Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Operating memory - Win32/Olmarik.TDL4 trojan


  • This topic is locked This topic is locked
23 replies to this topic

#1 Ohaicomputer

Ohaicomputer

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 11 May 2012 - 09:18 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Teresa at 21:13:40 on 2012-05-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.941 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Spybot - Search && Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173604102106p04g5v135r4571s43q
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No File
BHO: Fantapper: {8a86d350-37ab-410a-8531-7d1363f317b3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: {E33CF602-D945-461A-83F0-819F76A199F8} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files%20(x86)/Jewel%20Quest%20Solitaire%20III/Images/stg_drm.ocx
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{27B5B2CA-85F0-407D-9547-DAA3B0252103} : DhcpNameServer = 192.168.0.1
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO-X64: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No File
BHO-X64: IEVkbdBHO - No File
BHO-X64: Fantapper: {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
BHO-X64: Fantapper - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO-X64: WeCareReminder - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: {E33CF602-D945-461A-83F0-819F76A199F8} - No File
BHO-X64: link filter bho - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\78hvw7lr.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,205,0_0,StartPage,20110522,16900,0,16,0
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\Users\Teresa\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com\components\lptlf.dll
FF - component: C:\Users\Teresa\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com\components\lptlf2.dll
FF - component: C:\Users\Teresa\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com\components\lptlf3.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com
FF - Ext: We-Care Reminder: wecarereminder@bryan - %profile%\extensions\wecarereminder@bryan
FF - Ext: ShopToWin2: {5835466c-49af-4cbe-b102-a8c8b6313749} - %profile%\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}
FF - Ext: ShopToWin4: {6cbc25b0-0a52-11df-8a39-0800200c9a66} - %profile%\extensions\{6cbc25b0-0a52-11df-8a39-0800200c9a66}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\DRIVERS\klbg.sys --> C:\Windows\system32\DRIVERS\klbg.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-4-17 913752]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944]
R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
R2 FTSvc;Fantapper Player Update Service;C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe [2012-4-23 14336]
R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-5-8 1181104]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-5-8 1185704]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-5-8 166528]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-10-29 240160]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-29 135664]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-4 654408]
S2 SetupARService;SetupARService;C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [2011-5-24 24576]
S3 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-29 135664]
S3 JLTECH0227;Dual Mode Camera;C:\Windows\system32\Drivers\jl2005c.sys --> C:\Windows\system32\Drivers\jl2005c.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AVP;Kaspersky Anti-Virus;"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [?]
.
=============== Created Last 30 ================
.
2012-05-11 20:38:19 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D97E66FF-4D6C-4ECD-A0BC-C13F5BD6515A}\offreg.dll
2012-05-11 08:57:23 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D97E66FF-4D6C-4ECD-A0BC-C13F5BD6515A}\mpengine.dll
2012-05-09 22:07:39 -------- d-----w- C:\Users\Teresa\AppData\Roaming\SUPERAntiSpyware.com
2012-05-09 22:07:23 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-05-09 22:07:23 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-05-09 20:21:03 -------- d-----w- C:\5a3964d3662297e8c9a570
2012-05-09 20:04:42 -------- d-----w- C:\Program Files (x86)\Brand Affinity Technologies
2012-05-09 04:35:37 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 04:35:37 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-09 04:35:37 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-09 04:35:37 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-09 04:35:37 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 04:34:43 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-09 04:34:43 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-09 04:34:43 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-09 04:34:42 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-09 04:31:51 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-09 04:31:32 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-09 04:16:32 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-09 04:16:32 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-08 21:56:29 -------- d-----w- C:\Users\Teresa\AppData\Local\ESET
2012-05-08 21:29:25 -------- d-----w- C:\Program Files\ESET
2012-05-08 21:23:46 -------- d-----w- C:\Users\Teresa\AppData\Roaming\QuickScan
2012-05-08 20:26:58 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-05-08 20:26:49 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2012-05-08 20:26:46 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-05-06 22:56:21 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-04 22:02:45 -------- d-----w- C:\Windows\CheckSur
2012-05-02 20:07:42 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-05-02 20:07:42 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-05-02 20:07:42 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-05-02 20:07:42 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-05-02 20:07:42 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-05-02 20:07:42 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-05-02 20:07:42 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-05-01 15:43:33 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2012-05-01 15:41:42 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2012-05-01 15:41:38 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-05-01 15:41:38 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-05-01 15:41:20 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-05-01 15:41:09 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-05-01 15:41:09 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-05-01 15:41:05 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-05-01 15:41:04 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-05-01 15:40:37 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-05-01 15:40:37 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-05-01 15:39:53 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-05-01 15:39:53 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-05-01 15:39:50 77312 ----a-w- C:\Windows\System32\packager.dll
2012-05-01 15:39:50 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-05-01 15:22:24 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-05-01 15:22:24 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-05-01 15:22:24 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-05-01 15:16:46 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-05-01 15:16:46 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-05-01 15:16:45 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-05-01 15:16:45 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-29 00:13:07 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-04-29 00:13:07 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2012-04-29 00:13:07 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2012-04-29 00:13:07 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2012-04-29 00:12:50 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2012-04-29 00:12:50 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2012-04-29 00:12:50 331776 ----a-w- C:\Windows\System32\oleacc.dll
2012-04-29 00:12:50 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2012-04-28 23:47:53 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2012-04-28 23:46:59 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2012-04-28 23:45:59 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2012-04-28 23:45:59 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2012-04-28 23:45:59 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2012-04-28 23:43:42 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2012-04-28 23:43:42 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2012-04-28 23:42:32 24408 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2012-04-23 21:21:34 770384 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2012-04-23 21:21:34 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2012-04-23 21:21:34 138056 ----a-w- C:\Windows\SysWow64\atl100.dll
2012-04-23 17:30:14 -------- d-----w- C:\Users\Teresa\AppData\Local\Facebook
.
==================== Find3M ====================
.
2012-04-28 23:48:16 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2012-04-28 23:48:16 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2012-04-28 23:48:16 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2012-04-28 23:48:16 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2012-04-28 23:48:16 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2012-04-28 23:48:16 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2012-04-28 23:48:16 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2012-04-28 23:48:16 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2012-04-28 23:48:16 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2012-04-28 23:46:59 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 21:22:46.60 ===============











(Issue with GMER: Only Services, Registry, Files and ADS were Checkable/uncheckable in the scan selection list.




GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-11 22:09:22
Windows 6.1.7601 Service Pack 1
Running: gdeyecgu.exe


---- Files - GMER 1.0.15 ----

File C:\Users\Teresa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AU69JLXT\integrity-local[1].txt 0 bytes
File C:\Users\Teresa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BW4ED0NM\FACEBOOK[1].txt 38 bytes
File C:\Users\Teresa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D85FN3J2\page__st__15[1].htm 71665 bytes
File C:\Users\Teresa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SA1FQ7O0\integrity-local[1].txt 0 bytes
File C:\Users\Teresa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SA1FQ7O0\integrity-local[2].txt 0 bytes
File C:\Users\Teresa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VLR0FXO0\integrity-local[1].txt 0 bytes
File C:\Users\Teresa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VLR0FXO0\integrity-local[2].txt 40 bytes
File C:\Users\Teresa\AppData\Roaming\Microsoft\Windows\Cookies\8JLK5XGH.txt 0 bytes
File C:\Windows\temp\TMP00000271EE23A7521F899715 0 bytes

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:43 AM

Posted 11 May 2012 - 11:52 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Ohaicomputer

Ohaicomputer
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 13 May 2012 - 12:37 AM

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Kaspersky Anti-Virus 2010
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy 2
Java™ 6 Update 20
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (3.6.13) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````









ComboFix 12-05-12.01 - Teresa 05/12/2012 20:02:35.3.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.954 [GMT -4:00]
Running from: c:\users\Teresa\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Spybot - Search && Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Brand Affinity Technologies
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.dll
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.InstallState
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\Fantapper.crx
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\Fantapper.xpi
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.dll
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.InstallState
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FT_Enabled.ico
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FT_Plugin_Installer.jpg
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\IEInstaller.dll
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\OpenIE.dll
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\OpenIE.InstallState
c:\program files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe
c:\program files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.InstallState
c:\program files (x86)\Brand Affinity Technologies\Fantapper Updater\FT_Enabled.ico
c:\program files (x86)\Brand Affinity Technologies\Fantapper Updater\FT_Plugin_Installer.jpg
c:\programdata\42983160
c:\programdata\49796900
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_FTSvc
-------\Service_FTSvc
.
.
((((((((((((((((((((((((( Files Created from 2012-04-13 to 2012-05-13 )))))))))))))))))))))))))))))))
.
.
2012-05-13 00:39 . 2012-05-13 00:39 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-13 00:39 . 2012-05-13 00:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-12 01:35 . 2012-05-12 01:35 -------- d-----w- c:\program files (x86)\7-Zip
2012-05-11 08:57 . 2012-04-18 07:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D97E66FF-4D6C-4ECD-A0BC-C13F5BD6515A}\mpengine.dll
2012-05-09 22:07 . 2012-05-09 22:07 -------- d-----w- c:\users\Teresa\AppData\Roaming\SUPERAntiSpyware.com
2012-05-09 22:07 . 2012-05-09 22:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-09 22:07 . 2012-05-09 22:07 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-09 20:21 . 2012-05-09 20:21 -------- d-----w- C:\5a3964d3662297e8c9a570
2012-05-09 04:35 . 2012-05-09 04:35 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 04:35 . 2012-05-09 04:35 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 04:35 . 2012-05-09 04:35 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 04:35 . 2012-05-09 04:35 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 04:35 . 2012-05-09 04:35 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 04:34 . 2012-05-09 04:34 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 04:34 . 2012-05-09 04:34 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-09 04:34 . 2012-05-09 04:34 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 04:34 . 2012-05-09 04:34 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-09 04:31 . 2012-05-09 04:31 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 04:31 . 2012-05-09 04:31 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 04:16 . 2012-05-09 04:16 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-09 04:16 . 2012-05-09 04:16 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-08 21:56 . 2012-05-08 21:56 -------- d-----w- c:\users\Teresa\AppData\Local\ESET
2012-05-08 21:29 . 2012-05-08 21:29 -------- d-----w- c:\program files\ESET
2012-05-08 21:23 . 2012-05-08 21:23 -------- d-----w- c:\users\Teresa\AppData\Roaming\QuickScan
2012-05-08 20:26 . 2012-05-09 04:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-08 20:26 . 2009-01-25 16:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2012-05-08 20:26 . 2012-05-08 20:26 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2012-05-04 22:02 . 2012-05-04 22:02 -------- d-----w- c:\windows\CheckSur
2012-05-04 21:28 . 2012-05-04 21:28 -------- d-----w- c:\users\Teresa\AppData\Roaming\Yahoo!
2012-05-02 20:07 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-02 20:07 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-02 20:07 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-02 20:07 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-02 20:07 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-02 20:07 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-02 20:07 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-01 15:43 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-05-01 15:41 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-05-01 15:41 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-05-01 15:41 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-05-01 15:41 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-05-01 15:41 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-05-01 15:41 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-05-01 15:41 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-05-01 15:41 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-05-01 15:40 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-05-01 15:40 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-05-01 15:39 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-05-01 15:39 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-05-01 15:39 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-05-01 15:39 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-05-01 15:22 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-01 15:22 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-01 15:22 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-05-01 15:16 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-05-01 15:16 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-05-01 15:16 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-01 15:16 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-29 00:13 . 2012-04-29 00:13 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-04-29 00:13 . 2012-04-29 00:13 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-04-29 00:13 . 2012-04-29 00:13 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-04-29 00:13 . 2012-04-29 00:13 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-04-29 00:12 . 2012-04-29 00:12 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-04-29 00:12 . 2012-04-29 00:12 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-04-29 00:12 . 2012-04-29 00:12 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-04-29 00:12 . 2012-04-29 00:12 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-04-28 23:47 . 2012-04-28 23:47 421888 ----a-w- c:\windows\system32\KernelBase.dll
2012-04-28 23:46 . 2012-04-28 23:46 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2012-04-28 23:45 . 2012-04-28 23:45 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2012-04-28 23:45 . 2012-04-28 23:45 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-04-28 23:45 . 2012-04-28 23:45 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-04-28 23:43 . 2012-04-28 23:43 976896 ----a-w- c:\windows\system32\inetcomm.dll
2012-04-28 23:43 . 2012-04-28 23:43 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2012-04-28 23:42 . 2012-02-23 18:24 24408 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-04-23 21:21 . 2012-04-23 21:21 770384 ----a-w- c:\windows\SysWow64\msvcr100.dll
2012-04-23 21:21 . 2012-04-23 21:21 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2012-04-23 21:21 . 2012-04-23 21:21 138056 ----a-w- c:\windows\SysWow64\atl100.dll
2012-04-23 17:30 . 2012-04-23 17:30 -------- d-----w- c:\users\Teresa\AppData\Local\Facebook
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-28 23:47 . 2012-04-28 23:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-04-05 06:06 . 2012-04-05 06:06 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-02-23 14:18 . 2010-06-29 13:58 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 JLTECH0227;Dual Mode Camera;c:\windows\system32\Drivers\jl2005c.sys [x]
R3 MBAMProtector;MBAMProtector; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
R4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
R4 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
R4 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-29 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-29 135664]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-02-07 1181104]
R4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-02-07 1185704]
R4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-02-07 166528]
R4 SetupARService;SetupARService;c:\program files (x86)\Realtek\Audio\SetupAfterRebootService.exe [2011-05-24 24576]
R4 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-29 17:21]
.
2012-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-29 17:21]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152]
"combofix"="c:\combofix\CF28999.3XE" [2010-11-20 345088]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173604102106p04g5v135r4571s43q
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\78hvw7lr.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,205,0_0,StartPage,20110522,16900,0,16,0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com
FF - Ext: We-Care Reminder: wecarereminder@bryan - %profile%\extensions\wecarereminder@bryan
FF - Ext: ShopToWin2: {5835466c-49af-4cbe-b102-a8c8b6313749} - %profile%\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}
FF - Ext: ShopToWin4: {6cbc25b0-0a52-11df-8a39-0800200c9a66} - %profile%\extensions\{6cbc25b0-0a52-11df-8a39-0800200c9a66}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-WTA-1c78bef8-cab2-4b79-8463-2e4af3c7ea4c - c:\program files (x86)\WildGames\Blues Clues Meet Blues Baby Brother\uninstall\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-12 21:04:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-13 01:04
.
Pre-Run: 347,900,514,304 bytes free
Post-Run: 349,541,437,440 bytes free
.
- - End Of File - - AE1B94FA088B07985552982792BA3D2E

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:43 AM

Posted 13 May 2012 - 12:51 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Ohaicomputer

Ohaicomputer
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 13 May 2012 - 01:57 AM

Neither one of these programs will open when clicking on them. I have also tried changing the extention as well as the name of the file without any luck of it opening. All antivirus and other programs are disabled.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:43 AM

Posted 13 May 2012 - 01:58 AM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Ohaicomputer

Ohaicomputer
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 13 May 2012 - 03:11 AM

That cleared an infection and has also allowed both programs to execute without problem =).

03:54:33.0195 2292 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
03:54:33.0585 2292 ============================================================
03:54:33.0585 2292 Current date / time: 2012/05/13 03:54:33.0585
03:54:33.0585 2292 SystemInfo:
03:54:33.0585 2292
03:54:33.0585 2292 OS Version: 6.1.7601 ServicePack: 1.0
03:54:33.0585 2292 Product type: Workstation
03:54:33.0585 2292 ComputerName: TERESA-PC
03:54:33.0585 2292 UserName: Teresa
03:54:33.0585 2292 Windows directory: C:\Windows
03:54:33.0585 2292 System windows directory: C:\Windows
03:54:33.0585 2292 Running under WOW64
03:54:33.0585 2292 Processor architecture: Intel x64
03:54:33.0585 2292 Number of processors: 1
03:54:33.0585 2292 Page size: 0x1000
03:54:33.0585 2292 Boot type: Normal boot
03:54:33.0585 2292 ============================================================
03:54:35.0816 2292 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
03:54:35.0832 2292 ============================================================
03:54:35.0832 2292 \Device\Harddisk0\DR0:
03:54:35.0832 2292 MBR partitions:
03:54:35.0832 2292 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
03:54:35.0832 2292 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x3894E830
03:54:35.0832 2292 ============================================================
03:54:35.0863 2292 C: <-> \Device\Harddisk0\DR0\Partition1
03:54:35.0863 2292 ============================================================
03:54:35.0863 2292 Initialize success
03:54:35.0863 2292 ============================================================
03:54:43.0866 2340 ============================================================
03:54:43.0866 2340 Scan started
03:54:43.0866 2340 Mode: Manual;
03:54:43.0866 2340 ============================================================
03:54:44.0583 2340 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
03:54:44.0583 2340 !SASCORE - ok
03:54:44.0724 2340 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
03:54:44.0724 2340 1394ohci - ok
03:54:44.0755 2340 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
03:54:44.0755 2340 ACPI - ok
03:54:44.0802 2340 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
03:54:44.0802 2340 AcpiPmi - ok
03:54:44.0864 2340 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
03:54:44.0864 2340 adp94xx - ok
03:54:44.0895 2340 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
03:54:44.0911 2340 adpahci - ok
03:54:44.0958 2340 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
03:54:44.0958 2340 adpu320 - ok
03:54:45.0051 2340 AdvancedSystemCareService5 (b11c71b29fa69e4586f9b65560e6604d) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
03:54:45.0067 2340 AdvancedSystemCareService5 - ok
03:54:45.0114 2340 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
03:54:45.0114 2340 AeLookupSvc - ok
03:54:45.0160 2340 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
03:54:45.0176 2340 AFD - ok
03:54:45.0223 2340 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
03:54:45.0223 2340 agp440 - ok
03:54:45.0238 2340 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
03:54:45.0238 2340 ALG - ok
03:54:45.0270 2340 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
03:54:45.0270 2340 aliide - ok
03:54:45.0285 2340 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
03:54:45.0301 2340 amdide - ok
03:54:45.0332 2340 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
03:54:45.0332 2340 AmdK8 - ok
03:54:45.0363 2340 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
03:54:45.0363 2340 AmdPPM - ok
03:54:45.0394 2340 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
03:54:45.0394 2340 amdsata - ok
03:54:45.0426 2340 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
03:54:45.0426 2340 amdsbs - ok
03:54:45.0457 2340 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
03:54:45.0457 2340 amdxata - ok
03:54:45.0488 2340 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
03:54:45.0504 2340 AppID - ok
03:54:45.0535 2340 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
03:54:45.0535 2340 AppIDSvc - ok
03:54:45.0597 2340 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
03:54:45.0597 2340 Appinfo - ok
03:54:45.0660 2340 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
03:54:45.0660 2340 arc - ok
03:54:45.0691 2340 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
03:54:45.0691 2340 arcsas - ok
03:54:45.0816 2340 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
03:54:45.0862 2340 aspnet_state - ok
03:54:45.0878 2340 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
03:54:45.0894 2340 AsyncMac - ok
03:54:45.0909 2340 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
03:54:45.0925 2340 atapi - ok
03:54:45.0987 2340 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
03:54:46.0003 2340 AudioEndpointBuilder - ok
03:54:46.0018 2340 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
03:54:46.0018 2340 AudioSrv - ok
03:54:46.0065 2340 AVP - ok
03:54:46.0112 2340 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
03:54:46.0112 2340 AxInstSV - ok
03:54:46.0159 2340 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
03:54:46.0159 2340 b06bdrv - ok
03:54:46.0190 2340 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
03:54:46.0206 2340 b57nd60a - ok
03:54:46.0237 2340 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
03:54:46.0252 2340 BDESVC - ok
03:54:46.0268 2340 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
03:54:46.0268 2340 Beep - ok
03:54:46.0346 2340 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
03:54:46.0362 2340 BFE - ok
03:54:46.0408 2340 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
03:54:46.0424 2340 BITS - ok
03:54:46.0471 2340 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
03:54:46.0471 2340 blbdrive - ok
03:54:46.0533 2340 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
03:54:46.0533 2340 bowser - ok
03:54:46.0564 2340 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
03:54:46.0564 2340 BrFiltLo - ok
03:54:46.0580 2340 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
03:54:46.0580 2340 BrFiltUp - ok
03:54:46.0627 2340 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
03:54:46.0627 2340 BridgeMP - ok
03:54:46.0689 2340 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
03:54:46.0689 2340 Browser - ok
03:54:46.0720 2340 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
03:54:46.0720 2340 Brserid - ok
03:54:46.0752 2340 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
03:54:46.0752 2340 BrSerWdm - ok
03:54:46.0767 2340 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
03:54:46.0767 2340 BrUsbMdm - ok
03:54:46.0798 2340 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
03:54:46.0798 2340 BrUsbSer - ok
03:54:46.0814 2340 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
03:54:46.0814 2340 BTHMODEM - ok
03:54:46.0861 2340 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
03:54:46.0861 2340 bthserv - ok
03:54:47.0001 2340 catchme - ok
03:54:47.0032 2340 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
03:54:47.0032 2340 cdfs - ok
03:54:47.0095 2340 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
03:54:47.0095 2340 cdrom - ok
03:54:47.0142 2340 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
03:54:47.0142 2340 CertPropSvc - ok
03:54:47.0173 2340 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
03:54:47.0173 2340 circlass - ok
03:54:47.0220 2340 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
03:54:47.0220 2340 CLFS - ok
03:54:47.0282 2340 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:54:47.0282 2340 clr_optimization_v2.0.50727_32 - ok
03:54:47.0329 2340 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
03:54:47.0329 2340 clr_optimization_v2.0.50727_64 - ok
03:54:47.0422 2340 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:54:47.0532 2340 clr_optimization_v4.0.30319_32 - ok
03:54:47.0594 2340 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
03:54:47.0688 2340 clr_optimization_v4.0.30319_64 - ok
03:54:47.0734 2340 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
03:54:47.0734 2340 CmBatt - ok
03:54:47.0781 2340 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
03:54:47.0781 2340 cmdide - ok
03:54:47.0844 2340 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
03:54:47.0844 2340 CNG - ok
03:54:47.0890 2340 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
03:54:47.0890 2340 Compbatt - ok
03:54:47.0937 2340 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
03:54:47.0937 2340 CompositeBus - ok
03:54:47.0953 2340 COMSysApp - ok
03:54:48.0015 2340 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
03:54:48.0015 2340 crcdisk - ok
03:54:48.0124 2340 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
03:54:48.0140 2340 CryptSvc - ok
03:54:48.0265 2340 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
03:54:48.0280 2340 DcomLaunch - ok
03:54:48.0343 2340 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
03:54:48.0343 2340 defragsvc - ok
03:54:48.0390 2340 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
03:54:48.0390 2340 DfsC - ok
03:54:48.0468 2340 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
03:54:48.0483 2340 Dhcp - ok
03:54:48.0514 2340 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
03:54:48.0514 2340 discache - ok
03:54:48.0546 2340 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
03:54:48.0546 2340 Disk - ok
03:54:48.0592 2340 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
03:54:48.0608 2340 Dnscache - ok
03:54:48.0670 2340 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
03:54:48.0686 2340 dot3svc - ok
03:54:48.0717 2340 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
03:54:48.0717 2340 DPS - ok
03:54:48.0733 2340 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
03:54:48.0733 2340 drmkaud - ok
03:54:48.0826 2340 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
03:54:48.0826 2340 DXGKrnl - ok
03:54:48.0889 2340 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys
03:54:48.0889 2340 eamonm - ok
03:54:48.0920 2340 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
03:54:48.0936 2340 EapHost - ok
03:54:49.0045 2340 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
03:54:49.0107 2340 ebdrv - ok
03:54:49.0216 2340 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
03:54:49.0216 2340 EFS - ok
03:54:49.0279 2340 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys
03:54:49.0279 2340 ehdrv - ok
03:54:49.0357 2340 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
03:54:49.0357 2340 ehRecvr - ok
03:54:49.0388 2340 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
03:54:49.0388 2340 ehSched - ok
03:54:49.0528 2340 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
03:54:49.0544 2340 ekrn - ok
03:54:49.0606 2340 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
03:54:49.0622 2340 elxstor - ok
03:54:49.0653 2340 epfwwfpr (2380976cf8a4a56611f35633acd2a74f) C:\Windows\system32\DRIVERS\epfwwfpr.sys
03:54:49.0653 2340 epfwwfpr - ok
03:54:49.0716 2340 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
03:54:49.0716 2340 ErrDev - ok
03:54:49.0794 2340 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
03:54:49.0794 2340 EventSystem - ok
03:54:49.0825 2340 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
03:54:49.0825 2340 exfat - ok
03:54:49.0856 2340 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
03:54:49.0856 2340 fastfat - ok
03:54:49.0918 2340 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
03:54:49.0934 2340 Fax - ok
03:54:49.0965 2340 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
03:54:49.0965 2340 fdc - ok
03:54:49.0981 2340 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
03:54:49.0981 2340 fdPHost - ok
03:54:50.0012 2340 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
03:54:50.0012 2340 FDResPub - ok
03:54:50.0028 2340 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
03:54:50.0028 2340 FileInfo - ok
03:54:50.0059 2340 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
03:54:50.0059 2340 Filetrace - ok
03:54:50.0074 2340 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
03:54:50.0074 2340 flpydisk - ok
03:54:50.0137 2340 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
03:54:50.0137 2340 FltMgr - ok
03:54:50.0199 2340 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
03:54:50.0230 2340 FontCache - ok
03:54:50.0308 2340 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
03:54:50.0308 2340 FontCache3.0.0.0 - ok
03:54:50.0355 2340 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
03:54:50.0355 2340 FsDepends - ok
03:54:50.0418 2340 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
03:54:50.0418 2340 Fs_Rec - ok
03:54:50.0449 2340 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
03:54:50.0449 2340 fvevol - ok
03:54:50.0464 2340 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
03:54:50.0480 2340 gagp30kx - ok
03:54:50.0542 2340 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
03:54:50.0558 2340 gpsvc - ok
03:54:50.0667 2340 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
03:54:50.0698 2340 Greg_Service - ok
03:54:50.0776 2340 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
03:54:50.0792 2340 gupdate - ok
03:54:50.0792 2340 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
03:54:50.0792 2340 gupdatem - ok
03:54:50.0839 2340 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
03:54:50.0854 2340 gusvc - ok
03:54:50.0948 2340 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
03:54:50.0948 2340 hcw85cir - ok
03:54:50.0995 2340 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
03:54:50.0995 2340 HdAudAddService - ok
03:54:51.0042 2340 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
03:54:51.0042 2340 HDAudBus - ok
03:54:51.0073 2340 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
03:54:51.0073 2340 HidBatt - ok
03:54:51.0104 2340 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
03:54:51.0104 2340 HidBth - ok
03:54:51.0120 2340 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
03:54:51.0135 2340 HidIr - ok
03:54:51.0166 2340 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
03:54:51.0166 2340 hidserv - ok
03:54:51.0182 2340 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
03:54:51.0182 2340 HidUsb - ok
03:54:51.0244 2340 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
03:54:51.0244 2340 hkmsvc - ok
03:54:51.0307 2340 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
03:54:51.0307 2340 HomeGroupListener - ok
03:54:51.0338 2340 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
03:54:51.0338 2340 HomeGroupProvider - ok
03:54:51.0369 2340 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
03:54:51.0369 2340 HpSAMD - ok
03:54:51.0432 2340 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
03:54:51.0432 2340 HTTP - ok
03:54:51.0478 2340 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
03:54:51.0494 2340 hwpolicy - ok
03:54:51.0510 2340 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
03:54:51.0510 2340 i8042prt - ok
03:54:51.0541 2340 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
03:54:51.0556 2340 iaStorV - ok
03:54:51.0634 2340 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
03:54:51.0650 2340 idsvc - ok
03:54:51.0681 2340 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
03:54:51.0681 2340 iirsp - ok
03:54:51.0759 2340 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
03:54:51.0775 2340 IKEEXT - ok
03:54:51.0790 2340 IntcAzAudAddService - ok
03:54:51.0837 2340 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
03:54:51.0837 2340 intelide - ok
03:54:51.0853 2340 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
03:54:51.0868 2340 intelppm - ok
03:54:51.0900 2340 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
03:54:51.0900 2340 IPBusEnum - ok
03:54:51.0946 2340 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:54:51.0946 2340 IpFilterDriver - ok
03:54:51.0993 2340 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
03:54:51.0993 2340 iphlpsvc - ok
03:54:52.0040 2340 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
03:54:52.0040 2340 IPMIDRV - ok
03:54:52.0087 2340 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
03:54:52.0087 2340 IPNAT - ok
03:54:52.0118 2340 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
03:54:52.0118 2340 IRENUM - ok
03:54:52.0134 2340 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
03:54:52.0134 2340 isapnp - ok
03:54:52.0165 2340 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
03:54:52.0165 2340 iScsiPrt - ok
03:54:52.0212 2340 JLTECH0227 (d57bc37917533162e3e75140d1f037b9) C:\Windows\system32\Drivers\jl2005c.sys
03:54:52.0227 2340 JLTECH0227 - ok
03:54:52.0243 2340 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
03:54:52.0243 2340 kbdclass - ok
03:54:52.0290 2340 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
03:54:52.0305 2340 kbdhid - ok
03:54:52.0336 2340 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
03:54:52.0336 2340 KeyIso - ok
03:54:52.0383 2340 kl1 (db449f50e5141458eb58e64ffac4863f) C:\Windows\system32\DRIVERS\kl1.sys
03:54:52.0383 2340 kl1 - ok
03:54:52.0399 2340 KLBG (87200a8afe40532baa4d2b24a7ba0eea) C:\Windows\system32\DRIVERS\klbg.sys
03:54:52.0399 2340 KLBG - ok
03:54:52.0446 2340 KLIF (09bad645d3843669c281431c7df2db2e) C:\Windows\system32\DRIVERS\klif.sys
03:54:52.0446 2340 KLIF - ok
03:54:52.0477 2340 KLIM6 (630f22545379437737cf4172f09fe449) C:\Windows\system32\DRIVERS\klim6.sys
03:54:52.0477 2340 KLIM6 - ok
03:54:52.0508 2340 klmouflt (786791291939abb11f6d0f040da23912) C:\Windows\system32\DRIVERS\klmouflt.sys
03:54:52.0508 2340 klmouflt - ok
03:54:52.0524 2340 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
03:54:52.0524 2340 KSecDD - ok
03:54:52.0539 2340 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
03:54:52.0539 2340 KSecPkg - ok
03:54:52.0586 2340 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
03:54:52.0586 2340 ksthunk - ok
03:54:52.0617 2340 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
03:54:52.0633 2340 KtmRm - ok
03:54:52.0680 2340 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
03:54:52.0695 2340 LanmanServer - ok
03:54:52.0742 2340 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
03:54:52.0742 2340 LanmanWorkstation - ok
03:54:52.0773 2340 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
03:54:52.0773 2340 lltdio - ok
03:54:52.0820 2340 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
03:54:52.0836 2340 lltdsvc - ok
03:54:52.0851 2340 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
03:54:52.0851 2340 lmhosts - ok
03:54:52.0898 2340 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
03:54:52.0898 2340 LSI_FC - ok
03:54:52.0929 2340 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
03:54:52.0929 2340 LSI_SAS - ok
03:54:52.0945 2340 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
03:54:52.0945 2340 LSI_SAS2 - ok
03:54:52.0976 2340 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
03:54:52.0976 2340 LSI_SCSI - ok
03:54:53.0007 2340 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
03:54:53.0007 2340 luafv - ok
03:54:53.0023 2340 MBAMProtector - ok
03:54:53.0132 2340 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
03:54:53.0132 2340 MBAMService - ok
03:54:53.0179 2340 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
03:54:53.0179 2340 Mcx2Svc - ok
03:54:53.0210 2340 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
03:54:53.0210 2340 megasas - ok
03:54:53.0257 2340 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
03:54:53.0257 2340 MegaSR - ok
03:54:53.0288 2340 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
03:54:53.0288 2340 MMCSS - ok
03:54:53.0319 2340 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
03:54:53.0319 2340 Modem - ok
03:54:53.0366 2340 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
03:54:53.0366 2340 monitor - ok
03:54:53.0413 2340 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
03:54:53.0413 2340 mouclass - ok
03:54:53.0444 2340 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
03:54:53.0444 2340 mouhid - ok
03:54:53.0491 2340 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
03:54:53.0491 2340 mountmgr - ok
03:54:53.0553 2340 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
03:54:53.0553 2340 mpio - ok
03:54:53.0569 2340 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
03:54:53.0569 2340 mpsdrv - ok
03:54:53.0647 2340 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
03:54:53.0662 2340 MpsSvc - ok
03:54:53.0694 2340 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
03:54:53.0694 2340 MRxDAV - ok
03:54:53.0756 2340 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
03:54:53.0756 2340 mrxsmb - ok
03:54:53.0772 2340 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:54:53.0787 2340 mrxsmb10 - ok
03:54:53.0803 2340 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:54:53.0803 2340 mrxsmb20 - ok
03:54:53.0850 2340 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
03:54:53.0850 2340 msahci - ok
03:54:53.0912 2340 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
03:54:53.0912 2340 msdsm - ok
03:54:53.0943 2340 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
03:54:53.0943 2340 MSDTC - ok
03:54:53.0990 2340 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
03:54:53.0990 2340 Msfs - ok
03:54:54.0021 2340 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
03:54:54.0021 2340 mshidkmdf - ok
03:54:54.0037 2340 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
03:54:54.0037 2340 msisadrv - ok
03:54:54.0084 2340 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
03:54:54.0084 2340 MSiSCSI - ok
03:54:54.0099 2340 msiserver - ok
03:54:54.0146 2340 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
03:54:54.0146 2340 MSKSSRV - ok
03:54:54.0177 2340 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
03:54:54.0177 2340 MSPCLOCK - ok
03:54:54.0193 2340 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
03:54:54.0193 2340 MSPQM - ok
03:54:54.0255 2340 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
03:54:54.0255 2340 MsRPC - ok
03:54:54.0302 2340 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
03:54:54.0302 2340 mssmbios - ok
03:54:54.0333 2340 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
03:54:54.0333 2340 MSTEE - ok
03:54:54.0349 2340 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
03:54:54.0349 2340 MTConfig - ok
03:54:54.0380 2340 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
03:54:54.0380 2340 Mup - ok
03:54:54.0411 2340 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
03:54:54.0427 2340 napagent - ok
03:54:54.0458 2340 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
03:54:54.0458 2340 NativeWifiP - ok
03:54:54.0520 2340 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
03:54:54.0536 2340 NDIS - ok
03:54:54.0552 2340 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
03:54:54.0552 2340 NdisCap - ok
03:54:54.0614 2340 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
03:54:54.0614 2340 NdisTapi - ok
03:54:54.0661 2340 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
03:54:54.0661 2340 Ndisuio - ok
03:54:54.0723 2340 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
03:54:54.0723 2340 NdisWan - ok
03:54:54.0739 2340 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
03:54:54.0739 2340 NDProxy - ok
03:54:54.0848 2340 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
03:54:54.0864 2340 Nero BackItUp Scheduler 4.0 - ok
03:54:54.0895 2340 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
03:54:54.0895 2340 NetBIOS - ok
03:54:54.0973 2340 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
03:54:54.0973 2340 NetBT - ok
03:54:55.0035 2340 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
03:54:55.0035 2340 Netlogon - ok
03:54:55.0082 2340 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
03:54:55.0098 2340 Netman - ok
03:54:55.0176 2340 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:54:55.0238 2340 NetMsmqActivator - ok
03:54:55.0254 2340 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:54:55.0254 2340 NetPipeActivator - ok
03:54:55.0316 2340 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
03:54:55.0316 2340 netprofm - ok
03:54:55.0332 2340 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:54:55.0332 2340 NetTcpActivator - ok
03:54:55.0347 2340 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:54:55.0347 2340 NetTcpPortSharing - ok
03:54:55.0410 2340 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
03:54:55.0410 2340 nfrd960 - ok
03:54:55.0472 2340 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
03:54:55.0472 2340 NlaSvc - ok
03:54:55.0488 2340 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
03:54:55.0503 2340 Npfs - ok
03:54:55.0519 2340 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
03:54:55.0519 2340 nsi - ok
03:54:55.0534 2340 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
03:54:55.0534 2340 nsiproxy - ok
03:54:55.0659 2340 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
03:54:55.0690 2340 Ntfs - ok
03:54:55.0768 2340 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
03:54:55.0768 2340 Null - ok
03:54:56.0205 2340 nvlddmkm (a963c2c276a97b088ded5d7a83be8052) C:\Windows\system32\DRIVERS\nvlddmkm.sys
03:54:56.0299 2340 nvlddmkm - ok
03:54:56.0377 2340 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
03:54:56.0377 2340 nvraid - ok
03:54:56.0408 2340 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
03:54:56.0408 2340 nvstor - ok
03:54:56.0439 2340 nvstor64 (71b6ecd3c56fbf12fb1968da3953b703) C:\Windows\system32\DRIVERS\nvstor64.sys
03:54:56.0439 2340 nvstor64 - ok
03:54:56.0502 2340 nvsvc (dd9d86051b8f7669aabf693530f380fe) C:\Windows\system32\nvvsvc.exe
03:54:56.0517 2340 nvsvc - ok
03:54:56.0548 2340 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
03:54:56.0548 2340 nv_agp - ok
03:54:56.0658 2340 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
03:54:56.0658 2340 odserv - ok
03:54:56.0704 2340 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
03:54:56.0704 2340 ohci1394 - ok
03:54:56.0767 2340 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
03:54:56.0767 2340 ose - ok
03:54:56.0814 2340 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
03:54:56.0814 2340 p2pimsvc - ok
03:54:56.0860 2340 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
03:54:56.0860 2340 p2psvc - ok
03:54:56.0907 2340 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
03:54:56.0907 2340 Parport - ok
03:54:56.0938 2340 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
03:54:56.0938 2340 partmgr - ok
03:54:56.0970 2340 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
03:54:56.0970 2340 PcaSvc - ok
03:54:57.0032 2340 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
03:54:57.0032 2340 pci - ok
03:54:57.0048 2340 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
03:54:57.0048 2340 pciide - ok
03:54:57.0079 2340 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
03:54:57.0079 2340 pcmcia - ok
03:54:57.0110 2340 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
03:54:57.0110 2340 pcw - ok
03:54:57.0141 2340 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
03:54:57.0157 2340 PEAUTH - ok
03:54:57.0250 2340 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
03:54:57.0250 2340 PerfHost - ok
03:54:57.0375 2340 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
03:54:57.0406 2340 pla - ok
03:54:57.0469 2340 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
03:54:57.0469 2340 PlugPlay - ok
03:54:57.0500 2340 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
03:54:57.0500 2340 PNRPAutoReg - ok
03:54:57.0531 2340 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
03:54:57.0531 2340 PNRPsvc - ok
03:54:57.0578 2340 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
03:54:57.0594 2340 PolicyAgent - ok
03:54:57.0625 2340 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
03:54:57.0640 2340 Power - ok
03:54:57.0703 2340 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
03:54:57.0718 2340 PptpMiniport - ok
03:54:57.0765 2340 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
03:54:57.0765 2340 Processor - ok
03:54:57.0796 2340 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
03:54:57.0796 2340 ProfSvc - ok
03:54:57.0843 2340 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
03:54:57.0843 2340 ProtectedStorage - ok
03:54:57.0890 2340 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
03:54:57.0906 2340 Psched - ok
03:54:57.0968 2340 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
03:54:57.0999 2340 ql2300 - ok
03:54:58.0842 2340 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
03:54:58.0857 2340 ql40xx - ok
03:54:58.0888 2340 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
03:54:58.0904 2340 QWAVE - ok
03:54:58.0920 2340 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
03:54:58.0920 2340 QWAVEdrv - ok
03:54:58.0951 2340 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
03:54:58.0951 2340 RasAcd - ok
03:54:58.0982 2340 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
03:54:58.0982 2340 RasAgileVpn - ok
03:54:59.0013 2340 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
03:54:59.0013 2340 RasAuto - ok
03:54:59.0076 2340 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
03:54:59.0076 2340 Rasl2tp - ok
03:54:59.0154 2340 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
03:54:59.0154 2340 RasMan - ok
03:54:59.0169 2340 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
03:54:59.0169 2340 RasPppoe - ok
03:54:59.0200 2340 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
03:54:59.0200 2340 RasSstp - ok
03:54:59.0232 2340 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
03:54:59.0232 2340 rdbss - ok
03:54:59.0263 2340 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
03:54:59.0263 2340 rdpbus - ok
03:54:59.0294 2340 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
03:54:59.0294 2340 RDPCDD - ok
03:54:59.0310 2340 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
03:54:59.0310 2340 RDPENCDD - ok
03:54:59.0341 2340 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
03:54:59.0341 2340 RDPREFMP - ok
03:54:59.0419 2340 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
03:54:59.0419 2340 RDPWD - ok
03:54:59.0512 2340 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
03:54:59.0512 2340 rdyboost - ok
03:54:59.0575 2340 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
03:54:59.0575 2340 RemoteAccess - ok
03:54:59.0606 2340 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
03:54:59.0606 2340 RemoteRegistry - ok
03:54:59.0637 2340 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
03:54:59.0637 2340 RpcEptMapper - ok
03:54:59.0668 2340 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
03:54:59.0668 2340 RpcLocator - ok
03:54:59.0731 2340 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
03:54:59.0731 2340 RpcSs - ok
03:54:59.0778 2340 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
03:54:59.0778 2340 rspndr - ok
03:54:59.0809 2340 RTL8167 (f4c374b1c46de294b573bb43723ac3f6) C:\Windows\system32\DRIVERS\Rt64win7.sys
03:54:59.0824 2340 RTL8167 - ok
03:54:59.0871 2340 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
03:54:59.0871 2340 SamSs - ok
03:54:59.0965 2340 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
03:54:59.0965 2340 SASDIFSV - ok
03:55:00.0012 2340 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
03:55:00.0012 2340 SASKUTIL - ok
03:55:00.0074 2340 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
03:55:00.0074 2340 sbp2port - ok
03:55:00.0183 2340 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
03:55:00.0183 2340 SCardSvr - ok
03:55:00.0230 2340 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
03:55:00.0246 2340 scfilter - ok
03:55:00.0308 2340 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
03:55:00.0324 2340 Schedule - ok
03:55:00.0386 2340 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
03:55:00.0386 2340 SCPolicySvc - ok
03:55:00.0417 2340 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
03:55:00.0417 2340 SDRSVC - ok
03:55:00.0573 2340 SDScannerService (8dcd2c2aa1debe7edaac90e398765976) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
03:55:00.0589 2340 SDScannerService - ok
03:55:00.0682 2340 SDUpdateService (5de1be0423c8cc00e8c47dbf4f987dd4) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
03:55:00.0698 2340 SDUpdateService - ok
03:55:00.0729 2340 SDWSCService (92c58389ecab46b7a47c7fb6a8cf5526) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
03:55:00.0729 2340 SDWSCService - ok
03:55:00.0823 2340 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
03:55:00.0823 2340 secdrv - ok
03:55:00.0870 2340 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
03:55:00.0870 2340 seclogon - ok
03:55:00.0901 2340 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
03:55:00.0916 2340 SENS - ok
03:55:00.0932 2340 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
03:55:00.0932 2340 SensrSvc - ok
03:55:00.0963 2340 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
03:55:00.0963 2340 Serenum - ok
03:55:00.0994 2340 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
03:55:00.0994 2340 Serial - ok
03:55:01.0041 2340 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
03:55:01.0041 2340 sermouse - ok
03:55:01.0104 2340 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
03:55:01.0104 2340 SessionEnv - ok
03:55:01.0182 2340 SetupARService (18a4eb256e35a6dd233c4d005835879a) C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe
03:55:01.0182 2340 SetupARService - ok
03:55:01.0228 2340 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
03:55:01.0228 2340 sffdisk - ok
03:55:01.0244 2340 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
03:55:01.0244 2340 sffp_mmc - ok
03:55:01.0275 2340 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
03:55:01.0275 2340 sffp_sd - ok
03:55:01.0306 2340 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
03:55:01.0306 2340 sfloppy - ok
03:55:01.0369 2340 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
03:55:01.0384 2340 SharedAccess - ok
03:55:01.0447 2340 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
03:55:01.0447 2340 ShellHWDetection - ok
03:55:01.0478 2340 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
03:55:01.0478 2340 SiSRaid2 - ok
03:55:01.0509 2340 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
03:55:01.0509 2340 SiSRaid4 - ok
03:55:01.0525 2340 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
03:55:01.0540 2340 Smb - ok
03:55:01.0587 2340 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
03:55:01.0587 2340 SNMPTRAP - ok
03:55:01.0634 2340 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
03:55:01.0634 2340 spldr - ok
03:55:01.0712 2340 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
03:55:01.0712 2340 Spooler - ok
03:55:01.0884 2340 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
03:55:01.0946 2340 sppsvc - ok
03:55:02.0040 2340 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
03:55:02.0040 2340 sppuinotify - ok
03:55:02.0118 2340 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
03:55:02.0118 2340 srv - ok
03:55:02.0149 2340 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
03:55:02.0164 2340 srv2 - ok
03:55:02.0180 2340 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
03:55:02.0180 2340 srvnet - ok
03:55:02.0242 2340 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
03:55:02.0242 2340 SSDPSRV - ok
03:55:02.0274 2340 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
03:55:02.0274 2340 SstpSvc - ok
03:55:02.0305 2340 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
03:55:02.0320 2340 stexstor - ok
03:55:02.0383 2340 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
03:55:02.0398 2340 stisvc - ok
03:55:02.0492 2340 SupportSoft RemoteAssist (42fef84684d217870f3c8813b6f58276) C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe
03:55:02.0508 2340 SupportSoft RemoteAssist - ok
03:55:02.0554 2340 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
03:55:02.0554 2340 swenum - ok
03:55:02.0601 2340 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
03:55:02.0617 2340 swprv - ok
03:55:02.0710 2340 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
03:55:02.0742 2340 SysMain - ok
03:55:02.0866 2340 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
03:55:02.0866 2340 TabletInputService - ok
03:55:02.0913 2340 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
03:55:02.0913 2340 TapiSrv - ok
03:55:02.0960 2340 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
03:55:02.0960 2340 TBS - ok
03:55:03.0054 2340 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
03:55:03.0100 2340 Tcpip - ok
03:55:03.0225 2340 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
03:55:03.0241 2340 TCPIP6 - ok
03:55:03.0350 2340 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
03:55:03.0350 2340 tcpipreg - ok
03:55:03.0381 2340 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
03:55:03.0381 2340 TDPIPE - ok
03:55:03.0428 2340 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
03:55:03.0428 2340 TDTCP - ok
03:55:03.0475 2340 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
03:55:03.0475 2340 tdx - ok
03:55:03.0522 2340 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
03:55:03.0522 2340 TermDD - ok
03:55:03.0568 2340 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
03:55:03.0584 2340 TermService - ok
03:55:03.0631 2340 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
03:55:03.0631 2340 Themes - ok
03:55:03.0662 2340 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
03:55:03.0662 2340 THREADORDER - ok
03:55:03.0693 2340 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
03:55:03.0693 2340 TrkWks - ok
03:55:03.0771 2340 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
03:55:03.0771 2340 TrustedInstaller - ok
03:55:03.0818 2340 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
03:55:03.0818 2340 tssecsrv - ok
03:55:03.0880 2340 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
03:55:03.0880 2340 TsUsbFlt - ok
03:55:03.0943 2340 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
03:55:03.0943 2340 tunnel - ok
03:55:03.0974 2340 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
03:55:03.0974 2340 uagp35 - ok
03:55:04.0005 2340 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
03:55:04.0021 2340 udfs - ok
03:55:04.0083 2340 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
03:55:04.0083 2340 UI0Detect - ok
03:55:04.0130 2340 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
03:55:04.0130 2340 uliagpkx - ok
03:55:04.0192 2340 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
03:55:04.0192 2340 umbus - ok
03:55:04.0224 2340 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
03:55:04.0224 2340 UmPass - ok
03:55:04.0302 2340 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
03:55:04.0302 2340 Updater Service - ok
03:55:04.0364 2340 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
03:55:04.0364 2340 upnphost - ok
03:55:04.0411 2340 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
03:55:04.0411 2340 USBAAPL64 - ok
03:55:04.0458 2340 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
03:55:04.0473 2340 usbccgp - ok
03:55:04.0520 2340 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
03:55:04.0536 2340 usbcir - ok
03:55:04.0551 2340 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
03:55:04.0551 2340 usbehci - ok
03:55:04.0582 2340 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
03:55:04.0598 2340 usbhub - ok
03:55:04.0614 2340 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
03:55:04.0614 2340 usbohci - ok
03:55:04.0645 2340 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
03:55:04.0645 2340 usbprint - ok
03:55:04.0692 2340 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
03:55:04.0692 2340 usbscan - ok
03:55:04.0707 2340 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
03:55:04.0723 2340 USBSTOR - ok
03:55:04.0738 2340 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
03:55:04.0738 2340 usbuhci - ok
03:55:04.0816 2340 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
03:55:04.0816 2340 usbvideo - ok
03:55:04.0863 2340 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
03:55:04.0863 2340 UxSms - ok
03:55:04.0894 2340 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
03:55:04.0910 2340 VaultSvc - ok
03:55:04.0926 2340 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
03:55:04.0926 2340 vdrvroot - ok
03:55:04.0988 2340 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
03:55:05.0004 2340 vds - ok
03:55:05.0035 2340 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
03:55:05.0035 2340 vga - ok
03:55:05.0066 2340 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
03:55:05.0066 2340 VgaSave - ok
03:55:05.0097 2340 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
03:55:05.0097 2340 vhdmp - ok
03:55:05.0128 2340 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
03:55:05.0128 2340 viaide - ok
03:55:05.0160 2340 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
03:55:05.0160 2340 volmgr - ok
03:55:05.0222 2340 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
03:55:05.0222 2340 volmgrx - ok
03:55:05.0253 2340 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
03:55:05.0253 2340 volsnap - ok
03:55:05.0300 2340 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
03:55:05.0300 2340 vsmraid - ok
03:55:05.0394 2340 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
03:55:05.0425 2340 VSS - ok
03:55:05.0503 2340 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
03:55:05.0503 2340 vwifibus - ok
03:55:05.0550 2340 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
03:55:05.0565 2340 W32Time - ok
03:55:05.0581 2340 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
03:55:05.0596 2340 WacomPen - ok
03:55:05.0643 2340 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
03:55:05.0643 2340 WANARP - ok
03:55:05.0659 2340 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
03:55:05.0659 2340 Wanarpv6 - ok
03:55:05.0752 2340 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
03:55:05.0768 2340 WatAdminSvc - ok
03:55:05.0862 2340 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
03:55:05.0877 2340 wbengine - ok
03:55:05.0986 2340 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
03:55:06.0002 2340 WbioSrvc - ok
03:55:06.0049 2340 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
03:55:06.0064 2340 wcncsvc - ok
03:55:06.0080 2340 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
03:55:06.0080 2340 WcsPlugInService - ok
03:55:06.0127 2340 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
03:55:06.0127 2340 Wd - ok
03:55:06.0174 2340 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
03:55:06.0189 2340 Wdf01000 - ok
03:55:06.0205 2340 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
03:55:06.0205 2340 WdiServiceHost - ok
03:55:06.0220 2340 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
03:55:06.0220 2340 WdiSystemHost - ok
03:55:06.0283 2340 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
03:55:06.0283 2340 WebClient - ok
03:55:06.0330 2340 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
03:55:06.0330 2340 Wecsvc - ok
03:55:06.0361 2340 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
03:55:06.0361 2340 wercplsupport - ok
03:55:06.0376 2340 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
03:55:06.0392 2340 WerSvc - ok
03:55:06.0439 2340 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
03:55:06.0439 2340 WfpLwf - ok
03:55:06.0470 2340 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
03:55:06.0470 2340 WIMMount - ok
03:55:06.0517 2340 WinDefend - ok
03:55:06.0548 2340 WinHttpAutoProxySvc - ok
03:55:06.0595 2340 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
03:55:06.0610 2340 Winmgmt - ok
03:55:06.0704 2340 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
03:55:06.0751 2340 WinRM - ok
03:55:06.0876 2340 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
03:55:06.0876 2340 WinUsb - ok
03:55:06.0938 2340 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
03:55:06.0954 2340 Wlansvc - ok
03:55:06.0969 2340 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
03:55:06.0969 2340 WmiAcpi - ok
03:55:07.0047 2340 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
03:55:07.0047 2340 wmiApSrv - ok
03:55:07.0094 2340 WMPNetworkSvc - ok
03:55:07.0125 2340 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
03:55:07.0125 2340 WPCSvc - ok
03:55:07.0172 2340 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
03:55:07.0172 2340 WPDBusEnum - ok
03:55:07.0203 2340 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
03:55:07.0203 2340 ws2ifsl - ok
03:55:07.0219 2340 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
03:55:07.0234 2340 wscsvc - ok
03:55:07.0250 2340 WSearch - ok
03:55:07.0344 2340 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
03:55:07.0390 2340 wuauserv - ok
03:55:07.0500 2340 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
03:55:07.0500 2340 WudfPf - ok
03:55:07.0531 2340 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
03:55:07.0531 2340 WUDFRd - ok
03:55:07.0593 2340 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
03:55:07.0593 2340 wudfsvc - ok
03:55:07.0640 2340 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
03:55:07.0640 2340 WwanSvc - ok
03:55:07.0780 2340 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
03:55:07.0796 2340 YahooAUService - ok
03:55:07.0827 2340 MBR (0x1B8) (70e629b51c16b3c007730c6ae57144c9) \Device\Harddisk0\DR0
03:55:10.0152 2340 \Device\Harddisk0\DR0 - ok
03:55:10.0183 2340 Boot (0x1200) (5ec99f953836ad8469a755e21620eda4) \Device\Harddisk0\DR0\Partition0
03:55:10.0183 2340 \Device\Harddisk0\DR0\Partition0 - ok
03:55:10.0198 2340 Boot (0x1200) (08db3dd08ee65dbaf354dc8cad63caa5) \Device\Harddisk0\DR0\Partition1
03:55:10.0198 2340 \Device\Harddisk0\DR0\Partition1 - ok
03:55:10.0198 2340 ============================================================
03:55:10.0198 2340 Scan finished
03:55:10.0198 2340 ============================================================
03:55:10.0230 2332 Detected object count: 0
03:55:10.0230 2332 Actual detected object count: 0






aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-13 03:56:03
-----------------------------
03:56:03.722 OS Version: Windows x64 6.1.7601 Service Pack 1
03:56:03.722 Number of processors: 1 586 0x1601
03:56:03.722 ComputerName: TERESA-PC UserName: Teresa
03:56:15.625 Initialize success
03:57:12.445 AVAST engine defs: 12051201
03:57:26.110 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057
03:57:26.110 Disk 0 Vendor: ST350041 CC44 Size: 476940MB BusType: 11
03:57:26.126 Disk 0 MBR read successfully
03:57:26.126 Disk 0 MBR scan
03:57:26.142 Disk 0 unknown MBR code
03:57:26.157 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
03:57:26.173 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024
03:57:26.188 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 463517 MB offset 27469824
03:57:26.204 Disk 0 scanning C:\Windows\system32\drivers
03:57:38.434 Service scanning
03:58:11.670 Modules scanning
03:58:11.810 Disk 0 trace - called modules:
03:58:11.826 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
03:58:11.826 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80031a3410]
03:58:11.826 3 CLASSPNP.SYS[fffff8800199443f] -> nt!IofCallDriver -> [0xfffffa8002f2f7a0]
03:58:11.826 5 ACPI.sys[fffff88000f8b7a1] -> nt!IofCallDriver -> \Device\00000057[0xfffffa8002f2f060]
03:58:14.369 AVAST engine scan C:\Windows
03:58:17.988 AVAST engine scan C:\Windows\system32
04:01:50.791 AVAST engine scan C:\Windows\system32\drivers
04:02:15.252 AVAST engine scan C:\Users\Teresa
04:07:42.852 AVAST engine scan C:\ProgramData
04:10:30.973 Scan finished successfully
04:11:21.143 Disk 0 MBR has been saved successfully to "C:\Users\Teresa\Desktop\MBR.dat"
04:11:21.158 The log file has been saved successfully to "C:\Users\Teresa\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:43 AM

Posted 13 May 2012 - 03:27 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

FireFox::
FF - ProfilePath - c:\users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\78hvw7lr.default\
FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Ohaicomputer

Ohaicomputer
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 13 May 2012 - 05:28 AM

well it restarted and is stuck on a blue screen. I tried startup repair, recovery and last known good configuration to try and boot it.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:43 AM

Posted 13 May 2012 - 11:37 AM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Ohaicomputer

Ohaicomputer
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 13 May 2012 - 05:07 PM

Before I start this process I must say that I do not have a Installation Disk >.<. Should I go ahead with the USB method?


Edit: I have it scanning now and will post log once it is done =)

Edited by Ohaicomputer, 13 May 2012 - 05:30 PM.


#12 Ohaicomputer

Ohaicomputer
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 13 May 2012 - 05:32 PM

Scan result of Farbar Recovery Scan Tool Version: 13-05-2012
Ran by SYSTEM at 13-05-2012 18:29:40
Running from L:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4035152 2011-09-22] (ESET)
HKLM\...\Run: [OOTag] C:\windows\oobeoffer\oobeoffer\ootag.exe [23072 2009-09-27] (Microsoft)
HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3865504 2012-02-07] (Safer-Networking Ltd.)
HKU\Teresa\...\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [574296 2012-03-06] (IObit)
HKU\Teresa\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4786048 2012-05-01] (SUPERAntiSpyware.com)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) ======

3 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [913752 2012-03-14] (IObit)
2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [974944 2011-09-22] (ESET)
2 FTSvc; "C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe" [14336 2012-04-23] (Brand Affinity Technologies)
2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
3 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [935208 2009-08-25] (Nero AG)
2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1181104 2012-02-07] (Safer-Networking Ltd.)
2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1185704 2012-02-07] (Safer-Networking Ltd.)
2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [166528 2012-02-07] (Safer-Networking Ltd.)
2 SetupARService; "C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe" [24576 2011-05-24] (Realtek Semiconductor.)
2 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe [386424 2010-02-24] (SupportSoft, Inc.)
2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [240160 2009-07-03] (Acer)
4 AVP; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" -r [x]

========================== Drivers (Whitelisted) =============

2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [202576 2011-08-09] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [146432 2011-08-04] (ESET)
2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [137144 2011-08-04] (ESET)
3 JLTECH0227; C:\Windows\System32\Drivers\jl2005c.sys [79792 2008-01-15] (Windows ® Codename Longhorn DDK provider)
1 kl1; C:\Windows\System32\Drivers\kl1.sys [157712 2009-09-01] (Kaspersky Lab)
0 KLBG; C:\Windows\System32\Drivers\KLBG.sys [40464 2009-10-14] (Kaspersky Lab)
1 KLIF; C:\Windows\System32\Drivers\KLIF.sys [353296 2010-06-29] (Kaspersky Lab)
1 KLIM6; C:\Windows\System32\Drivers\KLIM6.sys [27152 2009-09-14] (Kaspersky Lab)
3 klmouflt; C:\Windows\System32\Drivers\klmouflt.sys [21008 2009-10-02] (Kaspersky Lab)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [x]
3 MBAMProtector; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-05-13 18:29 - 2012-05-13 18:29 - 0000000 ____D C:\FRST
2012-05-13 00:11 - 2012-05-13 00:11 - 0001991 ____A C:\Users\Teresa\Desktop\aswMBR.txt
2012-05-13 00:11 - 2012-05-13 00:11 - 0000512 ____A C:\Users\Teresa\Desktop\MBR.dat
2012-05-12 23:54 - 2012-05-12 23:56 - 0122774 ____A C:\TDSSKiller.2.7.34.0_13.05.2012_03.54.33_log.txt
2012-05-12 17:04 - 2012-05-12 17:04 - 0020823 ____A C:\ComboFix.txt
2012-05-12 16:42 - 2012-05-12 16:42 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-05-12 16:42 - 2012-05-12 16:42 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-05-12 16:42 - 2012-05-12 16:42 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-05-12 16:42 - 2012-05-12 16:42 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-05-12 16:42 - 2012-05-12 16:42 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-05-12 16:42 - 2012-05-12 16:42 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-05-12 16:42 - 2012-05-12 16:42 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-05-12 16:42 - 2012-05-12 16:42 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-05-12 16:42 - 2012-05-12 16:42 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-05-12 16:42 - 2012-05-12 16:42 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-05-12 15:53 - 2012-05-12 17:05 - 0000000 ____D C:\ComboFix
2012-05-12 15:52 - 2012-05-12 17:05 - 0000000 ____D C:\Qoobox
2012-05-12 15:50 - 2012-05-12 15:50 - 0000846 ____A C:\Users\Teresa\Desktop\checkup.txt
2012-05-12 03:15 - 2012-05-12 03:15 - 0196877 ____A C:\Users\Teresa\Downloads\diannazatz.png
2012-05-11 19:55 - 2012-05-13 00:19 - 0103630 ____A C:\Users\Teresa\AppData\Roaming\Safer-Networking.log
2012-05-11 17:36 - 2012-05-11 17:36 - 0005312 ____A C:\Users\Teresa\Desktop\Attach.zip
2012-05-11 17:35 - 2012-05-13 04:28 - 0000000 ____D C:\Program Files (x86)\7-Zip
2012-05-11 17:12 - 2012-05-11 17:12 - 0000474 ____A C:\Users\Teresa\Desktop\defogger_disable.log
2012-05-11 12:34 - 2012-05-11 12:36 - 0002913 ____A C:\Users\Teresa\Desktop\Result.txt
2012-05-11 08:14 - 2010-12-31 21:14 - 0002254 ____A C:\Users\Teresa\Desktop\eula.txt
2012-05-11 08:13 - 2012-05-11 08:13 - 2055783 ____A C:\Users\Teresa\Desktop\tdsskiller.zip
2012-05-11 07:40 - 2012-05-11 18:23 - 0000000 ____D C:\Users\Teresa\Desktop\Computer Logs
2012-05-11 00:31 - 2012-05-13 04:48 - 0000000 ____D C:\Users\Teresa\Downloads\PSE2.7
2012-05-09 17:39 - 2011-09-19 23:02 - 0083968 ____A (Esage Lab) C:\Users\Teresa\Desktop\boot_cleaner.exe
2012-05-09 15:55 - 2012-05-09 15:54 - 0302592 ____A C:\Users\Teresa\Desktop\83ngik8m.exe
2012-05-09 15:54 - 2012-05-09 15:54 - 0044607 ____A C:\Users\Teresa\Desktop\bootkit_remover.zip
2012-05-09 15:31 - 2012-05-09 15:32 - 4731392 ____A (AVAST Software) C:\Users\Teresa\Desktop\aswMBR.exe
2012-05-09 15:24 - 2012-05-09 15:24 - 0869194 ____A C:\Users\Teresa\Desktop\SecurityCheck.exe
2012-05-09 14:07 - 2012-05-09 14:07 - 0001817 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-05-09 14:07 - 2012-05-09 14:07 - 0000000 ____D C:\Users\Teresa\AppData\Roaming\SUPERAntiSpyware.com
2012-05-09 14:07 - 2012-05-09 14:07 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-05-09 14:07 - 2012-05-09 14:07 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-05-09 14:07 - 2012-05-09 14:07 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-05-09 12:27 - 2012-05-09 12:27 - 0030652 ____A C:\Windows\ntbtlog.txt
2012-05-09 12:23 - 2012-05-11 00:47 - 0789934 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-05-09 12:22 - 2012-05-13 04:48 - 0000000 ____D C:\32788R22FWJFW
2012-05-09 12:21 - 2012-05-09 12:21 - 0000000 ____D C:\5a3964d3662297e8c9a570
2012-05-09 12:13 - 2012-05-09 12:15 - 0000361 ____A C:\rkill.log
2012-05-09 12:04 - 2012-05-13 04:48 - 0000000 ____D C:\Program Files (x86)\Brand Affinity Technologies
2012-05-09 11:54 - 2012-05-09 11:54 - 0015412 ____A C:\Windows\PFRO.log
2012-05-09 02:35 - 2012-05-10 23:20 - 0000952 ____A C:\Windows\setupact.log
2012-05-09 02:35 - 2012-05-09 02:35 - 0000000 ____A C:\Windows\setuperr.log
2012-05-08 20:34 - 2012-05-08 20:34 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-08 20:34 - 2012-05-08 20:34 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-08 20:34 - 2012-05-08 20:34 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-08 20:34 - 2012-05-08 20:34 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-08 20:31 - 2012-05-08 20:31 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-08 20:31 - 2012-05-08 20:31 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-08 20:16 - 2012-05-08 20:16 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-08 20:16 - 2012-05-08 20:16 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-08 18:55 - 2012-05-09 13:45 - 0000129 ____A C:\Users\Teresa\Documents\lol.txt
2012-05-08 15:12 - 2012-05-02 06:00 - 2075184 ____A (Kaspersky Lab ZAO) C:\Users\Teresa\Desktop\TDSSKiller.exe
2012-05-08 13:56 - 2012-05-08 13:56 - 0000000 ____D C:\Users\Teresa\AppData\Local\ESET
2012-05-08 13:29 - 2012-05-08 13:29 - 0000000 ____D C:\Users\All Users\ESET
2012-05-08 13:29 - 2012-05-08 13:29 - 0000000 ____D C:\ProgramData\ESET
2012-05-08 13:29 - 2012-05-08 13:29 - 0000000 ____D C:\Program Files\ESET
2012-05-08 13:23 - 2012-05-08 13:23 - 0000000 ____D C:\Users\Teresa\AppData\Roaming\QuickScan
2012-05-08 12:26 - 2012-05-08 20:33 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-05-08 12:26 - 2012-05-08 20:33 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-05-08 12:26 - 2012-05-08 12:26 - 0002138 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2012-05-08 12:26 - 2012-05-08 12:26 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-05-08 12:26 - 2009-01-25 08:14 - 0017272 ____A (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
2012-05-07 06:06 - 2012-05-11 00:51 - 0799607 ____A C:\Windows\WindowsUpdate.log
2012-05-06 15:06 - 2012-05-06 15:06 - 0446464 ____A (OldTimer Tools) C:\Users\Teresa\Desktop\TFC.exe
2012-05-06 14:56 - 2012-05-13 04:48 - 0000000 __SHD C:\$RECYCLE.BIN
2012-05-06 12:35 - 2012-05-06 12:35 - 0000000 ____A C:\Users\Teresa\defogger_reenable
2012-05-04 14:43 - 2012-05-04 14:43 - 0001074 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-04 14:02 - 2012-05-04 14:02 - 0000000 ____D C:\Windows\CheckSur
2012-05-04 13:28 - 2012-05-04 13:28 - 0000000 ____D C:\Users\Teresa\AppData\Roaming\Yahoo!
2012-05-04 13:11 - 2012-05-04 13:11 - 14173184 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-05-04 13:11 - 2012-05-04 13:11 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-05-04 12:53 - 2012-05-04 12:53 - 66547712 ____A C:\Windows\System32\config\software.iobit
2012-05-04 12:53 - 2012-05-04 12:53 - 36036608 ____A C:\Windows\System32\config\components.iobit
2012-05-04 12:53 - 2012-05-04 12:53 - 15433728 ____A C:\Windows\System32\config\system.iobit
2012-05-04 12:53 - 2012-05-04 12:53 - 0258048 ____A C:\Windows\System32\config\default.iobit
2012-05-04 12:53 - 2012-05-04 12:53 - 0061440 ____A C:\Windows\System32\config\sam.iobit
2012-05-04 12:53 - 2012-05-04 12:53 - 0024576 ____A C:\Windows\System32\config\security.iobit
2012-05-02 12:07 - 2012-02-29 22:46 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-05-02 12:07 - 2012-02-29 22:38 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-05-02 12:07 - 2012-02-29 22:33 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-05-02 12:07 - 2012-02-29 22:28 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-05-02 12:07 - 2012-02-29 21:37 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-05-02 12:07 - 2012-02-29 21:33 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-05-02 12:07 - 2012-02-29 21:29 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-05-01 17:47 - 2012-02-27 23:34 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-01 17:47 - 2012-02-27 23:02 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-01 17:47 - 2012-02-27 22:56 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-01 17:47 - 2012-02-27 22:50 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-01 17:47 - 2012-02-27 22:49 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-01 17:47 - 2012-02-27 22:48 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-01 17:47 - 2012-02-27 22:48 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-01 17:47 - 2012-02-27 22:47 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-01 17:47 - 2012-02-27 22:45 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-01 17:47 - 2012-02-27 22:43 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-01 17:47 - 2012-02-27 22:43 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-01 17:47 - 2012-02-27 22:42 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-01 17:47 - 2012-02-27 22:39 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-01 17:47 - 2012-02-27 17:52 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-01 17:47 - 2012-02-27 17:27 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-01 17:47 - 2012-02-27 17:18 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-01 17:47 - 2012-02-27 17:12 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-01 17:47 - 2012-02-27 17:11 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-01 17:47 - 2012-02-27 17:11 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-01 17:47 - 2012-02-27 17:09 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-01 17:47 - 2012-02-27 17:08 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-01 17:47 - 2012-02-27 17:06 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-01 17:47 - 2012-02-27 17:04 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-01 17:47 - 2012-02-27 17:03 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-01 17:47 - 2012-02-27 17:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-01 17:47 - 2012-02-27 16:59 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-01 07:43 - 2011-11-16 22:49 - 0152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-05-01 07:43 - 2011-11-16 22:49 - 0095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-05-01 07:43 - 2011-11-16 22:44 - 0459232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-05-01 07:43 - 2011-11-16 22:35 - 1447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-05-01 07:43 - 2011-11-16 22:35 - 0395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-05-01 07:43 - 2011-11-16 22:35 - 0340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-05-01 07:43 - 2011-11-16 22:35 - 0136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-05-01 07:43 - 2011-11-16 22:35 - 0029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-05-01 07:43 - 2011-11-16 22:35 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-05-01 07:43 - 2011-11-16 22:33 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-05-01 07:43 - 2011-11-16 21:35 - 0314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2012-05-01 07:43 - 2011-11-16 21:34 - 0224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-05-01 07:43 - 2011-11-16 21:34 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-05-01 07:43 - 2011-11-16 21:28 - 0096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-01 07:43 - 2011-10-25 21:25 - 1572864 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-05-01 07:43 - 2011-10-25 21:25 - 0366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-05-01 07:43 - 2011-10-25 20:32 - 1328128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2012-05-01 07:43 - 2011-10-25 20:32 - 0514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-05-01 07:41 - 2011-12-29 22:26 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-05-01 07:41 - 2011-12-29 21:27 - 0478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2012-05-01 07:41 - 2011-12-27 19:59 - 0498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-05-01 07:41 - 2011-12-16 00:46 - 0634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-05-01 07:41 - 2011-12-15 23:52 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-05-01 07:41 - 2011-10-25 21:21 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2012-05-01 07:41 - 2011-10-14 22:31 - 0723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2012-05-01 07:41 - 2011-10-14 21:38 - 0534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2012-05-01 07:40 - 2011-11-04 21:32 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-05-01 07:40 - 2011-11-04 20:26 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-05-01 07:39 - 2011-11-19 06:58 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-05-01 07:39 - 2011-11-19 06:01 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2012-05-01 07:39 - 2011-11-16 22:41 - 1731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-05-01 07:39 - 2011-11-16 21:38 - 1292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2012-05-01 07:22 - 2012-01-24 22:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-05-01 07:22 - 2012-01-24 22:38 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-05-01 07:22 - 2012-01-24 22:33 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-05-01 07:16 - 2012-02-16 22:38 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-05-01 07:16 - 2012-02-16 21:34 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-05-01 07:16 - 2012-02-16 20:58 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-05-01 07:16 - 2012-02-16 20:57 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-04-28 16:13 - 2012-04-28 16:13 - 0613888 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2012-04-28 16:13 - 2012-04-28 16:13 - 0465408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2012-04-28 16:13 - 2012-04-28 16:13 - 0108032 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2012-04-28 16:13 - 2012-04-28 16:13 - 0075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2012-04-28 16:12 - 2012-04-28 16:12 - 0861696 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2012-04-28 16:12 - 2012-04-28 16:12 - 0571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2012-04-28 16:12 - 2012-04-28 16:12 - 0331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2012-04-28 16:12 - 2012-04-28 16:12 - 0233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2012-04-28 15:48 - 2012-04-28 15:48 - 0319488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2012-04-28 15:48 - 2012-04-28 15:48 - 0212992 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll
2012-04-28 15:48 - 2012-04-28 15:48 - 0199680 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2012-04-28 15:48 - 2012-04-28 15:48 - 0180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2012-04-28 15:48 - 2012-04-28 15:48 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2012-04-28 15:48 - 2012-04-28 15:48 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll
2012-04-28 15:48 - 2012-04-28 15:48 - 0122880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2012-04-28 15:48 - 2012-04-28 15:48 - 0106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll
2012-04-28 15:48 - 2012-04-28 15:48 - 0106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll
2012-04-28 15:48 - 2012-04-28 15:48 - 0086016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2012-04-28 15:48 - 2012-04-28 15:48 - 0081920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 1162752 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 1114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0421888 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-04-28 15:47 - 2012-04-28 15:47 - 0288768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2012-04-28 15:47 - 2012-04-28 15:47 - 0272384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0214528 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0158208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2012-04-28 15:47 - 2012-04-28 15:47 - 0128000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2012-04-28 15:47 - 2012-04-28 15:47 - 0025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-04-28 15:47 - 2012-04-28 15:47 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-04-28 15:47 - 2012-04-28 15:47 - 0006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-04-28 15:46 - 2012-04-28 15:46 - 2315776 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2012-04-28 15:46 - 2012-04-28 15:46 - 2223616 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2012-04-28 15:46 - 2012-04-28 15:46 - 1549312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2012-04-28 15:46 - 2012-04-28 15:46 - 1401344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2012-04-28 15:46 - 2012-04-28 15:46 - 0778752 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2012-04-28 15:46 - 2012-04-28 15:46 - 0666624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2012-04-28 15:46 - 2012-04-28 15:46 - 0591872 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2012-04-28 15:46 - 2012-04-28 15:46 - 0491520 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2012-04-28 15:46 - 2012-04-28 15:46 - 0427520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2012-04-28 15:46 - 2012-04-28 15:46 - 0404480 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
2012-04-28 15:46 - 2012-04-28 15:46 - 0337408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2012-04-28 15:46 - 2012-04-28 15:46 - 0288256 ____A (Microsoft Corporation) C:\Windows\System32\mssphtb.dll
2012-04-28 15:46 - 2012-04-28 15:46 - 0252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2012-04-28 15:46 - 2012-04-28 15:46 - 0249856 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2012-04-28 15:46 - 2012-04-28 15:46 - 0197120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2012-04-28 15:46 - 2012-04-28 15:46 - 0164352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2012-04-28 15:46 - 2012-04-28 15:46 - 0145920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2012-04-28 15:46 - 2012-04-28 15:46 - 0113664 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2012-04-28 15:46 - 2012-04-28 15:46 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2012-04-28 15:46 - 2012-04-28 15:46 - 0075264 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2012-04-28 15:46 - 2012-04-28 15:46 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2012-04-28 15:46 - 2012-04-28 15:46 - 0059392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2012-04-28 15:46 - 2012-04-28 15:46 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2012-04-28 15:45 - 2012-04-28 15:45 - 0467456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2012-04-28 15:45 - 2012-04-28 15:45 - 0410112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2012-04-28 15:45 - 2012-04-28 15:45 - 0168448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2012-04-28 15:43 - 2012-04-28 15:43 - 0976896 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2012-04-28 15:43 - 2012-04-28 15:43 - 0741376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2012-04-28 15:42 - 2012-02-23 10:24 - 0024408 ____A (IObit) C:\Windows\System32\RegistryDefragBootTime.exe
2012-04-23 13:21 - 2012-04-23 13:21 - 0770384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2012-04-23 13:21 - 2012-04-23 13:21 - 0421200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2012-04-23 13:21 - 2012-04-23 13:21 - 0138056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\atl100.dll
2012-04-23 09:30 - 2012-04-23 09:30 - 0000000 ____D C:\Users\Teresa\AppData\Local\Facebook
2012-04-19 09:27 - 2012-04-19 09:27 - 0022528 ____A C:\Users\Teresa\Documents\Clyde12.doc
2012-04-17 15:44 - 2012-04-17 15:44 - 0001237 ____A C:\Users\Public\Desktop\Uninstaller.lnk
2012-04-17 15:44 - 2012-04-17 15:44 - 0001186 ____A C:\Users\Public\Desktop\Advanced SystemCare 5.lnk

============ 3 Months Modified Files and Folders =============

2012-05-13 18:29 - 2012-05-13 18:29 - 0000000 ____D C:\FRST
2012-05-13 04:48 - 2012-05-11 00:31 - 0000000 ____D C:\Users\Teresa\Downloads\PSE2.7
2012-05-13 04:48 - 2012-05-09 12:22 - 0000000 ____D C:\32788R22FWJFW
2012-05-13 04:48 - 2012-05-09 12:04 - 0000000 ____D C:\Program Files (x86)\Brand Affinity Technologies
2012-05-13 04:48 - 2012-05-06 14:56 - 0000000 __SHD C:\$RECYCLE.BIN
2012-05-13 04:48 - 2011-05-24 10:19 - 0000000 ____D C:\Windows\ERDNT
2012-05-13 04:48 - 2010-04-29 08:58 - 0000000 ____D C:\users\Teresa
2012-05-13 04:48 - 2009-10-29 04:50 - 0000000 ____D C:\Users\All Users\OEM
2012-05-13 04:48 - 2009-10-29 04:50 - 0000000 ____D C:\ProgramData\OEM
2012-05-13 04:48 - 2009-10-29 04:33 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-13 04:48 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-05-13 04:48 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-05-13 04:48 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-05-13 04:28 - 2012-05-11 17:35 - 0000000 ____D C:\Program Files (x86)\7-Zip
2012-05-13 00:19 - 2012-05-11 19:55 - 0103630 ____A C:\Users\Teresa\AppData\Roaming\Safer-Networking.log
2012-05-13 00:11 - 2012-05-13 00:11 - 0001991 ____A C:\Users\Teresa\Desktop\aswMBR.txt
2012-05-13 00:11 - 2012-05-13 00:11 - 0000512 ____A C:\Users\Teresa\Desktop\MBR.dat
2012-05-12 23:56 - 2012-05-12 23:54 - 0122774 ____A C:\TDSSKiller.2.7.34.0_13.05.2012_03.54.33_log.txt
2012-05-12 23:52 - 2010-03-17 18:27 - 2213990400 __ASH C:\hiberfil.sys
2012-05-12 17:05 - 2012-05-12 15:53 - 0000000 ____D C:\ComboFix
2012-05-12 17:05 - 2012-05-12 15:52 - 0000000 ____D C:\Qoobox
2012-05-12 17:04 - 2012-05-12 17:04 - 0020823 ____A C:\ComboFix.txt
2012-05-12 16:42 - 2012-05-12 16:42 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-05-12 16:42 - 2012-05-12 16:42 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-05-12 16:42 - 2012-05-12 16:42 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-05-12 16:42 - 2012-05-12 16:42 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-05-12 16:42 - 2012-05-12 16:42 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-05-12 16:42 - 2012-05-12 16:42 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-05-12 16:42 - 2012-05-12 16:42 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-05-12 16:42 - 2012-05-12 16:42 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-05-12 16:42 - 2012-05-12 16:42 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-05-12 16:42 - 2012-05-12 16:42 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-05-12 16:42 - 2009-07-13 18:34 - 66846720 ____A C:\Windows\System32\config\software.bak
2012-05-12 16:42 - 2009-07-13 18:34 - 15728640 ____A C:\Windows\System32\config\system.bak
2012-05-12 16:42 - 2009-07-13 18:34 - 0258048 ____A C:\Windows\System32\config\default.bak
2012-05-12 16:42 - 2009-07-13 18:34 - 0061440 ____A C:\Windows\System32\config\sam.bak
2012-05-12 16:42 - 2009-07-13 18:34 - 0024576 ____A C:\Windows\System32\config\security.bak
2012-05-12 15:50 - 2012-05-12 15:50 - 0000846 ____A C:\Users\Teresa\Desktop\checkup.txt
2012-05-12 03:15 - 2012-05-12 03:15 - 0196877 ____A C:\Users\Teresa\Downloads\diannazatz.png
2012-05-11 18:23 - 2012-05-11 07:40 - 0000000 ____D C:\Users\Teresa\Desktop\Computer Logs
2012-05-11 17:36 - 2012-05-11 17:36 - 0005312 ____A C:\Users\Teresa\Desktop\Attach.zip
2012-05-11 17:12 - 2012-05-11 17:12 - 0000474 ____A C:\Users\Teresa\Desktop\defogger_disable.log
2012-05-11 12:36 - 2012-05-11 12:34 - 0002913 ____A C:\Users\Teresa\Desktop\Result.txt
2012-05-11 08:13 - 2012-05-11 08:13 - 2055783 ____A C:\Users\Teresa\Desktop\tdsskiller.zip
2012-05-11 00:51 - 2012-05-07 06:06 - 0799607 ____A C:\Windows\WindowsUpdate.log
2012-05-11 00:48 - 2010-04-29 17:20 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-11 00:47 - 2012-05-09 12:23 - 0789934 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-05-11 00:47 - 2009-07-13 21:13 - 0789934 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-11 00:02 - 2010-04-29 09:22 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-05-10 23:25 - 2009-07-13 20:45 - 0009920 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-10 23:25 - 2009-07-13 20:45 - 0009920 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-10 23:20 - 2012-05-09 02:35 - 0000952 ____A C:\Windows\setupact.log
2012-05-10 23:20 - 2010-04-29 09:22 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-05-10 23:19 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-09 20:30 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-05-09 15:54 - 2012-05-09 15:55 - 0302592 ____A C:\Users\Teresa\Desktop\83ngik8m.exe
2012-05-09 15:54 - 2012-05-09 15:54 - 0044607 ____A C:\Users\Teresa\Desktop\bootkit_remover.zip
2012-05-09 15:51 - 2011-05-28 11:22 - 0000000 ____D C:\Users\Teresa\AppData\Local\ElevatedDiagnostics
2012-05-09 15:32 - 2012-05-09 15:31 - 4731392 ____A (AVAST Software) C:\Users\Teresa\Desktop\aswMBR.exe
2012-05-09 15:25 - 2010-04-29 09:21 - 0000000 ____D C:\Program Files (x86)\IObit
2012-05-09 15:24 - 2012-05-09 15:24 - 0869194 ____A C:\Users\Teresa\Desktop\SecurityCheck.exe
2012-05-09 14:07 - 2012-05-09 14:07 - 0001817 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-05-09 14:07 - 2012-05-09 14:07 - 0000000 ____D C:\Users\Teresa\AppData\Roaming\SUPERAntiSpyware.com
2012-05-09 14:07 - 2012-05-09 14:07 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-05-09 14:07 - 2012-05-09 14:07 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-05-09 14:07 - 2012-05-09 14:07 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-05-09 13:45 - 2012-05-08 18:55 - 0000129 ____A C:\Users\Teresa\Documents\lol.txt
2012-05-09 12:27 - 2012-05-09 12:27 - 0030652 ____A C:\Windows\ntbtlog.txt
2012-05-09 12:21 - 2012-05-09 12:21 - 0000000 ____D C:\5a3964d3662297e8c9a570
2012-05-09 12:15 - 2012-05-09 12:13 - 0000361 ____A C:\rkill.log
2012-05-09 11:55 - 2009-07-13 20:45 - 0467336 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-09 11:54 - 2012-05-09 11:54 - 0015412 ____A C:\Windows\PFRO.log
2012-05-09 11:52 - 2009-07-13 23:45 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-09 02:35 - 2012-05-09 02:35 - 0000000 ____A C:\Windows\setuperr.log
2012-05-08 22:06 - 2011-01-10 16:59 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-05-08 20:39 - 2011-05-26 17:08 - 0000000 ____D C:\Program Files (x86)\iCare Data Recovery
2012-05-08 20:34 - 2012-05-08 20:34 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-08 20:34 - 2012-05-08 20:34 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-08 20:34 - 2012-05-08 20:34 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-08 20:34 - 2012-05-08 20:34 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-08 20:33 - 2012-05-08 12:26 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-05-08 20:33 - 2012-05-08 12:26 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-05-08 20:31 - 2012-05-08 20:31 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-08 20:31 - 2012-05-08 20:31 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-08 20:16 - 2012-05-08 20:16 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-08 20:16 - 2012-05-08 20:16 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-08 13:56 - 2012-05-08 13:56 - 0000000 ____D C:\Users\Teresa\AppData\Local\ESET
2012-05-08 13:56 - 2011-05-28 11:45 - 0000000 ____D C:\Program Files (x86)\Yontoo Layers
2012-05-08 13:29 - 2012-05-08 13:29 - 0000000 ____D C:\Users\All Users\ESET
2012-05-08 13:29 - 2012-05-08 13:29 - 0000000 ____D C:\ProgramData\ESET
2012-05-08 13:29 - 2012-05-08 13:29 - 0000000 ____D C:\Program Files\ESET
2012-05-08 13:23 - 2012-05-08 13:23 - 0000000 ____D C:\Users\Teresa\AppData\Roaming\QuickScan
2012-05-08 13:06 - 2010-05-03 15:13 - 0000431 ____A C:\Windows\wininit.ini
2012-05-08 12:26 - 2012-05-08 12:26 - 0002138 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2012-05-08 12:26 - 2012-05-08 12:26 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-05-08 08:13 - 2010-04-29 08:57 - 0000000 ____D C:\Recovery
2012-05-06 15:06 - 2012-05-06 15:06 - 0446464 ____A (OldTimer Tools) C:\Users\Teresa\Desktop\TFC.exe
2012-05-06 13:28 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-05-06 13:27 - 2009-07-13 18:34 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-05-06 12:35 - 2012-05-06 12:35 - 0000000 ____A C:\Users\Teresa\defogger_reenable
2012-05-04 14:43 - 2012-05-04 14:43 - 0001074 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-04 14:43 - 2010-12-22 19:35 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-04 14:31 - 2010-04-29 09:01 - 0000174 ___SH C:\Users\Teresa\Start Menu\Programs\Startup\desktop.ini
2012-05-04 14:31 - 2010-04-29 09:01 - 0000174 ___SH C:\Users\Teresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-05-04 14:30 - 2010-05-03 15:10 - 0000000 ____D C:\Program Files (x86)\Yahoo!
2012-05-04 14:02 - 2012-05-04 14:02 - 0000000 ____D C:\Windows\CheckSur
2012-05-04 13:56 - 2011-05-28 11:18 - 0000000 ____D C:\Program Files (x86)\Ask.com
2012-05-04 13:55 - 2011-06-09 15:24 - 0000000 ____D C:\Program Files (x86)\WildGames
2012-05-04 13:28 - 2012-05-04 13:28 - 0000000 ____D C:\Users\Teresa\AppData\Roaming\Yahoo!
2012-05-04 13:23 - 2010-04-29 08:58 - 0000000 ____D C:\Users\Teresa\AppData\LocalLow
2012-05-04 13:23 - 2009-10-29 04:18 - 0000000 ____D C:\Users\All Users\WildTangent
2012-05-04 13:23 - 2009-10-29 04:18 - 0000000 ____D C:\ProgramData\WildTangent
2012-05-04 13:11 - 2012-05-04 13:11 - 14173184 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-05-04 13:11 - 2012-05-04 13:11 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-05-04 13:06 - 2011-05-23 13:31 - 0000000 ___HD C:\Users\Teresa\AppData\Roaming\Sammsoft
2012-05-04 13:03 - 2010-04-29 09:21 - 0000000 ____D C:\Users\Teresa\AppData\Roaming\IObit
2012-05-04 12:53 - 2012-05-04 12:53 - 66547712 ____A C:\Windows\System32\config\software.iobit
2012-05-04 12:53 - 2012-05-04 12:53 - 36036608 ____A C:\Windows\System32\config\components.iobit
2012-05-04 12:53 - 2012-05-04 12:53 - 15433728 ____A C:\Windows\System32\config\system.iobit
2012-05-04 12:53 - 2012-05-04 12:53 - 0258048 ____A C:\Windows\System32\config\default.iobit
2012-05-04 12:53 - 2012-05-04 12:53 - 0061440 ____A C:\Windows\System32\config\sam.iobit
2012-05-04 12:53 - 2012-05-04 12:53 - 0024576 ____A C:\Windows\System32\config\security.iobit
2012-05-03 17:54 - 2009-10-29 04:25 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-03 17:54 - 2009-10-29 04:25 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-05-03 09:04 - 2011-12-08 17:20 - 0002305 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-05-02 08:09 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-05-02 07:07 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-05-02 06:00 - 2012-05-08 15:12 - 2075184 ____A (Kaspersky Lab ZAO) C:\Users\Teresa\Desktop\TDSSKiller.exe
2012-05-01 07:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-28 16:13 - 2012-04-28 16:13 - 0613888 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2012-04-28 16:13 - 2012-04-28 16:13 - 0465408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2012-04-28 16:13 - 2012-04-28 16:13 - 0108032 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2012-04-28 16:13 - 2012-04-28 16:13 - 0075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2012-04-28 16:12 - 2012-04-28 16:12 - 0861696 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2012-04-28 16:12 - 2012-04-28 16:12 - 0571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2012-04-28 16:12 - 2012-04-28 16:12 - 0331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2012-04-28 16:12 - 2012-04-28 16:12 - 0233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2012-04-28 15:48 - 2012-04-28 15:48 - 0319488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2012-04-28 15:48 - 2012-04-28 15:48 - 0212992 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll
2012-04-28 15:48 - 2012-04-28 15:48 - 0199680 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2012-04-28 15:48 - 2012-04-28 15:48 - 0180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2012-04-28 15:48 - 2012-04-28 15:48 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2012-04-28 15:48 - 2012-04-28 15:48 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll
2012-04-28 15:48 - 2012-04-28 15:48 - 0122880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2012-04-28 15:48 - 2012-04-28 15:48 - 0106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll
2012-04-28 15:48 - 2012-04-28 15:48 - 0106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll
2012-04-28 15:48 - 2012-04-28 15:48 - 0086016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2012-04-28 15:48 - 2012-04-28 15:48 - 0081920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 1162752 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 1114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0421888 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-04-28 15:47 - 2012-04-28 15:47 - 0288768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2012-04-28 15:47 - 2012-04-28 15:47 - 0272384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0214528 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0158208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2012-04-28 15:47 - 2012-04-28 15:47 - 0128000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2012-04-28 15:47 - 2012-04-28 15:47 - 0025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-04-28 15:47 - 2012-04-28 15:47 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-04-28 15:47 - 2012-04-28 15:47 - 0006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-04-28 15:47 - 2012-04-28 15:47 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-04-28 15:46 - 2012-04-28 15:46 - 2315776 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2012-04-28 15:46 - 2012-04-28 15:46 - 2223616 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2012-04-28 15:46 - 2012-04-28 15:46 - 1549312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2012-04-28 15:46 - 2012-04-28 15:46 - 1401344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2012-04-28 15:46 - 2012-04-28 15:46 - 0778752 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2012-04-28 15:46 - 2012-04-28 15:46 - 0666624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2012-04-28 15:46 - 2012-04-28 15:46 - 0591872 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2012-04-28 15:46 - 2012-04-28 15:46 - 0491520 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2012-04-28 15:46 - 2012-04-28 15:46 - 0427520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2012-04-28 15:46 - 2012-04-28 15:46 - 0404480 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
2012-04-28 15:46 - 2012-04-28 15:46 - 0337408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2012-04-28 15:46 - 2012-04-28 15:46 - 0288256 ____A (Microsoft Corporation) C:\Windows\System32\mssphtb.dll
2012-04-28 15:46 - 2012-04-28 15:46 - 0252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2012-04-28 15:46 - 2012-04-28 15:46 - 0249856 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2012-04-28 15:46 - 2012-04-28 15:46 - 0197120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2012-04-28 15:46 - 2012-04-28 15:46 - 0164352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2012-04-28 15:46 - 2012-04-28 15:46 - 0145920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2012-04-28 15:46 - 2012-04-28 15:46 - 0113664 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2012-04-28 15:46 - 2012-04-28 15:46 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2012-04-28 15:46 - 2012-04-28 15:46 - 0075264 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2012-04-28 15:46 - 2012-04-28 15:46 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2012-04-28 15:46 - 2012-04-28 15:46 - 0059392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2012-04-28 15:46 - 2012-04-28 15:46 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2012-04-28 15:45 - 2012-04-28 15:45 - 0467456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2012-04-28 15:45 - 2012-04-28 15:45 - 0410112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2012-04-28 15:45 - 2012-04-28 15:45 - 0168448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2012-04-28 15:43 - 2012-04-28 15:43 - 0976896 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2012-04-28 15:43 - 2012-04-28 15:43 - 0741376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2012-04-23 13:21 - 2012-04-23 13:21 - 0770384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2012-04-23 13:21 - 2012-04-23 13:21 - 0421200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2012-04-23 13:21 - 2012-04-23 13:21 - 0138056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\atl100.dll
2012-04-23 09:30 - 2012-04-23 09:30 - 0000000 ____D C:\Users\Teresa\AppData\Local\Facebook
2012-04-19 09:27 - 2012-04-19 09:27 - 0022528 ____A C:\Users\Teresa\Documents\Clyde12.doc
2012-04-17 15:44 - 2012-04-17 15:44 - 0001237 ____A C:\Users\Public\Desktop\Uninstaller.lnk
2012-04-17 15:44 - 2012-04-17 15:44 - 0001186 ____A C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
2012-04-17 15:44 - 2010-06-10 08:51 - 0000000 ___HD C:\Users\All Users\IObit
2012-04-17 15:44 - 2010-06-10 08:51 - 0000000 ___HD C:\ProgramData\IObit
2012-04-02 17:53 - 2012-04-02 17:53 - 0111616 ____A C:\Users\Teresa\Documents\Planting a vegetable garden is not hard.doc
2012-02-29 22:46 - 2012-05-02 12:07 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:38 - 2012-05-02 12:07 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 22:33 - 2012-05-02 12:07 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 22:28 - 2012-05-02 12:07 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 21:37 - 2012-05-02 12:07 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 21:33 - 2012-05-02 12:07 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:29 - 2012-05-02 12:07 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-27 23:34 - 2012-05-01 17:47 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 23:02 - 2012-05-01 17:47 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 22:56 - 2012-05-01 17:47 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 22:50 - 2012-05-01 17:47 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 22:49 - 2012-05-01 17:47 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 22:48 - 2012-05-01 17:47 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 22:48 - 2012-05-01 17:47 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 22:47 - 2012-05-01 17:47 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 22:45 - 2012-05-01 17:47 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 22:43 - 2012-05-01 17:47 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 22:43 - 2012-05-01 17:47 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 22:42 - 2012-05-01 17:47 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 22:39 - 2012-05-01 17:47 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 17:52 - 2012-05-01 17:47 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 17:27 - 2012-05-01 17:47 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 17:18 - 2012-05-01 17:47 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 17:12 - 2012-05-01 17:47 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 17:11 - 2012-05-01 17:47 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 17:11 - 2012-05-01 17:47 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 17:09 - 2012-05-01 17:47 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 17:08 - 2012-05-01 17:47 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 17:06 - 2012-05-01 17:47 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 17:04 - 2012-05-01 17:47 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 17:03 - 2012-05-01 17:47 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 17:03 - 2012-05-01 17:47 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 16:59 - 2012-05-01 17:47 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-23 10:24 - 2012-04-28 15:42 - 0024408 ____A (IObit) C:\Windows\System32\RegistryDefragBootTime.exe
2012-02-23 06:18 - 2010-06-29 05:58 - 0279656 ____A (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-19 20:24 - 2012-02-19 20:24 - 0000000 ____D C:\587dce01af3ce5f95f
2012-02-16 22:38 - 2012-05-01 07:16 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-05-01 07:16 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-05-01 07:16 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-05-01 07:16 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-16 16:34 - 2012-02-16 16:34 - 0000000 ____D C:\22f2560ce7d7d67ac24087
2012-02-16 16:33 - 2012-02-16 16:33 - 50449456 ____A (Microsoft Corporation) C:\Users\Teresa\Desktop\dotNetFx40_Full_x86_x64.exe
2012-02-16 15:58 - 2011-07-28 13:55 - 0000000 ____D C:\Program Files (x86)\LivingPlay Games
2012-02-16 15:00 - 2012-02-16 15:00 - 0052558 ____A C:\Users\Teresa\Documents\cc_20120216_180024.reg

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 22%
Total physical RAM: 2815.23 MB
Available physical RAM: 2191.25 MB
Total Pagefile: 2813.38 MB
Available Pagefile: 2185.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (eMachines) (Fixed) (Total:452.65 GB) (Free:326.21 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:13 GB) (Free:3.95 GB) NTFS ==>[System with boot components (obtained from reading drive)]
9 Drive l: (PSYCHODRIVE) (Removable) (Total:7.47 GB) (Free:7.47 GB) FAT32
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
11 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 8 MB
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 Online 7663 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 13 GB 1024 KB
Partition 2 Primary 100 MB 13 GB
Partition 3 Primary 452 GB 13 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 13 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C eMachines NTFS Partition 452 GB Healthy

======================================================================================================

Partitions of Disk 6:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 7663 MB 0 B

======================================================================================================

Disk: 6
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

======================================================================================================
==========================================================
TDL4: custom:26000022 <===== ATTENTION!


==========================================================

Last Boot: 2012-05-09 01:18

======================= End Of Log ==========================

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:43 AM

Posted 13 May 2012 - 09:07 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

TDL4: custom:26000022 <===== ATTENTION!
CMD: bootrec /FixMbr


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Ohaicomputer

Ohaicomputer
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 13 May 2012 - 10:22 PM

Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 13-05-2012
Ran by SYSTEM at 2012-05-13 23:20:35 Run:1
Running from L:\

==============================================


The operation completed successfully.
The operation completed successfully.

========= bootrec /FixMbr =========

˙ūT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


==== End of Fixlog ====

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:43 AM

Posted 13 May 2012 - 10:24 PM

hello


Is the computer booting now?

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users