly.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:38 AM

Posted 07 May 2012 - 02:41 AM

Hi!

Running FRST Fix

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

start
SubSystems: [Windows] ==> ZeroAccess
2 MMRTKRNL; C:\Windows\System32\datasvr2.dll [6656 2009-07-13] (Oak Technology Inc.)
NETSVC: MMRTKRNL
2012-04-24 21:21 - 2009-07-13 20:40 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-21 00:26 - 2011-09-02 00:18 - 0000000 ____D C:\Users\Katie\Application Data\Babylon
2012-04-21 00:26 - 2011-09-02 00:18 - 0000000 ____D C:\Users\Katie\AppData\Roaming\Babylon
2012-04-21 00:26 - 2011-06-21 19:36 - 0000000 ____D C:\Program Files (x86)\BabylonToolbar
2012-04-21 00:26 - 2010-03-07 15:33 - 0000000 ____D C:\Users\Katie\Local Settings\Babylon
2012-04-21 00:26 - 2010-03-07 15:33 - 0000000 ____D C:\Users\Katie\Local Settings\Application Data\Babylon
2012-04-21 00:26 - 2010-03-07 15:33 - 0000000 ____D C:\Users\Katie\AppData\Local\Babylon
2012-04-21 00:26 - 2009-07-14 00:08 - 0000000 ____D C:\Users\All Users\Babylon
2012-04-21 00:26 - 2009-07-14 00:08 - 0000000 ____D C:\Users\All Users\Application Data\Babylon
2012-04-21 00:26 - 2009-07-14 00:08 - 0000000 ____D C:\ProgramData\Babylon
2012-05-04 23:28 - 2012-04-24 21:21 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-05-03 23:06 - 2010-12-03 18:35 - 0000000 ____D C:\Users\Katie\Downloads\SONY Vegas Pro v9.0c Build 896 x86 and x64 + WORKING KEYGEN ~
2012-04-21 00:26 - 2012-04-21 00:26 - 0000000 ____D C:\Users\Katie\Local Settings\Babylon
2012-04-21 00:26 - 2012-04-21 00:26 - 0000000 ____D C:\Users\Katie\Local Settings\Application Data\Babylon
2012-04-21 00:26 - 2012-04-21 00:26 - 0000000 ____D C:\Users\Katie\Application Data\Babylon
2012-04-21 00:26 - 2012-04-21 00:26 - 0000000 ____D C:\Users\Katie\AppData\Roaming\Babylon
2012-04-21 00:26 - 2012-04-21 00:26 - 0000000 ____D C:\Users\Katie\AppData\Local\Babylon
2012-04-21 00:26 - 2012-04-21 00:26 - 0000000 ____D C:\Users\All Users\Babylon
2012-04-21 00:26 - 2012-04-21 00:26 - 0000000 ____D C:\Users\All Users\Application Data\Babylon
2012-04-21 00:26 - 2012-04-21 00:26 - 0000000 ____D C:\ProgramData\Babylon
2012-04-21 00:26 - 2012-04-21 00:26 - 0000000 ____D C:\Program Files (x86)\BabylonToolbar
C:\Windows\assembly\temp\U\80000000.@
C:\Windows\assembly\temp\U\80000032.@
C:\Windows\assembly\temp\U\80000064.@
C:\Windows\assembly\temp\U\
C:\Windows\System32\FastUserSwitchingCompatibilityex.dll
C:\Windows\system64\consrv.dll
C:\Windows\system64\vcdsecs.dll
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

In Windows Vista: Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


NEXT:



Running aswMBR.exe

Download aswMBR.exe (4.5mb) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image



NEXT:



Re-Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • In the Posted Image box Copy & Paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    tdx.sys
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. fixlog.txt log file.
3. aswMBR.exe log file.
4. OTL.txt & Extras.txt log files.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 harveypuggle

harveypuggle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 07 May 2012 - 11:24 PM

1. I have no questions.
2. Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 06-05-2012
Ran by SYSTEM at 2012-05-07 15:41:56 Run:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
MMRTKRNL service deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs MMRTKRNL Deleted successfully.
C:\Windows\System32\dds_trash_log.cmd moved successfully.
C:\Users\Katie\Application Data\Babylon moved successfully.
C:\Users\Katie\AppData\Roaming\Babylon not found.
C:\Program Files (x86)\BabylonToolbar moved successfully.
C:\Users\Katie\Local Settings\Babylon moved successfully.
C:\Users\Katie\Local Settings\Application Data\Babylon not found.
C:\Users\Katie\AppData\Local\Babylon not found.
C:\Users\All Users\Babylon moved successfully.
C:\Users\All Users\Application Data\Babylon not found.
C:\ProgramData\Babylon not found.
C:\Windows\System32\dds_trash_log.cmd not found.
C:\Users\Katie\Downloads\SONY Vegas Pro v9.0c Build 896 x86 and x64 + WORKING KEYGEN ~ moved successfully.
C:\Users\Katie\Local Settings\Babylon not found.
C:\Users\Katie\Local Settings\Application Data\Babylon not found.
C:\Users\Katie\Application Data\Babylon not found.
C:\Users\Katie\AppData\Roaming\Babylon not found.
C:\Users\Katie\AppData\Local\Babylon not found.
C:\Users\All Users\Babylon not found.
C:\Users\All Users\Application Data\Babylon not found.
C:\ProgramData\Babylon not found.
C:\Program Files (x86)\BabylonToolbar not found.
C:\Windows\assembly\temp\U\80000000.@ moved successfully.
C:\Windows\assembly\temp\U\80000032.@ moved successfully.
C:\Windows\assembly\temp\U\80000064.@ moved successfully.
C:\Windows\assembly\temp\U\ moved successfully.
C:\Windows\System32\FastUserSwitchingCompatibilityex.dll not found.
C:\Windows\system64\consrv.dll not found.
C:\Windows\system64\vcdsecs.dll not found.

==== End of Fixlog ====

3. aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-07 15:47:24
-----------------------------
15:47:24.253 OS Version: Windows x64 6.1.7600
15:47:24.253 Number of processors: 2 586 0x170A
15:47:24.253 ComputerName: SHINYLIMEY UserName: Katie
15:47:25.251 Initialize success
15:48:07.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:48:07.547 Disk 0 Vendor: WDC_WD2500BEVT-75ZCT2 11.01A11 Size: 238475MB BusType: 11
15:48:07.562 Disk 0 MBR read successfully
15:48:07.562 Disk 0 MBR scan
15:48:07.562 Disk 0 Windows VISTA default MBR code
15:48:07.562 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
15:48:07.578 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
15:48:07.594 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 223434 MB offset 30801920
15:48:07.609 Disk 0 scanning C:\Windows\system32\drivers
15:48:14.848 Service scanning
15:48:32.101 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
15:48:37.218 Modules scanning
15:48:37.234 Disk 0 trace - called modules:
15:48:37.280 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa800312a2c0]<<spgv.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
15:48:37.280 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003437170]
15:48:37.296 3 CLASSPNP.SYS[fffff880013c243f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80032c0680]
15:48:37.312 \Driver\atapi[0xfffffa8003217d50] -> IRP_MJ_CREATE -> 0xfffffa800312a2c0
15:48:37.312 Scan finished successfully
15:48:56.515 Disk 0 MBR has been saved successfully to "C:\Users\Katie\Desktop\MBR.dat"
15:48:56.765 The log file has been saved successfully to "C:\Users\Katie\Desktop\aswMBR.txt"

4. OTL logfile created on: 5/7/2012 3:54:02 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Katie\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 59.15% Memory free
5.92 Gb Paging File | 4.54 Gb Available in Paging File | 76.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 7.67 Gb Free Space | 3.51% Space Free | Partition Type: NTFS
Drive F: | 3.72 Gb Total Space | 3.65 Gb Free Space | 98.03% Space Free | Partition Type: FAT32

Computer Name: SHINYLIMEY | User Name: Katie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

OTL Extras logfile created on: 5/7/2012 3:54:02 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Katie\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 59.15% Memory free
5.92 Gb Paging File | 4.54 Gb Available in Paging File | 76.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 7.67 Gb Free Space | 3.51% Space Free | Partition Type: NTFS
Drive F: | 3.72 Gb Total Space | 3.65 Gb Free Space | 98.03% Space Free | Partition Type: FAT32

Computer Name: SHINYLIMEY | User Name: Katie | Logged in as Administrator.

5. The redirection has stopped, as far as I can tell.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users