Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef Alureon and Waprox virus


  • This topic is locked This topic is locked
43 replies to this topic

#1 Gary Sark

Gary Sark

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 05 May 2012 - 02:37 PM

I still cant't find the attachment capability. Here is the output of Microsoft Safety Scanner
==========
Trojan:Win32/Alureon.FP - partially remove, manual steps required, restart required
Trojan:Win32/Sirefef.AB - partially remove, restart required
Trojan:Win32/Waprox.A - partially remove, restart required
Trojan:Win64/Sirefef.J - partially remove, restart required
Trojan:Win64/Sirefef.P - partially remove, restart required
Trojan:Win64/Sirefef.U - partially remove, restart required
Trojan:Win64/Sirefef.W - partially remove, restart required
Exploit:JS/Blacole.DG - Removed
Trojan:Win64/Sirefef.Y - Remove

Here are the results of Malicious Software Removal Tool (MS)
Trojan:Win32/Alureon.FP - Partially removed, manual steps required, restart Required

GMER has finished. I will post the files now. This is the GMER output (ark.txt)
Also included is tht Attach.txt file

and finally, here is the DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Monique K Sarkessian at 23:54:49 on 2012-05-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5610.2542 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\spool\DRIVERS\x64\3\lxdxserv.exe
C:\windows\system32\lxdxcoms.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\windows\system32\taskhost.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Pantone\hueyPRO\hueyPROTray.exe
C:\Program Files (x86)\GoZone\GoZone_iSync.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Wacom\Inkling Sketch Manager\SketchManager.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
C:\Windows\explorer.exe
C:\Users\Monique K Sarkessian\Desktop\MSRT.exe
c:\1b4cf47c5d4ac354b174595a\mrtstub.exe
C:\windows\system32\MRT.exe
C:\Users\Monique K Sarkessian\Downloads\SecurityCheck.exe
C:\Users\Monique K Sarkessian\Downloads\msert.exe
C:\Users\Monique K Sarkessian\Downloads\msert.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\windows\SysWOW64\ping.exe
C:\windows\system32\conhost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\ping.exe
C:\windows\system32\conhost.exe
C:\Users\Monique K Sarkessian\Downloads\Defogger.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\ping.exe
C:\windows\system32\conhost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = https://www.google.com/
uDefault_Page_URL = hxxp://start.toshiba.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Fast Search: {5ab7104a-b71f-49ad-9154-f7f8806ae848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [FaxCenterServer] "C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe" /s
mRun: [BSDAppUpdater] C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun: [sketchmanager] C:\Program Files (x86)\Wacom\Inkling Sketch Manager\SketchManager.exe tray
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
StartupFolder: C:\Users\MONIQU~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GOZONE~1.LNK - C:\Program Files (x86)\GoZone\GoZone_iSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\hueyPROTray.lnk - C:\Program Files (x86)\Pantone\hueyPRO\hueyPROTray.exe
uPolicies-explorer: NoInstrumentation = 1
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D0BCBC76-CA54-4A7E-BCA9-CA270B2E98E2} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Fast Search: {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll
BHO-X64: IE BHO Utility - No File
BHO-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO-X64: Ad-Aware Security Toolbar - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [FaxCenterServer] "C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe" /s
mRun-x64: [BSDAppUpdater] C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun-x64: [sketchmanager] C:\Program Files (x86)\Wacom\Inkling Sketch Manager\SketchManager.exe tray
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Monique K Sarkessian\AppData\Roaming\Mozilla\Firefox\Profiles\4tvsox4e.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 GFNEXSrv;GFNEX Service;C:\Windows\System32\GFNEXSrv.exe --> C:\Windows\System32\GFNEXSrv.exe [?]
R2 lxdx_device;lxdx_device;C:\windows\system32\lxdxcoms.exe -service --> C:\windows\system32\lxdxcoms.exe -service [?]
R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxdxserv.exe [2011-11-2 29184]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-9-18 135608]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-9-18 126392]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-1-18 793048]
R2 regi;regi;\??\C:\windows\system32\drivers\regi.sys --> C:\windows\system32\drivers\regi.sys [?]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2011-11-24 6583160]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-5-24 294848]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2011-11-24 528760]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\system32\drivers\AtihdW76.sys --> C:\windows\system32\drivers\AtihdW76.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\windows\system32\DRIVERS\SBFWIM.sys --> C:\windows\system32\DRIVERS\SBFWIM.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-9-18 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-10 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-7-1 828856]
R4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-22 654408]
S1 barbgwdo;barbgwdo;\??\C:\windows\system32\drivers\barbgwdo.sys --> C:\windows\system32\drivers\barbgwdo.sys [?]
S1 bnyazodi;bnyazodi;\??\C:\windows\system32\drivers\bnyazodi.sys --> C:\windows\system32\drivers\bnyazodi.sys [?]
S1 cgruafug;cgruafug;\??\C:\windows\system32\drivers\cgruafug.sys --> C:\windows\system32\drivers\cgruafug.sys [?]
S1 cuyucotb;cuyucotb;\??\C:\windows\system32\drivers\cuyucotb.sys --> C:\windows\system32\drivers\cuyucotb.sys [?]
S1 cybnluzc;cybnluzc;\??\C:\windows\system32\drivers\cybnluzc.sys --> C:\windows\system32\drivers\cybnluzc.sys [?]
S1 ddrnbomj;ddrnbomj;\??\C:\windows\system32\drivers\ddrnbomj.sys --> C:\windows\system32\drivers\ddrnbomj.sys [?]
S1 ebwjjfav;ebwjjfav;\??\C:\windows\system32\drivers\ebwjjfav.sys --> C:\windows\system32\drivers\ebwjjfav.sys [?]
S1 ejywgmjk;ejywgmjk;\??\C:\windows\system32\drivers\ejywgmjk.sys --> C:\windows\system32\drivers\ejywgmjk.sys [?]
S1 frftzliu;frftzliu;\??\C:\windows\system32\drivers\frftzliu.sys --> C:\windows\system32\drivers\frftzliu.sys [?]
S1 gzlcbmof;gzlcbmof;\??\C:\windows\system32\drivers\gzlcbmof.sys --> C:\windows\system32\drivers\gzlcbmof.sys [?]
S1 khkntfmz;khkntfmz;\??\C:\windows\system32\drivers\khkntfmz.sys --> C:\windows\system32\drivers\khkntfmz.sys [?]
S1 lhbniliu;lhbniliu;\??\C:\windows\system32\drivers\lhbniliu.sys --> C:\windows\system32\drivers\lhbniliu.sys [?]
S1 lkdrqumg;lkdrqumg;\??\C:\windows\system32\drivers\lkdrqumg.sys --> C:\windows\system32\drivers\lkdrqumg.sys [?]
S1 lwdfegon;lwdfegon;\??\C:\windows\system32\drivers\lwdfegon.sys --> C:\windows\system32\drivers\lwdfegon.sys [?]
S1 mgmtilwe;mgmtilwe;\??\C:\windows\system32\drivers\mgmtilwe.sys --> C:\windows\system32\drivers\mgmtilwe.sys [?]
S1 mzueewpk;mzueewpk;\??\C:\windows\system32\drivers\mzueewpk.sys --> C:\windows\system32\drivers\mzueewpk.sys [?]
S1 neegojfo;neegojfo;\??\C:\windows\system32\drivers\neegojfo.sys --> C:\windows\system32\drivers\neegojfo.sys [?]
S1 odfbgnfg;odfbgnfg;\??\C:\windows\system32\drivers\odfbgnfg.sys --> C:\windows\system32\drivers\odfbgnfg.sys [?]
S1 oovaaqpc;oovaaqpc;\??\C:\windows\system32\drivers\oovaaqpc.sys --> C:\windows\system32\drivers\oovaaqpc.sys [?]
S1 orwdisrq;orwdisrq;\??\C:\windows\system32\drivers\orwdisrq.sys --> C:\windows\system32\drivers\orwdisrq.sys [?]
S1 oylnjtmf;oylnjtmf;\??\C:\windows\system32\drivers\oylnjtmf.sys --> C:\windows\system32\drivers\oylnjtmf.sys [?]
S1 SbFw;SbFw;C:\windows\system32\drivers\SbFw.sys --> C:\windows\system32\drivers\SbFw.sys [?]
S1 SbTis;SbTis;C:\windows\system32\drivers\sbtis.sys --> C:\windows\system32\drivers\sbtis.sys [?]
S1 sqbiibys;sqbiibys;\??\C:\windows\system32\drivers\sqbiibys.sys --> C:\windows\system32\drivers\sqbiibys.sys [?]
S1 thajcdyi;thajcdyi;\??\C:\windows\system32\drivers\thajcdyi.sys --> C:\windows\system32\drivers\thajcdyi.sys [?]
S1 tpjvrfnj;tpjvrfnj;\??\C:\windows\system32\drivers\tpjvrfnj.sys --> C:\windows\system32\drivers\tpjvrfnj.sys [?]
S1 upfpayoe;upfpayoe;\??\C:\windows\system32\drivers\upfpayoe.sys --> C:\windows\system32\drivers\upfpayoe.sys [?]
S1 utagbpyi;utagbpyi;\??\C:\windows\system32\drivers\utagbpyi.sys --> C:\windows\system32\drivers\utagbpyi.sys [?]
S1 vdrhlegy;vdrhlegy;\??\C:\windows\system32\drivers\vdrhlegy.sys --> C:\windows\system32\drivers\vdrhlegy.sys [?]
S1 vlahtuzj;vlahtuzj;\??\C:\windows\system32\drivers\vlahtuzj.sys --> C:\windows\system32\drivers\vlahtuzj.sys [?]
S1 vsduwfru;vsduwfru;\??\C:\windows\system32\drivers\vsduwfru.sys --> C:\windows\system32\drivers\vsduwfru.sys [?]
S1 wmmxkjsc;wmmxkjsc;\??\C:\windows\system32\drivers\wmmxkjsc.sys --> C:\windows\system32\drivers\wmmxkjsc.sys [?]
S1 wwkosvjm;wwkosvjm;\??\C:\windows\system32\drivers\wwkosvjm.sys --> C:\windows\system32\drivers\wwkosvjm.sys [?]
S1 xsaqznjj;xsaqznjj;\??\C:\windows\system32\drivers\xsaqznjj.sys --> C:\windows\system32\drivers\xsaqznjj.sys [?]
S1 yygujcar;yygujcar;\??\C:\windows\system32\drivers\yygujcar.sys --> C:\windows\system32\drivers\yygujcar.sys [?]
S1 zdvfkrrd;zdvfkrrd;\??\C:\windows\system32\drivers\zdvfkrrd.sys --> C:\windows\system32\drivers\zdvfkrrd.sys [?]
S1 zplogtdg;zplogtdg;\??\C:\windows\system32\drivers\zplogtdg.sys --> C:\windows\system32\drivers\zplogtdg.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-18 136176]
S2 vetmonnt;VMAUDIO;C:\windows\system32\svchost.exe -k netsvcs [2011-7-26 21504]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-18 257696]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-18 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\windows\system32\DRIVERS\sbfwim.sys --> C:\windows\system32\DRIVERS\sbfwim.sys [?]
S3 sbhips;sbhips;C:\windows\system32\drivers\sbhips.sys --> C:\windows\system32\drivers\sbhips.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\windows\system32\DRIVERS\wacmoumonitor.sys --> C:\windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-05 03:50:55 50000 ----a-w- C:\windows\System32\drivers\wmmxkjsc.sys
2012-05-05 03:50:30 50000 ----a-w- C:\windows\System32\drivers\ddrnbomj.sys
2012-05-05 03:49:51 50000 ----a-w- C:\windows\System32\drivers\cgruafug.sys
2012-05-05 03:49:27 50000 ----a-w- C:\windows\System32\drivers\khkntfmz.sys
2012-05-05 03:47:27 50000 ----a-w- C:\windows\System32\drivers\tpjvrfnj.sys
2012-05-05 03:46:15 50000 ----a-w- C:\windows\System32\drivers\upfpayoe.sys
2012-05-05 03:43:21 50000 ----a-w- C:\windows\System32\drivers\oylnjtmf.sys
2012-05-05 03:41:55 50000 ----a-w- C:\windows\System32\drivers\yygujcar.sys
2012-05-05 03:40:11 50000 ----a-w- C:\windows\System32\drivers\thajcdyi.sys
2012-05-05 03:39:39 50000 ----a-w- C:\windows\System32\drivers\lwdfegon.sys
2012-05-05 03:36:41 50000 ----a-w- C:\windows\System32\drivers\lkdrqumg.sys
2012-05-05 03:36:18 50000 ----a-w- C:\windows\System32\drivers\utagbpyi.sys
2012-05-05 03:35:55 50000 ----a-w- C:\windows\System32\drivers\wwkosvjm.sys
2012-05-05 03:35:31 50000 ----a-w- C:\windows\System32\drivers\bnyazodi.sys
2012-05-05 03:34:24 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F7676B6C-D82C-4734-9B98-4092CDA41686}\offreg.dll
2012-05-05 03:33:59 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F7676B6C-D82C-4734-9B98-4092CDA41686}\mpengine.dll
2012-05-05 03:32:25 50000 ----a-w- C:\windows\System32\drivers\mzueewpk.sys
2012-05-05 03:30:54 50000 ----a-w- C:\windows\System32\drivers\vsduwfru.sys
2012-05-05 03:26:56 50000 ----a-w- C:\windows\System32\drivers\sqbiibys.sys
2012-05-05 03:23:14 50000 ----a-w- C:\windows\System32\drivers\ejywgmjk.sys
2012-05-05 03:21:31 50000 ----a-w- C:\windows\System32\drivers\vdrhlegy.sys
2012-05-05 03:19:42 -------- d-----w- C:\1b4cf47c5d4ac354b174595a
2012-05-05 03:13:48 50000 ----a-w- C:\windows\System32\drivers\ebwjjfav.sys
2012-05-05 03:11:25 50000 ----a-w- C:\windows\System32\drivers\neegojfo.sys
2012-05-05 03:11:00 50000 ----a-w- C:\windows\System32\drivers\xsaqznjj.sys
2012-05-05 03:10:37 50000 ----a-w- C:\windows\System32\drivers\cuyucotb.sys
2012-05-05 03:09:27 50000 ----a-w- C:\windows\System32\drivers\orwdisrq.sys
2012-05-05 03:06:45 50000 ----a-w- C:\windows\System32\drivers\zplogtdg.sys
2012-05-05 03:05:36 50000 ----a-w- C:\windows\System32\drivers\oovaaqpc.sys
2012-05-05 03:05:01 50000 ----a-w- C:\windows\System32\drivers\zdvfkrrd.sys
2012-05-05 02:59:33 50000 ----a-w- C:\windows\System32\drivers\odfbgnfg.sys
2012-05-05 02:57:47 50000 ----a-w- C:\windows\System32\drivers\vlahtuzj.sys
2012-05-05 02:50:12 50000 ----a-w- C:\windows\System32\drivers\mgmtilwe.sys
2012-05-05 02:46:44 50000 ----a-w- C:\windows\System32\drivers\gzlcbmof.sys
2012-05-05 02:46:17 50000 ----a-w- C:\windows\System32\drivers\cybnluzc.sys
2012-05-05 02:42:48 50000 ----a-w- C:\windows\System32\drivers\barbgwdo.sys
2012-05-05 02:41:25 50000 ----a-w- C:\windows\System32\drivers\lhbniliu.sys
2012-05-05 02:37:38 50000 ----a-w- C:\windows\System32\drivers\frftzliu.sys
2012-05-05 02:34:59 -------- d-----w- C:\Users\Monique K Sarkessian\AppData\Local\adaware
2012-05-05 02:34:11 94296 ----a-w- C:\windows\System32\drivers\sbtis.sys
2012-05-05 02:33:49 84568 ----a-w- C:\windows\System32\drivers\SbFwIm.sys
2012-05-05 02:33:07 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-05-05 02:32:42 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3FAFBDE0-826E-45AC-94BF-7AC6BE2C63B0}\gapaengine.dll
2012-05-05 02:32:08 -------- d-----w- C:\Users\Monique K Sarkessian\AppData\Local\adawarebp
2012-05-05 02:31:53 -------- d-----w- C:\Program Files (x86)\adawaretb
2012-05-04 01:10:06 -------- d-----w- C:\Users\Monique K Sarkessian\AppData\Roaming\SUPERAntiSpyware.com
2012-05-04 01:09:20 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-05-04 01:09:20 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-05-03 23:48:30 -------- d-----w- C:\a092862794172fd6ec
2012-05-03 23:25:07 -------- d-----w- C:\Users\Monique K Sarkessian\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
2012-05-03 23:24:49 -------- d-----w- C:\ProgramData\Virtualized Applications
2012-05-03 02:12:58 -------- d-----w- C:\Users\Monique K Sarkessian\AppData\Local\Secunia PSI
2012-05-03 02:12:36 -------- d-----w- C:\Program Files (x86)\Secunia
2012-05-03 02:12:29 50000 ----a-w- C:\windows\System32\drivers\duexozdx.sys
2012-05-03 01:54:39 50000 ----a-w- C:\windows\System32\drivers\hpzlhxtn.sys
2012-05-03 01:42:14 50000 ----a-w- C:\windows\System32\drivers\zrtmdstx.sys
2012-05-02 04:11:27 -------- d-----w- C:\Program Files (x86)\Shutterfly
2012-04-28 01:04:59 45904 ----a-w- C:\windows\System32\sbbd(3891).exe
2012-04-28 01:04:47 60504 ----a-w- C:\windows\System32\drivers\sbhips.sys
2012-04-28 01:04:08 253528 ----a-w- C:\windows\System32\drivers\SbFw.sys
2012-04-27 00:19:53 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-04-27 00:08:21 -------- d-----w- C:\Users\Monique K Sarkessian\AppData\Roaming\Systweak
2012-04-26 22:53:02 50000 ----a-w- C:\windows\System32\drivers\kssgogcr.sys
2012-04-26 21:27:49 50000 ----a-w- C:\windows\System32\drivers\nunkamql.sys
2012-04-26 19:01:01 50000 ----a-w- C:\windows\System32\drivers\edaslgkg.sys
2012-04-26 18:38:50 50000 ----a-w- C:\windows\System32\drivers\jnmemfsj.sys
2012-04-26 10:22:55 50000 ----a-w- C:\windows\System32\drivers\xdvlcrql.sys
2012-04-25 22:03:01 50000 ----a-w- C:\windows\System32\drivers\ymnqfadm.sys
2012-04-25 16:15:54 50000 ----a-w- C:\windows\System32\drivers\jgmpnkzl.sys
2012-04-23 10:07:36 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-04-23 10:06:35 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-04-23 10:06:33 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2012-04-23 01:15:53 -------- d-----w- C:\011b12d496168078328a
2012-04-23 00:50:47 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-04-23 00:50:33 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-04-22 23:48:04 -------- d-----w- C:\Users\Monique K Sarkessian\AppData\Roaming\Malwarebytes
2012-04-22 23:47:55 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-22 23:47:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-22 22:59:26 0 --sha-w- C:\windows\System32\dds_trash_log.cmd
2012-04-22 22:58:20 -------- d-----we C:\windows\system64
2012-04-22 22:57:44 -------- d-----w- C:\Users\Monique K Sarkessian\AppData\Local\XACT
2012-04-20 10:30:20 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B784CBE6-25A5-428C-830C-34AAAF5EBC37}\mpengine.dll
2012-04-19 03:57:15 952 --sha-w- C:\ProgramData\KGyGaAvL.sys
2012-04-19 03:57:10 -------- d-----w- C:\Users\Monique K Sarkessian\Corel
2012-04-19 01:04:10 8769696 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-19 00:08:54 419488 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-04-15 12:59:47 -------- d-----w- C:\Program Files\iPod
2012-04-15 12:59:46 -------- d-----w- C:\Program Files\iTunes
2012-04-11 11:06:59 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-04-11 11:06:58 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 11:06:57 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-04-11 11:01:25 81408 ----a-w- C:\windows\System32\imagehlp.dll
2012-04-11 11:01:25 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-04-11 11:01:25 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-04-11 11:01:25 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2012-04-11 11:01:24 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-04-11 11:01:24 5120 ----a-w- C:\windows\System32\wmi.dll
2012-04-11 11:01:24 220672 ----a-w- C:\windows\System32\wintrust.dll
.
==================== Find3M ====================
.
2012-05-05 03:04:56 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-22 19:12:12 4435968 ----a-w- C:\windows\SysWow64\GPhotos.scr
2012-03-21 00:44:12 98688 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys
2012-03-21 00:44:12 203888 ----a-w- C:\windows\System32\drivers\MpFilter.sys
2012-03-20 22:19:20 836115 ----a-w- C:\ProgramData\SPLE042.tmp
2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-02-15 15:01:50 52736 ----a-w- C:\windows\System32\drivers\usbaapl64.sys
2012-02-15 15:01:50 4547944 ----a-w- C:\windows\System32\usbaaplrc.dll
2012-02-14 16:09:44 1070352 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
.
============= FINISH: 23:55:42.02 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 AM

Posted 05 May 2012 - 02:40 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Gary Sark

Gary Sark
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 05 May 2012 - 03:04 PM

ok, before I do this, I would like to back up files. However, I don't think I can until I turn the "Defogger" back to re-enable. Can I do that now?

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 AM

Posted 05 May 2012 - 03:21 PM

you can do the backup anytime - defogger only shuts off a type of program



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Gary Sark

Gary Sark
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 05 May 2012 - 04:54 PM

I do not have an "installation disk." so does that mean I can't proceed?

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 AM

Posted 05 May 2012 - 08:14 PM

Hello


It shows two ways to get into the recovery enveronment did you try the other way?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Gary Sark

Gary Sark
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 05 May 2012 - 11:31 PM

ok, i am going to try the other way now, form the advance boot options. I am going to be selecting the company prompt.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 AM

Posted 05 May 2012 - 11:44 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Gary Sark

Gary Sark
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 05 May 2012 - 11:46 PM

Here you are, from my PC and the memory stick: frst64.txt

Scan result of Farbar Recovery Scan Tool Version: 05-05-2012 02
Ran by SYSTEM at 06-05-2012 00:41:05
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [] [x]
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12558440 2011-07-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [2226280 2011-06-03] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [lxdxmon.exe] "C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe" [668328 2008-06-13] ()
HKLM\...\Run: [lxdxamon] "C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxamon.exe" [16040 2008-06-13] ()
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-04-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [x]
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [FaxCenterServer] "C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe" /s [320168 2008-06-13] ()
HKLM-x32\...\Run: [BSDAppUpdater] C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe [1660232 2011-10-30] (Bootstrap Software Development)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1398440 2011-12-14] (Ask)
HKLM-x32\...\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646232 2011-11-24] ()
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103896 2012-01-04] (PC Tools)
HKLM-x32\...\Run: [sketchmanager] C:\Program Files (x86)\Wacom\Inkling Sketch Manager\SketchManager.exe tray [3659776 2011-08-01] ()
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [198032 2011-10-21] (Lavasoft)
HKU\Monique K Sarkessian\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-09-18] (Google Inc.)
HKU\Monique K Sarkessian\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [718720 2011-07-21] (Microsoft Corporation)
HKU\Monique K Sarkessian\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 AdobeActiveFileMonitor8.0; C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-10-09] (Adobe Systems Incorporated)
3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [206072 2010-10-12] (WildTangent, Inc.)
2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()
2 IviRegMgr; "C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe" [110736 2010-05-20] (InterVideo)
2 lxdxCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\lxdxserv.exe [29184 2009-10-16] (Lexmark International, Inc.)
2 lxdx_device; C:\windows\system32\lxdxcoms.exe -service [1044648 2008-02-27] ( )
2 lxdx_device; C:\windows\SysWow64\lxdxcoms.exe -service [594600 2008-02-27] ( )
2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe /s [135608 2012-01-25] (Symantec Corporation)
2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll" /prefetch:1 [132984 2011-07-19] (Symantec Corporation)
2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2012-01-04] (PC Tools)
2 PSI_SVC_2; "C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe" [193824 2010-03-11] (Protexis Inc.)
2 TabletServicePen; C:\Program Files\Tablet\Pen\Pen_Tablet.exe [6583160 2011-09-08] (Wacom Technology, Corp.)
2 TouchServicePen; C:\Program Files\Tablet\Pen\Pen_TouchService.exe [528760 2011-09-08] (Wacom Technology, Corp.)
4 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [x]
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
2 vetmonnt; C:\Windows\System32\sfman.dll [x]

========================== Drivers (Whitelisted) =============

3 1394ohci; C:\Windows\System32\Drivers\1394ohci.sys [229888 2010-11-20] (Microsoft Corporation)
0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-13] (Microsoft Corporation)
3 ebdrv; C:\Windows\System32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-20] (Microsoft Corporation)
3 iScsiPrt; C:\Windows\System32\drivers\msiscsi.sys [273792 2010-11-20] (Microsoft Corporation)
3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-20] (Microsoft Corporation)
2 regi; C:\Windows\System32\Drivers\regi.sys [14112 2007-04-17] (InterVideo)
3 RTL8192Ce; C:\Windows\System32\Drivers\RTL8192Ce.sys [1142376 2011-02-23] (Realtek Semiconductor Corporation )
1 SbFw; C:\Windows\System32\Drivers\SbFw.sys [253528 2011-04-05] (Sunbelt Software, Inc.)
3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
3 sbhips; C:\Windows\System32\Drivers\sbhips.sys [60504 2011-04-05] (Sunbelt Software, Inc.)
1 SbTis; C:\Windows\System32\Drivers\SbTis.sys [94296 2011-04-05] (Sunbelt Software, Inc.)
3 wacmoumonitor; C:\Windows\System32\Drivers\wacmoumonitor.sys [13312 2011-09-08] (Wacom Technology)
3 wacommousefilter; C:\Windows\System32\Drivers\wacommousefilter.sys [12848 2007-02-16] (Wacom Technology)
3 wacomvhid; C:\Windows\System32\Drivers\wacomvhid.sys [16168 2009-09-21] (Wacom Technology)
1 aeseujle; \??\C:\windows\system32\drivers\aeseujle.sys [x]
1 atnguyyp; \??\C:\windows\system32\drivers\atnguyyp.sys [x]
1 auvjtinv; \??\C:\windows\system32\drivers\auvjtinv.sys [x]
1 avylwwvk; \??\C:\windows\system32\drivers\avylwwvk.sys [x]
1 axhxfmom; \??\C:\windows\system32\drivers\axhxfmom.sys [x]
1 barbgwdo; \??\C:\windows\system32\drivers\barbgwdo.sys [x]
1 bdbnqkmy; \??\C:\windows\system32\drivers\bdbnqkmy.sys [x]
1 bguyssnc; \??\C:\windows\system32\drivers\bguyssnc.sys [x]
1 bigsmnps; \??\C:\windows\system32\drivers\bigsmnps.sys [x]
1 bnyazodi; \??\C:\windows\system32\drivers\bnyazodi.sys [x]
1 boncnuil; \??\C:\windows\system32\drivers\boncnuil.sys [x]
1 brtgvzec; \??\C:\windows\system32\drivers\brtgvzec.sys [x]
1 byioeqct; \??\C:\windows\system32\drivers\byioeqct.sys [x]
1 cgruafug; \??\C:\windows\system32\drivers\cgruafug.sys [x]
1 cltltath; \??\C:\windows\system32\drivers\cltltath.sys [x]
1 crvzjqqo; \??\C:\windows\system32\drivers\crvzjqqo.sys [x]
1 cuyucotb; \??\C:\windows\system32\drivers\cuyucotb.sys [x]
1 cybnluzc; \??\C:\windows\system32\drivers\cybnluzc.sys [x]
1 ddrnbomj; \??\C:\windows\system32\drivers\ddrnbomj.sys [x]
1 dfnqyqfv; \??\C:\windows\system32\drivers\dfnqyqfv.sys [x]
1 dkcjpnki; \??\C:\windows\system32\drivers\dkcjpnki.sys [x]
1 dtvgopkz; \??\C:\windows\system32\drivers\dtvgopkz.sys [x]
1 dvqhsnqr; \??\C:\windows\system32\drivers\dvqhsnqr.sys [x]
1 ebwjjfav; \??\C:\windows\system32\drivers\ebwjjfav.sys [x]
1 edbbcevb; \??\C:\windows\system32\drivers\edbbcevb.sys [x]
1 ejywgmjk; \??\C:\windows\system32\drivers\ejywgmjk.sys [x]
1 eolyvlup; \??\C:\windows\system32\drivers\eolyvlup.sys [x]
1 eopqusci; \??\C:\windows\system32\drivers\eopqusci.sys [x]
1 ezhxtmhy; \??\C:\windows\system32\drivers\ezhxtmhy.sys [x]
1 fagbrtcw; \??\C:\windows\system32\drivers\fagbrtcw.sys [x]
1 fhszwtvz; \??\C:\windows\system32\drivers\fhszwtvz.sys [x]
1 fiehtiag; \??\C:\windows\system32\drivers\fiehtiag.sys [x]
1 fiqyowti; \??\C:\windows\system32\drivers\fiqyowti.sys [x]
1 fkjqgsnh; \??\C:\windows\system32\drivers\fkjqgsnh.sys [x]
1 fmlbxdvc; \??\C:\windows\system32\drivers\fmlbxdvc.sys [x]
1 frftzliu; \??\C:\windows\system32\drivers\frftzliu.sys [x]
1 fwzkrmeg; \??\C:\windows\system32\drivers\fwzkrmeg.sys [x]
1 gcjtjawg; \??\C:\windows\system32\drivers\gcjtjawg.sys [x]
1 gqzwfosl; \??\C:\windows\system32\drivers\gqzwfosl.sys [x]
1 gsdhqjaz; \??\C:\windows\system32\drivers\gsdhqjaz.sys [x]
1 gyavlnbm; \??\C:\windows\system32\drivers\gyavlnbm.sys [x]
1 gzedvbur; \??\C:\windows\system32\drivers\gzedvbur.sys [x]
1 gzlcbmof; \??\C:\windows\system32\drivers\gzlcbmof.sys [x]
1 ibliytmm; \??\C:\windows\system32\drivers\ibliytmm.sys [x]
1 icnywlow; \??\C:\windows\system32\drivers\icnywlow.sys [x]
1 iczkyrvb; \??\C:\windows\system32\drivers\iczkyrvb.sys [x]
1 ifelazdp; \??\C:\windows\system32\drivers\ifelazdp.sys [x]
1 iforuohj; \??\C:\windows\system32\drivers\iforuohj.sys [x]
1 ilewqtct; \??\C:\windows\system32\drivers\ilewqtct.sys [x]
1 jqxypkou; \??\C:\windows\system32\drivers\jqxypkou.sys [x]
1 khkntfmz; \??\C:\windows\system32\drivers\khkntfmz.sys [x]
1 ksksybkd; \??\C:\windows\system32\drivers\ksksybkd.sys [x]
1 kuizlsgq; \??\C:\windows\system32\drivers\kuizlsgq.sys [x]
1 lhbniliu; \??\C:\windows\system32\drivers\lhbniliu.sys [x]
1 lkdrqumg; \??\C:\windows\system32\drivers\lkdrqumg.sys [x]
1 lkgcyqjx; \??\C:\windows\system32\drivers\lkgcyqjx.sys [x]
1 lmokwjem; \??\C:\windows\system32\drivers\lmokwjem.sys [x]
1 lwdfegon; \??\C:\windows\system32\drivers\lwdfegon.sys [x]
4 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [x]
1 meyunjig; \??\C:\windows\system32\drivers\meyunjig.sys [x]
1 mgmtilwe; \??\C:\windows\system32\drivers\mgmtilwe.sys [x]
1 mhfxuheu; \??\C:\windows\system32\drivers\mhfxuheu.sys [x]
1 mnvoysap; \??\C:\windows\system32\drivers\mnvoysap.sys [x]
1 mosjhpqb; \??\C:\windows\system32\drivers\mosjhpqb.sys [x]
1 mqlaehxy; \??\C:\windows\system32\drivers\mqlaehxy.sys [x]
1 mwsxcgim; \??\C:\windows\system32\drivers\mwsxcgim.sys [x]
1 mwvtffvo; \??\C:\windows\system32\drivers\mwvtffvo.sys [x]
1 mzueewpk; \??\C:\windows\system32\drivers\mzueewpk.sys [x]
1 neegojfo; \??\C:\windows\system32\drivers\neegojfo.sys [x]
1 nktdpbxu; \??\C:\windows\system32\drivers\nktdpbxu.sys [x]
1 nobpbwvu; \??\C:\windows\system32\drivers\nobpbwvu.sys [x]
1 npheatbq; \??\C:\windows\system32\drivers\npheatbq.sys [x]
1 nrfjjhoc; \??\C:\windows\system32\drivers\nrfjjhoc.sys [x]
1 nvoanvph; \??\C:\windows\system32\drivers\nvoanvph.sys [x]
1 obccthct; \??\C:\windows\system32\drivers\obccthct.sys [x]
1 odfbgnfg; \??\C:\windows\system32\drivers\odfbgnfg.sys [x]
1 ohgeshps; \??\C:\windows\system32\drivers\ohgeshps.sys [x]
1 ojyorraf; \??\C:\windows\system32\drivers\ojyorraf.sys [x]
1 oovaaqpc; \??\C:\windows\system32\drivers\oovaaqpc.sys [x]
1 orwdisrq; \??\C:\windows\system32\drivers\orwdisrq.sys [x]
1 oylnjtmf; \??\C:\windows\system32\drivers\oylnjtmf.sys [x]
1 pirouszt; \??\C:\windows\system32\drivers\pirouszt.sys [x]
1 pkmwolrc; \??\C:\windows\system32\drivers\pkmwolrc.sys [x]
1 pojzbnmx; \??\C:\windows\system32\drivers\pojzbnmx.sys [x]
1 povrhfmx; \??\C:\windows\system32\drivers\povrhfmx.sys [x]
1 purjpohm; \??\C:\windows\system32\drivers\purjpohm.sys [x]
1 qmemvkit; \??\C:\windows\system32\drivers\qmemvkit.sys [x]
1 qolzzurc; \??\C:\windows\system32\drivers\qolzzurc.sys [x]
1 qqoensdf; \??\C:\windows\system32\drivers\qqoensdf.sys [x]
1 qqsuylpa; \??\C:\windows\system32\drivers\qqsuylpa.sys [x]
1 qtytixvq; \??\C:\windows\system32\drivers\qtytixvq.sys [x]
1 rotxbggs; \??\C:\windows\system32\drivers\rotxbggs.sys [x]
1 rslhstgl; \??\C:\windows\system32\drivers\rslhstgl.sys [x]
1 saiweawc; \??\C:\windows\system32\drivers\saiweawc.sys [x]
1 SBRE; \??\C:\windows\system32\drivers\SBREdrv.sys [x]
1 sdcjaqec; \??\C:\windows\system32\drivers\sdcjaqec.sys [x]
1 sdtmhung; \??\C:\windows\system32\drivers\sdtmhung.sys [x]
1 skiubcik; \??\C:\windows\system32\drivers\skiubcik.sys [x]
1 slqercug; \??\C:\windows\system32\drivers\slqercug.sys [x]
1 sngiavfx; \??\C:\windows\system32\drivers\sngiavfx.sys [x]
1 sqbiibys; \??\C:\windows\system32\drivers\sqbiibys.sys [x]
1 swgpcjmu; \??\C:\windows\system32\drivers\swgpcjmu.sys [x]
3 TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x]
1 tgtthivk; \??\C:\windows\system32\drivers\tgtthivk.sys [x]
1 thajcdyi; \??\C:\windows\system32\drivers\thajcdyi.sys [x]
1 tmduurtn; \??\C:\windows\system32\drivers\tmduurtn.sys [x]
1 tpjvrfnj; \??\C:\windows\system32\drivers\tpjvrfnj.sys [x]
1 tsteavwk; \??\C:\windows\system32\drivers\tsteavwk.sys [x]
1 ttcmopyp; \??\C:\windows\system32\drivers\ttcmopyp.sys [x]
1 tuckcipi; \??\C:\windows\system32\drivers\tuckcipi.sys [x]
1 ueocwbhq; \??\C:\windows\system32\drivers\ueocwbhq.sys [x]
1 upfpayoe; \??\C:\windows\system32\drivers\upfpayoe.sys [x]
1 utagbpyi; \??\C:\windows\system32\drivers\utagbpyi.sys [x]
1 valkcuiq; \??\C:\windows\system32\drivers\valkcuiq.sys [x]
1 vdrhlegy; \??\C:\windows\system32\drivers\vdrhlegy.sys [x]
1 vlahtuzj; \??\C:\windows\system32\drivers\vlahtuzj.sys [x]
1 vsduwfru; \??\C:\windows\system32\drivers\vsduwfru.sys [x]
1 vtxlpblw; \??\C:\windows\system32\drivers\vtxlpblw.sys [x]
1 vxosmewd; \??\C:\windows\system32\drivers\vxosmewd.sys [x]
1 wmmxkjsc; \??\C:\windows\system32\drivers\wmmxkjsc.sys [x]
1 wmxmskgu; \??\C:\windows\system32\drivers\wmxmskgu.sys [x]
1 wwkosvjm; \??\C:\windows\system32\drivers\wwkosvjm.sys [x]
1 wzhummnt; \??\C:\windows\system32\drivers\wzhummnt.sys [x]
1 xkohncwz; \??\C:\windows\system32\drivers\xkohncwz.sys [x]
1 xqloqkty; \??\C:\windows\system32\drivers\xqloqkty.sys [x]
1 xsaqznjj; \??\C:\windows\system32\drivers\xsaqznjj.sys [x]
1 xzgpjbfp; \??\C:\windows\system32\drivers\xzgpjbfp.sys [x]
1 ybimsula; \??\C:\windows\system32\drivers\ybimsula.sys [x]
1 yxckvmuc; \??\C:\windows\system32\drivers\yxckvmuc.sys [x]
1 yygujcar; \??\C:\windows\system32\drivers\yygujcar.sys [x]
1 yzdpctpc; \??\C:\windows\system32\drivers\yzdpctpc.sys [x]
1 zdvfkrrd; \??\C:\windows\system32\drivers\zdvfkrrd.sys [x]
1 zgwgzjgc; \??\C:\windows\system32\drivers\zgwgzjgc.sys [x]
1 ziqlkate; \??\C:\windows\system32\drivers\ziqlkate.sys [x]
1 zjilhhcd; \??\C:\windows\system32\drivers\zjilhhcd.sys [x]
1 zplogtdg; \??\C:\windows\system32\drivers\zplogtdg.sys [x]
1 zpsluajv; \??\C:\windows\system32\drivers\zpsluajv.sys [x]
1 zxrkzbjk; \??\C:\windows\system32\drivers\zxrkzbjk.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: vetmonnt

============ One Month Created Files and Folders ==============

2012-05-06 00:40 - 2011-11-12 19:20 - 0000000 ____D C:\FRST
2012-05-05 20:18 - 2012-02-17 05:11 - 0016053 ____A C:\Users\Monique K Sarkessian\Documents\Enter System Recovery Options.docx
2012-05-05 13:59 - 2012-05-05 20:18 - 0013223 ____A C:\Users\Monique K Sarkessian\Documents\I still cant.docx
2012-05-05 13:56 - 2011-11-13 13:51 - 1390663 ____A C:\Users\Monique K Sarkessian\Downloads\FRST64.exe
2012-05-05 12:12 - 2012-05-05 13:59 - 0000000 ____D C:\Users\Monique K Sarkessian\Documents\Monique's files to back up
2012-05-05 12:06 - 2012-04-18 19:57 - 0000000 ____A C:\Users\Monique K Sarkessian\defogger_reenable
2012-05-05 11:45 - 2012-02-01 15:51 - 0000000 ____D C:\Users\Monique K Sarkessian\Desktop\Garabed Stuff
2012-05-05 11:07 - 2010-11-20 19:24 - 0000000 ____D C:\Windows\System32\MpEngineStore
2012-05-04 20:03 - 2012-05-05 11:47 - 0000000 ____D C:\Users\Monique K Sarkessian\Desktop\gmer
2012-05-04 18:34 - 2010-11-20 19:23 - 0094296 ____A (Sunbelt Software, Inc.) C:\Windows\System32\Drivers\sbtis.sys
2012-05-04 18:34 - - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Local\adaware
2012-05-04 18:33 - 2011-04-05 13:35 - 0084568 ____A (Sunbelt Software, Inc.) C:\Windows\System32\Drivers\SbFwIm.sys
2012-05-04 18:32 - 2012-05-04 18:35 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Local\adawarebp
2012-05-04 18:31 - 2012-05-04 19:19 - 0000000 ____D C:\Program Files (x86)\adawaretb
2012-05-03 17:10 - 2012-05-05 11:27 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Roaming\SUPERAntiSpyware.com
2012-05-03 17:09 - 2011-07-26 18:49 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-05-03 17:09 - 2011-07-26 18:49 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-05-03 17:09 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-05-03 15:48 - 2012-04-24 08:29 - 0000000 ____D C:\a092862794172fd6ec
2012-05-03 15:25 - 2011-11-12 18:03 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
2012-05-03 15:24 - 2011-11-12 18:12 - 0000000 ____D C:\Users\All Users\Virtualized Applications
2012-05-03 15:24 - 2011-11-12 18:12 - 0000000 ____D C:\ProgramData\Virtualized Applications
2012-05-02 18:42 - 2012-04-11 03:09 - 0000000 ____D C:\Users\All Users\Mozilla
2012-05-02 18:42 - 2012-04-11 03:09 - 0000000 ____D C:\ProgramData\Mozilla
2012-05-02 18:12 - 2012-05-03 17:37 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Local\Secunia PSI
2012-05-02 18:12 - 2012-04-15 05:02 - 0000000 ____D C:\Program Files (x86)\Secunia
2012-05-02 18:12 - 2009-07-13 16:06 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\duexozdx.sys
2012-05-02 17:54 - 2010-11-20 19:23 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hpzlhxtn.sys
2012-05-02 17:42 - 2012-04-25 14:03 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\zrtmdstx.sys
2012-05-01 20:11 - 2012-05-04 21:43 - 0000000 ____D C:\Program Files (x86)\Shutterfly
2012-05-01 10:14 - 2012-04-12 05:21 - 0000162 ___AH C:\Users\Monique K Sarkessian\Documents\~$nique Kendikian Sarkessian QR scan codemedt.docx
2012-04-30 14:38 - 2011-11-01 13:11 - 0000162 ___AH C:\Users\Monique K Sarkessian\Downloads\~$plication - Changes- revision 1 (1).docx
2012-04-30 14:37 - 2011-12-30 06:38 - 0019433 ____A C:\Users\Monique K Sarkessian\Downloads\Application - Changes- revision 1 (1).docx
2012-04-30 10:40 - 2012-04-22 15:47 - 5611869 ____A C:\Users\Monique K Sarkessian\Downloads\MoniqueKS mentionart jazz articleCCL_MJ12_p38-40.pdf
2012-04-30 10:38 - 2012-04-12 06:24 - 0000011 ____A C:\Users\Monique K Sarkessian\Downloads\web-size(2).zip
2012-04-30 10:31 - 2012-04-30 10:38 - 13184592 ____A C:\Users\Monique K Sarkessian\Downloads\web-size(2).zip.part
2012-04-30 05:30 - 2012-04-26 01:37 - 0381940 ____A C:\Users\Monique K Sarkessian\Downloads\SummerHangout summerhill april 2012.pdf
2012-04-29 15:37 - 2012-03-03 19:17 - 6472339 ____A C:\Users\Monique K Sarkessian\Downloads\CCL_MJ12_p38-40.pdf
2012-04-28 07:13 - 2009-07-13 17:32 - 0000104 ____A C:\Windows\System32\SBRC.dat
2012-04-28 01:04 - 2012-01-29 15:28 - 0000162 ___AH C:\Users\Monique K Sarkessian\Documents\~$12 advocate price stickers.docx
2012-04-27 17:04 - 2011-05-11 12:26 - 0253528 ____A (Sunbelt Software, Inc.) C:\Windows\System32\Drivers\SbFw.sys
2012-04-27 17:04 - 2011-02-08 05:14 - 0060504 ____A (Sunbelt Software, Inc.) C:\Windows\System32\Drivers\sbhips.sys
2012-04-27 17:04 - 2009-07-13 17:41 - 0045904 ____A (Sunbelt Software) C:\Windows\System32\sbbd(3891).exe
2012-04-27 06:15 - 2012-04-27 06:15 - 0000000 __ASH C:\Windows\System32\config\system.sav.LOG2
2012-04-27 06:15 - 2012-04-27 06:15 - 0000000 __ASH C:\Windows\System32\config\software.sav.LOG2
2012-04-27 06:15 - 2009-07-13 18:34 - 0017408 __ASH C:\Windows\System32\config\system.sav.LOG1
2012-04-27 06:15 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\software.sav.LOG1
2012-04-27 06:13 - 2012-04-27 06:13 - 0000000 __ASH C:\Windows\System32\config\security.sav.LOG2
2012-04-27 06:13 - 2012-04-27 06:13 - 0000000 __ASH C:\Windows\System32\config\sam.sav.LOG2
2012-04-27 06:13 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\security.sav.LOG1
2012-04-27 06:13 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\sam.sav.LOG1
2012-04-26 16:46 - 2009-07-13 18:34 - 0000000 ____D C:\Windows\System32\config\RCCBakup
2012-04-26 16:19 - 2011-09-18 08:57 - 0000000 ____D C:\Program Files (x86)\Trend Micro
2012-04-26 16:08 - 2012-05-03 17:10 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Roaming\Systweak
2012-04-26 14:53 - 2011-11-16 22:49 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\kssgogcr.sys
2012-04-26 14:36 - 2012-01-21 13:13 - 0007611 ____A C:\Users\Monique K Sarkessian\AppData\Local\resmon.resmoncfg
2012-04-26 13:27 - 2009-07-13 15:19 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\nunkamql.sys
2012-04-26 12:03 - 2012-03-29 06:56 - 3113077 ____A C:\Users\Monique K Sarkessian\Desktop\Sarkessian Family.jpg
2012-04-26 11:20 - 2012-04-20 09:24 - 1858601 ____A C:\Users\Monique K Sarkessian\Desktop\Monique Kendikian-Sarkessian head shot 2.JPG
2012-04-26 11:19 - 2012-04-26 11:20 - 1894468 ____A C:\Users\Monique K Sarkessian\Desktop\Monique Kendikian-Sarkessian head shot.JPG
2012-04-26 11:13 - 2012-03-31 14:22 - 1364317 ____A C:\Users\Monique K Sarkessian\Desktop\Monique And Garabed Sarkessian.JPG
2012-04-26 11:07 - 2012-04-24 08:48 - 4879430 ____A C:\Users\Monique K Sarkessian\Downloads\RTemptationThursday.JPG
2012-04-26 11:01 - 2010-11-20 19:24 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\edaslgkg.sys
2012-04-26 10:57 - 2012-04-30 14:37 - 1497253 ____A C:\Users\Monique K Sarkessian\Downloads\Art and Jazz SPRINGFEST on the Main Line.pdf
2012-04-26 10:50 - 2012-04-25 05:15 - 4879430 ____A C:\Users\Monique K Sarkessian\Desktop\RTemptationThursday.JPG
2012-04-26 10:38 - 2012-04-25 08:15 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\jnmemfsj.sys
2012-04-26 02:22 - 2010-11-20 19:23 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xdvlcrql.sys
2012-04-25 14:03 - 2012-04-26 02:22 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ymnqfadm.sys
2012-04-25 08:15 - 2009-07-13 17:48 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\jgmpnkzl.sys
2012-04-25 05:15 - 2012-04-23 17:19 - 5748166 ____A C:\Users\Monique K Sarkessian\Desktop\RTempatation.JPG
2012-04-24 17:42 - 2012-03-27 12:34 - 6051351 ____A C:\Users\Monique K Sarkessian\Desktop\Temptation preliminary.JPG
2012-04-24 16:45 - 2012-04-15 15:10 - 0000064 ___RH C:\Users\Monique K Sarkessian\Downloads\stinger.opt
2012-04-24 15:12 - 2012-04-24 15:10 - 0198824 ____A C:\Users\Monique K Sarkessian\Desktop\RHaines12.jpg
2012-04-24 15:11 - 2012-04-24 09:08 - 0190873 ____A C:\Users\Monique K Sarkessian\Desktop\RHaines10.jpg
2012-04-24 15:11 - - 0000000 ___HD C:\Users\Monique K Sarkessian\Desktop\.picasaoriginals
2012-04-24 15:10 - 2012-04-24 15:11 - 0153784 ____A C:\Users\Monique K Sarkessian\Desktop\RHaines11.JPG
2012-04-24 09:57 - 2012-04-18 15:16 - 5836242 ____A C:\Users\Monique K Sarkessian\Desktop\In The Cool Of The Day.JPG
2012-04-24 09:10 - 2012-04-24 09:09 - 0497084 ____A C:\Users\Monique K Sarkessian\Desktop\RHaines8.JPG
2012-04-24 09:09 - 2012-04-24 15:12 - 0771838 ____A C:\Users\Monique K Sarkessian\Desktop\RHaines4.JPG
2012-04-24 09:09 - 2012-04-24 09:09 - 0930020 ____A C:\Users\Monique K Sarkessian\Desktop\RHaines5.JPG
2012-04-24 09:08 - 2012-04-04 04:31 - 0902156 ____A C:\Users\Monique K Sarkessian\Desktop\RHaines1.JPG
2012-04-24 08:48 - 2012-04-24 08:48 - 0929229 ____A C:\Users\Monique K Sarkessian\Downloads\RHaines5.JPG
2012-04-24 08:48 - 2012-04-24 08:48 - 0861957 ____A C:\Users\Monique K Sarkessian\Downloads\RHaines6.JPG
2012-04-24 08:48 - 2012-04-24 08:47 - 0771047 ____A C:\Users\Monique K Sarkessian\Downloads\RHaines4.JPG
2012-04-24 08:47 - 2012-04-24 08:47 - 0862232 ____A C:\Users\Monique K Sarkessian\Downloads\RHaines3.JPG
2012-04-24 08:47 - 2012-04-24 08:47 - 0500750 ____A C:\Users\Monique K Sarkessian\Downloads\RHaines10.jpg
2012-04-24 08:47 - 2012-01-15 13:25 - 0901365 ____A C:\Users\Monique K Sarkessian\Downloads\RHaines1.JPG
2012-04-24 08:47 - 2011-11-24 15:16 - 0496293 ____A C:\Users\Monique K Sarkessian\Downloads\DSC00512(1).JPG
2012-04-23 17:19 - 2012-04-23 17:19 - 0012582 ____A C:\Users\Monique K Sarkessian\Desktop\Rosemary Hanes2.jpg
2012-04-23 17:19 - 2012-04-13 17:49 - 0009476 ____A C:\Users\Monique K Sarkessian\Desktop\Rosemary Hanes.jpg
2012-04-23 02:07 - 2011-11-02 05:29 - 0000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2012-04-23 02:06 - 2012-04-18 17:13 - 0000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2012-04-23 02:06 - - 0000000 ____D C:\Users\All Users\Ad-Aware Browsing Protection
2012-04-23 02:06 - - 0000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2012-04-22 17:15 - 2011-11-09 17:54 - 0000000 ____D C:\011b12d496168078328a
2012-04-22 16:51 - 2012-05-04 22:21 - 0001945 ____A C:\Windows\epplauncher.mif
2012-04-22 16:50 - 2011-11-01 13:19 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-04-22 16:50 - 2011-11-01 13:16 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-04-22 16:48 - 2012-04-30 10:40 - 10165440 ____A (Microsoft Corporation) C:\Users\Monique K Sarkessian\Downloads\mseinstall.exe
2012-04-22 15:55 - 2012-01-21 13:12 - 0001205 ____A C:\Users\Monique K Sarkessian\Downloads\FixNCR.reg
2012-04-22 15:48 - 2011-07-26 18:49 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Roaming\Malwarebytes
2012-04-22 15:47 - 2012-05-05 20:14 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-22 15:47 - 2012-05-05 20:14 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-22 15:47 - 2011-11-01 10:01 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Monique K Sarkessian\Downloads\mbam-setup-1.61.0.1400.exe
2012-04-22 14:59 - 2009-07-13 17:40 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-22 14:58 - 2012-05-05 20:33 - 0000000 ____D C:\Windows\system64
2012-04-22 14:57 - 2012-02-22 15:44 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Local\XACT
2012-04-22 14:11 - 2012-04-16 06:41 - 0039564 ____A C:\Users\Monique K Sarkessian\Desktop\noune cake totoro.jpg
2012-04-20 09:24 - 2012-04-26 11:13 - 0065617 ____A C:\Users\Monique K Sarkessian\Desktop\Monique Kendikian-Sarkessian Advocate bio.docx
2012-04-19 13:38 - 2012-04-24 08:47 - 0027118 ____A C:\Users\Monique K Sarkessian\Downloads\E911_notice.pdf
2012-04-18 19:57 - 2011-11-02 10:19 - 0000952 __ASH C:\Users\All Users\KGyGaAvL.sys
2012-04-18 19:57 - 2011-11-02 10:19 - 0000952 __ASH C:\ProgramData\KGyGaAvL.sys
2012-04-18 19:57 - 2011-10-30 20:15 - 0000000 ____D C:\Users\Monique K Sarkessian\Corel
2012-04-18 19:29 - 2012-04-18 18:39 - 5446585 ____A C:\Users\Monique K Sarkessian\Desktop\LGWL8.JPG
2012-04-18 18:39 - 2012-04-18 18:37 - 0339677 ____A C:\Users\Monique K Sarkessian\Desktop\LGWL7.JPG
2012-04-18 18:37 - 2012-04-18 18:34 - 0931614 ____A C:\Users\Monique K Sarkessian\Desktop\LGWL6.JPG
2012-04-18 18:34 - 2012-04-18 18:29 - 2164161 ____A C:\Users\Monique K Sarkessian\Desktop\LGWL5.JPG
2012-04-18 18:29 - 2012-04-18 18:28 - 1195925 ____A C:\Users\Monique K Sarkessian\Desktop\LGWL4.JPG
2012-04-18 18:28 - 2012-04-18 18:25 - 1553401 ____A C:\Users\Monique K Sarkessian\Desktop\LGWL3.JPG
2012-04-18 18:25 - 2012-03-29 14:12 - 5083250 ____A C:\Users\Monique K Sarkessian\Desktop\LGWL2.JPG
2012-04-18 17:12 - 2012-01-13 15:46 - 4660204 ____A (TOKIDOKI LLC. ) C:\Users\Monique K Sarkessian\Downloads\tokidoki_setup(1).exe
2012-04-18 17:04 - 2012-05-04 20:05 - 8744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-18 16:12 - 2011-11-12 16:30 - 0022818 ____A C:\Users\Monique K Sarkessian\Downloads\Prospectus.InventorySheet(1).pdf
2012-04-18 16:10 - - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-18 16:08 - 2009-07-13 17:14 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-18 15:26 - 2012-04-11 15:05 - 1826710 ____A C:\Users\Monique K Sarkessian\Desktop\waterlilypink.jpg
2012-04-18 15:16 - 2012-05-04 20:03 - 2608292 ____A C:\Users\Monique K Sarkessian\Desktop\Gryphonlatteheart.jpg
2012-04-18 15:08 - 2012-04-15 05:28 - 5383089 ____A C:\Users\Monique K Sarkessian\Desktop\Ireland's lantern.JPG
2012-04-18 15:05 - 2011-12-15 07:09 - 5800510 ____A C:\Users\Monique K Sarkessian\Desktop\winterthurpool.JPG
2012-04-18 14:46 - 2012-04-18 16:12 - 0022818 ____A C:\Users\Monique K Sarkessian\Downloads\Prospectus.InventorySheet.pdf
2012-04-16 06:45 - 2012-04-16 06:44 - 0000396 ____A C:\Users\Monique K Sarkessian\Desktop\mkswebsiteqrcodexlimg.php.png
2012-04-16 06:44 - 2012-04-15 05:25 - 0000396 ____A C:\Users\Monique K Sarkessian\Desktop\MKSwebsiteqrcodelargeimg.php.png
2012-04-16 06:42 - 2012-02-04 07:37 - 0000478 ____A C:\Users\Monique K Sarkessian\Desktop\moniquekendikiansarkessianqrcodemedimg.php.png
2012-04-16 06:41 - 2012-04-16 06:42 - 0000507 ____A C:\Users\Monique K Sarkessian\Desktop\Moniquekendikiansarkessianqrcodesmall.png
2012-04-16 04:49 - 2011-11-21 16:24 - 4071782 ____A C:\Users\Monique K Sarkessian\Downloads\Copy of spring break45.JPG
2012-04-15 15:10 - 2011-11-12 18:02 - 24062357 ____A C:\Users\Monique K Sarkessian\Downloads\some pics from the egg hunt.zip
2012-04-15 15:09 - 2012-04-16 04:49 - 2582837 ____A C:\Users\Monique K Sarkessian\Downloads\Copy of spring break55(1).JPG
2012-04-15 15:08 - 2012-04-15 15:09 - 2582837 ____A C:\Users\Monique K Sarkessian\Downloads\Copy of spring break55.JPG
2012-04-15 05:15 - 2012-04-15 04:48 - 2558551 ____A C:\Users\Monique K Sarkessian\Desktop\angel1photo.JPG
2012-04-15 05:13 - 2012-04-10 06:15 - 4712153 ____A C:\Users\Monique K Sarkessian\Desktop\mamabababw.JPG
2012-04-15 05:10 - 2012-04-15 05:15 - 2698971 ____A C:\Users\Monique K Sarkessian\Desktop\angelphoto.JPG
2012-04-15 05:10 - 2012-04-15 05:10 - 3755925 ____A C:\Users\Monique K Sarkessian\Desktop\angelphoto2.JPG
2012-04-15 05:02 - 2011-11-01 10:22 - 0002521 ____A C:\Users\Public\Desktop\Safari.lnk
2012-04-15 05:00 - 2012-02-05 14:10 - 0001794 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-15 04:59 - 2012-04-24 08:29 - 0000000 ____D C:\Program Files\iPod
2012-04-15 04:59 - 2012-04-15 04:59 - 0000000 ____D C:\Program Files\iTunes
2012-04-15 04:48 - 2012-04-10 05:08 - 0118319 ____A C:\Users\Monique K Sarkessian\Desktop\angel moving.jpg
2012-04-14 06:52 - 2012-04-19 13:38 - 0019852 ____A C:\Users\Monique K Sarkessian\Downloads\Entry Form Paint Town WC.pdf
2012-04-14 06:50 - 2012-04-26 10:57 - 0039245 ____A C:\Users\Monique K Sarkessian\Downloads\Artist Detail Info.pdf
2012-04-14 05:33 - 2012-04-04 08:42 - 0225214 ____A C:\Users\Monique K Sarkessian\Desktop\MKSArt News April-May2012.docx
2012-04-13 17:49 - 2012-04-24 09:10 - 0378754 ____A C:\Users\Monique K Sarkessian\Desktop\rockartcareer.pdf
2012-04-13 17:49 - 2012-04-15 05:10 - 0148969 ____A C:\Users\Monique K Sarkessian\Desktop\artbizcoach-top10.pdf
2012-04-12 14:05 - 2012-04-18 15:26 - 0038256 ____A C:\Users\Monique K Sarkessian\Desktop\WestChesterCCAAArtist Detail Info.pdf
2012-04-12 14:03 - 2012-04-24 09:57 - 0401183 ____A C:\Users\Monique K Sarkessian\Desktop\Invitation to Chaplain's Reception (1).pdf
2012-04-12 06:24 - 2012-01-30 11:08 - 14210564 ____A C:\Users\Monique K Sarkessian\Downloads\web-size(1).zip
2012-04-12 05:21 - 2012-03-13 17:55 - 0000162 ___AH C:\Users\Monique K Sarkessian\Documents\~$NIQUE KENDIKIAN Sarkessian CV Mar2012.docx
2012-04-11 15:05 - 2012-04-24 17:42 - 1700164 ____A C:\Users\Monique K Sarkessian\Desktop\vfparkredtreepan.JPG
2012-04-11 09:04 - 2012-04-30 10:31 - 14210564 ____A C:\Users\Monique K Sarkessian\Downloads\web-size.zip
2012-04-11 03:07 - 2012-02-27 23:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-11 03:07 - 2012-02-27 22:56 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-11 03:07 - 2012-02-27 22:48 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-11 03:07 - 2012-02-27 22:45 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-11 03:07 - 2012-02-27 22:42 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-11 03:07 - 2012-02-27 17:52 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-11 03:07 - 2012-02-27 17:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-11 03:07 - 2012-02-27 17:09 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-11 03:07 - 2012-02-27 17:06 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-11 03:07 - 2012-02-27 17:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-11 03:07 - 2011-07-26 18:39 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-11 03:07 - 2011-07-26 18:39 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-11 03:07 - 2011-07-26 18:39 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-11 03:07 - 2011-07-26 18:39 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-11 03:07 - 2011-07-26 18:39 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-11 03:07 - 2011-07-26 18:39 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-11 03:07 - 2011-07-26 18:39 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-11 03:07 - 2011-07-26 18:39 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-11 03:07 - 2011-05-02 21:29 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-11 03:07 - 2011-05-02 20:30 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-11 03:07 - 2010-11-20 19:24 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-11 03:07 - 2010-11-20 19:23 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-11 03:07 - 2009-07-13 17:41 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-11 03:07 - 2009-07-13 17:38 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-11 03:07 - 2009-07-13 17:16 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-11 03:07 - 2009-07-13 17:14 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-11 03:06 - 2009-07-13 17:41 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-11 03:06 - 2009-07-13 17:16 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-04-11 03:06 - 2009-07-13 17:16 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-11 03:01 - 2011-09-08 14:48 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-11 03:01 - 2011-09-08 14:48 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-11 03:01 - 2009-07-13 17:47 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-11 03:01 - 2009-07-13 17:38 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-11 03:01 - 2009-07-13 17:33 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-11 03:01 - 2009-07-13 17:14 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-11 03:01 - 2009-07-13 17:11 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-10 06:15 - 2012-04-18 19:29 - 0049861 ____A C:\Users\Monique K Sarkessian\Desktop\mahogany.html
2012-04-10 06:15 - 2012-04-10 06:15 - 0000000 ____D C:\Users\Monique K Sarkessian\Desktop\mahogany_files
2012-04-10 05:11 - 2012-05-05 11:57 - 0000000 ____A C:\Windows\setuperr.log
2012-04-10 05:11 - 2012-05-04 22:08 - 0002428 ____A C:\Windows\setupact.log
2012-04-10 05:08 - 2011-11-21 15:55 - 0023904 ____A C:\Users\Monique K Sarkessian\Desktop\ameliaclean booth shot.jpg

============ 3 Months Modified Files and Folders =============

2012-05-06 00:41 - 2012-05-06 00:40 - 0000000 ____D C:\FRST
2012-05-05 20:34 - 2012-04-22 14:57 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Local\XACT
2012-05-05 20:34 - 2011-09-18 08:04 - 117010432 __ASH C:\hiberfil.sys
2012-05-05 20:34 - 2010-11-20 19:47 - 1263108 ____A C:\Windows\PFRO.log
2012-05-05 20:33 - 2011-09-18 08:07 - 1422947 ____A C:\Windows\WindowsUpdate.log
2012-05-05 20:27 - 2011-09-18 08:46 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-05-05 20:18 - 2012-05-05 20:18 - 0016053 ____A C:\Users\Monique K Sarkessian\Documents\Enter System Recovery Options.docx
2012-05-05 20:14 - 2011-11-02 05:33 - 0000000 ____D C:\Users\All Users\Lx_cats
2012-05-05 20:14 - 2011-11-02 05:33 - 0000000 ____D C:\ProgramData\Lx_cats
2012-05-05 20:04 - 2012-04-18 16:10 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-05-05 20:01 - 2012-01-18 16:00 - 0000418 ____A C:\Windows\SysWOW64\AppLog.log
2012-05-05 19:07 - 2012-01-18 15:23 - 0000316 ____A C:\Windows\Tasks\RMSchedule.job
2012-05-05 14:27 - 2009-07-13 21:13 - 0747658 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-05 13:59 - 2012-05-05 13:59 - 0013223 ____A C:\Users\Monique K Sarkessian\Documents\I still cant.docx
2012-05-05 13:56 - 2012-05-05 13:56 - 1390663 ____A C:\Users\Monique K Sarkessian\Downloads\FRST64.exe
2012-05-05 12:13 - 2012-05-05 12:12 - 0000000 ____D C:\Users\Monique K Sarkessian\Documents\Monique's files to back up
2012-05-05 12:06 - 2012-05-05 12:06 - 0000000 ____A C:\Users\Monique K Sarkessian\defogger_reenable
2012-05-05 12:06 - 2011-10-30 20:15 - 0000000 ____D C:\users\Monique K Sarkessian
2012-05-05 12:04 - 2012-01-21 13:12 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-05-05 11:57 - 2012-04-10 05:11 - 0002428 ____A C:\Windows\setupact.log
2012-05-05 11:47 - 2012-05-05 11:45 - 0000000 ____D C:\Users\Monique K Sarkessian\Desktop\Garabed Stuff
2012-05-05 11:34 - 2009-07-13 20:45 - 0024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-05 11:34 - 2009-07-13 20:45 - 0024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-05 11:27 - 2012-01-19 16:17 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Roaming\SoftGrid Client
2012-05-05 11:27 - 2011-09-18 08:46 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-05-05 11:07 - 2012-05-05 11:07 - 0000000 ____D C:\Windows\System32\MpEngineStore
2012-05-04 22:21 - 2012-01-18 15:22 - 0000000 ____D C:\Program Files (x86)\PC Tools Registry Mechanic
2012-05-04 22:21 - 2010-11-20 23:06 - 0000000 ____D C:\Windows\SysWOW64\sysprep
2012-05-04 22:21 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Offline Web Pages
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 __RSD C:\Windows\Media
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\TAPI
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Recovery
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-TW
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-HK
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-CN
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\uk-UA
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\tr-TR
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\th-TH
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sv-SE
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sr-Latn-CS
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sl-SI
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sk-SK
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Setup
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ru-RU
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ro-RO
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Recovery
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ras
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pt-PT
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pt-BR
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pl-PL
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\nl-NL
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\nb-NO
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\manifeststore
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\lv-LV
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\lt-LT
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ko-KR
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ja-JP
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\it-IT
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ias
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\hu-HU
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\hr-HR
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\he-IL
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\fr-FR
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\fi-FI
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\et-EE
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\es-ES
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\el-GR
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\de-DE
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\da-DK
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\com
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\bg-BG
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ar-SA
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-05-04 22:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\L2Schemas
2012-05-04 22:17 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-05-04 22:14 - 2011-12-20 17:00 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-05-04 22:14 - 2011-12-19 20:11 - 0000000 ____D C:\Users\All Users\FLEXnet
2012-05-04 22:14 - 2011-12-19 20:11 - 0000000 ____D C:\ProgramData\FLEXnet
2012-05-04 22:14 - 2011-11-12 18:03 - 0000000 ____D C:\Program Files (x86)\Yontoo Layers Runtime
2012-05-04 22:14 - 2011-11-12 18:03 - 0000000 ____D C:\Program Files (x86)\Free Offers from Freeze.com
2012-05-04 22:14 - 2011-07-26 19:05 - 0000000 ____D C:\Windows\en
2012-05-04 22:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-05-04 22:10 - 2012-01-18 13:20 - 0000000 ____D C:\Windows\SysWOW64\Adobe
2012-05-04 22:09 - 2010-11-20 23:06 - 0000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2012-05-04 22:09 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spool
2012-05-04 22:09 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Msdtc
2012-05-04 22:08 - 2009-07-13 20:45 - 0000000 ___AD C:\Windows\Setup
2012-05-04 22:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2012-05-04 22:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\schemas
2012-05-04 22:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Resources
2012-05-04 22:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PLA
2012-05-04 22:06 - 2012-04-22 15:48 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Roaming\Malwarebytes
2012-05-04 22:06 - 2011-12-20 17:00 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Roaming\Skype
2012-05-04 22:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\IME
2012-05-04 22:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Help
2012-05-04 22:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Globalization
2012-05-04 22:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Branding
2012-05-04 22:05 - 2011-12-20 17:00 - 0000000 ____D C:\Users\All Users\Skype
2012-05-04 22:05 - 2011-12-20 17:00 - 0000000 ____D C:\ProgramData\Skype
2012-05-04 22:05 - 2011-11-01 13:14 - 0000000 __RHD C:\MSOCache
2012-05-04 21:43 - 2012-05-02 18:12 - 0000000 ____D C:\Program Files (x86)\Secunia
2012-05-04 20:05 - 2012-04-18 16:08 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-04 20:05 - 2011-07-26 18:49 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-04 20:04 - 2012-04-18 17:04 - 8744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 20:03 - 2012-05-04 20:03 - 0000000 ____D C:\Users\Monique K Sarkessian\Desktop\gmer
2012-05-04 19:34 - 2012-04-22 16:51 - 0001945 ____A C:\Windows\epplauncher.mif
2012-05-04 19:34 - 2012-04-22 16:50 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-05-04 19:33 - 2012-04-22 16:50 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-05-04 19:33 - 2012-01-19 16:16 - 0761544 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-05-04 19:19 - 2012-04-23 02:07 - 0000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2012-05-04 19:17 - 2011-11-02 05:33 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Local\CrashDumps
2012-05-04 18:35 - 2012-05-04 18:34 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Local\adaware
2012-05-04 18:34 - 2012-04-23 02:06 - 0000000 ____D C:\Users\All Users\Ad-Aware Browsing Protection
2012-05-04 18:34 - 2012-04-23 02:06 - 0000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2012-05-04 18:32 - 2012-05-04 18:32 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Local\adawarebp
2012-05-04 18:32 - 2012-05-04 18:31 - 0000000 ____D C:\Program Files (x86)\adawaretb
2012-05-04 18:32 - 2012-04-23 02:06 - 0000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2012-05-04 18:31 - 2011-10-30 20:15 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\LocalLow
2012-05-04 18:25 - 2012-04-22 14:59 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-05-04 18:24 - 2011-11-12 18:10 - 0000440 ____A C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2012-05-04 18:24 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-04 18:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-05-04 17:43 - 2012-04-26 16:19 - 0000000 ____D C:\Program Files (x86)\Trend Micro
2012-05-04 17:43 - 2012-04-24 15:11 - 0000000 ___HD C:\Users\Monique K Sarkessian\Desktop\.picasaoriginals
2012-05-04 17:43 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\System32\GroupPolicy
2012-05-04 16:57 - 2012-04-26 16:08 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Roaming\Systweak
2012-05-04 16:13 - 2012-05-03 15:48 - 0000000 ____D C:\a092862794172fd6ec
2012-05-04 14:37 - 2012-05-03 17:09 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-05-03 17:37 - 2012-04-26 14:36 - 0007611 ____A C:\Users\Monique K Sarkessian\AppData\Local\resmon.resmoncfg
2012-05-03 17:10 - 2012-05-03 17:10 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Roaming\SUPERAntiSpyware.com
2012-05-03 17:09 - 2012-05-03 17:09 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-05-03 17:09 - 2012-05-03 17:09 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-05-03 15:25 - 2012-05-03 15:25 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
2012-05-03 15:25 - 2012-01-19 16:17 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Local\SoftGrid Client
2012-05-03 15:24 - 2012-05-03 15:24 - 0000000 ____D C:\Users\All Users\Virtualized Applications
2012-05-03 15:24 - 2012-05-03 15:24 - 0000000 ____D C:\ProgramData\Virtualized Applications
2012-05-02 18:42 - 2012-05-02 18:42 - 0000000 ____D C:\Users\All Users\Mozilla
2012-05-02 18:42 - 2012-05-02 18:42 - 0000000 ____D C:\ProgramData\Mozilla
2012-05-02 18:12 - 2012-05-02 18:12 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\duexozdx.sys
2012-05-02 18:12 - 2012-05-02 18:12 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Local\Secunia PSI
2012-05-02 17:54 - 2012-05-02 17:54 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hpzlhxtn.sys
2012-05-02 17:42 - 2012-05-02 17:42 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\zrtmdstx.sys
2012-05-01 20:11 - 2012-05-01 20:11 - 0000000 ____D C:\Program Files (x86)\Shutterfly
2012-05-01 10:14 - 2012-05-01 10:14 - 0000162 ___AH C:\Users\Monique K Sarkessian\Documents\~$nique Kendikian Sarkessian QR scan codemedt.docx
2012-04-30 14:38 - 2012-04-30 14:38 - 0000162 ___AH C:\Users\Monique K Sarkessian\Downloads\~$plication - Changes- revision 1 (1).docx
2012-04-30 14:37 - 2012-04-30 14:37 - 0019433 ____A C:\Users\Monique K Sarkessian\Downloads\Application - Changes- revision 1 (1).docx
2012-04-30 10:40 - 2012-04-30 10:40 - 5611869 ____A C:\Users\Monique K Sarkessian\Downloads\MoniqueKS mentionart jazz articleCCL_MJ12_p38-40.pdf
2012-04-30 10:38 - 2012-04-30 10:38 - 0000011 ____A C:\Users\Monique K Sarkessian\Downloads\web-size(2).zip
2012-04-30 10:31 - 2012-04-30 10:31 - 13184592 ____A C:\Users\Monique K Sarkessian\Downloads\web-size(2).zip.part
2012-04-30 05:30 - 2012-04-30 05:30 - 0381940 ____A C:\Users\Monique K Sarkessian\Downloads\SummerHangout summerhill april 2012.pdf
2012-04-29 15:37 - 2012-04-29 15:37 - 6472339 ____A C:\Users\Monique K Sarkessian\Downloads\CCL_MJ12_p38-40.pdf
2012-04-28 07:16 - 2012-04-28 07:13 - 0000104 ____A C:\Windows\System32\SBRC.dat
2012-04-28 07:00 - 2011-11-19 01:20 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Local\ElevatedDiagnostics
2012-04-28 01:07 - 2012-01-30 11:09 - 0000000 ____D C:\Users\Monique K Sarkessian\Documents\Avery Templates
2012-04-28 01:04 - 2012-04-28 01:04 - 0000162 ___AH C:\Users\Monique K Sarkessian\Documents\~$12 advocate price stickers.docx
2012-04-27 06:16 - 2009-07-13 18:34 - 73138176 ____A C:\Windows\System32\config\software.bak
2012-04-27 06:16 - 2009-07-13 18:34 - 18612224 ____A C:\Windows\System32\config\system.bak
2012-04-27 06:16 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\security.bak
2012-04-27 06:15 - 2012-04-27 06:15 - 0017408 __ASH C:\Windows\System32\config\system.sav.LOG1
2012-04-27 06:15 - 2012-04-27 06:15 - 0000000 __ASH C:\Windows\System32\config\system.sav.LOG2
2012-04-27 06:15 - 2012-04-27 06:15 - 0000000 __ASH C:\Windows\System32\config\software.sav.LOG2
2012-04-27 06:15 - 2012-04-27 06:15 - 0000000 __ASH C:\Windows\System32\config\software.sav.LOG1
2012-04-27 06:13 - 2012-04-27 06:13 - 0000000 __ASH C:\Windows\System32\config\security.sav.LOG2
2012-04-27 06:13 - 2012-04-27 06:13 - 0000000 __ASH C:\Windows\System32\config\security.sav.LOG1
2012-04-27 06:13 - 2012-04-27 06:13 - 0000000 __ASH C:\Windows\System32\config\sam.sav.LOG2
2012-04-27 06:13 - 2012-04-27 06:13 - 0000000 __ASH C:\Windows\System32\config\sam.sav.LOG1
2012-04-27 06:12 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\sam.bak
2012-04-26 17:42 - 2011-10-30 20:19 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Roaming\Toshiba
2012-04-26 17:13 - 2012-03-02 16:54 - 0226304 __ASH C:\Users\Monique K Sarkessian\Thumbs.db
2012-04-26 16:47 - 2012-04-26 16:46 - 0000000 ____D C:\Windows\System32\config\RCCBakup
2012-04-26 14:53 - 2012-04-26 14:53 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\kssgogcr.sys
2012-04-26 13:27 - 2012-04-26 13:27 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\nunkamql.sys
2012-04-26 12:03 - 2012-04-26 12:03 - 3113077 ____A C:\Users\Monique K Sarkessian\Desktop\Sarkessian Family.jpg
2012-04-26 11:20 - 2012-04-26 11:20 - 1858601 ____A C:\Users\Monique K Sarkessian\Desktop\Monique Kendikian-Sarkessian head shot 2.JPG
2012-04-26 11:19 - 2012-04-26 11:19 - 1894468 ____A C:\Users\Monique K Sarkessian\Desktop\Monique Kendikian-Sarkessian head shot.JPG
2012-04-26 11:13 - 2012-04-26 11:13 - 1364317 ____A C:\Users\Monique K Sarkessian\Desktop\Monique And Garabed Sarkessian.JPG
2012-04-26 11:07 - 2012-04-26 11:07 - 4879430 ____A C:\Users\Monique K Sarkessian\Downloads\RTemptationThursday.JPG
2012-04-26 11:01 - 2012-04-26 11:01 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\edaslgkg.sys
2012-04-26 10:57 - 2012-04-26 10:57 - 1497253 ____A C:\Users\Monique K Sarkessian\Downloads\Art and Jazz SPRINGFEST on the Main Line.pdf
2012-04-26 10:54 - 2012-04-26 10:50 - 4879430 ____A C:\Users\Monique K Sarkessian\Desktop\RTemptationThursday.JPG
2012-04-26 10:38 - 2012-04-26 10:38 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\jnmemfsj.sys
2012-04-26 02:22 - 2012-04-26 02:22 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xdvlcrql.sys
2012-04-26 01:37 - 2012-04-24 16:45 - 0000064 ___RH C:\Users\Monique K Sarkessian\Downloads\stinger.opt
2012-04-25 14:03 - 2012-04-25 14:03 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ymnqfadm.sys
2012-04-25 08:15 - 2012-04-25 08:15 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\jgmpnkzl.sys
2012-04-25 05:15 - 2012-04-25 05:15 - 5748166 ____A C:\Users\Monique K Sarkessian\Desktop\RTempatation.JPG
2012-04-24 17:42 - 2012-04-24 17:42 - 6051351 ____A C:\Users\Monique K Sarkessian\Desktop\Temptation preliminary.JPG
2012-04-24 15:12 - 2012-04-24 15:12 - 0198824 ____A C:\Users\Monique K Sarkessian\Desktop\RHaines12.jpg
2012-04-24 15:11 - 2012-04-24 15:11 - 0190873 ____A C:\Users\Monique K Sarkessian\Desktop\RHaines10.jpg
2012-04-24 15:10 - 2012-04-24 15:10 - 0153784 ____A C:\Users\Monique K Sarkessian\Desktop\RHaines11.JPG
2012-04-24 09:57 - 2012-04-24 09:57 - 5836242 ____A C:\Users\Monique K Sarkessian\Desktop\In The Cool Of The Day.JPG
2012-04-24 09:10 - 2012-04-24 09:10 - 0497084 ____A C:\Users\Monique K Sarkessian\Desktop\RHaines8.JPG
2012-04-24 09:09 - 2012-04-24 09:09 - 0930020 ____A C:\Users\Monique K Sarkessian\Desktop\RHaines5.JPG
2012-04-24 09:09 - 2012-04-24 09:09 - 0771838 ____A C:\Users\Monique K Sarkessian\Desktop\RHaines4.JPG
2012-04-24 09:08 - 2012-04-24 09:08 - 0902156 ____A C:\Users\Monique K Sarkessian\Desktop\RHaines1.JPG
2012-04-24 08:48 - 2012-04-24 08:48 - 0929229 ____A C:\Users\Monique K Sarkessian\Downloads\RHaines5.JPG
2012-04-24 08:48 - 2012-04-24 08:48 - 0861957 ____A C:\Users\Monique K Sarkessian\Downloads\RHaines6.JPG
2012-04-24 08:48 - 2012-04-24 08:48 - 0771047 ____A C:\Users\Monique K Sarkessian\Downloads\RHaines4.JPG
2012-04-24 08:47 - 2012-04-24 08:47 - 0901365 ____A C:\Users\Monique K Sarkessian\Downloads\RHaines1.JPG
2012-04-24 08:47 - 2012-04-24 08:47 - 0862232 ____A C:\Users\Monique K Sarkessian\Downloads\RHaines3.JPG
2012-04-24 08:47 - 2012-04-24 08:47 - 0500750 ____A C:\Users\Monique K Sarkessian\Downloads\RHaines10.jpg
2012-04-24 08:47 - 2012-04-24 08:47 - 0496293 ____A C:\Users\Monique K Sarkessian\Downloads\DSC00512(1).JPG
2012-04-24 08:30 - 2011-07-26 18:51 - 0000000 ____D C:\Program Files (x86)\PlayReady
2012-04-24 08:30 - 2011-07-26 18:48 - 0000000 ____D C:\Program Files\PlayReady
2012-04-24 08:29 - 2012-04-22 17:15 - 0000000 ____D C:\011b12d496168078328a
2012-04-24 08:29 - 2010-11-20 23:17 - 0000000 ____D C:\Program Files\Windows Journal
2012-04-24 08:29 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-04-24 08:29 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-04-24 08:29 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-04-24 08:29 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-04-24 08:29 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2012-04-24 08:29 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sppui
2012-04-24 08:29 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2012-04-24 08:29 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ras
2012-04-24 08:29 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-04-24 08:29 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\manifeststore
2012-04-24 08:29 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\InstallShield
2012-04-24 08:29 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\icsxml
2012-04-24 08:29 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-04-24 08:29 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\com
2012-04-24 08:29 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sppui
2012-04-24 08:29 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\icsxml
2012-04-24 08:29 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Cursors
2012-04-24 08:29 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-04-24 08:28 - 2010-11-20 23:16 - 0000000 ____D C:\Windows\ShellNew
2012-04-24 08:28 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WinBioPlugIns
2012-04-24 08:28 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\addins
2012-04-24 08:28 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Portable Devices
2012-04-24 08:28 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-04-24 08:28 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Portable Devices
2012-04-24 08:28 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ___AD C:\Windows\System32\sysprep
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-TW
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-HK
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-CN
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\uk-UA
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\tr-TR
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\th-TH
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sv-SE
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sl-SI
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sk-SK
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ru-RU
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ro-RO
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pt-PT
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pt-BR
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pl-PL
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\oobe
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\nl-NL
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\nb-NO
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\lv-LV
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\lt-LT
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ko-KR
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ja-JP
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\it-IT
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\hu-HU
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\hr-HR
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\he-IL
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\fr-FR
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\fi-FI
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\et-EE
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\el-GR
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\de-DE
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\bg-BG
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ar-SA
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2012-04-24 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Services
2012-04-24 08:14 - 2010-11-20 23:06 - 0000000 ____D C:\Windows\SysWOW64\winrm
2012-04-24 08:14 - 2010-11-20 23:06 - 0000000 ____D C:\Windows\SysWOW64\WCN
2012-04-24 08:13 - 2010-11-20 23:06 - 0000000 ____D C:\Windows\SysWOW64\slmgr
2012-04-24 08:13 - 2010-11-20 23:06 - 0000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2012-04-24 08:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\spp
2012-04-24 08:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Speech
2012-04-24 08:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\NetworkList
2012-04-24 08:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\MUI
2012-04-24 08:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Msdtc
2012-04-24 08:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\IME
2012-04-24 08:12 - 2010-11-20 23:06 - 0000000 ____D C:\Windows\System32\winrm
2012-04-24 08:12 - 2010-11-20 23:06 - 0000000 ____D C:\Windows\System32\WCN
2012-04-24 08:12 - 2010-11-20 23:06 - 0000000 ____D C:\Windows\System32\slmgr
2012-04-24 08:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Speech
2012-04-24 08:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\SMI
2012-04-24 08:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\MUI
2012-04-24 08:10 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Speech
2012-04-24 08:09 - 2011-07-26 19:02 - 0000000 ____D C:\Program Files\Windows Live
2012-04-24 08:09 - 2011-07-26 18:48 - 0000000 ____D C:\Program Files\Toshiba
2012-04-24 08:09 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Windows NT
2012-04-24 08:08 - 2011-07-26 19:02 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-04-24 08:08 - 2011-07-26 18:48 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-04-24 08:08 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Microsoft Games
2012-04-24 08:08 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-04-24 08:08 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files (x86)\Windows NT
2012-04-24 07:33 - 2012-04-22 15:47 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-24 07:33 - 2012-04-22 15:47 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-24 07:28 - 2011-07-26 18:51 - 0000000 ____D C:\Program Files (x86)\Toshiba
2012-04-23 17:19 - 2012-04-23 17:19 - 0012582 ____A C:\Users\Monique K Sarkessian\Desktop\Rosemary Hanes2.jpg
2012-04-23 17:19 - 2012-04-23 17:19 - 0009476 ____A C:\Users\Monique K Sarkessian\Desktop\Rosemary Hanes.jpg
2012-04-22 21:10 - 2010-11-20 23:16 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-04-22 17:13 - 2009-07-13 21:08 - 0025902 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-22 16:49 - 2012-04-22 16:48 - 10165440 ____A (Microsoft Corporation) C:\Users\Monique K Sarkessian\Downloads\mseinstall.exe
2012-04-22 16:36 - 2011-09-18 08:52 - 0000000 ____D C:\Program Files (x86)\NortonInstaller
2012-04-22 15:55 - 2012-04-22 15:55 - 0001205 ____A C:\Users\Monique K Sarkessian\Downloads\FixNCR.reg
2012-04-22 15:47 - 2012-04-22 15:47 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Monique K Sarkessian\Downloads\mbam-setup-1.61.0.1400.exe
2012-04-22 14:58 - 2012-04-22 14:58 - 0000000 ____D C:\Windows\system64
2012-04-22 14:09 - 2012-04-22 14:11 - 0039564 ____A C:\Users\Monique K Sarkessian\Desktop\noune cake totoro.jpg
2012-04-20 09:24 - 2012-04-20 09:24 - 0065617 ____A C:\Users\Monique K Sarkessian\Desktop\Monique Kendikian-Sarkessian Advocate bio.docx
2012-04-19 13:38 - 2012-04-19 13:38 - 0027118 ____A C:\Users\Monique K Sarkessian\Downloads\E911_notice.pdf
2012-04-18 19:57 - 2012-04-18 19:57 - 0000952 __ASH C:\Users\All Users\KGyGaAvL.sys
2012-04-18 19:57 - 2012-04-18 19:57 - 0000952 __ASH C:\ProgramData\KGyGaAvL.sys
2012-04-18 19:57 - 2012-04-18 19:57 - 0000000 ____D C:\Users\Monique K Sarkessian\Corel
2012-04-18 19:29 - 2012-04-18 19:29 - 5446585 ____A C:\Users\Monique K Sarkessian\Desktop\LGWL8.JPG
2012-04-18 18:39 - 2012-04-18 18:39 - 0339677 ____A C:\Users\Monique K Sarkessian\Desktop\LGWL7.JPG
2012-04-18 18:37 - 2012-04-18 18:37 - 0931614 ____A C:\Users\Monique K Sarkessian\Desktop\LGWL6.JPG
2012-04-18 18:34 - 2012-04-18 18:34 - 2164161 ____A C:\Users\Monique K Sarkessian\Desktop\LGWL5.JPG
2012-04-18 18:29 - 2012-04-18 18:29 - 1195925 ____A C:\Users\Monique K Sarkessian\Desktop\LGWL4.JPG
2012-04-18 18:28 - 2012-04-18 18:28 - 1553401 ____A C:\Users\Monique K Sarkessian\Desktop\LGWL3.JPG
2012-04-18 18:25 - 2012-04-18 18:25 - 5083250 ____A C:\Users\Monique K Sarkessian\Desktop\LGWL2.JPG
2012-04-18 17:13 - 2011-12-05 18:49 - 0000000 ____D C:\Program Files (x86)\Tokidoki
2012-04-18 17:12 - 2012-04-18 17:12 - 4660204 ____A (TOKIDOKI LLC. ) C:\Users\Monique K Sarkessian\Downloads\tokidoki_setup(1).exe
2012-04-18 16:12 - 2012-04-18 16:12 - 0022818 ____A C:\Users\Monique K Sarkessian\Downloads\Prospectus.InventorySheet(1).pdf
2012-04-18 16:08 - 2011-11-01 10:12 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Roaming\Apple Computer
2012-04-18 15:37 - 2012-01-08 04:52 - 0002030 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-04-18 15:26 - 2012-04-18 15:26 - 1826710 ____A C:\Users\Monique K Sarkessian\Desktop\waterlilypink.jpg
2012-04-18 15:16 - 2012-04-18 15:16 - 2608292 ____A C:\Users\Monique K Sarkessian\Desktop\Gryphonlatteheart.jpg
2012-04-18 15:09 - 2012-02-09 13:42 - 0008704 ____A C:\Users\Monique K Sarkessian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-04-18 15:08 - 2012-04-18 15:08 - 5383089 ____A C:\Users\Monique K Sarkessian\Desktop\Ireland's lantern.JPG
2012-04-18 15:05 - 2012-04-18 15:05 - 5800510 ____A C:\Users\Monique K Sarkessian\Desktop\winterthurpool.JPG
2012-04-18 14:46 - 2012-04-18 14:46 - 0022818 ____A C:\Users\Monique K Sarkessian\Downloads\Prospectus.InventorySheet.pdf
2012-04-16 23:30 - 2012-02-01 12:03 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Roaming\Smilebox
2012-04-16 06:46 - 2012-03-02 19:26 - 0000000 ____D C:\Users\Monique K Sarkessian\Desktop\Recently Updated
2012-04-16 06:45 - 2012-04-16 06:45 - 0000396 ____A C:\Users\Monique K Sarkessian\Desktop\mkswebsiteqrcodexlimg.php.png
2012-04-16 06:44 - 2012-04-16 06:44 - 0000396 ____A C:\Users\Monique K Sarkessian\Desktop\MKSwebsiteqrcodelargeimg.php.png
2012-04-16 06:42 - 2012-04-16 06:42 - 0000478 ____A C:\Users\Monique K Sarkessian\Desktop\moniquekendikiansarkessianqrcodemedimg.php.png
2012-04-16 06:41 - 2012-04-16 06:41 - 0000507 ____A C:\Users\Monique K Sarkessian\Desktop\Moniquekendikiansarkessianqrcodesmall.png
2012-04-16 04:51 - 2011-12-20 06:53 - 0000184 ___AH C:\Users\Monique K Sarkessian\Downloads\.picasa.ini
2012-04-16 04:49 - 2012-04-16 04:49 - 4071782 ____A C:\Users\Monique K Sarkessian\Downloads\Copy of spring break45.JPG
2012-04-15 17:21 - 2011-10-30 20:18 - 0168192 ____A C:\Users\Monique K Sarkessian\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-15 15:10 - 2012-04-15 15:10 - 24062357 ____A C:\Users\Monique K Sarkessian\Downloads\some pics from the egg hunt.zip
2012-04-15 15:09 - 2012-04-15 15:09 - 2582837 ____A C:\Users\Monique K Sarkessian\Downloads\Copy of spring break55(1).JPG
2012-04-15 15:08 - 2012-04-15 15:08 - 2582837 ____A C:\Users\Monique K Sarkessian\Downloads\Copy of spring break55.JPG
2012-04-15 05:28 - 2012-04-12 14:03 - 0401183 ____A C:\Users\Monique K Sarkessian\Desktop\Invitation to Chaplain's Reception (1).pdf
2012-04-15 05:25 - 2012-04-14 05:33 - 0225214 ____A C:\Users\Monique K Sarkessian\Desktop\MKSArt News April-May2012.docx
2012-04-15 05:15 - 2012-04-15 05:15 - 2558551 ____A C:\Users\Monique K Sarkessian\Desktop\angel1photo.JPG
2012-04-15 05:13 - 2012-04-15 05:13 - 4712153 ____A C:\Users\Monique K Sarkessian\Desktop\mamabababw.JPG
2012-04-15 05:10 - 2012-04-15 05:10 - 3755925 ____A C:\Users\Monique K Sarkessian\Desktop\angelphoto2.JPG
2012-04-15 05:10 - 2012-04-15 05:10 - 2698971 ____A C:\Users\Monique K Sarkessian\Desktop\angelphoto.JPG
2012-04-15 05:02 - 2012-04-15 05:02 - 0002521 ____A C:\Users\Public\Desktop\Safari.lnk
2012-04-15 05:02 - 2011-11-01 10:20 - 0000000 ____D C:\Program Files (x86)\Safari
2012-04-15 05:00 - 2012-04-15 05:00 - 0001794 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-15 05:00 - 2012-04-15 04:59 - 0000000 ____D C:\Program Files\iTunes
2012-04-15 05:00 - 2011-11-01 10:19 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-04-15 04:59 - 2012-04-15 04:59 - 0000000 ____D C:\Program Files\iPod
2012-04-15 04:48 - 2012-04-15 04:48 - 0118319 ____A C:\Users\Monique K Sarkessian\Desktop\angel moving.jpg
2012-04-14 06:52 - 2012-04-14 06:52 - 0019852 ____A C:\Users\Monique K Sarkessian\Downloads\Entry Form Paint Town WC.pdf
2012-04-14 06:50 - 2012-04-14 06:50 - 0039245 ____A C:\Users\Monique K Sarkessian\Downloads\Artist Detail Info.pdf
2012-04-13 17:49 - 2012-04-13 17:49 - 0378754 ____A C:\Users\Monique K Sarkessian\Desktop\rockartcareer.pdf
2012-04-13 17:49 - 2012-04-13 17:49 - 0148969 ____A C:\Users\Monique K Sarkessian\Desktop\artbizcoach-top10.pdf
2012-04-12 14:05 - 2012-04-12 14:05 - 0038256 ____A C:\Users\Monique K Sarkessian\Desktop\WestChesterCCAAArtist Detail Info.pdf
2012-04-12 06:24 - 2012-04-12 06:24 - 14210564 ____A C:\Users\Monique K Sarkessian\Downloads\web-size(1).zip
2012-04-12 05:21 - 2012-04-12 05:21 - 0000162 ___AH C:\Users\Monique K Sarkessian\Documents\~$NIQUE KENDIKIAN Sarkessian CV Mar2012.docx
2012-04-11 15:05 - 2012-04-11 15:05 - 1700164 ____A C:\Users\Monique K Sarkessian\Desktop\vfparkredtreepan.JPG
2012-04-11 09:04 - 2012-04-11 09:04 - 14210564 ____A C:\Users\Monique K Sarkessian\Downloads\web-size.zip
2012-04-11 03:09 - 2011-11-01 13:14 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-04-11 03:09 - 2011-11-01 13:14 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-04-11 03:08 - 2009-07-13 18:34 - 0000540 ____A C:\Windows\win.ini
2012-04-10 06:15 - 2012-04-10 06:15 - 0049861 ____A C:\Users\Monique K Sarkessian\Desktop\mahogany.html
2012-04-10 06:15 - 2012-04-10 06:15 - 0000000 ____D C:\Users\Monique K Sarkessian\Desktop\mahogany_files
2012-04-10 05:11 - 2012-04-10 05:11 - 0000000 ____A C:\Windows\setuperr.log
2012-04-10 05:08 - 2012-04-10 05:08 - 0023904 ____A C:\Users\Monique K Sarkessian\Desktop\ameliaclean booth shot.jpg
2012-04-09 07:08 - 2011-12-02 07:11 - 0000000 ____D C:\Users\Monique K Sarkessian\Desktop\Starred Photos
2012-04-08 11:26 - 2011-11-24 16:48 - 0000000 ____D C:\Users\All Users\Wacom
2012-04-08 11:26 - 2011-11-24 16:48 - 0000000 ____D C:\ProgramData\Wacom
2012-04-05 08:22 - 2012-04-05 08:22 - 0311065 ____A C:\Users\Monique K Sarkessian\Downloads\infamy (2).ram
2012-04-05 08:21 - 2012-04-05 08:21 - 0311065 ____A C:\Users\Monique K Sarkessian\Downloads\infamy.ram
2012-04-05 08:21 - 2012-04-05 08:21 - 0311065 ____A C:\Users\Monique K Sarkessian\Downloads\infamy (1).ram
2012-04-04 16:49 - 2012-04-04 16:49 - 0050813 ____A C:\Users\Monique K Sarkessian\Desktop\StJoan_2264_72dpi_web.jpg
2012-04-04 16:11 - 2012-04-04 16:10 - 0073768 ____A C:\Users\Monique K Sarkessian\Desktop\Joan-Of-Arc Redon.jpg
2012-04-04 08:42 - 2012-04-04 08:41 - 0000000 ____D C:\Users\Monique K Sarkessian\Desktop\MKS artwork photos for iphone
2012-04-04 08:40 - 2012-04-04 08:40 - 0000000 ____D C:\Users\Monique K Sarkessian\Desktop\small photos
2012-04-04 04:31 - 2012-04-04 04:31 - 4974449 ____A C:\Users\Monique K Sarkessian\Desktop\Red Onion With Pink Lady.JPG
2012-04-02 08:34 - 2012-04-02 08:34 - 0000000 ____D C:\Users\All Users\Symantec
2012-04-02 08:34 - 2012-04-02 08:34 - 0000000 ____D C:\ProgramData\Symantec
2012-03-31 14:22 - 2012-03-31 14:22 - 0010401 ____A C:\Users\Monique K Sarkessian\Desktop\monet waterlilies.jpg
2012-03-29 14:12 - 2012-03-29 14:12 - 0082181 ____A C:\Users\Monique K Sarkessian\Desktop\Joan_of_Arc_26x19_cm.jpg
2012-03-29 06:56 - 2012-03-29 06:56 - 0067865 ____A C:\Users\Monique K Sarkessian\Desktop\saintjoanofarc.jpg
2012-03-29 06:55 - 2012-03-29 06:55 - 0007401 ____A C:\Users\Monique K Sarkessian\Desktop\Saint Joan.jpg
2012-03-28 23:00 - 2011-11-01 11:19 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-27 12:34 - 2012-03-27 12:34 - 0080611 ____A C:\Users\Monique K Sarkessian\Desktop\Summerhill_Egg Hunt and Games 2012.pdf
2012-03-27 02:29 - 2012-03-27 02:29 - 0090446 ____A C:\Users\Monique K Sarkessian\Downloads\Summerhill HOA egg hunt 2011 amended flyer.zip
2012-03-24 02:07 - 2011-11-01 13:15 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Local\Microsoft Help
2012-03-22 11:12 - 2012-03-22 11:12 - 4435968 ____A (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2012-03-20 16:44 - 2012-03-20 16:44 - 0203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 16:44 - 2012-03-20 16:44 - 0098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-20 14:19 - 2012-03-20 14:19 - 0836115 ____A C:\Users\All Users\SPLE042.tmp
2012-03-20 14:19 - 2012-03-20 14:19 - 0836115 ____A C:\ProgramData\SPLE042.tmp
2012-03-20 14:18 - 2012-03-20 14:18 - 0028060 ____A C:\Users\Monique K Sarkessian\Downloads\nectar 1st body p.docx
2012-03-20 14:18 - 2012-03-20 14:18 - 0028060 ____A C:\Users\Monique K Sarkessian\Downloads\nectar 1st body p (1).docx
2012-03-17 05:34 - 2011-10-30 20:49 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Local\Google
2012-03-16 04:05 - 2012-03-16 04:05 - 0108717 ____A C:\Users\Monique K Sarkessian\Downloads\Golden Tree In Lorimer .JPG
2012-03-16 04:05 - 2012-03-16 04:05 - 0000000 ___HD C:\Users\Monique K Sarkessian\Downloads\.picasaoriginals
2012-03-15 03:07 - 2009-07-13 20:45 - 0545288 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-14 03:59 - 2012-03-14 03:59 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Roaming\Pantone
2012-03-14 03:55 - 2012-03-14 03:55 - 0001164 ____A C:\Users\All Users\Start Menu\Programs\Startup\hueyPROTray.lnk
2012-03-14 03:55 - 2012-03-14 03:55 - 0001146 ____A C:\Users\Public\Desktop\hueyPRO Quick Start Guide.lnk
2012-03-14 03:55 - 2012-03-14 03:55 - 0001122 ____A C:\Users\Public\Desktop\hueyPRO.lnk
2012-03-14 03:54 - 2012-03-14 03:54 - 0000000 ____D C:\Program Files (x86)\Pantone
2012-03-13 17:55 - 2012-03-13 17:55 - 0000162 ___AH C:\Users\Monique K Sarkessian\Documents\~$c project doc.docx
2012-03-13 10:39 - 2012-03-13 10:38 - 3224410 ____A C:\Users\Monique K Sarkessian\Downloads\4800test.zip
2012-03-06 07:53 - 2012-03-06 07:52 - 0000000 ____D C:\Users\Monique K Sarkessian\Desktop\Picasa Export
2012-03-05 22:53 - 2012-04-11 03:06 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-05 21:59 - 2012-04-11 03:06 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-05 21:59 - 2012-04-11 03:06 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-03 19:17 - 2012-03-03 19:17 - 0006144 ____A C:\Users\Monique K Sarkessian\Downloads\Caramel Peanut Bars.doc
2012-03-02 19:23 - 2012-03-02 16:54 - 0000000 ____D C:\Users\Monique K Sarkessian\Recently Updated
2012-03-02 19:02 - 2012-03-02 19:02 - 0000000 ____D C:\Users\Monique K Sarkessian\Search results for inspiration
2012-03-02 17:17 - 2011-10-30 20:36 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Roaming\Adobe
2012-02-29 22:46 - 2012-04-11 03:01 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:38 - 2012-04-11 03:01 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 22:33 - 2012-04-11 03:01 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 22:28 - 2012-04-11 03:01 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 21:37 - 2012-04-11 03:01 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 21:33 - 2012-04-11 03:01 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:29 - 2012-04-11 03:01 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-27 23:34 - 2012-04-11 03:07 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 23:02 - 2012-04-11 03:07 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 22:56 - 2012-04-11 03:07 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 22:50 - 2012-04-11 03:07 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 22:49 - 2012-04-11 03:07 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 22:48 - 2012-04-11 03:07 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 22:48 - 2012-04-11 03:07 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 22:47 - 2012-04-11 03:07 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 22:45 - 2012-04-11 03:07 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 22:43 - 2012-04-11 03:07 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 22:43 - 2012-04-11 03:07 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 22:42 - 2012-04-11 03:07 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 22:39 - 2012-04-11 03:07 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 18:41 - 2012-02-27 18:41 - 0020992 ____A C:\Users\Monique K Sarkessian\Downloads\Grade KA - Mrs. Frost.xls
2012-02-27 17:55 - 2012-02-27 17:55 - 6284664 ____A (Microsoft Corporation) C:\Users\Monique K Sarkessian\Downloads\Silverlight.exe
2012-02-27 17:52 - 2012-04-11 03:07 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 17:27 - 2012-04-11 03:07 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 17:18 - 2012-04-11 03:07 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 17:12 - 2012-04-11 03:07 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 17:11 - 2012-04-11 03:07 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 17:11 - 2012-04-11 03:07 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 17:09 - 2012-04-11 03:07 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 17:08 - 2012-04-11 03:07 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 17:06 - 2012-04-11 03:07 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 17:04 - 2012-04-11 03:07 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 17:03 - 2012-04-11 03:07 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 17:03 - 2012-04-11 03:07 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 16:59 - 2012-04-11 03:07 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-27 04:18 - 2012-02-27 04:18 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Roaming\Product_RM
2012-02-27 04:18 - 2012-02-27 04:18 - 0000000 ____D C:\Users\All Users\PC Tools
2012-02-27 04:18 - 2012-02-27 04:18 - 0000000 ____D C:\ProgramData\PC Tools
2012-02-27 04:18 - 2012-01-18 15:22 - 0001205 ____A C:\Users\Public\Desktop\PC Tools Registry Mechanic.lnk
2012-02-26 14:35 - 2012-02-26 14:35 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Local\LEGO Interactive
2012-02-26 14:34 - 2012-02-26 14:34 - 0000561 ____A C:\Windows\eReg.dat
2012-02-26 14:20 - 2012-02-26 14:20 - 0000000 ____D C:\Program Files (x86)\LEGO Interactive
2012-02-22 15:44 - 2012-02-22 15:44 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Local\{C854CBE8-B481-4A10-931B-64B74F891B0F}
2012-02-22 15:44 - 2012-02-22 15:44 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Local\{14DBABB4-1463-4353-80B6-D104B70B4DB0}
2012-02-22 15:44 - 2011-11-06 12:59 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Local\Windows Live
2012-02-20 10:22 - 2012-02-20 09:37 - 0152978 ____A C:\Users\Monique K Sarkessian\Downloads\CloverMarketRules&Regs2012.pdf
2012-02-20 10:22 - 2012-02-20 06:48 - 0052776 ____A C:\Users\Monique K Sarkessian\Downloads\CloverMarketSpring2012VendorCopy Sheet1 (1).pdf
2012-02-20 10:22 - 2012-02-20 06:34 - 0052776 ____A C:\Users\Monique K Sarkessian\Downloads\CloverMarketSpring2012VendorCopy Sheet1.pdf
2012-02-18 08:12 - 2012-02-01 12:03 - 0000000 ____D C:\Users\Monique K Sarkessian\Documents\My Smilebox Creations
2012-02-17 14:16 - 2011-11-01 10:12 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Local\Apple Computer
2012-02-17 05:11 - 2011-10-30 20:17 - 0000174 ___SH C:\Users\Monique K Sarkessian\Start Menu\Programs\Startup\desktop.ini
2012-02-17 05:11 - 2011-10-30 20:17 - 0000174 ___SH C:\Users\Monique K Sarkessian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-17 05:04 - 2011-07-26 19:01 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-17 04:59 - 2012-02-04 08:12 - 10689024 ____A C:\Users\Monique K Sarkessian\Desktop\CMYKMonique KS 2012businesscard-back.doc
2012-02-17 03:59 - 2012-01-19 16:16 - 0000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-02-16 22:38 - 2012-03-14 03:46 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-14 03:46 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-14 03:46 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-14 03:46 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-16 16:28 - 2012-02-16 16:28 - 0164581 ____A C:\Users\Monique K Sarkessian\Desktop\CMYKMonique KS 2012businesscard-backimpactfont.pdf
2012-02-15 07:01 - 2012-02-15 07:01 - 4547944 ____A (Apple, Inc.) C:\Windows\System32\usbaaplrc.dll
2012-02-15 07:01 - 2012-02-15 07:01 - 0052736 ____A (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl64.sys
2012-02-14 08:09 - 2012-02-14 08:09 - 1070352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2012-02-13 17:39 - 2012-02-13 17:39 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Local\{BCB118D3-64AA-4240-9D95-88338394C875}
2012-02-13 17:39 - 2012-02-13 17:39 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Local\{248B772A-5AE1-4472-812F-607A787A116A}
2012-02-12 11:42 - 2012-02-12 11:42 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Local\{9B050B52-FE26-4757-8CD0-6A48FE3F36B8}
2012-02-12 11:42 - 2012-02-12 11:42 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Local\{3A23A7E4-D3F9-4198-8017-0C5D2FB46A24}
2012-02-11 07:45 - 2012-02-11 07:45 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Local\{911EF09C-DE4C-4913-A641-2160CFE4F244}
2012-02-11 07:45 - 2012-02-11 07:45 - 0000000 ____D C:\Users\Monique K Sarkessian\AppData\Local\{64648089-431E-4162-B62F-3B0A6C334F6D}
2012-02-09 22:36 - 2012-03-14 03:47 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-03-14 03:47 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-08 10:14 - 2012-02-08 10:02 - 0065866 ____A C:\Users\Monique K Sarkessian\Desktop\CMYKMoniqueKendikianSarkessian2012businesscardfrontfinal.pdf
2012-02-08 10:13 - 2012-02-08 10:13 - 0000162 ___AH C:\Users\Monique K Sarkessian\Desktop\~$YKMoniqueKendikianSarkessian2012businesscardfront.doc
2012-02-08 10:13 - 2012-02-04 08:19 - 0732160 ____A C:\Users\Monique K Sarkessian\Desktop\CMYKMoniqueKendikianSarkessian2012businesscardfront.doc
2012-02-08 10:07 - 2012-02-04 08:19 - 0731648 ____H C:\Users\Monique K Sarkessian\Desktop\~WRL3226.tmp
2012-02-08 09:46 - 2012-02-08 09:46 - 0044106 ____A C:\Users\Monique K Sarkessian\Desktop\Monique KS 2012businesscard-backfinal.pdf
2012-02-08 09:45 - 2012-02-04 06:45 - 0099328 ____A C:\Users\Monique K Sarkessian\Desktop\Monique KS 2012businesscard-back.doc
2012-02-08 09:43 - 2012-02-08 09:43 - 0000162 ___AH C:\Users\Monique K Sarkessian\Desktop\~$nique KS 2012businesscard-back.doc
2012-02-08 09:32 - 2012-02-08 09:32 - 1023784 ____A C:\Users\Monique K Sarkessian\Downloads\CMYKMonique KS 2012businesscard-back (1).JPG
2012-02-08 09:28 - 2012-02-08 09:41 - 1023784 ____A C:\Users\Monique K Sarkessian\Downloads\CMYKMonique KS 2012businesscard-backfinal .JPG
2012-02-08 09:28 - 2012-02-08 09:28 - 1023784 ____A C:\Users\Monique K Sarkessian\Downloads\CMYKMonique KS 2012businesscard-back .JPG
2012-02-07 12:13 - 2012-02-04 08:13 - 0061926 ____A C:\Users\Monique K Sarkessian\Desktop\CMYKMonique KS 2012businesscard-back.pdf
2012-02-07 07:52 - 2012-02-07 07:52 - 0543024 ____A (Microsoft Corporation) C:\Users\Monique K Sarkessian\Downloads\IE9-Windows7-x64-enu.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe
[2011-07-26 18:22] - [2011-03-01 00:07] - 0027648 ____A (Microsoft Corporation) 6F68F63794097E54F36474ED4384B759

C:\Windows\SysWOW64\svchost.exe
[2011-07-26 18:22] - [2011-03-01 00:05] - 0021504 ____A (Microsoft Corporation) ECDB182F885292145826C58252B53000

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2011-07-26 18:18] - [2011-02-24 22:25] - 0296320 ____A (Microsoft Corporation) DF8126BD41180351A093A3AD2FC8903B


========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 5610.12 MB
Available physical RAM: 4967.98 MB
Total Pagefile: 5608.32 MB
Available Pagefile: 4951.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (TI106231W0C) (Fixed) (Total:580.58 GB) (Free:460.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (GS Drive) (Removable) (Total:7.52 GB) (Free:0.31 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 Online 7712 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 580 GB 1501 MB
Partition 3 Primary 14 GB 582 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI106231W0C NTFS Partition 580 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7711 MB 40 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F GS Drive FAT32 Removable 7711 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-20 18:04

======================= End Of Log ==========================

#10 Gary Sark

Gary Sark
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 05 May 2012 - 11:53 PM

i am leaving the laptop as in, in command prompt mode

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 AM

Posted 05 May 2012 - 11:56 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ==> ZeroAccess
2 vetmonnt; C:\Windows\System32\sfman.dll [x]
1 aeseujle; \??\C:\windows\system32\drivers\aeseujle.sys [x]
1 atnguyyp; \??\C:\windows\system32\drivers\atnguyyp.sys [x]
1 auvjtinv; \??\C:\windows\system32\drivers\auvjtinv.sys [x]
1 avylwwvk; \??\C:\windows\system32\drivers\avylwwvk.sys [x]
1 axhxfmom; \??\C:\windows\system32\drivers\axhxfmom.sys [x]
1 barbgwdo; \??\C:\windows\system32\drivers\barbgwdo.sys [x]
1 bdbnqkmy; \??\C:\windows\system32\drivers\bdbnqkmy.sys [x]
1 bguyssnc; \??\C:\windows\system32\drivers\bguyssnc.sys [x]
1 bigsmnps; \??\C:\windows\system32\drivers\bigsmnps.sys [x]
1 bnyazodi; \??\C:\windows\system32\drivers\bnyazodi.sys [x]
1 boncnuil; \??\C:\windows\system32\drivers\boncnuil.sys [x]
1 brtgvzec; \??\C:\windows\system32\drivers\brtgvzec.sys [x]
1 byioeqct; \??\C:\windows\system32\drivers\byioeqct.sys [x]
1 cgruafug; \??\C:\windows\system32\drivers\cgruafug.sys [x]
1 cltltath; \??\C:\windows\system32\drivers\cltltath.sys [x]
1 crvzjqqo; \??\C:\windows\system32\drivers\crvzjqqo.sys [x]
1 cuyucotb; \??\C:\windows\system32\drivers\cuyucotb.sys [x]
1 cybnluzc; \??\C:\windows\system32\drivers\cybnluzc.sys [x]
1 ddrnbomj; \??\C:\windows\system32\drivers\ddrnbomj.sys [x]
1 dfnqyqfv; \??\C:\windows\system32\drivers\dfnqyqfv.sys [x]
1 dkcjpnki; \??\C:\windows\system32\drivers\dkcjpnki.sys [x]
1 dtvgopkz; \??\C:\windows\system32\drivers\dtvgopkz.sys [x]
1 dvqhsnqr; \??\C:\windows\system32\drivers\dvqhsnqr.sys [x]
1 ebwjjfav; \??\C:\windows\system32\drivers\ebwjjfav.sys [x]
1 edbbcevb; \??\C:\windows\system32\drivers\edbbcevb.sys [x]
1 ejywgmjk; \??\C:\windows\system32\drivers\ejywgmjk.sys [x]
1 eolyvlup; \??\C:\windows\system32\drivers\eolyvlup.sys [x]
1 eopqusci; \??\C:\windows\system32\drivers\eopqusci.sys [x]
1 ezhxtmhy; \??\C:\windows\system32\drivers\ezhxtmhy.sys [x]
1 fagbrtcw; \??\C:\windows\system32\drivers\fagbrtcw.sys [x]
1 fhszwtvz; \??\C:\windows\system32\drivers\fhszwtvz.sys [x]
1 fiehtiag; \??\C:\windows\system32\drivers\fiehtiag.sys [x]
1 fiqyowti; \??\C:\windows\system32\drivers\fiqyowti.sys [x]
1 fkjqgsnh; \??\C:\windows\system32\drivers\fkjqgsnh.sys [x]
1 fmlbxdvc; \??\C:\windows\system32\drivers\fmlbxdvc.sys [x]
1 frftzliu; \??\C:\windows\system32\drivers\frftzliu.sys [x]
1 fwzkrmeg; \??\C:\windows\system32\drivers\fwzkrmeg.sys [x]
1 gcjtjawg; \??\C:\windows\system32\drivers\gcjtjawg.sys [x]
1 gqzwfosl; \??\C:\windows\system32\drivers\gqzwfosl.sys [x]
1 gsdhqjaz; \??\C:\windows\system32\drivers\gsdhqjaz.sys [x]
1 gyavlnbm; \??\C:\windows\system32\drivers\gyavlnbm.sys [x]
1 gzedvbur; \??\C:\windows\system32\drivers\gzedvbur.sys [x]
1 gzlcbmof; \??\C:\windows\system32\drivers\gzlcbmof.sys [x]
1 ibliytmm; \??\C:\windows\system32\drivers\ibliytmm.sys [x]
1 icnywlow; \??\C:\windows\system32\drivers\icnywlow.sys [x]
1 iczkyrvb; \??\C:\windows\system32\drivers\iczkyrvb.sys [x]
1 ifelazdp; \??\C:\windows\system32\drivers\ifelazdp.sys [x]
1 iforuohj; \??\C:\windows\system32\drivers\iforuohj.sys [x]
1 ilewqtct; \??\C:\windows\system32\drivers\ilewqtct.sys [x]
1 jqxypkou; \??\C:\windows\system32\drivers\jqxypkou.sys [x]
1 khkntfmz; \??\C:\windows\system32\drivers\khkntfmz.sys [x]
1 ksksybkd; \??\C:\windows\system32\drivers\ksksybkd.sys [x]
1 kuizlsgq; \??\C:\windows\system32\drivers\kuizlsgq.sys [x]
1 lhbniliu; \??\C:\windows\system32\drivers\lhbniliu.sys [x]
1 lkdrqumg; \??\C:\windows\system32\drivers\lkdrqumg.sys [x]
1 lkgcyqjx; \??\C:\windows\system32\drivers\lkgcyqjx.sys [x]
1 lmokwjem; \??\C:\windows\system32\drivers\lmokwjem.sys [x]
1 lwdfegon; \??\C:\windows\system32\drivers\lwdfegon.sys [x]
1 meyunjig; \??\C:\windows\system32\drivers\meyunjig.sys [x]
1 mgmtilwe; \??\C:\windows\system32\drivers\mgmtilwe.sys [x]
1 mhfxuheu; \??\C:\windows\system32\drivers\mhfxuheu.sys [x]
1 mnvoysap; \??\C:\windows\system32\drivers\mnvoysap.sys [x]
1 mosjhpqb; \??\C:\windows\system32\drivers\mosjhpqb.sys [x]
1 mqlaehxy; \??\C:\windows\system32\drivers\mqlaehxy.sys [x]
1 mwsxcgim; \??\C:\windows\system32\drivers\mwsxcgim.sys [x]
1 mwvtffvo; \??\C:\windows\system32\drivers\mwvtffvo.sys [x]
1 mzueewpk; \??\C:\windows\system32\drivers\mzueewpk.sys [x]
1 neegojfo; \??\C:\windows\system32\drivers\neegojfo.sys [x]
1 nktdpbxu; \??\C:\windows\system32\drivers\nktdpbxu.sys [x]
1 nobpbwvu; \??\C:\windows\system32\drivers\nobpbwvu.sys [x]
1 npheatbq; \??\C:\windows\system32\drivers\npheatbq.sys [x]
1 nrfjjhoc; \??\C:\windows\system32\drivers\nrfjjhoc.sys [x]
1 nvoanvph; \??\C:\windows\system32\drivers\nvoanvph.sys [x]
1 obccthct; \??\C:\windows\system32\drivers\obccthct.sys [x]
1 odfbgnfg; \??\C:\windows\system32\drivers\odfbgnfg.sys [x]
1 ohgeshps; \??\C:\windows\system32\drivers\ohgeshps.sys [x]
1 ojyorraf; \??\C:\windows\system32\drivers\ojyorraf.sys [x]
1 oovaaqpc; \??\C:\windows\system32\drivers\oovaaqpc.sys [x]
1 orwdisrq; \??\C:\windows\system32\drivers\orwdisrq.sys [x]
1 oylnjtmf; \??\C:\windows\system32\drivers\oylnjtmf.sys [x]
1 pirouszt; \??\C:\windows\system32\drivers\pirouszt.sys [x]
1 pkmwolrc; \??\C:\windows\system32\drivers\pkmwolrc.sys [x]
1 pojzbnmx; \??\C:\windows\system32\drivers\pojzbnmx.sys [x]
1 povrhfmx; \??\C:\windows\system32\drivers\povrhfmx.sys [x]
1 purjpohm; \??\C:\windows\system32\drivers\purjpohm.sys [x]
1 qmemvkit; \??\C:\windows\system32\drivers\qmemvkit.sys [x]
1 qolzzurc; \??\C:\windows\system32\drivers\qolzzurc.sys [x]
1 qqoensdf; \??\C:\windows\system32\drivers\qqoensdf.sys [x]
1 qqsuylpa; \??\C:\windows\system32\drivers\qqsuylpa.sys [x]
1 qtytixvq; \??\C:\windows\system32\drivers\qtytixvq.sys [x]
1 rotxbggs; \??\C:\windows\system32\drivers\rotxbggs.sys [x]
1 rslhstgl; \??\C:\windows\system32\drivers\rslhstgl.sys [x]
1 saiweawc; \??\C:\windows\system32\drivers\saiweawc.sys [x]
1 sdcjaqec; \??\C:\windows\system32\drivers\sdcjaqec.sys [x]
1 sdtmhung; \??\C:\windows\system32\drivers\sdtmhung.sys [x]
1 skiubcik; \??\C:\windows\system32\drivers\skiubcik.sys [x]
1 slqercug; \??\C:\windows\system32\drivers\slqercug.sys [x]
1 sngiavfx; \??\C:\windows\system32\drivers\sngiavfx.sys [x]
1 sqbiibys; \??\C:\windows\system32\drivers\sqbiibys.sys [x]
1 swgpcjmu; \??\C:\windows\system32\drivers\swgpcjmu.sys [x]
1 tgtthivk; \??\C:\windows\system32\drivers\tgtthivk.sys [x]
1 thajcdyi; \??\C:\windows\system32\drivers\thajcdyi.sys [x]
1 tmduurtn; \??\C:\windows\system32\drivers\tmduurtn.sys [x]
1 tpjvrfnj; \??\C:\windows\system32\drivers\tpjvrfnj.sys [x]
1 tsteavwk; \??\C:\windows\system32\drivers\tsteavwk.sys [x]
1 ttcmopyp; \??\C:\windows\system32\drivers\ttcmopyp.sys [x]
1 tuckcipi; \??\C:\windows\system32\drivers\tuckcipi.sys [x]
1 ueocwbhq; \??\C:\windows\system32\drivers\ueocwbhq.sys [x]
1 upfpayoe; \??\C:\windows\system32\drivers\upfpayoe.sys [x]
1 utagbpyi; \??\C:\windows\system32\drivers\utagbpyi.sys [x]
1 valkcuiq; \??\C:\windows\system32\drivers\valkcuiq.sys [x]
1 vdrhlegy; \??\C:\windows\system32\drivers\vdrhlegy.sys [x]
1 vlahtuzj; \??\C:\windows\system32\drivers\vlahtuzj.sys [x]
1 vsduwfru; \??\C:\windows\system32\drivers\vsduwfru.sys [x]
1 vtxlpblw; \??\C:\windows\system32\drivers\vtxlpblw.sys [x]
1 vxosmewd; \??\C:\windows\system32\drivers\vxosmewd.sys [x]
1 wmmxkjsc; \??\C:\windows\system32\drivers\wmmxkjsc.sys [x]
1 wmxmskgu; \??\C:\windows\system32\drivers\wmxmskgu.sys [x]
1 wwkosvjm; \??\C:\windows\system32\drivers\wwkosvjm.sys [x]
1 wzhummnt; \??\C:\windows\system32\drivers\wzhummnt.sys [x]
1 xkohncwz; \??\C:\windows\system32\drivers\xkohncwz.sys [x]
1 xqloqkty; \??\C:\windows\system32\drivers\xqloqkty.sys [x]
1 xsaqznjj; \??\C:\windows\system32\drivers\xsaqznjj.sys [x]
1 xzgpjbfp; \??\C:\windows\system32\drivers\xzgpjbfp.sys [x]
1 ybimsula; \??\C:\windows\system32\drivers\ybimsula.sys [x]
1 yxckvmuc; \??\C:\windows\system32\drivers\yxckvmuc.sys [x]
1 yygujcar; \??\C:\windows\system32\drivers\yygujcar.sys [x]
1 yzdpctpc; \??\C:\windows\system32\drivers\yzdpctpc.sys [x]
1 zdvfkrrd; \??\C:\windows\system32\drivers\zdvfkrrd.sys [x]
1 zgwgzjgc; \??\C:\windows\system32\drivers\zgwgzjgc.sys [x]
1 ziqlkate; \??\C:\windows\system32\drivers\ziqlkate.sys [x]
1 zjilhhcd; \??\C:\windows\system32\drivers\zjilhhcd.sys [x]
1 zplogtdg; \??\C:\windows\system32\drivers\zplogtdg.sys [x]
1 zpsluajv; \??\C:\windows\system32\drivers\zpsluajv.sys [x]
1 zxrkzbjk; \??\C:\windows\system32\drivers\zxrkzbjk.sys [x]
NETSVC: vetmonnt
2012-05-02 18:12 - 2009-07-13 16:06 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\duexozdx.sys
2012-05-02 17:54 - 2010-11-20 19:23 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hpzlhxtn.sys
2012-05-02 17:42 - 2012-04-25 14:03 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\zrtmdstx.sys
2012-04-26 14:53 - 2011-11-16 22:49 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\kssgogcr.sys
2012-04-26 13:27 - 2009-07-13 15:19 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\nunkamql.sys
2012-04-26 11:01 - 2010-11-20 19:24 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\edaslgkg.sys
2012-04-26 10:38 - 2012-04-25 08:15 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\jnmemfsj.sys
2012-04-26 02:22 - 2010-11-20 19:23 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xdvlcrql.sys
2012-04-25 14:03 - 2012-04-26 02:22 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ymnqfadm.sys
2012-04-25 08:15 - 2009-07-13 17:48 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\jgmpnkzl.sys
2012-04-22 14:59 - 2009-07-13 17:40 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd



NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Gary Sark

Gary Sark
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 06 May 2012 - 12:10 AM

ok, going to do this now.

#13 Gary Sark

Gary Sark
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 06 May 2012 - 12:19 AM

here is fixlog.txt
Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 05-05-2012 02
Ran by SYSTEM at 2012-05-06 01:18:09 Run:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Session Manager\SubSystems\\Windows Value was restored.
vetmonnt service deleted successfully.
aeseujle service deleted successfully.
atnguyyp service deleted successfully.
auvjtinv service deleted successfully.
avylwwvk service deleted successfully.
axhxfmom service deleted successfully.
barbgwdo service deleted successfully.
bdbnqkmy service deleted successfully.
bguyssnc service deleted successfully.
bigsmnps service deleted successfully.
bnyazodi service deleted successfully.
boncnuil service deleted successfully.
brtgvzec service deleted successfully.
byioeqct service deleted successfully.
cgruafug service deleted successfully.
cltltath service deleted successfully.
crvzjqqo service deleted successfully.
cuyucotb service deleted successfully.
cybnluzc service deleted successfully.
ddrnbomj service deleted successfully.
dfnqyqfv service deleted successfully.
dkcjpnki service deleted successfully.
dtvgopkz service deleted successfully.
dvqhsnqr service deleted successfully.
ebwjjfav service deleted successfully.
edbbcevb service deleted successfully.
ejywgmjk service deleted successfully.
eolyvlup service deleted successfully.
eopqusci service deleted successfully.
ezhxtmhy service deleted successfully.
fagbrtcw service deleted successfully.
fhszwtvz service deleted successfully.
fiehtiag service deleted successfully.
fiqyowti service deleted successfully.
fkjqgsnh service deleted successfully.
fmlbxdvc service deleted successfully.
frftzliu service deleted successfully.
fwzkrmeg service deleted successfully.
gcjtjawg service deleted successfully.
gqzwfosl service deleted successfully.
gsdhqjaz service deleted successfully.
gyavlnbm service deleted successfully.
gzedvbur service deleted successfully.
gzlcbmof service deleted successfully.
ibliytmm service deleted successfully.
icnywlow service deleted successfully.
iczkyrvb service deleted successfully.
ifelazdp service deleted successfully.
iforuohj service deleted successfully.
ilewqtct service deleted successfully.
jqxypkou service deleted successfully.
khkntfmz service deleted successfully.
ksksybkd service deleted successfully.
kuizlsgq service deleted successfully.
lhbniliu service deleted successfully.
lkdrqumg service deleted successfully.
lkgcyqjx service deleted successfully.
lmokwjem service deleted successfully.
lwdfegon service deleted successfully.
meyunjig service deleted successfully.
mgmtilwe service deleted successfully.
mhfxuheu service deleted successfully.
mnvoysap service deleted successfully.
mosjhpqb service deleted successfully.
mqlaehxy service deleted successfully.
mwsxcgim service deleted successfully.
mwvtffvo service deleted successfully.
mzueewpk service deleted successfully.
neegojfo service deleted successfully.
nktdpbxu service deleted successfully.
nobpbwvu service deleted successfully.
npheatbq service deleted successfully.
nrfjjhoc service deleted successfully.
nvoanvph service deleted successfully.
obccthct service deleted successfully.
odfbgnfg service deleted successfully.
ohgeshps service deleted successfully.
ojyorraf service deleted successfully.
oovaaqpc service deleted successfully.
orwdisrq service deleted successfully.
oylnjtmf service deleted successfully.
pirouszt service deleted successfully.
pkmwolrc service deleted successfully.
pojzbnmx service deleted successfully.
povrhfmx service deleted successfully.
purjpohm service deleted successfully.
qmemvkit service deleted successfully.
qolzzurc service deleted successfully.
qqoensdf service deleted successfully.
qqsuylpa service deleted successfully.
qtytixvq service deleted successfully.
rotxbggs service deleted successfully.
rslhstgl service deleted successfully.
saiweawc service deleted successfully.
sdcjaqec service deleted successfully.
sdtmhung service deleted successfully.
skiubcik service deleted successfully.
slqercug service deleted successfully.
sngiavfx service deleted successfully.
sqbiibys service deleted successfully.
swgpcjmu service deleted successfully.
tgtthivk service deleted successfully.
thajcdyi service deleted successfully.
tmduurtn service deleted successfully.
tpjvrfnj service deleted successfully.
tsteavwk service deleted successfully.
ttcmopyp service deleted successfully.
tuckcipi service deleted successfully.
ueocwbhq service deleted successfully.
upfpayoe service deleted successfully.
utagbpyi service deleted successfully.
valkcuiq service deleted successfully.
vdrhlegy service deleted successfully.
vlahtuzj service deleted successfully.
vsduwfru service deleted successfully.
vtxlpblw service deleted successfully.
vxosmewd service deleted successfully.
wmmxkjsc service deleted successfully.
wmxmskgu service deleted successfully.
wwkosvjm service deleted successfully.
wzhummnt service deleted successfully.
xkohncwz service deleted successfully.
xqloqkty service deleted successfully.
xsaqznjj service deleted successfully.
xzgpjbfp service deleted successfully.
ybimsula service deleted successfully.
yxckvmuc service deleted successfully.
yygujcar service deleted successfully.
yzdpctpc service deleted successfully.
zdvfkrrd service deleted successfully.
zgwgzjgc service deleted successfully.
ziqlkate service deleted successfully.
zjilhhcd service deleted successfully.
zplogtdg service deleted successfully.
zpsluajv service deleted successfully.
zxrkzbjk service deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs vetmonnt Deleted successfully.
C:\Windows\System32\Drivers\duexozdx.sys moved successfully.
C:\Windows\System32\Drivers\hpzlhxtn.sys moved successfully.
C:\Windows\System32\Drivers\zrtmdstx.sys moved successfully.
C:\Windows\System32\Drivers\kssgogcr.sys moved successfully.
C:\Windows\System32\Drivers\nunkamql.sys moved successfully.
C:\Windows\System32\Drivers\edaslgkg.sys moved successfully.
C:\Windows\System32\Drivers\jnmemfsj.sys moved successfully.
C:\Windows\System32\Drivers\xdvlcrql.sys moved successfully.
C:\Windows\System32\Drivers\ymnqfadm.sys moved successfully.
C:\Windows\System32\Drivers\jgmpnkzl.sys moved successfully.
C:\Windows\System32\dds_trash_log.cmd moved successfully.

==== End of Fixlog ====

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 AM

Posted 06 May 2012 - 12:26 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Gary Sark

Gary Sark
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 06 May 2012 - 12:31 AM

ok, I printed out the directions, so in order to run combofix, I have to reboot into windows. le me know if there is any special way I should do this.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users