Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect still lurking


  • This topic is locked This topic is locked
17 replies to this topic

#1 rd4k1

rd4k1

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 20 May 2012 - 03:05 PM

I usually use Opera, but i contracted the google redirect that seems to be going around after using Firefox.
I'm not longer getting the redirects anymore, but I do get the occasional pop-up and there are executables that normally aren't running and some others I'm not entirely sure should be running. like a dozen or so svchost instances, multiple instances of PING.EXE, conhost.exe, csrss.exe, etc.

DSS Log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Lion at 15:52:49 on 2012-05-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1771.499 [GMT -4:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\UnsignedThemesSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\CxAudMsg64.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Windows\system32\svchost.exe -k bthaudiosvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\locator.exe
C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\System32\M-AudioTaskBarIcon.exe
C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\TweetDeck\TweetDeck.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Opera\Opera.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://acer.msn.com
uDefault_Page_URL = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Lion\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AdobeBridge]
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: C:\Users\Lion\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\Users\Lion\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\Users\Lion\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TWEETD~1.LNK - C:\Program Files (x86)\TweetDeck\TweetDeck.exe
StartupFolder: C:\Users\Lion\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VISTAA~1.LNK - C:\Users\Lion\AppData\Roaming\Microsoft\Installer\{92CB3C8D-E408-492B-B694-FF0DA8FE684A}\_EA1D0B74FFA73AD986CA32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACERVC~1.LNK - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{92102B6F-BB63-484F-AF5E-5FDE8A03C242} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{92102B6F-BB63-484F-AF5E-5FDE8A03C242}\144545432343 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{92102B6F-BB63-484F-AF5E-5FDE8A03C242}\2375942554539343 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{92102B6F-BB63-484F-AF5E-5FDE8A03C242}\4656661657C647 : DhcpNameServer = 10.0.131.222 10.0.131.223
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\system32\CxAudMsg64.exe --> C:\Windows\system32\CxAudMsg64.exe [?]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-7-29 353360]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-9-17 872552]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-1-17 29696]
R2 HFGService;Handsfree Headset Service;C:\Windows\system32\svchost.exe -k bthaudiosvc [2009-7-13 20992]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-7-29 244624]
R2 PaceLicenseDServices;PACE License Services;C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2011-9-8 2932224]
R2 RS_Service;Raw Socket Service;C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2011-7-29 260640]
R2 UnsignedThemes;Unsigned Themes;C:\Windows\UnsignedThemesSvc.exe [2009-7-13 24168]
R2 uxpatch;uxpatch;\??\C:\Windows\system32\drivers\uxpatch.sys --> C:\Windows\system32\drivers\uxpatch.sys [?]
R2 VFPRadioSupportService;Bluetooth Feature Support;C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [2009-6-30 145280]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 BthAudioHF;BthAudioHF Service;C:\Windows\system32\DRIVERS\BthAudioHF.sys --> C:\Windows\system32\DRIVERS\BthAudioHF.sys [?]
R3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\system32\DRIVERS\BthAvrcp.sys --> C:\Windows\system32\DRIVERS\BthAvrcp.sys [?]
R3 csr_a2dp;Bluetooth AV Profile;C:\Windows\system32\drivers\bthav.sys --> C:\Windows\system32\drivers\bthav.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe --> c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 257696]
S3 MAUSBFASTTRACK;Service for M-Audio FastTrack;C:\Windows\system32\DRIVERS\MAudioFastTrack.sys --> C:\Windows\system32\DRIVERS\MAudioFastTrack.sys [?]
S3 NvnUsbAudio;Novation USB Audio Driver;C:\Windows\system32\DRIVERS\nvnusbaudio.sys --> C:\Windows\system32\DRIVERS\nvnusbaudio.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-19 14:17:32 -------- d-----w- C:\Program Files\CCleaner
2012-05-19 04:27:24 272448 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-05-19 03:52:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-19 03:52:00 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-19 03:30:32 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-05-19 03:30:31 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-05-19 03:30:31 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-05-19 03:30:31 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-05-19 03:30:31 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-05-19 03:30:31 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-05-19 03:30:31 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-05-19 03:24:58 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-05-19 03:24:58 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-05-19 03:24:04 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-19 03:22:59 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-05-19 03:22:59 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-05-19 03:22:58 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-05-19 03:22:58 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-05-19 03:22:53 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-05-19 03:22:53 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-05-19 03:22:53 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-05-19 03:22:51 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS
2012-05-19 03:22:51 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-05-19 03:20:59 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-19 03:20:59 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-19 03:20:59 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-19 03:20:58 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-19 03:20:58 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-19 03:20:55 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-05-19 03:20:54 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-05-19 03:17:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-19 03:16:24 77312 ----a-w- C:\Windows\System32\packager.dll
2012-05-19 03:16:24 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-05-18 22:12:55 -------- d-----w- C:\Windows\pss
2012-05-18 21:37:56 -------- d-----w- C:\ProgramData\AVAST Software
2012-05-18 21:37:56 -------- d-----w- C:\Program Files\AVAST Software
2012-05-18 19:49:33 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-05-18 19:49:33 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-18 05:55:07 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-05-18 05:39:00 -------- d-----w- C:\Users\Lion\AppData\Local\{B49A0559-A0AB-11E1-826F-B8AC6F996F26}
2012-05-18 03:06:37 -------- d-----w- C:\Users\Lion\AppData\Local\{D94959C3-4B08-434C-8B7C-708D17ECAA59}
2012-05-18 03:06:11 -------- d-----w- C:\Users\Lion\AppData\Local\{3015FC3D-6E29-4BF4-A21E-10EB5B723A23}
2012-05-17 21:29:18 -------- d-----w- C:\Users\Lion\AppData\Local\{21856541-F0EA-4F8B-B9B9-F3ADF7927512}
2012-05-17 21:29:05 -------- d-----w- C:\Users\Lion\AppData\Local\{124357F3-0B0F-43A5-BAB9-87231A3EADDA}
2012-05-17 03:48:12 -------- d-----w- C:\Users\Lion\AppData\Local\{06BC81D9-E9AE-47CB-9405-9700C9672587}
2012-05-17 03:47:57 -------- d-----w- C:\Users\Lion\AppData\Local\{1EFD781E-E249-444D-86AD-FD877F490EA8}
2012-05-16 15:05:00 -------- d-----w- C:\Users\Lion\AppData\Local\{FCE54279-7F66-41AD-B2F0-42454EB4070A}
2012-05-16 15:04:45 -------- d-----w- C:\Users\Lion\AppData\Local\{B2B94670-6E74-4D19-92D1-875050FDC0E7}
2012-05-16 04:34:02 -------- d-----w- C:\Users\Lion\AppData\Local\{1CEC48BE-5AA8-494C-891B-B9AF95847F4C}
2012-05-16 04:33:44 -------- d-----w- C:\Users\Lion\AppData\Local\{EE67B9F4-2E50-4D34-8222-A7B73170056B}
2012-05-11 03:49:39 -------- d-----w- C:\Users\Lion\AppData\Local\{A52A3C62-0D7A-4BE1-826C-4672A2523FA5}
2012-05-11 03:49:23 -------- d-----w- C:\Users\Lion\AppData\Local\{AB0C788F-E019-475F-B848-8A0FDD418EE6}
2012-05-09 03:57:00 -------- d-----w- C:\Users\Lion\AppData\Local\{24CE6D81-386E-47D0-83CA-93986F0DBE4C}
2012-05-09 03:56:45 -------- d-----w- C:\Users\Lion\AppData\Local\{D6FB8E93-BDF2-4079-A57C-B5E234FDF766}
2012-05-06 12:12:32 -------- d-----w- C:\ProgramData\PACE
2012-05-06 12:12:24 -------- d-----w- C:\Program Files (x86)\Common Files\PACE
2012-05-06 11:58:01 -------- d-----w- C:\Users\Lion\AppData\Roaming\Edison
2012-05-05 03:59:55 -------- d-----w- C:\Users\Lion\AppData\Local\{D2AE7CCC-339C-43A6-85DB-91DAE62359EF}
2012-05-05 03:59:29 -------- d-----w- C:\Users\Lion\AppData\Local\{B2BB60EB-3430-493C-AE7D-C46B2B80FB88}
2012-05-02 04:04:22 -------- d-----w- C:\Users\Lion\AppData\Local\{A4AA0768-8DF2-4EB7-B5EF-8E58A64393A6}
2012-05-02 04:04:05 -------- d-----w- C:\Users\Lion\AppData\Local\{74D9D1EB-1895-4838-A03F-DE96B14193F7}
2012-05-01 05:03:54 -------- d-----w- C:\Users\Lion\AppData\Local\{953C8298-305F-478C-A14A-B760A56F4909}
2012-05-01 05:03:38 -------- d-----w- C:\Users\Lion\AppData\Local\{2708A286-2725-49A7-9C52-DA6AF0F93B27}
2012-04-30 04:37:20 -------- d-----w- C:\Users\Lion\AppData\Local\{F9931B04-AAA4-4C82-8A58-E5A7A4D8ADBE}
2012-04-30 04:37:02 -------- d-----w- C:\Users\Lion\AppData\Local\{9D4CC6F2-074A-4ED6-9DB5-39EEFD18D288}
2012-04-26 03:32:44 -------- d-----w- C:\Users\Lion\AppData\Local\{897F0F8A-6396-45E3-8410-DAA78F8D6FF5}
2012-04-26 03:32:30 -------- d-----w- C:\Users\Lion\AppData\Local\{6DDF95FF-454D-498B-BDB6-A911DA2EFDF1}
2012-04-25 03:20:59 -------- d-----w- C:\Users\Lion\AppData\Local\{1C974F96-901A-4D43-BD39-C05C008CCD73}
2012-04-25 03:20:42 -------- d-----w- C:\Users\Lion\AppData\Local\{1AEFD6DE-6E46-453A-928D-F7E27B88D72E}
2012-04-24 19:21:15 -------- d-----w- C:\TeamViewerPortable
2012-04-23 02:42:18 -------- d-----w- C:\Users\Lion\AppData\Local\{251543EC-F356-4E07-9208-A46FE0B13437}
2012-04-23 02:42:05 -------- d-----w- C:\Users\Lion\AppData\Local\{2B072906-CEF0-43D9-AFE4-FCC524978B7E}
2012-04-22 05:00:16 -------- d-----w- C:\Users\Lion\AppData\Local\{19C41413-B753-4081-B4AB-3577BA5393D7}
2012-04-22 05:00:01 -------- d-----w- C:\Users\Lion\AppData\Local\{535503BA-51DA-4B46-9379-34F48CE72C66}
2012-04-21 18:12:04 -------- d-----w- C:\Users\Lion\AppData\Roaming\Adobe Mini Bridge CS5.1
2012-04-21 18:12:02 -------- d-----w- C:\Users\Lion\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-04-21 03:47:44 -------- d-----w- C:\Users\Lion\AppData\Local\{EA479FF2-DFAD-4832-A9E8-7EC2D35BC5C6}
2012-04-21 03:47:28 -------- d-----w- C:\Users\Lion\AppData\Local\{20CB03A1-BBFD-4897-B234-F90D07712089}
.
==================== Find3M ====================
.
2012-05-05 14:17:55 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 14:17:55 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 14:17:43 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-03-16 17:02:57 318464 ----a-w- C:\Windows\System32\REX Shared Library.dll
2012-03-16 17:02:55 275968 ----a-w- C:\Windows\SysWow64\REX Shared Library.dll
2012-03-03 06:35:38 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-03 05:31:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
.
============= FINISH: 15:54:06.08 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:28 AM

Posted 20 May 2012 - 06:46 PM

Hi,

Please do the following:

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 rd4k1

rd4k1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 20 May 2012 - 06:59 PM

Forgot to mention, I have a netbook. No CD drive or installation CD.

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:28 AM

Posted 20 May 2012 - 07:39 PM

in that case, the recovery options should be installed,

first set of instructions to access the recovery environment should apply


To enter System Recovery Options from the Advanced Boot Options:


Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 rd4k1

rd4k1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 21 May 2012 - 05:06 PM

Right you are, overlooked that part



Scan result of Farbar Recovery Scan Tool Version: 19-05-2012
Ran by SYSTEM at 21-05-2012 17:57:52
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2588968 2010-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated)
HKLM\...\Run: [M-Audio Taskbar Icon] C:\Windows\system32\M-AudioTaskBarIcon.exe [798728 2010-12-07] (Avid Technology, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-06-30] (Dritek System Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-05-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [124512 2007-05-21] (CANON INC.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKU\Lion\...\Run: [Google Update] "C:\Users\Lion\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-01-29] (Google Inc.)
HKU\Lion\...\Run: [AdobeBridge] [x]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

==================== Services (Whitelisted) ======

2 CxAudMsg; C:\Windows\system32\CxAudMsg64.exe [198784 2010-12-16] (Conexant Systems Inc.)
2 DsiWMIService; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [353360 2011-06-30] (Dritek System Inc.)
2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [872552 2011-05-10] (Acer Incorporated)
2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [29696 2011-05-25] (Acer Incorporated)
2 HFGService; C:\Windows\System32\HFGService.dll [541032 2009-06-30] (CSR, plc)
2 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [244624 2011-04-22] (Acer Incorporated)
2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" [2932224 2011-09-08] (PACE Anti-Piracy, Inc.)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2012-01-22] ()
2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [107832 2012-01-22] ()
2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-12] (The Within Network, LLC)
2 VFPRadioSupportService; "C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe" [145280 2009-06-30] (CSR, plc)
2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]
3 wampapache; "c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe" -k runservice [x]
3 wampmysqld; c:\wamp\bin\mysql\mysql5.5.16\bin\mysqld.exe wampmysqld [x]

========================== Drivers (Whitelisted) =============

3 BthAudioHF; C:\Windows\System32\Drivers\BthAudioHF.sys [42856 2009-06-30] (CSR, plc)
3 BthAvrcp; C:\Windows\System32\Drivers\BthAvrcp.sys [34144 2009-06-30] (CSR, plc)
3 csr_a2dp; C:\Windows\System32\drivers\bthav.sys [79712 2009-06-30] (CSR, plc)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [272448 2012-05-18] (DT Soft Ltd)
1 ISODisk; C:\Windows\SysWow64\Drivers\ISODisk.sys [9600 2006-04-25] ()
3 MAUSBFASTTRACK; C:\Windows\System32\DRIVERS\MAudioFastTrack.sys [187912 2010-12-07] (Avid Technology, Inc.)
3 NvnUsbAudio; C:\Windows\System32\Drivers\NvnUsbAudio.sys [50232 2011-02-16] (Novation DMS Ltd.)
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [250984 2010-12-01] (Realtek Semiconductor Corp.)
0 Tpkd; C:\Windows\System32\Drivers\Tpkd.sys [105592 2011-06-28] (PACE Anti-Piracy, Inc.)
2 uxpatch; C:\Windows\System32\Drivers\uxpatch.sys [30568 2009-07-12] ()

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-05-20 10:04 - 2012-05-20 10:04 - 0000178 ____A C:\Users\Lion\defogger_reenable
2012-05-19 20:52 - 2012-05-20 10:04 - 0000000 ____D C:\Users\Lion\Documents\bleepingcomputer
2012-05-19 06:25 - 2012-05-19 06:30 - 0246770 ____A C:\TDSSKiller.2.7.35.0_19.05.2012_10.25.39_log.txt
2012-05-19 06:17 - 2012-05-19 06:17 - 0000000 ____D C:\Program Files\CCleaner
2012-05-19 06:14 - 2012-05-19 06:14 - 0000000 ____D C:\Users\Lion\Documents\combofix
2012-05-18 20:29 - 2012-05-18 20:34 - 0126380 ____A C:\TDSSKiller.2.7.35.0_19.05.2012_00.29.57_log.txt
2012-05-18 20:27 - 2012-05-18 20:27 - 0272448 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-05-18 19:52 - 2012-02-27 22:42 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-18 19:52 - 2012-02-27 17:03 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-18 19:51 - 2012-02-27 23:34 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-18 19:51 - 2012-02-27 23:02 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-18 19:51 - 2012-02-27 22:56 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-18 19:51 - 2012-02-27 22:50 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-18 19:51 - 2012-02-27 22:49 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-18 19:51 - 2012-02-27 22:48 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-18 19:51 - 2012-02-27 22:48 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-18 19:51 - 2012-02-27 22:47 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-18 19:51 - 2012-02-27 22:45 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-18 19:51 - 2012-02-27 22:43 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-18 19:51 - 2012-02-27 22:43 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-18 19:51 - 2012-02-27 22:39 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-18 19:51 - 2012-02-27 17:52 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-18 19:51 - 2012-02-27 17:27 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-18 19:51 - 2012-02-27 17:18 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-18 19:51 - 2012-02-27 17:12 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-18 19:51 - 2012-02-27 17:11 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-18 19:51 - 2012-02-27 17:11 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-18 19:51 - 2012-02-27 17:09 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-18 19:51 - 2012-02-27 17:08 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-18 19:51 - 2012-02-27 17:06 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-18 19:51 - 2012-02-27 17:04 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-18 19:51 - 2012-02-27 17:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-18 19:51 - 2012-02-27 16:59 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-18 19:30 - 2012-02-29 22:46 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-05-18 19:30 - 2012-02-29 22:38 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-05-18 19:30 - 2012-02-29 22:33 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-05-18 19:30 - 2012-02-29 22:28 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-05-18 19:30 - 2012-02-29 21:37 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-05-18 19:30 - 2012-02-29 21:33 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-05-18 19:30 - 2012-02-29 21:29 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-05-18 19:24 - 2012-03-30 03:35 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-18 19:24 - 2011-11-04 21:32 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-05-18 19:24 - 2011-11-04 20:26 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-05-18 19:23 - 2012-03-30 22:05 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-18 19:23 - 2012-03-30 20:39 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-18 19:23 - 2012-03-30 20:39 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-18 19:23 - 2012-03-30 19:10 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-18 19:23 - 2012-03-16 23:58 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-18 19:23 - 2012-03-02 22:35 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-18 19:23 - 2012-03-02 21:31 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-18 19:23 - 2012-02-16 22:38 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-05-18 19:23 - 2012-02-16 21:34 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-05-18 19:23 - 2012-02-16 20:58 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-05-18 19:23 - 2012-02-16 20:57 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-05-18 19:23 - 2011-12-27 19:59 - 0498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-05-18 19:23 - 2011-12-16 00:46 - 0634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-05-18 19:23 - 2011-12-15 23:52 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-05-18 19:23 - 2011-11-16 22:49 - 0152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-05-18 19:23 - 2011-11-16 22:49 - 0095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-05-18 19:23 - 2011-11-16 22:44 - 0459232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-05-18 19:23 - 2011-11-16 22:35 - 1447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-05-18 19:23 - 2011-11-16 22:35 - 0395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-05-18 19:23 - 2011-11-16 22:35 - 0340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-05-18 19:23 - 2011-11-16 22:35 - 0136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-05-18 19:23 - 2011-11-16 22:35 - 0029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-05-18 19:23 - 2011-11-16 22:35 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-05-18 19:23 - 2011-11-16 22:33 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-05-18 19:23 - 2011-11-16 21:35 - 0314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2012-05-18 19:23 - 2011-11-16 21:34 - 0224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-05-18 19:23 - 2011-11-16 21:34 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-05-18 19:23 - 2011-11-16 21:28 - 0096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-18 19:23 - 2011-10-25 21:21 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2012-05-18 19:23 - 2011-10-14 22:31 - 0723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2012-05-18 19:23 - 2011-10-14 21:38 - 0534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2012-05-18 19:22 - 2012-01-24 22:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-05-18 19:22 - 2012-01-24 22:38 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-05-18 19:22 - 2012-01-24 22:33 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-05-18 19:22 - 2011-10-25 21:25 - 1572864 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-05-18 19:22 - 2011-10-25 21:25 - 0366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-05-18 19:22 - 2011-10-25 20:32 - 1328128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2012-05-18 19:22 - 2011-10-25 20:32 - 0514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-05-18 19:22 - 2011-04-27 19:55 - 0552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-05-18 19:22 - 2011-04-27 19:54 - 0080384 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\BTHUSB.SYS
2012-05-18 19:20 - 2011-11-16 22:41 - 1731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-05-18 19:20 - 2011-11-16 21:38 - 1292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2012-05-18 19:17 - 2012-05-18 19:17 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-05-18 19:16 - 2012-05-18 20:58 - 0000000 ____D C:\Users\Lion\Documents\ProcessExplorer
2012-05-18 19:16 - 2011-11-19 06:58 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-05-18 19:16 - 2011-11-19 06:01 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2012-05-18 19:15 - 2012-05-18 19:15 - 1857786 ____A C:\Users\Lion\Documents\ProcessExplorer.zip
2012-05-18 19:11 - 2012-05-18 20:20 - 0246454 ____A C:\TDSSKiller.2.7.35.0_18.05.2012_23.11.07_log.txt
2012-05-18 18:58 - 2012-05-18 19:05 - 0370504 ____A C:\TDSSKiller.2.7.35.0_18.05.2012_22.58.54_log.txt
2012-05-18 18:58 - 2012-05-18 18:58 - 1932256 ____A (Symantec Corporation) C:\Users\Lion\Documents\FixTDSS.exe
2012-05-18 18:58 - 2012-05-18 18:58 - 0000000 ____D C:\Users\Lion\Documents\tdsskiller
2012-05-18 18:57 - 2012-05-18 18:58 - 2107843 ____A C:\Users\Lion\Documents\tdsskiller.zip
2012-05-18 14:12 - 2012-05-18 14:12 - 0000000 ____D C:\Windows\pss
2012-05-18 13:39 - 2012-05-18 13:39 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2012-05-18 13:39 - 2012-03-06 15:15 - 0258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-05-18 13:37 - 2012-05-18 18:33 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-05-18 13:37 - 2012-05-18 18:33 - 0000000 ____D C:\ProgramData\AVAST Software
2012-05-18 13:37 - 2012-05-18 13:37 - 0000000 ____D C:\Program Files\AVAST Software
2012-05-18 11:49 - 2012-05-18 18:32 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-05-18 11:49 - 2012-05-18 18:32 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-05-18 11:49 - 2012-05-18 18:32 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-18 11:45 - 2012-05-18 11:45 - 0011820 ____A C:\Users\Lion\Documents\hijackthis.log
2012-05-18 11:44 - 2012-05-18 11:44 - 0388608 ____A (Trend Micro Inc.) C:\Users\Lion\Documents\HijackThis.exe
2012-05-17 21:55 - 2012-05-17 21:55 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-05-17 21:39 - 2012-05-17 21:39 - 0000000 ____D C:\Users\Lion\AppData\Local\{B49A0559-A0AB-11E1-826F-B8AC6F996F26}
2012-05-17 21:37 - 2012-05-17 21:37 - 0000012 ____A C:\Windows\srun.log
2012-05-17 20:23 - 2012-05-17 20:23 - 0001030 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-05-17 19:25 - 2012-05-17 19:31 - 88134395 ____A C:\Users\Lion\Downloads\Kyabaat - Indian Jazz Music.rar
2012-05-17 19:14 - 2012-05-17 19:36 - 147251113 ____A C:\Users\Lion\Downloads\bleepala.rar
2012-05-17 19:11 - 2012-05-17 19:22 - 171186434 ____A C:\Users\Lion\Downloads\VA - Bar India (Indian Downtempo And Electro-Funk Grooves) [2008] - Lo-Fi.zip
2012-05-17 19:06 - 2012-05-17 19:06 - 0000000 ____D C:\Users\Lion\AppData\Local\{D94959C3-4B08-434C-8B7C-708D17ECAA59}
2012-05-17 19:06 - 2012-05-17 19:06 - 0000000 ____D C:\Users\Lion\AppData\Local\{3015FC3D-6E29-4BF4-A21E-10EB5B723A23}
2012-05-17 13:29 - 2012-05-17 13:29 - 0000000 ____D C:\Users\Lion\AppData\Local\{21856541-F0EA-4F8B-B9B9-F3ADF7927512}
2012-05-17 13:29 - 2012-05-17 13:29 - 0000000 ____D C:\Users\Lion\AppData\Local\{124357F3-0B0F-43A5-BAB9-87231A3EADDA}
2012-05-16 19:48 - 2012-05-16 19:48 - 0000000 ____D C:\Users\Lion\AppData\Local\{06BC81D9-E9AE-47CB-9405-9700C9672587}
2012-05-16 19:47 - 2012-05-16 19:48 - 0000000 ____D C:\Users\Lion\AppData\Local\{1EFD781E-E249-444D-86AD-FD877F490EA8}
2012-05-16 07:05 - 2012-05-16 07:05 - 0000000 ____D C:\Users\Lion\AppData\Local\{FCE54279-7F66-41AD-B2F0-42454EB4070A}
2012-05-16 07:04 - 2012-05-16 07:04 - 0000000 ____D C:\Users\Lion\AppData\Local\{B2B94670-6E74-4D19-92D1-875050FDC0E7}
2012-05-15 20:34 - 2012-05-15 20:34 - 0000000 ____D C:\Users\Lion\AppData\Local\{1CEC48BE-5AA8-494C-891B-B9AF95847F4C}
2012-05-15 20:33 - 2012-05-15 20:33 - 0000000 ____D C:\Users\Lion\AppData\Local\{EE67B9F4-2E50-4D34-8222-A7B73170056B}
2012-05-10 19:49 - 2012-05-10 19:49 - 0000000 ____D C:\Users\Lion\AppData\Local\{AB0C788F-E019-475F-B848-8A0FDD418EE6}
2012-05-10 19:49 - 2012-05-10 19:49 - 0000000 ____D C:\Users\Lion\AppData\Local\{A52A3C62-0D7A-4BE1-826C-4672A2523FA5}
2012-05-09 20:18 - 2012-05-09 20:33 - 74051651 ____A C:\Users\Lion\Downloads\Pandit Pran Nath - Raga Yaman Kalyan Raga Punjabi Berva (1971).zip
2012-05-08 19:57 - 2012-05-08 19:57 - 0000000 ____D C:\Users\Lion\AppData\Local\{24CE6D81-386E-47D0-83CA-93986F0DBE4C}
2012-05-08 19:56 - 2012-05-08 19:56 - 0000000 ____D C:\Users\Lion\AppData\Local\{D6FB8E93-BDF2-4079-A57C-B5E234FDF766}
2012-05-07 06:11 - 2012-05-07 06:12 - 16375503 ____A C:\Users\Lion\Downloads\Podium_312.zip
2012-05-06 04:12 - 2012-05-06 04:12 - 0000000 ____D C:\Users\All Users\PACE
2012-05-06 04:12 - 2012-05-06 04:12 - 0000000 ____D C:\ProgramData\PACE
2012-05-06 03:58 - 2012-05-06 04:28 - 0000000 ____D C:\Users\Lion\AppData\Roaming\Edison
2012-05-06 03:51 - 2012-05-06 03:51 - 0001086 ____A C:\Users\Lion\Desktop\Edison.lnk
2012-05-05 22:37 - 2012-05-05 22:46 - 165360744 ____A (Univers Sons ) C:\Users\Lion\Downloads\uviworkstation-2-0-5.exe
2012-05-04 19:59 - 2012-05-04 20:00 - 0000000 ____D C:\Users\Lion\AppData\Local\{D2AE7CCC-339C-43A6-85DB-91DAE62359EF}
2012-05-04 19:59 - 2012-05-04 19:59 - 0000000 ____D C:\Users\Lion\AppData\Local\{B2BB60EB-3430-493C-AE7D-C46B2B80FB88}
2012-05-04 04:36 - 2012-05-04 04:36 - 0016468 ____A C:\Users\Lion\Downloads\535202_298222676918488_294652680608821_645001_325592677_n.jpg
2012-05-01 20:04 - 2012-05-01 20:04 - 0000000 ____D C:\Users\Lion\AppData\Local\{A4AA0768-8DF2-4EB7-B5EF-8E58A64393A6}
2012-05-01 20:04 - 2012-05-01 20:04 - 0000000 ____D C:\Users\Lion\AppData\Local\{74D9D1EB-1895-4838-A03F-DE96B14193F7}
2012-05-01 06:06 - 2012-05-01 06:15 - 60441039 ____A C:\Users\Lion\Downloads\LUTZR.zip
2012-04-30 21:03 - 2012-04-30 21:04 - 0000000 ____D C:\Users\Lion\AppData\Local\{953C8298-305F-478C-A14A-B760A56F4909}
2012-04-30 21:03 - 2012-04-30 21:03 - 0000000 ____D C:\Users\Lion\AppData\Local\{2708A286-2725-49A7-9C52-DA6AF0F93B27}
2012-04-30 06:06 - 2012-04-30 06:12 - 92135500 ____A C:\Users\Lion\Documents\jrosten_light_leaks.mov.zip
2012-04-30 05:42 - 2012-04-30 05:42 - 2779077 ____A C:\Users\Lion\Documents\Color Correction Pack.rar
2012-04-30 05:42 - 2012-04-30 05:42 - 0012441 ____A C:\Users\Lion\Documents\Vegas CC Pack #1 by Dare Zebo.rar
2012-04-30 05:41 - 2012-04-30 05:41 - 0519071 ____A C:\Users\Lion\Documents\Dare Zebos Color Correction Pack #1.rar
2012-04-30 05:22 - 2012-04-30 05:23 - 20167728 ____A C:\Users\Lion\Documents\Pierce_filmburns-H264.zip
2012-04-30 05:17 - 2012-04-30 05:17 - 0267612 ____A C:\Users\Lion\Documents\Looks_by_Brent_Pierce.zip
2012-04-29 20:37 - 2012-04-29 20:37 - 0000000 ____D C:\Users\Lion\AppData\Local\{F9931B04-AAA4-4C82-8A58-E5A7A4D8ADBE}
2012-04-29 20:37 - 2012-04-29 20:37 - 0000000 ____D C:\Users\Lion\AppData\Local\{9D4CC6F2-074A-4ED6-9DB5-39EEFD18D288}
2012-04-25 19:32 - 2012-04-25 19:32 - 0000000 ____D C:\Users\Lion\AppData\Local\{897F0F8A-6396-45E3-8410-DAA78F8D6FF5}
2012-04-25 19:32 - 2012-04-25 19:32 - 0000000 ____D C:\Users\Lion\AppData\Local\{6DDF95FF-454D-498B-BDB6-A911DA2EFDF1}
2012-04-24 19:20 - 2012-04-24 19:21 - 0000000 ____D C:\Users\Lion\AppData\Local\{1C974F96-901A-4D43-BD39-C05C008CCD73}
2012-04-24 19:20 - 2012-04-24 19:20 - 0000000 ____D C:\Users\Lion\AppData\Local\{1AEFD6DE-6E46-453A-928D-F7E27B88D72E}
2012-04-24 11:21 - 2012-04-24 11:21 - 0000000 ____D C:\TeamViewerPortable
2012-04-22 18:42 - 2012-04-22 18:42 - 0000000 ____D C:\Users\Lion\AppData\Local\{2B072906-CEF0-43D9-AFE4-FCC524978B7E}
2012-04-22 18:42 - 2012-04-22 18:42 - 0000000 ____D C:\Users\Lion\AppData\Local\{251543EC-F356-4E07-9208-A46FE0B13437}
2012-04-22 08:09 - 2012-04-22 08:10 - 16374358 ____A C:\Users\Lion\Downloads\Podium_311.zip
2012-04-21 21:00 - 2012-04-21 21:00 - 0000000 ____D C:\Users\Lion\AppData\Local\{535503BA-51DA-4B46-9379-34F48CE72C66}
2012-04-21 21:00 - 2012-04-21 21:00 - 0000000 ____D C:\Users\Lion\AppData\Local\{19C41413-B753-4081-B4AB-3577BA5393D7}
2012-04-21 16:44 - 2012-04-21 16:44 - 0000132 ____A C:\Users\Lion\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-04-21 10:12 - 2012-04-21 10:12 - 0000000 ____D C:\Users\Lion\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-04-21 10:12 - 2012-04-21 10:12 - 0000000 ____D C:\Users\Lion\AppData\Roaming\Adobe Mini Bridge CS5.1


============ 3 Months Modified Files and Folders =============

2012-05-21 17:58 - 2012-05-21 17:57 - 0000000 ____D C:\FRST
2012-05-21 13:51 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-21 13:51 - 2009-07-13 20:51 - 0097665 ____A C:\Windows\setupact.log
2012-05-21 13:50 - 2011-09-17 07:30 - 1392693248 __ASH C:\hiberfil.sys
2012-05-21 13:24 - 2011-09-17 07:36 - 1199839 ____A C:\Windows\WindowsUpdate.log
2012-05-21 13:11 - 2009-07-13 21:13 - 0726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-21 13:06 - 2012-04-09 08:17 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-05-21 13:06 - 2012-01-29 21:29 - 0000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2458918284-3737494053-423885019-1000UA.job
2012-05-20 22:22 - 2011-12-02 22:38 - 0000000 ____D C:\Users\Lion\AppData\Roaming\vlc
2012-05-20 22:19 - 2011-12-09 08:41 - 0054272 ____A C:\Users\Lion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-20 20:11 - 2012-01-29 21:29 - 0000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2458918284-3737494053-423885019-1000Core.job
2012-05-20 10:15 - 2009-07-13 20:45 - 0016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-20 10:15 - 2009-07-13 20:45 - 0016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-20 10:04 - 2012-05-20 10:04 - 0000178 ____A C:\Users\Lion\defogger_reenable
2012-05-20 10:04 - 2012-05-19 20:52 - 0000000 ____D C:\Users\Lion\Documents\bleepingcomputer
2012-05-20 10:04 - 2011-12-02 23:08 - 0000000 ____D C:\users\Lion
2012-05-19 06:30 - 2012-05-19 06:25 - 0246770 ____A C:\TDSSKiller.2.7.35.0_19.05.2012_10.25.39_log.txt
2012-05-19 06:17 - 2012-05-19 06:17 - 0000000 ____D C:\Program Files\CCleaner
2012-05-19 06:14 - 2012-05-19 06:14 - 0000000 ____D C:\Users\Lion\Documents\combofix
2012-05-18 20:58 - 2012-05-18 19:16 - 0000000 ____D C:\Users\Lion\Documents\ProcessExplorer
2012-05-18 20:57 - 2009-07-13 21:08 - 0013902 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-18 20:34 - 2012-05-18 20:29 - 0126380 ____A C:\TDSSKiller.2.7.35.0_19.05.2012_00.29.57_log.txt
2012-05-18 20:27 - 2012-05-18 20:27 - 0272448 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-05-18 20:27 - 2011-12-04 15:40 - 0000000 ____D C:\Program Files (x86)\DAEMON Tools Pro
2012-05-18 20:26 - 2009-07-13 20:45 - 4856000 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-18 20:25 - 2011-07-29 04:22 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-18 20:23 - 2010-11-20 23:17 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-18 20:20 - 2012-05-18 19:11 - 0246454 ____A C:\TDSSKiller.2.7.35.0_18.05.2012_23.11.07_log.txt
2012-05-18 19:21 - 2012-04-18 08:58 - 0002070 ____A C:\Windows\System32\Drivers\etc\hosts
2012-05-18 19:17 - 2012-05-18 19:17 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-05-18 19:15 - 2012-05-18 19:15 - 1857786 ____A C:\Users\Lion\Documents\ProcessExplorer.zip
2012-05-18 19:06 - 2010-11-20 19:47 - 0021006 ____A C:\Windows\PFRO.log
2012-05-18 19:05 - 2012-05-18 18:58 - 0370504 ____A C:\TDSSKiller.2.7.35.0_18.05.2012_22.58.54_log.txt
2012-05-18 18:58 - 2012-05-18 18:58 - 1932256 ____A (Symantec Corporation) C:\Users\Lion\Documents\FixTDSS.exe
2012-05-18 18:58 - 2012-05-18 18:58 - 0000000 ____D C:\Users\Lion\Documents\tdsskiller
2012-05-18 18:58 - 2012-05-18 18:57 - 2107843 ____A C:\Users\Lion\Documents\tdsskiller.zip
2012-05-18 18:33 - 2012-05-18 13:37 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-05-18 18:33 - 2012-05-18 13:37 - 0000000 ____D C:\ProgramData\AVAST Software
2012-05-18 18:32 - 2012-05-18 11:49 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-05-18 18:32 - 2012-05-18 11:49 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-05-18 18:32 - 2012-05-18 11:49 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-18 18:32 - 2012-03-21 21:37 - 0001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-18 18:32 - 2012-03-21 21:37 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-18 14:12 - 2012-05-18 14:12 - 0000000 ____D C:\Windows\pss
2012-05-18 13:39 - 2012-05-18 13:39 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2012-05-18 13:37 - 2012-05-18 13:37 - 0000000 ____D C:\Program Files\AVAST Software
2012-05-18 11:45 - 2012-05-18 11:45 - 0011820 ____A C:\Users\Lion\Documents\hijackthis.log
2012-05-18 11:44 - 2012-05-18 11:44 - 0388608 ____A (Trend Micro Inc.) C:\Users\Lion\Documents\HijackThis.exe
2012-05-17 21:55 - 2012-05-17 21:55 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-05-17 21:39 - 2012-05-17 21:39 - 0000000 ____D C:\Users\Lion\AppData\Local\{B49A0559-A0AB-11E1-826F-B8AC6F996F26}
2012-05-17 21:37 - 2012-05-17 21:37 - 0000012 ____A C:\Windows\srun.log
2012-05-17 21:26 - 2011-12-03 22:18 - 0000000 ____D C:\Users\Lion\AppData\Roaming\Skype
2012-05-17 20:23 - 2012-05-17 20:23 - 0001030 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-05-17 19:36 - 2012-05-17 19:14 - 147251113 ____A C:\Users\Lion\Downloads\bleepala.rar
2012-05-17 19:31 - 2012-05-17 19:25 - 88134395 ____A C:\Users\Lion\Downloads\Kyabaat - Indian Jazz Music.rar
2012-05-17 19:22 - 2012-05-17 19:11 - 171186434 ____A C:\Users\Lion\Downloads\VA - Bar India (Indian Downtempo And Electro-Funk Grooves) [2008] - Lo-Fi.zip
2012-05-17 19:06 - 2012-05-17 19:06 - 0000000 ____D C:\Users\Lion\AppData\Local\{D94959C3-4B08-434C-8B7C-708D17ECAA59}
2012-05-17 19:06 - 2012-05-17 19:06 - 0000000 ____D C:\Users\Lion\AppData\Local\{3015FC3D-6E29-4BF4-A21E-10EB5B723A23}
2012-05-17 13:43 - 2011-12-04 19:55 - 0000000 ____D C:\Users\Lion\AppData\Local\AIM
2012-05-17 13:36 - 2012-04-02 11:56 - 0002143 ____A C:\Users\Lion\Documents\Zynewave Podium.txt
2012-05-17 13:29 - 2012-05-17 13:29 - 0000000 ____D C:\Users\Lion\AppData\Local\{21856541-F0EA-4F8B-B9B9-F3ADF7927512}
2012-05-17 13:29 - 2012-05-17 13:29 - 0000000 ____D C:\Users\Lion\AppData\Local\{124357F3-0B0F-43A5-BAB9-87231A3EADDA}
2012-05-16 19:48 - 2012-05-16 19:48 - 0000000 ____D C:\Users\Lion\AppData\Local\{06BC81D9-E9AE-47CB-9405-9700C9672587}
2012-05-16 19:48 - 2012-05-16 19:47 - 0000000 ____D C:\Users\Lion\AppData\Local\{1EFD781E-E249-444D-86AD-FD877F490EA8}
2012-05-16 07:05 - 2012-05-16 07:05 - 0000000 ____D C:\Users\Lion\AppData\Local\{FCE54279-7F66-41AD-B2F0-42454EB4070A}
2012-05-16 07:04 - 2012-05-16 07:04 - 0000000 ____D C:\Users\Lion\AppData\Local\{B2B94670-6E74-4D19-92D1-875050FDC0E7}
2012-05-15 20:34 - 2012-05-15 20:34 - 0000000 ____D C:\Users\Lion\AppData\Local\{1CEC48BE-5AA8-494C-891B-B9AF95847F4C}
2012-05-15 20:33 - 2012-05-15 20:33 - 0000000 ____D C:\Users\Lion\AppData\Local\{EE67B9F4-2E50-4D34-8222-A7B73170056B}
2012-05-15 10:57 - 2012-01-29 21:31 - 0002399 ____A C:\Users\Lion\Desktop\Google Chrome.lnk
2012-05-14 19:32 - 2011-12-02 22:19 - 0000000 ____D C:\Users\Lion\Documents\WP-Plugins
2012-05-12 21:59 - 2011-12-02 12:05 - 0000000 ____D C:\Program Files (x86)\Opera
2012-05-10 19:49 - 2012-05-10 19:49 - 0000000 ____D C:\Users\Lion\AppData\Local\{AB0C788F-E019-475F-B848-8A0FDD418EE6}
2012-05-10 19:49 - 2012-05-10 19:49 - 0000000 ____D C:\Users\Lion\AppData\Local\{A52A3C62-0D7A-4BE1-826C-4672A2523FA5}
2012-05-10 12:38 - 2011-12-04 13:49 - 0000000 ____D C:\Users\Lion\AppData\Roaming\MeldaProduction MMultiBandReverb
2012-05-09 20:33 - 2012-05-09 20:18 - 74051651 ____A C:\Users\Lion\Downloads\Pandit Pran Nath - Raga Yaman Kalyan Raga Punjabi Berva (1971).zip
2012-05-08 19:57 - 2012-05-08 19:57 - 0000000 ____D C:\Users\Lion\AppData\Local\{24CE6D81-386E-47D0-83CA-93986F0DBE4C}
2012-05-08 19:56 - 2012-05-08 19:56 - 0000000 ____D C:\Users\Lion\AppData\Local\{D6FB8E93-BDF2-4079-A57C-B5E234FDF766}
2012-05-08 11:20 - 2011-12-04 13:49 - 0000000 ____D C:\Users\Lion\AppData\Roaming\MeldaProduction MReverb
2012-05-07 06:12 - 2012-05-07 06:11 - 16375503 ____A C:\Users\Lion\Downloads\Podium_312.zip
2012-05-06 04:35 - 2011-12-13 13:41 - 0000000 ____D C:\Users\Lion\AppData\Roaming\UVIWorkstation
2012-05-06 04:28 - 2012-05-06 03:58 - 0000000 ____D C:\Users\Lion\AppData\Roaming\Edison
2012-05-06 04:12 - 2012-05-06 04:12 - 0000000 ____D C:\Users\All Users\PACE
2012-05-06 04:12 - 2012-05-06 04:12 - 0000000 ____D C:\ProgramData\PACE
2012-05-06 04:12 - 2011-07-29 03:59 - 0000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2012-05-06 04:07 - 2011-12-04 10:37 - 0000000 ____D C:\Program Files (x86)\UVISoundBanks
2012-05-06 03:51 - 2012-05-06 03:51 - 0001086 ____A C:\Users\Lion\Desktop\Edison.lnk
2012-05-06 03:51 - 2012-02-12 23:10 - 0000000 ____D C:\Users\Lion\Downloads\VST
2012-05-05 22:46 - 2012-05-05 22:37 - 165360744 ____A (Univers Sons ) C:\Users\Lion\Downloads\uviworkstation-2-0-5.exe
2012-05-05 06:17 - 2012-04-09 09:12 - 8744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-05 06:17 - 2012-04-09 08:17 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-05 06:17 - 2011-07-29 04:44 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-04 20:00 - 2012-05-04 19:59 - 0000000 ____D C:\Users\Lion\AppData\Local\{D2AE7CCC-339C-43A6-85DB-91DAE62359EF}
2012-05-04 19:59 - 2012-05-04 19:59 - 0000000 ____D C:\Users\Lion\AppData\Local\{B2BB60EB-3430-493C-AE7D-C46B2B80FB88}
2012-05-04 14:54 - 2011-12-02 12:43 - 0000000 ____D C:\Users\Lion\AppData\Roaming\KeePass
2012-05-04 04:36 - 2012-05-04 04:36 - 0016468 ____A C:\Users\Lion\Downloads\535202_298222676918488_294652680608821_645001_325592677_n.jpg
2012-05-01 20:04 - 2012-05-01 20:04 - 0000000 ____D C:\Users\Lion\AppData\Local\{A4AA0768-8DF2-4EB7-B5EF-8E58A64393A6}
2012-05-01 20:04 - 2012-05-01 20:04 - 0000000 ____D C:\Users\Lion\AppData\Local\{74D9D1EB-1895-4838-A03F-DE96B14193F7}
2012-05-01 06:15 - 2012-05-01 06:06 - 60441039 ____A C:\Users\Lion\Downloads\LUTZR.zip
2012-04-30 21:04 - 2012-04-30 21:03 - 0000000 ____D C:\Users\Lion\AppData\Local\{953C8298-305F-478C-A14A-B760A56F4909}
2012-04-30 21:03 - 2012-04-30 21:03 - 0000000 ____D C:\Users\Lion\AppData\Local\{2708A286-2725-49A7-9C52-DA6AF0F93B27}
2012-04-30 19:07 - 2012-04-15 05:38 - 0000000 ____D C:\Users\Lion\Documents\GF2
2012-04-30 06:12 - 2012-04-30 06:06 - 92135500 ____A C:\Users\Lion\Documents\jrosten_light_leaks.mov.zip
2012-04-30 05:42 - 2012-04-30 05:42 - 2779077 ____A C:\Users\Lion\Documents\Color Correction Pack.rar
2012-04-30 05:42 - 2012-04-30 05:42 - 0012441 ____A C:\Users\Lion\Documents\Vegas CC Pack #1 by Dare Zebo.rar
2012-04-30 05:41 - 2012-04-30 05:41 - 0519071 ____A C:\Users\Lion\Documents\Dare Zebos Color Correction Pack #1.rar
2012-04-30 05:23 - 2012-04-30 05:22 - 20167728 ____A C:\Users\Lion\Documents\Pierce_filmburns-H264.zip
2012-04-30 05:17 - 2012-04-30 05:17 - 0267612 ____A C:\Users\Lion\Documents\Looks_by_Brent_Pierce.zip
2012-04-29 20:37 - 2012-04-29 20:37 - 0000000 ____D C:\Users\Lion\AppData\Local\{F9931B04-AAA4-4C82-8A58-E5A7A4D8ADBE}
2012-04-29 20:37 - 2012-04-29 20:37 - 0000000 ____D C:\Users\Lion\AppData\Local\{9D4CC6F2-074A-4ED6-9DB5-39EEFD18D288}
2012-04-26 16:03 - 2011-12-03 06:33 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-25 19:32 - 2012-04-25 19:32 - 0000000 ____D C:\Users\Lion\AppData\Local\{897F0F8A-6396-45E3-8410-DAA78F8D6FF5}
2012-04-25 19:32 - 2012-04-25 19:32 - 0000000 ____D C:\Users\Lion\AppData\Local\{6DDF95FF-454D-498B-BDB6-A911DA2EFDF1}
2012-04-24 19:21 - 2012-04-24 19:20 - 0000000 ____D C:\Users\Lion\AppData\Local\{1C974F96-901A-4D43-BD39-C05C008CCD73}
2012-04-24 19:20 - 2012-04-24 19:20 - 0000000 ____D C:\Users\Lion\AppData\Local\{1AEFD6DE-6E46-453A-928D-F7E27B88D72E}
2012-04-24 11:21 - 2012-04-24 11:21 - 0000000 ____D C:\TeamViewerPortable
2012-04-22 22:00 - 2011-07-29 04:43 - 0000000 ____D C:\Users\All Users\Adobe
2012-04-22 22:00 - 2011-07-29 04:43 - 0000000 ____D C:\ProgramData\Adobe
2012-04-22 18:42 - 2012-04-22 18:42 - 0000000 ____D C:\Users\Lion\AppData\Local\{2B072906-CEF0-43D9-AFE4-FCC524978B7E}
2012-04-22 18:42 - 2012-04-22 18:42 - 0000000 ____D C:\Users\Lion\AppData\Local\{251543EC-F356-4E07-9208-A46FE0B13437}
2012-04-22 08:10 - 2012-04-22 08:09 - 16374358 ____A C:\Users\Lion\Downloads\Podium_311.zip
2012-04-22 08:03 - 2011-12-06 15:26 - 0000000 ____D C:\Users\Lion\AppData\Roaming\FileZilla
2012-04-22 07:06 - 2011-12-02 22:19 - 0000000 ____D C:\Users\Lion\Documents\WP-Themes
2012-04-21 21:00 - 2012-04-21 21:00 - 0000000 ____D C:\Users\Lion\AppData\Local\{535503BA-51DA-4B46-9379-34F48CE72C66}
2012-04-21 21:00 - 2012-04-21 21:00 - 0000000 ____D C:\Users\Lion\AppData\Local\{19C41413-B753-4081-B4AB-3577BA5393D7}
2012-04-21 16:44 - 2012-04-21 16:44 - 0000132 ____A C:\Users\Lion\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-04-21 16:42 - 2011-12-02 23:09 - 0000000 ____D C:\Users\Lion\AppData\Roaming\Adobe
2012-04-21 10:12 - 2012-04-21 10:12 - 0000000 ____D C:\Users\Lion\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-04-21 10:12 - 2012-04-21 10:12 - 0000000 ____D C:\Users\Lion\AppData\Roaming\Adobe Mini Bridge CS5.1
2012-04-20 19:47 - 2012-04-20 19:47 - 0000000 ____D C:\Users\Lion\AppData\Local\{EA479FF2-DFAD-4832-A9E8-7EC2D35BC5C6}
2012-04-20 19:47 - 2012-04-20 19:47 - 0000000 ____D C:\Users\Lion\AppData\Local\{20CB03A1-BBFD-4897-B234-F90D07712089}
2012-04-20 06:11 - 2012-04-20 05:36 - 74793157 ____A C:\Users\Lion\Downloads\campblood.zip
2012-04-20 05:18 - 2012-04-20 05:15 - 68363753 ____A C:\Users\Lion\Downloads\Beat Gates - Loopnuts (2012).zip
2012-04-19 20:31 - 2012-04-19 20:31 - 0000796 ____A C:\Users\Lion\Documents\sample.zip
2012-04-19 20:29 - 2011-07-29 04:22 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-04-19 20:28 - 2012-04-19 20:28 - 0002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-04-19 20:28 - 2011-07-29 04:22 - 0000000 ____D C:\Users\All Users\Skype
2012-04-19 20:28 - 2011-07-29 04:22 - 0000000 ____D C:\ProgramData\Skype
2012-04-19 20:26 - 2012-04-19 20:26 - 0003459 ____A C:\Users\Lion\Documents\mailing_list.csv
2012-04-19 20:24 - 2012-04-19 20:24 - 0000000 ____D C:\Users\Lion\AppData\Local\{6FD2552A-DD6A-44DB-99E5-0536D0D04883}
2012-04-19 20:24 - 2012-04-19 20:24 - 0000000 ____D C:\Users\Lion\AppData\Local\{0887EF54-0E58-4CA7-A97D-13F5675B7E74}
2012-04-18 19:16 - 2012-04-18 19:16 - 0000000 ____D C:\Users\Lion\AppData\Local\{FFBA57C3-09E3-4929-8F08-D0046B0423CF}
2012-04-18 19:16 - 2012-04-18 19:16 - 0000000 ____D C:\Users\Lion\AppData\Local\{EF6DF5B1-17A8-4FBF-A140-065C9F6BE18B}
2012-04-18 09:42 - 2011-12-02 23:09 - 0000000 ____D C:\Users\Lion\AppData\Local\Adobe
2012-04-18 09:21 - 2012-04-18 09:21 - 0000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-04-18 09:21 - 2012-04-18 09:21 - 0000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2012-04-18 09:21 - 2011-12-02 11:09 - 0066072 ____A C:\Users\Lion\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-18 09:16 - 2012-04-18 09:15 - 0000000 ____D C:\Program Files\Common Files\Adobe
2012-04-18 09:16 - 2012-04-18 09:15 - 0000000 ____D C:\Program Files\Adobe
2012-04-18 09:16 - 2011-07-29 04:43 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-04-17 20:40 - 2012-04-17 20:40 - 0000000 ____D C:\Users\Lion\AppData\Local\{9AC406B9-BB38-4190-97AD-1AF0F71CF14B}
2012-04-17 20:40 - 2012-04-17 20:39 - 0000000 ____D C:\Users\Lion\AppData\Local\{0D6F54B6-D550-46B5-94C4-1A5E80BEC3D0}
2012-04-17 10:24 - 2012-04-17 10:17 - 0015225 ____A C:\Users\Lion\Documents\Lion bio.odt
2012-04-16 19:18 - 2012-04-16 19:18 - 0000000 ____D C:\Users\Lion\AppData\Local\{BA64056C-1B43-442F-BC3C-21444321A311}
2012-04-16 19:18 - 2012-04-16 19:18 - 0000000 ____D C:\Users\Lion\AppData\Local\{7341C25D-ED91-48CE-A1BF-116AE66E0A1B}
2012-04-15 19:45 - 2012-04-15 19:45 - 0000000 ____D C:\Users\Lion\AppData\Local\{B0FE8CDC-81E6-4F6C-9203-1709DC880EB6}
2012-04-15 19:45 - 2012-04-15 19:45 - 0000000 ____D C:\Users\Lion\AppData\Local\{5A5F2C8A-77A4-4015-85C1-6746A4614149}
2012-04-14 20:40 - 2012-04-14 20:40 - 0000000 ____D C:\Users\Lion\AppData\Local\{561A2C44-25E5-4F5B-9E21-195F91161681}
2012-04-14 20:40 - 2012-04-14 20:40 - 0000000 ____D C:\Users\Lion\AppData\Local\{1934CEE1-C71F-44C6-9946-A7E6A98E4455}
2012-04-13 20:21 - 2012-04-13 20:21 - 0000000 ____D C:\Users\Lion\AppData\Local\{AD797EA0-71C0-41D6-A3F3-7388E16B294B}
2012-04-13 20:20 - 2012-04-13 20:20 - 0000000 ____D C:\Users\Lion\AppData\Local\{C2E35752-F0EE-49E8-A025-260A234DDE2D}
2012-04-12 20:21 - 2012-04-12 20:20 - 0000000 ____D C:\Users\Lion\AppData\Local\{A09CAB79-CBAE-4B50-8B3E-EF92820B770F}
2012-04-12 20:21 - 2011-12-02 21:07 - 0000000 ____D C:\Users\Lion\AppData\Local\Windows Live
2012-04-12 12:22 - 2012-04-12 12:22 - 0000000 ____D C:\Users\Lion\AppData\Roaming\MeldaProduction MDynamicsMini
2012-04-11 20:03 - 2012-04-11 20:03 - 0000000 ____D C:\Users\Lion\AppData\Local\{B790AC80-8EED-490F-934F-FF06AD51115E}
2012-04-10 20:34 - 2012-04-10 20:34 - 0000000 ____D C:\Users\Lion\AppData\Local\{F5DB9243-EBA5-4F73-82E9-C4031D4A0342}
2012-04-09 20:22 - 2012-04-09 20:22 - 0000000 ____D C:\Users\Lion\AppData\Local\{6051FE66-26F1-4DAE-982A-90B494D859DE}
2012-04-08 20:16 - 2012-04-08 20:16 - 0000000 ____D C:\Users\Lion\AppData\Local\{B266B1CF-B0B1-4AB2-BDE9-9AB712080E3C}
2012-04-07 21:10 - 2012-04-07 21:10 - 0000000 ____D C:\Users\Lion\AppData\Local\{1517B9AC-F318-44A1-A9E8-6C35BE759C73}
2012-04-06 21:02 - 2012-04-06 21:02 - 0000000 ____D C:\Users\Lion\AppData\Local\{5F0BF956-B292-41D7-B972-30906C2F6C5A}
2012-04-05 21:32 - 2012-04-05 21:32 - 0000000 ____D C:\Users\Lion\AppData\Local\{90694CBA-0AB9-4805-A888-ED45B9684810}
2012-04-04 21:16 - 2012-04-04 21:15 - 0000000 ____D C:\Users\Lion\AppData\Local\{9BC1C476-7793-4AD8-B91E-FB3405AAF908}
2012-04-04 11:56 - 2012-03-21 21:37 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 11:33 - 2012-04-04 11:33 - 0000000 ____D C:\Users\Lion\AppData\Roaming\MeldaProduction MDynamicsLimiter
2012-04-03 20:29 - 2012-04-03 20:29 - 0000000 ____D C:\Users\Lion\AppData\Local\{9B70CB0F-A533-4292-BA97-D9ECEE5EFED3}
2012-04-03 03:18 - 2012-04-03 02:46 - 0000000 ____D C:\Users\Lion\Downloads\FreeSound
2012-04-02 21:34 - 2012-04-02 21:33 - 0000000 ____D C:\Users\Lion\AppData\Local\{D82E5A8A-34C8-49C2-B0C5-A54E610D04C9}
2012-04-01 19:23 - 2012-04-01 19:23 - 0000000 ____D C:\Users\Lion\AppData\Local\{08BEC925-3BD7-4856-92D6-4DDDEE670572}
2012-04-01 11:17 - 2011-12-10 20:56 - 0000000 ____D C:\Users\Lion\Documents\Glyphic Design
2012-03-31 20:39 - 2012-03-31 20:39 - 0000000 ____D C:\Users\Lion\AppData\Local\{395EA365-B224-4F5B-8206-12719676FCCF}
2012-03-30 22:05 - 2012-05-18 19:23 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-18 19:23 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-18 19:23 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 20:07 - 2012-03-30 20:07 - 0000000 ____D C:\Users\Lion\AppData\Local\{91BA10FB-83AD-453B-ABA7-69238C1B53DC}
2012-03-30 19:10 - 2012-05-18 19:23 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 03:35 - 2012-05-18 19:24 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 18:55 - 2012-03-29 18:55 - 0000000 ____D C:\Users\Lion\AppData\Local\{BEFEE75F-B9CC-4423-A8FB-3AE99CA5A2B4}
2012-03-28 20:34 - 2012-03-28 20:34 - 0000000 ____D C:\Users\Lion\AppData\Local\{4326EC7A-50EA-4DB3-943D-FA44578F3C54}
2012-03-27 19:58 - 2012-03-27 19:58 - 0000000 ____D C:\Users\Lion\AppData\Local\{EF356B7E-654E-419C-9C7B-41B9DA28DB9E}
2012-03-27 19:58 - 2012-03-27 19:58 - 0000000 ____D C:\Users\Lion\AppData\Local\{12E2A5B2-076E-4B74-901B-D253C8A140F5}
2012-03-27 07:00 - 2012-03-27 06:53 - 133122608 ____A C:\Users\Lion\Downloads\Slum Village & Mick Boogie - The Dirty Slums.zip
2012-03-24 22:02 - 2012-03-24 21:59 - 0000000 ____D C:\RDesc_2.29_portable
2012-03-24 21:58 - 2012-03-24 21:58 - 1065760 ____A C:\Users\Lion\Downloads\RDesc_2.29_portable.zip
2012-03-24 21:56 - 2012-03-24 21:53 - 2262843 ____A C:\Users\Lion\Downloads\RDesc_2.16_portable.zip
2012-03-24 21:15 - 2012-03-24 21:15 - 0000000 ____D C:\Users\Lion\AppData\Local\{EE648810-86AE-4459-B061-985942EFCDAF}
2012-03-24 21:15 - 2012-03-24 21:15 - 0000000 ____D C:\Users\Lion\AppData\Local\{34797C57-94E6-4E4D-8D9A-8E647D9F6E27}
2012-03-23 21:13 - 2012-03-23 21:12 - 0000000 ____D C:\Users\Lion\AppData\Local\{E0417402-7D5F-4220-B3A7-4D98D00DA3CE}
2012-03-23 21:12 - 2012-03-23 21:12 - 0000000 ____D C:\Users\Lion\AppData\Local\{1523210F-0E42-452E-9058-4DCE986F351C}
2012-03-22 21:44 - 2012-03-22 21:44 - 0000000 ____D C:\Users\Lion\AppData\Local\{E3225BC5-985B-4CBD-922D-9790DA8451BB}
2012-03-22 21:44 - 2012-03-22 21:44 - 0000000 ____D C:\Users\Lion\AppData\Local\{112A69D9-184F-423E-99C6-100EFD972AF4}
2012-03-21 22:01 - 2012-02-13 20:06 - 0000000 __SHD C:\$RECYCLE.BIN
2012-03-21 21:58 - 2012-03-21 21:49 - 0002188 ____A C:\Users\Lion\Desktop\unhide.txt
2012-03-21 21:49 - 2012-03-21 21:49 - 0001240 ____A C:\Users\Lion\Desktop\FixExec.txt
2012-03-21 21:38 - 2012-03-21 21:38 - 0883616 ____A (Bleeping Computer, LLC) C:\Users\Lion\Documents\FixExec.com
2012-03-21 21:38 - 2012-03-21 21:38 - 0594432 ____A (OldTimer Tools) C:\Users\Lion\Documents\OTL.exe
2012-03-21 21:38 - 2012-03-21 21:38 - 0389024 ____A (Bleeping Computer, LLC) C:\Users\Lion\Documents\unhide.exe
2012-03-21 21:37 - 2012-03-21 21:37 - 0000000 ____D C:\Users\Lion\AppData\Roaming\Malwarebytes
2012-03-21 21:37 - 2012-03-21 21:37 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-03-21 21:37 - 2012-03-21 21:37 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-03-21 21:31 - 2012-03-21 21:31 - 0000000 ____D C:\Users\Lion\AppData\Local\ElevatedDiagnostics
2012-03-21 21:25 - 2012-03-21 21:23 - 0254196 ____A C:\Windows\ntbtlog.txt
2012-03-21 20:28 - 2012-03-21 20:28 - 0000000 ____D C:\Users\Lion\AppData\Local\{CE2A71CC-F7BD-4591-BC50-6BE1EA84AC97}
2012-03-21 20:28 - 2012-03-21 20:27 - 0000000 ____D C:\Users\Lion\AppData\Local\{53FECA12-91D0-4EB5-BF30-0DE6C10343CB}
2012-03-21 20:27 - 2012-03-21 21:58 - 0000787 ____A C:\Users\Public\Desktop\Scup.lnk
2012-03-21 20:27 - 2012-03-21 20:27 - 0000000 ____D C:\Users\Lion\AppData\Roaming\Scup.3AF73A5FDE434F6A6E19034B4D8311A6F5D9BBFC.1
2012-03-21 20:27 - 2012-03-21 20:27 - 0000000 ____D C:\Program Files (x86)\Scup
2012-03-20 20:33 - 2012-03-20 20:33 - 0000000 ____D C:\Users\Lion\AppData\Local\{6EE1D4F6-1C32-4DF8-9148-67F89128B46E}
2012-03-20 20:33 - 2012-03-20 20:33 - 0000000 ____D C:\Users\Lion\AppData\Local\{1FEDF07D-ABDA-4F31-8B33-42E5589E317A}
2012-03-19 21:12 - 2012-03-19 21:11 - 0000000 ____D C:\Users\Lion\AppData\Local\{8C9C2D9E-9433-4F00-A346-7563135FF5FC}
2012-03-19 21:11 - 2012-03-19 21:11 - 0000000 ____D C:\Users\Lion\AppData\Local\{58A3BCDC-60E8-4036-81C7-E440C837A05A}
2012-03-18 21:17 - 2012-03-18 21:17 - 0000000 ____D C:\Users\Lion\AppData\Local\{F7DFDE8D-8A12-4B0A-AA73-BEBFD03D015F}
2012-03-18 21:17 - 2012-03-18 21:17 - 0000000 ____D C:\Users\Lion\AppData\Local\{CF914601-AC53-4A55-A4EE-1C04A8C4C420}
2012-03-18 20:35 - 2012-03-18 20:35 - 0271776 ____A C:\Users\Lion\Documents\3607427281-1.jpg
2012-03-18 20:34 - 2012-03-18 20:34 - 0196893 ____A C:\Users\Lion\Documents\SomethingElse1080.jpg
2012-03-18 07:49 - 2012-03-18 07:48 - 16814447 ____A C:\Users\Lion\Downloads\JR-JUNKFOOD-MIXTAPE.zip
2012-03-16 23:58 - 2012-05-18 19:23 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-16 20:54 - 2011-12-03 09:02 - 0000000 ____D C:\eBook
2012-03-16 20:47 - 2012-02-23 20:22 - 0000000 ____D C:\Users\Lion\Documents\photoshop tutorials
2012-03-16 16:29 - 2011-12-02 12:13 - 0000000 ____D C:\Program Files (x86)\Steam
2012-03-16 12:09 - 2012-03-16 12:09 - 0000000 ____D C:\Users\Lion\AppData\Local\Chromium
2012-03-16 12:09 - 2012-03-16 11:59 - 0000000 ____D C:\Users\Lion\Documents\Rockstar Games
2012-03-16 10:28 - 2012-03-16 10:28 - 0000000 ____D C:\Program Files (x86)\Rockstar Games
2012-03-16 10:27 - 2011-07-29 04:31 - 0405232 ____A C:\Windows\DirectX.log
2012-03-16 10:00 - 2012-03-16 08:57 - 136171136 ____A C:\Users\Lion\Downloads\Clydie_King_-_The_Imperial___Minit_Years__1964-1968_.rar
2012-03-16 09:02 - 2012-03-16 09:02 - 0318464 ____A (Propellerhead Software AB) C:\Windows\System32\REX Shared Library.dll
2012-03-16 09:02 - 2012-03-16 09:02 - 0000000 ____D C:\Program Files\FXpansion
2012-03-16 09:02 - 2012-03-16 09:02 - 0000000 ____D C:\Program Files\Common Files\Steinberg
2012-03-16 09:02 - 2012-02-01 11:01 - 0275968 ____A (Propellerhead Software AB) C:\Windows\SysWOW64\REX Shared Library.dll
2012-03-16 09:01 - 2011-12-03 07:09 - 0000000 ____D C:\Users\Lion\AppData\Roaming\FXpansion
2012-03-16 08:55 - 2012-03-16 08:51 - 60788050 ____A C:\Users\Lion\Downloads\FXpansion.Geist.v1.0.5.5.x86.x64-ASSiGN.rar
2012-03-16 08:44 - 2011-12-12 11:57 - 0000000 ____D C:\KeePass-2.15
2012-03-16 08:39 - 2012-02-08 12:19 - 0000000 ____D C:\Users\Lion\AppData\Local\2K Games
2012-03-15 18:31 - 2012-03-15 18:31 - 0000000 ____D C:\Users\Lion\AppData\Local\{A78CF3E6-4288-4815-A4B5-003549E4B909}
2012-03-15 18:30 - 2012-03-15 18:30 - 0000000 ____D C:\Users\Lion\AppData\Local\{C9E72204-C700-4F09-B775-34B5DF78A0A1}
2012-03-14 20:48 - 2012-03-14 20:48 - 0000000 ____D C:\Users\Lion\AppData\Local\{C5D8DC50-F636-4BF6-8D15-3482BC49AA9B}
2012-03-14 20:47 - 2012-03-14 20:47 - 0000000 ____D C:\Users\Lion\AppData\Local\{4A597E8F-E4C8-4F14-B7F8-7258C6B9BB8E}
2012-03-13 20:36 - 2012-03-13 20:36 - 0000000 ____D C:\Users\Lion\AppData\Local\{BE7AED22-6494-42EA-ABAC-A92DE6FACE12}
2012-03-13 20:36 - 2012-03-13 20:36 - 0000000 ____D C:\Users\Lion\AppData\Local\{36DC4225-FC7D-40BD-852B-7854190FA444}
2012-03-12 21:08 - 2012-03-12 21:08 - 0000000 ____D C:\Users\Lion\AppData\Local\{406E47D2-CDD9-49FD-A417-2D24A5B06F34}
2012-03-12 21:08 - 2012-03-12 21:07 - 0000000 ____D C:\Users\Lion\AppData\Local\{E1E71B91-663B-4C9A-88E0-74600F40AB02}
2012-03-11 21:49 - 2012-03-11 21:49 - 0000000 ____D C:\Users\Lion\AppData\Local\{756E84AA-098D-4778-BB2F-6F464B9DD955}
2012-03-11 21:49 - 2012-03-11 21:48 - 0000000 ____D C:\Users\Lion\AppData\Local\{0126A828-6D85-43E4-B0E8-1C4B6FCA7846}
2012-03-11 12:49 - 2012-03-11 12:45 - 0000090 ____A C:\Users\Lion\mm.cfg
2012-03-11 12:45 - 2012-03-11 12:45 - 0000000 ____D C:\Users\Lion\AppData\Local\FlashDevelop.old
2012-03-11 12:45 - 2012-03-11 12:45 - 0000000 ____D C:\Users\Lion\AppData\Local\FlashDevelop
2012-03-11 11:54 - 2012-03-11 11:24 - 0000000 ____D C:\Program Files (x86)\FlashDevelop
2012-03-10 22:00 - 2012-03-10 22:00 - 0000000 ____D C:\Users\Lion\AppData\Local\{F1F367BC-7F00-4533-949B-4EA5179F84B5}
2012-03-10 22:00 - 2012-03-10 21:59 - 0000000 ____D C:\Users\Lion\AppData\Local\{F2ACC438-2776-4FFE-B586-8AF720214C80}
2012-03-10 16:38 - 2012-03-10 16:37 - 28451267 ____A C:\Users\Lion\Downloads\2012-sampleswap-update-sneak-peek.zip
2012-03-10 10:05 - 2012-03-10 10:01 - 0000000 ____D C:\Program Files (x86)\Canon
2012-03-10 10:02 - 2012-03-21 21:58 - 0001973 ____A C:\Users\Public\Desktop\Canon IJ Network Tool.lnk
2012-03-10 10:02 - 2012-03-10 10:02 - 0000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information
2012-03-10 10:02 - 2012-03-10 10:02 - 0000000 ____D C:\Users\All Users\CanonBJ
2012-03-10 10:02 - 2012-03-10 10:02 - 0000000 ____D C:\ProgramData\CanonBJ
2012-03-10 10:02 - 2012-03-10 10:02 - 0000000 ____D C:\Program Files\CanonBJ
2012-03-10 10:02 - 2009-07-13 19:20 - 0000000 __RSD C:\Windows\Media
2012-03-10 09:29 - 2011-12-02 22:47 - 0000000 ____D C:\DAW
2012-03-10 06:45 - 2012-03-21 21:58 - 0000849 ____A C:\Users\Public\Desktop\Podium.lnk
2012-03-10 06:45 - 2012-03-10 06:43 - 15173314 ____A C:\Users\Lion\Downloads\Podium_301.zip
2012-03-10 06:45 - 2012-03-10 06:43 - 15172708 ____A C:\Users\Lion\Downloads\Podium_302.zip
2012-03-10 06:45 - 2012-03-10 06:43 - 14967370 ____A C:\Users\Lion\Downloads\Podium_300.zip
2012-03-10 06:42 - 2012-03-10 06:41 - 16319544 ____A C:\Users\Lion\Downloads\Podium_310.zip
2012-03-09 21:45 - 2012-03-09 21:33 - 81301454 ____A C:\Users\Lion\Downloads\Metlip_-_Bit_Kondakcza_Vol._3-4.rar
2012-03-09 21:32 - 2012-03-09 21:32 - 0000000 ____D C:\Users\Lion\AppData\Local\{EE699B4F-D369-4FCC-B502-ADD5D2FB3CC2}
2012-03-09 21:32 - 2012-03-09 21:32 - 0000000 ____D C:\Users\Lion\AppData\Local\{D0988B29-78DA-4D0F-B147-94A71F498204}
2012-03-09 18:40 - 2012-03-09 18:38 - 10286782 ____A C:\Users\Lion\Downloads\REAPER.4.151.Portable.rar
2012-03-08 22:33 - 2012-03-08 22:33 - 0000000 ____D C:\Users\Lion\AppData\Local\{D4819C09-58D7-48A0-A1AE-BE7945F27AEB}
2012-03-08 22:33 - 2012-03-08 22:32 - 0000000 ____D C:\Users\Lion\AppData\Local\{AC0B8ECE-53CA-4DB9-A6AE-C96F442E70D2}
2012-03-07 21:20 - 2012-03-07 21:20 - 0000000 ____D C:\Users\Lion\AppData\Local\{5EC08491-2342-40FF-9B1C-495BBFD70092}
2012-03-07 21:20 - 2012-03-07 21:19 - 0000000 ____D C:\Users\Lion\AppData\Local\{806BA024-7C55-4709-A783-F88E001B2071}
2012-03-06 22:39 - 2012-03-06 22:39 - 0000000 ____D C:\Users\Lion\AppData\Local\{C0F09C70-A90D-4DE1-8324-842B4DF618EA}
2012-03-06 22:39 - 2012-03-06 22:39 - 0000000 ____D C:\Users\Lion\AppData\Local\{3550555F-D968-4762-A519-53F0D594B00A}
2012-03-06 15:15 - 2012-05-18 13:39 - 0258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-03-06 12:48 - 2012-03-06 12:48 - 0037066 ____A C:\Users\Lion\Documents\Clipboard01.jpg
2012-03-06 09:17 - 2012-03-06 09:17 - 0000000 ____D C:\Users\Lion\AppData\Local\{E0A05D9C-A322-4E3C-B7E4-0CED49C8DCDF}
2012-03-06 09:17 - 2012-03-06 09:17 - 0000000 ____D C:\Users\Lion\AppData\Local\{29CD7D1E-E950-4C41-A1CF-E4EC7B65D702}
2012-03-05 21:52 - 2012-03-05 21:52 - 296043756 ____A C:\Windows\MEMORY.DMP
2012-03-05 21:52 - 2012-03-05 21:52 - 0590536 ____A C:\Windows\Minidump\030612-26410-01.dmp
2012-03-05 21:52 - 2012-03-05 21:52 - 0000000 ____D C:\Windows\Minidump
2012-03-05 18:15 - 2012-03-05 18:00 - 64848812 ____A C:\Users\Lion\Downloads\G0M3D144R53N41.part2.rar
2012-03-05 12:02 - 2011-12-02 12:06 - 0000000 ____D C:\Gamez
2012-03-05 11:32 - 2012-03-05 11:21 - 296376597 ____A (DigiPen ) C:\Users\Lion\Downloads\NitronicRush_setup_20120303.0.exe
2012-03-05 10:57 - 2012-03-05 10:57 - 20652432 ____A C:\Users\Lion\Downloads\StealthBastard-1.09.exe
2012-03-05 01:20 - 2012-03-05 01:18 - 0000000 ____D C:\Users\Lion\Downloads\Vectors
2012-03-04 22:25 - 2012-03-04 22:25 - 0000000 ____D C:\Users\Lion\AppData\Local\{F2F27709-5897-44D0-99E3-E713E26B4E6D}
2012-03-04 22:25 - 2012-03-04 22:25 - 0000000 ____D C:\Users\Lion\AppData\Local\{CC0CF00A-5CA4-404C-A0AA-C14C45363FFD}
2012-03-04 18:45 - 2012-03-04 18:44 - 0011504 ____A C:\Users\Lion\Documents\Lion MicroBio.odt
2012-03-03 22:01 - 2012-03-03 22:00 - 0000000 ____D C:\Users\Lion\AppData\Local\{F14AE3FC-2B47-4988-9344-8C04E0360627}
2012-03-03 22:00 - 2012-03-03 22:00 - 0000000 ____D C:\Users\Lion\AppData\Local\{79D52E2F-B61E-4D88-8A76-771903AAE603}
2012-03-03 05:16 - 2012-03-03 05:16 - 0000000 ____D C:\Users\Lion\AppData\Local\{F73DE4EC-C78A-47C5-A7E8-DCEBDB21277C}
2012-03-03 05:16 - 2012-03-03 05:16 - 0000000 ____D C:\Users\Lion\AppData\Local\{D87D8539-099B-4A7E-A36C-BAD451C5900A}
2012-03-02 22:35 - 2012-05-18 19:23 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-02 21:31 - 2012-05-18 19:23 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-02 07:54 - 2011-12-02 22:06 - 0000000 ____D C:\Users\Lion\Documents\My Received Files
2012-03-01 16:49 - 2011-12-04 13:49 - 0000000 ____D C:\Users\Lion\AppData\Roaming\MeldaProduction MMultiBandHarmonizer
2012-03-01 16:48 - 2010-10-23 07:00 - 0114597 ____A C:\Users\Lion\AppData\Roaming\MMultiBandHarmonizerpresets.xml
2012-02-29 23:06 - 2012-02-29 23:05 - 0000000 ____D C:\Users\Lion\AppData\Local\{4B85FCD4-F1A9-49F3-8553-382A24D76080}
2012-02-29 23:05 - 2012-02-29 23:05 - 0000000 ____D C:\Users\Lion\AppData\Local\{CACB4367-9C3C-40FF-BE53-BF0B8B26C14B}
2012-02-29 22:46 - 2012-05-18 19:30 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:38 - 2012-05-18 19:30 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 22:33 - 2012-05-18 19:30 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 22:28 - 2012-05-18 19:30 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 21:37 - 2012-05-18 19:30 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 21:33 - 2012-05-18 19:30 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:29 - 2012-05-18 19:30 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-29 06:49 - 2012-02-27 07:31 - 0006458 ____A C:\Users\Lion\Documents\Emails.txt
2012-02-28 09:00 - 2011-07-29 04:47 - 0000000 ____D C:\Program Files\Preload
2012-02-27 23:34 - 2012-05-18 19:51 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 23:02 - 2012-05-18 19:51 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 22:56 - 2012-05-18 19:51 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 22:50 - 2012-05-18 19:51 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 22:49 - 2012-05-18 19:51 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 22:48 - 2012-05-18 19:51 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 22:48 - 2012-05-18 19:51 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 22:47 - 2012-05-18 19:51 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 22:45 - 2012-05-18 19:51 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 22:43 - 2012-05-18 19:51 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 22:43 - 2012-05-18 19:51 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 22:42 - 2012-05-18 19:52 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 22:39 - 2012-05-18 19:51 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 17:52 - 2012-05-18 19:51 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 17:27 - 2012-05-18 19:51 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 17:18 - 2012-05-18 19:51 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 17:12 - 2012-05-18 19:51 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 17:11 - 2012-05-18 19:51 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 17:11 - 2012-05-18 19:51 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 17:09 - 2012-05-18 19:51 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 17:08 - 2012-05-18 19:51 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 17:06 - 2012-05-18 19:51 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 17:04 - 2012-05-18 19:51 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 17:03 - 2012-05-18 19:52 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 17:03 - 2012-05-18 19:51 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 16:59 - 2012-05-18 19:51 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-26 13:06 - 2011-12-02 22:19 - 0000000 ____D C:\Users\Lion\Documents\NSP
2012-02-24 22:20 - 2012-02-24 22:20 - 0000000 ____D C:\Users\Lion\AppData\Local\{B35E3FDD-39D3-4E24-B031-85422B6328C7}
2012-02-24 22:20 - 2012-02-24 22:20 - 0000000 ____D C:\Users\Lion\AppData\Local\{4E6782A6-FE51-4C97-B89A-82CEE29C8DD4}
2012-02-24 14:26 - 2012-02-24 14:26 - 0492747 ____A C:\Users\Lion\Documents\Advertising Your personal Music By way of Products Inside the Business Mind-Set - The Reservation You Need to show Over to a Professional in the Music Industry. - Music Business Degree.mht
2012-02-24 14:25 - 2012-02-24 14:25 - 0269986 ____A C:\Users\Lion\Documents\How To Advertise Yourself and Your Band - Music Careers.mht
2012-02-24 14:23 - 2012-02-24 14:23 - 1929956 ____A C:\Users\Lion\Documents\14 ways to promote your music online _ MusicRadar.com.mht
2012-02-24 14:23 - 2012-02-24 14:23 - 0481734 ____A C:\Users\Lion\Documents\Don't Advertise Your Music CD and THEN You'll See Sales Soar - Yahoo! Voices - voices.yahoo.com.mht
2012-02-24 14:00 - 2012-02-24 14:00 - 1801149 ____A C:\Users\Lion\Documents\HOW TO_ Land Your Dream Job Using Google AdWords.mht
2012-02-24 10:05 - 2012-02-24 10:05 - 0000000 ____D C:\Users\Lion\AppData\Local\SKIDROW
2012-02-23 22:21 - 2012-02-23 22:03 - 277794350 ____A C:\Users\Lion\Downloads\Dustforce.RIP-Unleashed.rar
2012-02-23 20:17 - 2012-02-23 19:54 - 0000000 ____D C:\Users\Lion\Downloads\Lion Vector
2012-02-23 19:54 - 2012-02-23 19:39 - 100431872 ____A C:\Users\Lion\Downloads\G0M3D144R53N41.part1.rar
2012-02-22 06:29 - 2011-12-27 22:26 - 0000000 ____D C:\Program Files\K-Lite Codec Pack x64

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 32%
Total physical RAM: 1770.9 MB
Available physical RAM: 1198.22 MB
Total Pagefile: 1770.9 MB
Available Pagefile: 1180.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:100.05 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:13 GB) (Free:3.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 960 MB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 13 GB 1024 KB
Partition 2 Primary 100 MB 13 GB
Partition 3 Primary 284 GB 13 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E PQSERVICE NTFS Partition 13 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 Y SYSTEM RESE NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Acer NTFS Partition 284 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 959 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 959 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-10 23:30

======================= End Of Log ==========================

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:28 AM

Posted 21 May 2012 - 05:55 PM

Hi

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
2012-05-17 21:39 - 2012-05-17 21:39 - 0000000 ____D C:\Users\Lion\AppData\Local\{B49A0559-A0AB-11E1-826F-B8AC6F996F26}
2012-05-17 19:06 - 2012-05-17 19:06 - 0000000 ____D C:\Users\Lion\AppData\Local\{3015FC3D-6E29-4BF4-A21E-10EB5B723A23}
2012-05-17 13:29 - 2012-05-17 13:29 - 0000000 ____D C:\Users\Lion\AppData\Local\{21856541-F0EA-4F8B-B9B9-F3ADF7927512}
2012-05-17 13:29 - 2012-05-17 13:29 - 0000000 ____D C:\Users\Lion\AppData\Local\{124357F3-0B0F-43A5-BAB9-87231A3EADDA}
2012-05-16 19:48 - 2012-05-16 19:48 - 0000000 ____D C:\Users\Lion\AppData\Local\{06BC81D9-E9AE-47CB-9405-9700C9672587}
2012-05-16 19:47 - 2012-05-16 19:48 - 0000000 ____D C:\Users\Lion\AppData\Local\{1EFD781E-E249-444D-86AD-FD877F490EA8}
2012-05-16 07:05 - 2012-05-16 07:05 - 0000000 ____D C:\Users\Lion\AppData\Local\{FCE54279-7F66-41AD-B2F0-42454EB4070A}
2012-05-16 07:04 - 2012-05-16 07:04 - 0000000 ____D C:\Users\Lion\AppData\Local\{B2B94670-6E74-4D19-92D1-875050FDC0E7}
2012-05-15 20:34 - 2012-05-15 20:34 - 0000000 ____D C:\Users\Lion\AppData\Local\{1CEC48BE-5AA8-494C-891B-B9AF95847F4C}
2012-05-15 20:33 - 2012-05-15 20:33 - 0000000 ____D C:\Users\Lion\AppData\Local\{EE67B9F4-2E50-4D34-8222-A7B73170056B}
2012-05-10 19:49 - 2012-05-10 19:49 - 0000000 ____D C:\Users\Lion\AppData\Local\{AB0C788F-E019-475F-B848-8A0FDD418EE6}
2012-05-10 19:49 - 2012-05-10 19:49 - 0000000 ____D C:\Users\Lion\AppData\Local\{A52A3C62-0D7A-4BE1-826C-4672A2523FA5}
2012-05-08 19:57 - 2012-05-08 19:57 - 0000000 ____D C:\Users\Lion\AppData\Local\{24CE6D81-386E-47D0-83CA-93986F0DBE4C}
2012-05-08 19:56 - 2012-05-08 19:56 - 0000000 ____D C:\Users\Lion\AppData\Local\{D6FB8E93-BDF2-4079-A57C-B5E234FDF766}
2012-05-04 19:59 - 2012-05-04 20:00 - 0000000 ____D C:\Users\Lion\AppData\Local\{D2AE7CCC-339C-43A6-85DB-91DAE62359EF}
2012-05-04 19:59 - 2012-05-04 19:59 - 0000000 ____D C:\Users\Lion\AppData\Local\{B2BB60EB-3430-493C-AE7D-C46B2B80FB88}
2012-05-01 20:04 - 2012-05-01 20:04 - 0000000 ____D C:\Users\Lion\AppData\Local\{A4AA0768-8DF2-4EB7-B5EF-8E58A64393A6}
2012-05-01 20:04 - 2012-05-01 20:04 - 0000000 ____D C:\Users\Lion\AppData\Local\{74D9D1EB-1895-4838-A03F-DE96B14193F7}
2012-04-30 21:03 - 2012-04-30 21:04 - 0000000 ____D C:\Users\Lion\AppData\Local\{953C8298-305F-478C-A14A-B760A56F4909}
2012-04-30 21:03 - 2012-04-30 21:03 - 0000000 ____D C:\Users\Lion\AppData\Local\{2708A286-2725-49A7-9C52-DA6AF0F93B27}
2012-04-29 20:37 - 2012-04-29 20:37 - 0000000 ____D C:\Users\Lion\AppData\Local\{F9931B04-AAA4-4C82-8A58-E5A7A4D8ADBE}
2012-04-29 20:37 - 2012-04-29 20:37 - 0000000 ____D C:\Users\Lion\AppData\Local\{9D4CC6F2-074A-4ED6-9DB5-39EEFD18D288}
2012-04-25 19:32 - 2012-04-25 19:32 - 0000000 ____D C:\Users\Lion\AppData\Local\{897F0F8A-6396-45E3-8410-DAA78F8D6FF5}
2012-04-25 19:32 - 2012-04-25 19:32 - 0000000 ____D C:\Users\Lion\AppData\Local\{6DDF95FF-454D-498B-BDB6-A911DA2EFDF1}
2012-04-24 19:20 - 2012-04-24 19:21 - 0000000 ____D C:\Users\Lion\AppData\Local\{1C974F96-901A-4D43-BD39-C05C008CCD73}
2012-04-22 18:42 - 2012-04-22 18:42 - 0000000 ____D C:\Users\Lion\AppData\Local\{2B072906-CEF0-43D9-AFE4-FCC524978B7E}
2012-04-22 18:42 - 2012-04-22 18:42 - 0000000 ____D C:\Users\Lion\AppData\Local\{251543EC-F356-4E07-9208-A46FE0B13437}
2012-04-21 21:00 - 2012-04-21 21:00 - 0000000 ____D C:\Users\Lion\AppData\Local\{535503BA-51DA-4B46-9379-34F48CE72C66}
2012-04-21 21:00 - 2012-04-21 21:00 - 0000000 ____D C:\Users\Lion\AppData\Local\{19C41413-B753-4081-B4AB-3577BA5393D7}
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

NEXT



Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Delete is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 rd4k1

rd4k1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 21 May 2012 - 08:19 PM

Still getting the popups and executables running

Moving on with rest of your instructions


edit: TDSSKiller finds nothing (log after frst fix log)
Combofix runs the install, but the blue window never appears.

____

Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 19-05-2012
Ran by SYSTEM at 2012-05-21 21:13:11 Run:1
Running from F:\

==============================================

C:\Users\Lion\AppData\Local\{B49A0559-A0AB-11E1-826F-B8AC6F996F26} moved successfully.
C:\Users\Lion\AppData\Local\{3015FC3D-6E29-4BF4-A21E-10EB5B723A23} moved successfully.
C:\Users\Lion\AppData\Local\{21856541-F0EA-4F8B-B9B9-F3ADF7927512} moved successfully.
C:\Users\Lion\AppData\Local\{124357F3-0B0F-43A5-BAB9-87231A3EADDA} moved successfully.
C:\Users\Lion\AppData\Local\{06BC81D9-E9AE-47CB-9405-9700C9672587} moved successfully.
C:\Users\Lion\AppData\Local\{1EFD781E-E249-444D-86AD-FD877F490EA8} moved successfully.
C:\Users\Lion\AppData\Local\{FCE54279-7F66-41AD-B2F0-42454EB4070A} moved successfully.
C:\Users\Lion\AppData\Local\{B2B94670-6E74-4D19-92D1-875050FDC0E7} moved successfully.
C:\Users\Lion\AppData\Local\{1CEC48BE-5AA8-494C-891B-B9AF95847F4C} moved successfully.
C:\Users\Lion\AppData\Local\{EE67B9F4-2E50-4D34-8222-A7B73170056B} moved successfully.
C:\Users\Lion\AppData\Local\{AB0C788F-E019-475F-B848-8A0FDD418EE6} moved successfully.
C:\Users\Lion\AppData\Local\{A52A3C62-0D7A-4BE1-826C-4672A2523FA5} moved successfully.
C:\Users\Lion\AppData\Local\{24CE6D81-386E-47D0-83CA-93986F0DBE4C} moved successfully.
C:\Users\Lion\AppData\Local\{D6FB8E93-BDF2-4079-A57C-B5E234FDF766} moved successfully.
C:\Users\Lion\AppData\Local\{D2AE7CCC-339C-43A6-85DB-91DAE62359EF} moved successfully.
C:\Users\Lion\AppData\Local\{B2BB60EB-3430-493C-AE7D-C46B2B80FB88} moved successfully.
C:\Users\Lion\AppData\Local\{A4AA0768-8DF2-4EB7-B5EF-8E58A64393A6} moved successfully.
C:\Users\Lion\AppData\Local\{74D9D1EB-1895-4838-A03F-DE96B14193F7} moved successfully.
C:\Users\Lion\AppData\Local\{953C8298-305F-478C-A14A-B760A56F4909} moved successfully.
C:\Users\Lion\AppData\Local\{2708A286-2725-49A7-9C52-DA6AF0F93B27} moved successfully.
C:\Users\Lion\AppData\Local\{F9931B04-AAA4-4C82-8A58-E5A7A4D8ADBE} moved successfully.
C:\Users\Lion\AppData\Local\{9D4CC6F2-074A-4ED6-9DB5-39EEFD18D288} moved successfully.
C:\Users\Lion\AppData\Local\{897F0F8A-6396-45E3-8410-DAA78F8D6FF5} moved successfully.
C:\Users\Lion\AppData\Local\{6DDF95FF-454D-498B-BDB6-A911DA2EFDF1} moved successfully.
C:\Users\Lion\AppData\Local\{1C974F96-901A-4D43-BD39-C05C008CCD73} moved successfully.
C:\Users\Lion\AppData\Local\{2B072906-CEF0-43D9-AFE4-FCC524978B7E} moved successfully.
C:\Users\Lion\AppData\Local\{251543EC-F356-4E07-9208-A46FE0B13437} moved successfully.
C:\Users\Lion\AppData\Local\{535503BA-51DA-4B46-9379-34F48CE72C66} moved successfully.
C:\Users\Lion\AppData\Local\{19C41413-B753-4081-B4AB-3577BA5393D7} moved successfully.

==== End of Fixlog ====

TDSSKiller log:

21:23:39.0561 3420 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
21:23:39.0941 3420 ============================================================
21:23:39.0941 3420 Current date / time: 2012/05/21 21:23:39.0941
21:23:39.0941 3420 SystemInfo:
21:23:39.0941 3420
21:23:39.0941 3420 OS Version: 6.1.7601 ServicePack: 1.0
21:23:39.0941 3420 Product type: Workstation
21:23:39.0941 3420 ComputerName: BOOKOFOMENS
21:23:39.0941 3420 UserName: Lion
21:23:39.0941 3420 Windows directory: C:\Windows
21:23:39.0941 3420 System windows directory: C:\Windows
21:23:39.0941 3420 Running under WOW64
21:23:39.0941 3420 Processor architecture: Intel x64
21:23:39.0941 3420 Number of processors: 2
21:23:39.0941 3420 Page size: 0x1000
21:23:39.0941 3420 Boot type: Normal boot
21:23:39.0941 3420 ============================================================
21:23:41.0329 3420 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:23:41.0345 3420 ============================================================
21:23:41.0345 3420 \Device\Harddisk0\DR0:
21:23:41.0345 3420 MBR partitions:
21:23:41.0345 3420 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
21:23:41.0345 3420 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x239FB800
21:23:41.0345 3420 ============================================================
21:23:41.0376 3420 C: <-> \Device\Harddisk0\DR0\Partition1
21:23:41.0376 3420 ============================================================
21:23:41.0376 3420 Initialize success
21:23:41.0376 3420 ============================================================
21:23:53.0210 1976 ============================================================
21:23:53.0210 1976 Scan started
21:23:53.0210 1976 Mode: Manual; TDLFS;
21:23:53.0210 1976 ============================================================
21:23:54.0512 1976 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:23:54.0517 1976 1394ohci - ok
21:23:54.0572 1976 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:23:54.0577 1976 ACPI - ok
21:23:54.0599 1976 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:23:54.0601 1976 AcpiPmi - ok
21:23:54.0737 1976 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:23:54.0738 1976 AdobeARMservice - ok
21:23:54.0904 1976 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:23:54.0907 1976 AdobeFlashPlayerUpdateSvc - ok
21:23:54.0989 1976 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
21:23:54.0996 1976 adp94xx - ok
21:23:55.0053 1976 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
21:23:55.0058 1976 adpahci - ok
21:23:55.0094 1976 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
21:23:55.0097 1976 adpu320 - ok
21:23:55.0145 1976 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:23:55.0148 1976 AeLookupSvc - ok
21:23:55.0257 1976 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:23:55.0264 1976 AFD - ok
21:23:55.0304 1976 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:23:55.0305 1976 agp440 - ok
21:23:55.0327 1976 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:23:55.0329 1976 ALG - ok
21:23:55.0347 1976 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:23:55.0348 1976 aliide - ok
21:23:55.0413 1976 AMD External Events Utility (514089cb4a7df38dc4dd936ade4114d3) C:\Windows\system32\atiesrxx.exe
21:23:55.0417 1976 AMD External Events Utility - ok
21:23:55.0437 1976 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:23:55.0438 1976 amdide - ok
21:23:55.0464 1976 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
21:23:55.0466 1976 AmdK8 - ok
21:23:56.0116 1976 amdkmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
21:23:56.0226 1976 amdkmdag - ok
21:23:56.0397 1976 amdkmdap (9deb889d152f9c9dba98be8986084535) C:\Windows\system32\DRIVERS\atikmpag.sys
21:23:56.0413 1976 amdkmdap - ok
21:23:56.0444 1976 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:23:56.0460 1976 AmdPPM - ok
21:23:56.0507 1976 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:23:56.0507 1976 amdsata - ok
21:23:56.0538 1976 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
21:23:56.0553 1976 amdsbs - ok
21:23:56.0569 1976 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:23:56.0569 1976 amdxata - ok
21:23:56.0616 1976 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:23:56.0616 1976 AppID - ok
21:23:56.0631 1976 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:23:56.0647 1976 AppIDSvc - ok
21:23:56.0663 1976 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:23:56.0663 1976 Appinfo - ok
21:23:56.0694 1976 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
21:23:56.0694 1976 arc - ok
21:23:56.0709 1976 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
21:23:56.0725 1976 arcsas - ok
21:23:56.0741 1976 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:23:56.0741 1976 AsyncMac - ok
21:23:56.0756 1976 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:23:56.0772 1976 atapi - ok
21:23:56.0819 1976 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys
21:23:56.0834 1976 AtiHDAudioService - ok
21:23:56.0928 1976 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:23:56.0943 1976 AudioEndpointBuilder - ok
21:23:56.0959 1976 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:23:56.0959 1976 AudioSrv - ok
21:23:57.0006 1976 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:23:57.0006 1976 AxInstSV - ok
21:23:57.0084 1976 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
21:23:57.0084 1976 b06bdrv - ok
21:23:57.0131 1976 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:23:57.0146 1976 b57nd60a - ok
21:23:57.0562 1976 BCM43XX (85111026f1c5a1c4cce3697f0da7bc1a) C:\Windows\system32\DRIVERS\bcmwl664.sys
21:23:57.0614 1976 BCM43XX - ok
21:23:57.0732 1976 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:23:57.0732 1976 BDESVC - ok
21:23:57.0764 1976 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:23:57.0779 1976 Beep - ok
21:23:57.0873 1976 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
21:23:57.0888 1976 BITS - ok
21:23:57.0920 1976 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
21:23:57.0920 1976 blbdrive - ok
21:23:57.0951 1976 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:23:57.0951 1976 bowser - ok
21:23:57.0982 1976 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
21:23:57.0982 1976 BrFiltLo - ok
21:23:57.0998 1976 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
21:23:57.0998 1976 BrFiltUp - ok
21:23:58.0044 1976 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:23:58.0060 1976 Browser - ok
21:23:58.0091 1976 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:23:58.0107 1976 Brserid - ok
21:23:58.0122 1976 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:23:58.0122 1976 BrSerWdm - ok
21:23:58.0138 1976 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:23:58.0138 1976 BrUsbMdm - ok
21:23:58.0169 1976 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:23:58.0169 1976 BrUsbSer - ok
21:23:58.0200 1976 BthAudioHF (0c2e126c6e933856ac9fa6a6ecb9f5ea) C:\Windows\system32\DRIVERS\BthAudioHF.sys
21:23:58.0216 1976 BthAudioHF - ok
21:23:58.0232 1976 BthAvrcp (f0ba3ec50e091783d8df922279f68f23) C:\Windows\system32\DRIVERS\BthAvrcp.sys
21:23:58.0232 1976 BthAvrcp - ok
21:23:58.0294 1976 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
21:23:58.0294 1976 BthEnum - ok
21:23:58.0325 1976 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
21:23:58.0341 1976 BTHMODEM - ok
21:23:58.0372 1976 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:23:58.0372 1976 BthPan - ok
21:23:58.0461 1976 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
21:23:58.0469 1976 BTHPORT - ok
21:23:58.0506 1976 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:23:58.0506 1976 bthserv - ok
21:23:58.0526 1976 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
21:23:58.0526 1976 BTHUSB - ok
21:23:58.0573 1976 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:23:58.0573 1976 cdfs - ok
21:23:58.0620 1976 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:23:58.0636 1976 cdrom - ok
21:23:58.0667 1976 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:23:58.0667 1976 CertPropSvc - ok
21:23:58.0698 1976 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
21:23:58.0698 1976 circlass - ok
21:23:58.0745 1976 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:23:58.0760 1976 CLFS - ok
21:23:58.0823 1976 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:23:58.0823 1976 clr_optimization_v2.0.50727_32 - ok
21:23:58.0885 1976 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:23:58.0885 1976 clr_optimization_v2.0.50727_64 - ok
21:23:59.0026 1976 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:23:59.0026 1976 clr_optimization_v4.0.30319_32 - ok
21:23:59.0119 1976 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:23:59.0119 1976 clr_optimization_v4.0.30319_64 - ok
21:23:59.0166 1976 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
21:23:59.0166 1976 CmBatt - ok
21:23:59.0182 1976 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:23:59.0182 1976 cmdide - ok
21:23:59.0275 1976 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:23:59.0291 1976 CNG - ok
21:23:59.0494 1976 CnxtHdAudService (87ff942b1954f31ad09028bccc9dcca2) C:\Windows\system32\drivers\CHDRT64.sys
21:23:59.0509 1976 CnxtHdAudService - ok
21:23:59.0665 1976 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
21:23:59.0665 1976 Compbatt - ok
21:23:59.0696 1976 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:23:59.0696 1976 CompositeBus - ok
21:23:59.0728 1976 COMSysApp - ok
21:23:59.0743 1976 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
21:23:59.0743 1976 crcdisk - ok
21:23:59.0852 1976 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:23:59.0852 1976 CryptSvc - ok
21:23:59.0930 1976 csr_a2dp (44a71bf176357087f22d521ce7c64949) C:\Windows\system32\drivers\bthav.sys
21:23:59.0930 1976 csr_a2dp - ok
21:23:59.0993 1976 CxAudMsg (9d0d050170d47e778b624a28c90f23de) C:\Windows\system32\CxAudMsg64.exe
21:23:59.0993 1976 CxAudMsg - ok
21:24:00.0086 1976 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:24:00.0086 1976 DcomLaunch - ok
21:24:00.0164 1976 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:24:00.0164 1976 defragsvc - ok
21:24:00.0211 1976 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:24:00.0211 1976 DfsC - ok
21:24:00.0274 1976 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:24:00.0274 1976 Dhcp - ok
21:24:00.0305 1976 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:24:00.0305 1976 discache - ok
21:24:00.0336 1976 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
21:24:00.0336 1976 Disk - ok
21:24:00.0383 1976 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:24:00.0383 1976 Dnscache - ok
21:24:00.0414 1976 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:24:00.0414 1976 dot3svc - ok
21:24:00.0461 1976 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:24:00.0461 1976 DPS - ok
21:24:00.0492 1976 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:24:00.0492 1976 drmkaud - ok
21:24:00.0601 1976 DsiWMIService (9dd3a22f804697606c2b7ff9e912ff6b) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
21:24:00.0601 1976 DsiWMIService - ok
21:24:00.0679 1976 dtsoftbus01 (1cecd1252261153c7873b5d9eb259d65) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:24:00.0679 1976 dtsoftbus01 - ok
21:24:00.0788 1976 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:24:00.0804 1976 DXGKrnl - ok
21:24:00.0835 1976 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:24:00.0835 1976 EapHost - ok
21:24:01.0085 1976 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
21:24:01.0132 1976 ebdrv - ok
21:24:01.0272 1976 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:24:01.0288 1976 EFS - ok
21:24:01.0412 1976 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:24:01.0412 1976 ehRecvr - ok
21:24:01.0468 1976 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:24:01.0470 1976 ehSched - ok
21:24:01.0561 1976 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
21:24:01.0577 1976 elxstor - ok
21:24:01.0748 1976 ePowerSvc (ac5c64f828c0a6a1350971501ac2a0c7) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
21:24:01.0764 1976 ePowerSvc - ok
21:24:01.0873 1976 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:24:01.0873 1976 ErrDev - ok
21:24:01.0935 1976 ETD (9d8739a2a2173c9d27c499a3fc6eda3f) C:\Windows\system32\DRIVERS\ETD.sys
21:24:01.0935 1976 ETD - ok
21:24:01.0998 1976 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:24:01.0998 1976 EventSystem - ok
21:24:02.0045 1976 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:24:02.0045 1976 exfat - ok
21:24:02.0076 1976 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:24:02.0091 1976 fastfat - ok
21:24:02.0263 1976 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:24:02.0273 1976 Fax - ok
21:24:02.0303 1976 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
21:24:02.0303 1976 fdc - ok
21:24:02.0343 1976 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:24:02.0343 1976 fdPHost - ok
21:24:02.0373 1976 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:24:02.0373 1976 FDResPub - ok
21:24:02.0403 1976 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:24:02.0403 1976 FileInfo - ok
21:24:02.0433 1976 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:24:02.0433 1976 Filetrace - ok
21:24:02.0458 1976 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
21:24:02.0458 1976 flpydisk - ok
21:24:02.0493 1976 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:24:02.0496 1976 FltMgr - ok
21:24:02.0606 1976 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:24:02.0621 1976 FontCache - ok
21:24:02.0691 1976 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:24:02.0696 1976 FontCache3.0.0.0 - ok
21:24:02.0756 1976 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:24:02.0756 1976 FsDepends - ok
21:24:02.0811 1976 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:24:02.0811 1976 Fs_Rec - ok
21:24:02.0876 1976 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:24:02.0881 1976 fvevol - ok
21:24:02.0906 1976 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
21:24:02.0906 1976 gagp30kx - ok
21:24:02.0997 1976 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:24:03.0007 1976 gpsvc - ok
21:24:03.0107 1976 GREGService (84e58fea8b1a7537696a20c59cb9b0c9) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
21:24:03.0108 1976 GREGService - ok
21:24:03.0145 1976 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:24:03.0146 1976 hcw85cir - ok
21:24:03.0221 1976 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:24:03.0226 1976 HdAudAddService - ok
21:24:03.0322 1976 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:24:03.0324 1976 HDAudBus - ok
21:24:03.0392 1976 HFGService (9f4d7cb4048f9492ec06d3e4f2550b82) C:\Windows\System32\HFGService.dll
21:24:03.0400 1976 HFGService - ok
21:24:03.0426 1976 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
21:24:03.0428 1976 HidBatt - ok
21:24:03.0464 1976 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
21:24:03.0466 1976 HidBth - ok
21:24:03.0506 1976 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
21:24:03.0507 1976 HidIr - ok
21:24:03.0549 1976 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
21:24:03.0553 1976 hidserv - ok
21:24:03.0599 1976 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:24:03.0600 1976 HidUsb - ok
21:24:03.0641 1976 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:24:03.0644 1976 hkmsvc - ok
21:24:03.0693 1976 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:24:03.0698 1976 HomeGroupListener - ok
21:24:03.0749 1976 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:24:03.0755 1976 HomeGroupProvider - ok
21:24:03.0792 1976 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:24:03.0794 1976 HpSAMD - ok
21:24:03.0905 1976 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:24:03.0915 1976 HTTP - ok
21:24:03.0940 1976 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:24:03.0941 1976 hwpolicy - ok
21:24:03.0979 1976 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:24:03.0981 1976 i8042prt - ok
21:24:04.0047 1976 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:24:04.0053 1976 iaStorV - ok
21:24:04.0197 1976 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:24:04.0207 1976 idsvc - ok
21:24:04.0269 1976 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
21:24:04.0270 1976 iirsp - ok
21:24:04.0387 1976 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:24:04.0398 1976 IKEEXT - ok
21:24:04.0431 1976 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:24:04.0432 1976 intelide - ok
21:24:04.0463 1976 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
21:24:04.0465 1976 intelppm - ok
21:24:04.0500 1976 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:24:04.0503 1976 IPBusEnum - ok
21:24:04.0540 1976 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:24:04.0542 1976 IpFilterDriver - ok
21:24:04.0580 1976 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:24:04.0582 1976 IPMIDRV - ok
21:24:04.0630 1976 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:24:04.0633 1976 IPNAT - ok
21:24:04.0673 1976 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:24:04.0674 1976 IRENUM - ok
21:24:04.0692 1976 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:24:04.0693 1976 isapnp - ok
21:24:04.0743 1976 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:24:04.0748 1976 iScsiPrt - ok
21:24:04.0766 1976 ISODisk - ok
21:24:04.0796 1976 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:24:04.0798 1976 kbdclass - ok
21:24:04.0822 1976 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:24:04.0824 1976 kbdhid - ok
21:24:04.0874 1976 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:24:04.0877 1976 KeyIso - ok
21:24:04.0915 1976 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:24:04.0917 1976 KSecDD - ok
21:24:04.0955 1976 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:24:04.0958 1976 KSecPkg - ok
21:24:04.0977 1976 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:24:04.0978 1976 ksthunk - ok
21:24:05.0042 1976 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:24:05.0049 1976 KtmRm - ok
21:24:05.0106 1976 L1C (6dd5383c9413aae3113faf89e345663d) C:\Windows\system32\DRIVERS\L1C62x64.sys
21:24:05.0108 1976 L1C - ok
21:24:05.0173 1976 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
21:24:05.0179 1976 LanmanServer - ok
21:24:05.0218 1976 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:24:05.0223 1976 LanmanWorkstation - ok
21:24:05.0344 1976 Live Updater Service (b705c7097f9a0ec941d02dce7c7d426c) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
21:24:05.0348 1976 Live Updater Service - ok
21:24:05.0389 1976 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:24:05.0391 1976 lltdio - ok
21:24:05.0454 1976 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:24:05.0460 1976 lltdsvc - ok
21:24:05.0510 1976 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:24:05.0513 1976 lmhosts - ok
21:24:05.0563 1976 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
21:24:05.0566 1976 LSI_FC - ok
21:24:05.0586 1976 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
21:24:05.0588 1976 LSI_SAS - ok
21:24:05.0616 1976 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
21:24:05.0617 1976 LSI_SAS2 - ok
21:24:05.0645 1976 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
21:24:05.0647 1976 LSI_SCSI - ok
21:24:05.0682 1976 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:24:05.0684 1976 luafv - ok
21:24:05.0769 1976 MAUSBFASTTRACK (f2643036b225ba4621a965434478f35e) C:\Windows\system32\DRIVERS\MAudioFastTrack.sys
21:24:05.0772 1976 MAUSBFASTTRACK - ok
21:24:05.0836 1976 McAfee SiteAdvisor Service - ok
21:24:05.0933 1976 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
21:24:05.0939 1976 mcdbus - ok
21:24:05.0983 1976 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:24:05.0988 1976 Mcx2Svc - ok
21:24:06.0027 1976 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
21:24:06.0029 1976 megasas - ok
21:24:06.0078 1976 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
21:24:06.0082 1976 MegaSR - ok
21:24:06.0115 1976 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:24:06.0118 1976 MMCSS - ok
21:24:06.0138 1976 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:24:06.0140 1976 Modem - ok
21:24:06.0182 1976 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:24:06.0183 1976 monitor - ok
21:24:06.0221 1976 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:24:06.0223 1976 mouclass - ok
21:24:06.0258 1976 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:24:06.0259 1976 mouhid - ok
21:24:06.0281 1976 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:24:06.0283 1976 mountmgr - ok
21:24:06.0314 1976 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:24:06.0317 1976 mpio - ok
21:24:06.0347 1976 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:24:06.0349 1976 mpsdrv - ok
21:24:06.0385 1976 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:24:06.0388 1976 MRxDAV - ok
21:24:06.0411 1976 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:24:06.0414 1976 mrxsmb - ok
21:24:06.0495 1976 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:24:06.0499 1976 mrxsmb10 - ok
21:24:06.0518 1976 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:24:06.0520 1976 mrxsmb20 - ok
21:24:06.0535 1976 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:24:06.0539 1976 msahci - ok
21:24:06.0567 1976 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:24:06.0569 1976 msdsm - ok
21:24:06.0613 1976 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:24:06.0617 1976 MSDTC - ok
21:24:06.0657 1976 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:24:06.0659 1976 Msfs - ok
21:24:06.0681 1976 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:24:06.0682 1976 mshidkmdf - ok
21:24:06.0706 1976 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:24:06.0707 1976 msisadrv - ok
21:24:06.0755 1976 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:24:06.0759 1976 MSiSCSI - ok
21:24:06.0767 1976 msiserver - ok
21:24:06.0808 1976 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:24:06.0809 1976 MSKSSRV - ok
21:24:06.0842 1976 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:24:06.0843 1976 MSPCLOCK - ok
21:24:06.0856 1976 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:24:06.0858 1976 MSPQM - ok
21:24:06.0913 1976 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:24:06.0919 1976 MsRPC - ok
21:24:06.0943 1976 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:24:06.0945 1976 mssmbios - ok
21:24:06.0965 1976 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:24:06.0967 1976 MSTEE - ok
21:24:06.0983 1976 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
21:24:06.0985 1976 MTConfig - ok
21:24:07.0001 1976 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:24:07.0004 1976 Mup - ok
21:24:07.0077 1976 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:24:07.0086 1976 napagent - ok
21:24:07.0161 1976 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:24:07.0166 1976 NativeWifiP - ok
21:24:07.0285 1976 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:24:07.0301 1976 NDIS - ok
21:24:07.0332 1976 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:24:07.0332 1976 NdisCap - ok
21:24:07.0379 1976 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:24:07.0379 1976 NdisTapi - ok
21:24:07.0410 1976 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:24:07.0426 1976 Ndisuio - ok
21:24:07.0461 1976 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:24:07.0464 1976 NdisWan - ok
21:24:07.0496 1976 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:24:07.0499 1976 NDProxy - ok
21:24:07.0511 1976 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:24:07.0514 1976 NetBIOS - ok
21:24:07.0556 1976 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:24:07.0561 1976 NetBT - ok
21:24:07.0606 1976 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:24:07.0609 1976 Netlogon - ok
21:24:07.0684 1976 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:24:07.0691 1976 Netman - ok
21:24:07.0734 1976 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:24:07.0734 1976 netprofm - ok
21:24:07.0827 1976 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:24:07.0827 1976 NetTcpPortSharing - ok
21:24:07.0890 1976 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
21:24:07.0890 1976 nfrd960 - ok
21:24:07.0952 1976 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:24:07.0968 1976 NlaSvc - ok
21:24:07.0983 1976 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:24:07.0983 1976 Npfs - ok
21:24:08.0014 1976 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:24:08.0014 1976 nsi - ok
21:24:08.0030 1976 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:24:08.0030 1976 nsiproxy - ok
21:24:08.0186 1976 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:24:08.0202 1976 Ntfs - ok
21:24:08.0326 1976 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:24:08.0326 1976 Null - ok
21:24:08.0404 1976 NvnUsbAudio (4cb891301e4339f8652a0ed6b1b50ef7) C:\Windows\system32\DRIVERS\nvnusbaudio.sys
21:24:08.0404 1976 NvnUsbAudio - ok
21:24:08.0436 1976 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:24:08.0436 1976 nvraid - ok
21:24:08.0467 1976 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:24:08.0467 1976 nvstor - ok
21:24:08.0514 1976 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:24:08.0514 1976 nv_agp - ok
21:24:08.0545 1976 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:24:08.0545 1976 ohci1394 - ok
21:24:08.0607 1976 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:24:08.0607 1976 p2pimsvc - ok
21:24:08.0670 1976 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:24:08.0670 1976 p2psvc - ok
21:24:09.0058 1976 PaceLicenseDServices (08525ad1115d8dacf1920b25861fea78) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
21:24:09.0088 1976 PaceLicenseDServices - ok
21:24:09.0258 1976 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
21:24:09.0258 1976 Parport - ok
21:24:09.0318 1976 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:24:09.0318 1976 partmgr - ok
21:24:09.0388 1976 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:24:09.0393 1976 PcaSvc - ok
21:24:09.0433 1976 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:24:09.0433 1976 pci - ok
21:24:09.0453 1976 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:24:09.0453 1976 pciide - ok
21:24:09.0498 1976 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
21:24:09.0503 1976 pcmcia - ok
21:24:09.0518 1976 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:24:09.0518 1976 pcw - ok
21:24:09.0583 1976 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:24:09.0593 1976 PEAUTH - ok
21:24:09.0693 1976 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:24:09.0698 1976 PerfHost - ok
21:24:09.0863 1976 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:24:09.0878 1976 pla - ok
21:24:09.0978 1976 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:24:09.0983 1976 PlugPlay - ok
21:24:10.0013 1976 PnkBstrA - ok
21:24:10.0028 1976 PnkBstrB - ok
21:24:10.0058 1976 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:24:10.0063 1976 PNRPAutoReg - ok
21:24:10.0103 1976 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:24:10.0113 1976 PNRPsvc - ok
21:24:10.0183 1976 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:24:10.0193 1976 PolicyAgent - ok
21:24:10.0238 1976 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:24:10.0243 1976 Power - ok
21:24:10.0333 1976 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:24:10.0338 1976 PptpMiniport - ok
21:24:10.0373 1976 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
21:24:10.0378 1976 Processor - ok
21:24:10.0413 1976 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:24:10.0418 1976 ProfSvc - ok
21:24:10.0473 1976 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:24:10.0476 1976 ProtectedStorage - ok
21:24:10.0518 1976 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:24:10.0521 1976 Psched - ok
21:24:10.0673 1976 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
21:24:10.0693 1976 ql2300 - ok
21:24:10.0833 1976 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
21:24:10.0833 1976 ql40xx - ok
21:24:10.0888 1976 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:24:10.0893 1976 QWAVE - ok
21:24:10.0918 1976 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:24:10.0918 1976 QWAVEdrv - ok
21:24:10.0988 1976 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:24:10.0988 1976 RasAcd - ok
21:24:11.0068 1976 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:24:11.0068 1976 RasAgileVpn - ok
21:24:11.0115 1976 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:24:11.0125 1976 RasAuto - ok
21:24:11.0216 1976 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:24:11.0219 1976 Rasl2tp - ok
21:24:11.0275 1976 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:24:11.0282 1976 RasMan - ok
21:24:11.0317 1976 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:24:11.0319 1976 RasPppoe - ok
21:24:11.0377 1976 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:24:11.0379 1976 RasSstp - ok
21:24:11.0428 1976 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:24:11.0433 1976 rdbss - ok
21:24:11.0470 1976 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
21:24:11.0474 1976 rdpbus - ok
21:24:11.0499 1976 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:24:11.0501 1976 RDPCDD - ok
21:24:11.0535 1976 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:24:11.0536 1976 RDPENCDD - ok
21:24:11.0573 1976 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:24:11.0575 1976 RDPREFMP - ok
21:24:11.0649 1976 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
21:24:11.0652 1976 RDPWD - ok
21:24:11.0718 1976 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:24:11.0721 1976 rdyboost - ok
21:24:11.0787 1976 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:24:11.0790 1976 RemoteAccess - ok
21:24:11.0846 1976 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:24:11.0851 1976 RemoteRegistry - ok
21:24:11.0894 1976 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:24:11.0897 1976 RFCOMM - ok
21:24:11.0918 1976 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:24:11.0923 1976 RpcEptMapper - ok
21:24:11.0968 1976 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:24:11.0970 1976 RpcLocator - ok
21:24:12.0035 1976 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:24:12.0045 1976 RpcSs - ok
21:24:12.0085 1976 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:24:12.0087 1976 rspndr - ok
21:24:12.0166 1976 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\Windows\system32\Drivers\RtsUStor.sys
21:24:12.0170 1976 RSUSBSTOR - ok
21:24:12.0272 1976 RS_Service (7cb9f0fdd730f4a4ecf6cde15ea12e8a) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
21:24:12.0277 1976 RS_Service - ok
21:24:12.0330 1976 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:24:12.0333 1976 SamSs - ok
21:24:12.0371 1976 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:24:12.0373 1976 sbp2port - ok
21:24:12.0423 1976 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:24:12.0429 1976 SCardSvr - ok
21:24:12.0462 1976 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:24:12.0463 1976 scfilter - ok
21:24:12.0564 1976 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:24:12.0580 1976 Schedule - ok
21:24:12.0631 1976 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:24:12.0633 1976 SCPolicySvc - ok
21:24:12.0677 1976 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:24:12.0682 1976 SDRSVC - ok
21:24:12.0771 1976 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:24:12.0772 1976 secdrv - ok
21:24:12.0795 1976 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:24:12.0799 1976 seclogon - ok
21:24:12.0831 1976 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:24:12.0836 1976 SENS - ok
21:24:12.0860 1976 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:24:12.0864 1976 SensrSvc - ok
21:24:12.0897 1976 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
21:24:12.0899 1976 Serenum - ok
21:24:12.0949 1976 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
21:24:12.0951 1976 Serial - ok
21:24:12.0970 1976 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
21:24:12.0971 1976 sermouse - ok
21:24:13.0015 1976 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:24:13.0020 1976 SessionEnv - ok
21:24:13.0040 1976 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:24:13.0042 1976 sffdisk - ok
21:24:13.0063 1976 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:24:13.0065 1976 sffp_mmc - ok
21:24:13.0085 1976 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:24:13.0086 1976 sffp_sd - ok
21:24:13.0111 1976 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
21:24:13.0112 1976 sfloppy - ok
21:24:13.0175 1976 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:24:13.0182 1976 ShellHWDetection - ok
21:24:13.0231 1976 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
21:24:13.0233 1976 SiSRaid2 - ok
21:24:13.0255 1976 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
21:24:13.0258 1976 SiSRaid4 - ok
21:24:13.0427 1976 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
21:24:13.0430 1976 SkypeUpdate - ok
21:24:13.0465 1976 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:24:13.0467 1976 Smb - ok
21:24:13.0512 1976 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:24:13.0516 1976 SNMPTRAP - ok
21:24:13.0536 1976 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:24:13.0538 1976 spldr - ok
21:24:13.0612 1976 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:24:13.0626 1976 Spooler - ok
21:24:13.0978 1976 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:24:14.0033 1976 sppsvc - ok
21:24:14.0150 1976 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:24:14.0154 1976 sppuinotify - ok
21:24:14.0238 1976 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:24:14.0244 1976 srv - ok
21:24:14.0291 1976 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:24:14.0298 1976 srv2 - ok
21:24:14.0320 1976 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:24:14.0323 1976 srvnet - ok
21:24:14.0384 1976 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:24:14.0389 1976 SSDPSRV - ok
21:24:14.0420 1976 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:24:14.0424 1976 SstpSvc - ok
21:24:14.0499 1976 Steam Client Service - ok
21:24:14.0521 1976 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
21:24:14.0523 1976 stexstor - ok
21:24:14.0582 1976 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
21:24:14.0583 1976 StillCam - ok
21:24:14.0827 1976 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:24:14.0838 1976 stisvc - ok
21:24:14.0943 1976 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:24:14.0944 1976 swenum - ok
21:24:15.0132 1976 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:24:15.0142 1976 SwitchBoard - ok
21:24:15.0249 1976 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:24:15.0259 1976 swprv - ok
21:24:15.0460 1976 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:24:15.0483 1976 SysMain - ok
21:24:15.0606 1976 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:24:15.0611 1976 TabletInputService - ok
21:24:15.0656 1976 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:24:15.0663 1976 TapiSrv - ok
21:24:15.0694 1976 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:24:15.0698 1976 TBS - ok
21:24:15.0912 1976 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
21:24:15.0935 1976 Tcpip - ok
21:24:16.0260 1976 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
21:24:16.0283 1976 TCPIP6 - ok
21:24:16.0421 1976 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:24:16.0422 1976 tcpipreg - ok
21:24:16.0465 1976 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:24:16.0469 1976 TDPIPE - ok
21:24:16.0532 1976 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:24:16.0533 1976 TDTCP - ok
21:24:16.0579 1976 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:24:16.0582 1976 tdx - ok
21:24:16.0605 1976 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:24:16.0607 1976 TermDD - ok
21:24:16.0700 1976 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:24:16.0711 1976 TermService - ok
21:24:16.0765 1976 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:24:16.0768 1976 Themes - ok
21:24:16.0803 1976 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:24:16.0806 1976 THREADORDER - ok
21:24:16.0889 1976 Tpkd (8dd33a57339adae34cdb12994acbc50f) C:\Windows\system32\drivers\Tpkd.sys
21:24:16.0891 1976 Tpkd - ok
21:24:16.0921 1976 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:24:16.0926 1976 TrkWks - ok
21:24:16.0998 1976 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:24:17.0001 1976 TrustedInstaller - ok
21:24:17.0027 1976 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:24:17.0029 1976 tssecsrv - ok
21:24:17.0068 1976 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:24:17.0069 1976 TsUsbFlt - ok
21:24:17.0101 1976 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
21:24:17.0103 1976 TsUsbGD - ok
21:24:17.0156 1976 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:24:17.0158 1976 tunnel - ok
21:24:17.0229 1976 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
21:24:17.0231 1976 uagp35 - ok
21:24:17.0320 1976 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:24:17.0325 1976 udfs - ok
21:24:17.0371 1976 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:24:17.0376 1976 UI0Detect - ok
21:24:17.0417 1976 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:24:17.0419 1976 uliagpkx - ok
21:24:17.0451 1976 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:24:17.0452 1976 umbus - ok
21:24:17.0467 1976 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
21:24:17.0469 1976 UmPass - ok
21:24:17.0535 1976 UnsignedThemes (8f387a1cc015a3f5020700c657a0fc85) C:\Windows\UnsignedThemesSvc.exe
21:24:17.0537 1976 UnsignedThemes - ok
21:24:17.0592 1976 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:24:17.0600 1976 upnphost - ok
21:24:17.0666 1976 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
21:24:17.0668 1976 usbaudio - ok
21:24:17.0702 1976 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:24:17.0704 1976 usbccgp - ok
21:24:17.0732 1976 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:24:17.0734 1976 usbcir - ok
21:24:17.0756 1976 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:24:17.0758 1976 usbehci - ok
21:24:17.0802 1976 usbfilter (76e2ffad301490ba27b947c6507752fb) C:\Windows\system32\DRIVERS\usbfilter.sys
21:24:17.0804 1976 usbfilter - ok
21:24:17.0868 1976 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
21:24:17.0873 1976 usbhub - ok
21:24:17.0893 1976 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:24:17.0895 1976 usbohci - ok
21:24:17.0916 1976 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
21:24:17.0918 1976 usbprint - ok
21:24:17.0947 1976 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:24:17.0949 1976 USBSTOR - ok
21:24:17.0963 1976 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:24:17.0965 1976 usbuhci - ok
21:24:18.0019 1976 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
21:24:18.0022 1976 usbvideo - ok
21:24:18.0074 1976 uxpatch (297ee9c666fc8bb96a232db0ddba1e49) C:\Windows\system32\drivers\uxpatch.sys
21:24:18.0075 1976 uxpatch - ok
21:24:18.0112 1976 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:24:18.0117 1976 UxSms - ok
21:24:18.0163 1976 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:24:18.0165 1976 VaultSvc - ok
21:24:18.0209 1976 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:24:18.0211 1976 vdrvroot - ok
21:24:18.0286 1976 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:24:18.0296 1976 vds - ok
21:24:18.0428 1976 VFPRadioSupportService (b2be00f7dba8506c39ed6bc7b32d2845) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
21:24:18.0430 1976 VFPRadioSupportService - ok
21:24:18.0446 1976 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:24:18.0448 1976 vga - ok
21:24:18.0467 1976 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:24:18.0468 1976 VgaSave - ok
21:24:18.0505 1976 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:24:18.0508 1976 vhdmp - ok
21:24:18.0537 1976 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:24:18.0538 1976 viaide - ok
21:24:18.0568 1976 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:24:18.0570 1976 volmgr - ok
21:24:18.0606 1976 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:24:18.0606 1976 volmgrx - ok
21:24:18.0637 1976 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:24:18.0637 1976 volsnap - ok
21:24:18.0684 1976 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
21:24:18.0699 1976 vsmraid - ok
21:24:18.0855 1976 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:24:18.0871 1976 VSS - ok
21:24:19.0011 1976 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:24:19.0011 1976 vwifibus - ok
21:24:19.0058 1976 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:24:19.0058 1976 vwififlt - ok
21:24:19.0089 1976 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:24:19.0089 1976 vwifimp - ok
21:24:19.0152 1976 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:24:19.0167 1976 W32Time - ok
21:24:19.0198 1976 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
21:24:19.0198 1976 WacomPen - ok
21:24:19.0292 1976 wampapache (5cf6e9a685199445fee02fe8c191c9ba) c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe
21:24:19.0308 1976 wampapache - ok
21:24:19.0386 1976 wampmysqld - ok
21:24:19.0448 1976 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:24:19.0464 1976 WANARP - ok
21:24:19.0497 1976 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:24:19.0500 1976 Wanarpv6 - ok
21:24:19.0700 1976 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:24:19.0731 1976 WatAdminSvc - ok
21:24:19.0887 1976 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:24:19.0902 1976 wbengine - ok
21:24:20.0043 1976 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:24:20.0058 1976 WbioSrvc - ok
21:24:20.0105 1976 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:24:20.0121 1976 wcncsvc - ok
21:24:20.0136 1976 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:24:20.0152 1976 WcsPlugInService - ok
21:24:20.0199 1976 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
21:24:20.0199 1976 Wd - ok
21:24:20.0308 1976 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:24:20.0324 1976 Wdf01000 - ok
21:24:20.0436 1976 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:24:20.0441 1976 WdiServiceHost - ok
21:24:20.0457 1976 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:24:20.0466 1976 WdiSystemHost - ok
21:24:20.0533 1976 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:24:20.0540 1976 WebClient - ok
21:24:20.0625 1976 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:24:20.0632 1976 Wecsvc - ok
21:24:20.0672 1976 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:24:20.0677 1976 wercplsupport - ok
21:24:20.0723 1976 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:24:20.0729 1976 WerSvc - ok
21:24:20.0804 1976 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:24:20.0805 1976 WfpLwf - ok
21:24:20.0851 1976 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:24:20.0852 1976 WIMMount - ok
21:24:20.0873 1976 WinHttpAutoProxySvc - ok
21:24:20.0973 1976 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:24:20.0977 1976 Winmgmt - ok
21:24:21.0194 1976 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:24:21.0221 1976 WinRM - ok
21:24:21.0494 1976 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:24:21.0509 1976 Wlansvc - ok
21:24:21.0702 1976 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:24:21.0705 1976 wlcrasvc - ok
21:24:22.0419 1976 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:24:22.0446 1976 wlidsvc - ok
21:24:22.0631 1976 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
21:24:22.0633 1976 WmBEnum - ok
21:24:22.0665 1976 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
21:24:22.0667 1976 WmFilter - ok
21:24:22.0706 1976 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:24:22.0708 1976 WmiAcpi - ok
21:24:22.0826 1976 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:24:22.0831 1976 wmiApSrv - ok
21:24:22.0980 1976 WMPNetworkSvc - ok
21:24:23.0038 1976 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
21:24:23.0040 1976 WmVirHid - ok
21:24:23.0063 1976 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
21:24:23.0065 1976 WmXlCore - ok
21:24:23.0101 1976 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:24:23.0105 1976 WPCSvc - ok
21:24:23.0139 1976 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:24:23.0145 1976 WPDBusEnum - ok
21:24:23.0204 1976 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:24:23.0205 1976 ws2ifsl - ok
21:24:23.0213 1976 WSearch - ok
21:24:23.0436 1976 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:24:23.0468 1976 wuauserv - ok
21:24:23.0702 1976 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:24:23.0704 1976 WudfPf - ok
21:24:23.0755 1976 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:24:23.0758 1976 WUDFRd - ok
21:24:23.0802 1976 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:24:23.0808 1976 wudfsvc - ok
21:24:23.0868 1976 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:24:23.0874 1976 WwanSvc - ok
21:24:24.0026 1976 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
21:24:24.0035 1976 xnacc - ok
21:24:24.0143 1976 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:24:24.0638 1976 \Device\Harddisk0\DR0 - ok
21:24:24.0646 1976 Boot (0x1200) (12c0cf957ed5734d8605f50bfac02ea7) \Device\Harddisk0\DR0\Partition0
21:24:24.0653 1976 \Device\Harddisk0\DR0\Partition0 - ok
21:24:24.0701 1976 Boot (0x1200) (eec3ad473586de057670eff6abb7c0da) \Device\Harddisk0\DR0\Partition1
21:24:24.0705 1976 \Device\Harddisk0\DR0\Partition1 - ok
21:24:24.0708 1976 ============================================================
21:24:24.0708 1976 Scan finished
21:24:24.0708 1976 ============================================================
21:24:24.0739 3760 Detected object count: 0
21:24:24.0739 3760 Actual detected object count: 0
21:24:27.0877 3704 Deinitialize success

Edited by rd4k1, 21 May 2012 - 08:50 PM.


#8 rd4k1

rd4k1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 22 May 2012 - 08:34 AM

Well, now I'm getting the redirecting on google again and very high cpu usage (80%-100%)

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:28 AM

Posted 22 May 2012 - 06:05 PM

Please run ComboFix > if it wont run the first time > reboot and try it again > post the resulting log

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 rd4k1

rd4k1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 22 May 2012 - 07:40 PM

Okay, I was finally able to get combofix going. albeit in safemode



ComboFix 12-05-21.05 - Lion 05/22/2012 20:08:07.1.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1771.1009 [GMT -4:00]
Running from: c:\users\Lion\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lion\AppData\Local\{6bbc9dec-90d2-6ddc-66a2-7b501d83eb05}
c:\users\Lion\AppData\Local\{6bbc9dec-90d2-6ddc-66a2-7b501d83eb05}\@
c:\users\Lion\AppData\Local\{6bbc9dec-90d2-6ddc-66a2-7b501d83eb05}\L\00000004.@
c:\users\Lion\AppData\Local\{6bbc9dec-90d2-6ddc-66a2-7b501d83eb05}\L\1afb2d56
c:\users\Lion\AppData\Local\{6bbc9dec-90d2-6ddc-66a2-7b501d83eb05}\L\80000032.@
c:\users\Lion\AppData\Local\{6bbc9dec-90d2-6ddc-66a2-7b501d83eb05}\n
c:\users\Lion\AppData\Local\{6bbc9dec-90d2-6ddc-66a2-7b501d83eb05}\U\00000004.@
c:\users\Lion\AppData\Local\{6bbc9dec-90d2-6ddc-66a2-7b501d83eb05}\U\00000008.@
c:\users\Lion\AppData\Local\{6bbc9dec-90d2-6ddc-66a2-7b501d83eb05}\U\000000cb.@
c:\users\Lion\AppData\Local\{6bbc9dec-90d2-6ddc-66a2-7b501d83eb05}\U\80000000.@
c:\users\Lion\AppData\Local\{6bbc9dec-90d2-6ddc-66a2-7b501d83eb05}\U\80000032.@
c:\users\Lion\AppData\Local\{6bbc9dec-90d2-6ddc-66a2-7b501d83eb05}\U\80000064.@
c:\users\Lion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Lion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\Lion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\windows\Installer\{6bbc9dec-90d2-6ddc-66a2-7b501d83eb05}
c:\windows\Installer\{6bbc9dec-90d2-6ddc-66a2-7b501d83eb05}\@
c:\windows\Installer\{6bbc9dec-90d2-6ddc-66a2-7b501d83eb05}\L\00000004.@
c:\windows\Installer\{6bbc9dec-90d2-6ddc-66a2-7b501d83eb05}\L\1afb2d56
c:\windows\Installer\{6bbc9dec-90d2-6ddc-66a2-7b501d83eb05}\L\201d3dde
c:\windows\Installer\{6bbc9dec-90d2-6ddc-66a2-7b501d83eb05}\n
c:\windows\Installer\{6bbc9dec-90d2-6ddc-66a2-7b501d83eb05}\U\00000004.@
c:\windows\Installer\{6bbc9dec-90d2-6ddc-66a2-7b501d83eb05}\U\00000008.@
c:\windows\Installer\{6bbc9dec-90d2-6ddc-66a2-7b501d83eb05}\U\000000cb.@
c:\windows\Installer\{6bbc9dec-90d2-6ddc-66a2-7b501d83eb05}\U\80000000.@
c:\windows\Installer\{6bbc9dec-90d2-6ddc-66a2-7b501d83eb05}\U\80000032.@
c:\windows\Installer\{6bbc9dec-90d2-6ddc-66a2-7b501d83eb05}\U\80000064.@
c:\windows\SysWow64\tmp2762.tmp
c:\windows\SysWow64\tmp27C1.tmp
c:\windows\SysWow64\tmpD01B.tmp
c:\windows\SysWow64\tmpD106.tmp
c:\windows\SysWow64\tmpF3B1.tmp
c:\windows\SysWow64\tmpF41F.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-04-23 to 2012-05-23 )))))))))))))))))))))))))))))))
.
.
2012-05-23 00:20 . 2012-05-23 00:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-23 00:03 . 2012-05-23 00:03 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DAD73351-E1D4-42C5-8F14-50328CB52F73}\offreg.dll
2012-05-22 01:57 . 2012-05-22 01:59 -------- d-----w- C:\FRST
2012-05-19 14:17 . 2012-05-19 14:17 -------- d-----w- c:\program files\CCleaner
2012-05-19 04:27 . 2012-05-19 04:27 272448 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-19 03:52 . 2012-02-28 06:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-19 03:52 . 2012-02-28 01:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-05-19 03:30 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-19 03:30 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-19 03:30 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-19 03:30 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-19 03:30 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-19 03:30 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-19 03:30 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-19 03:24 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-05-19 03:24 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-05-19 03:24 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-19 03:22 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-05-19 03:22 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-05-19 03:22 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-05-19 03:22 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-05-19 03:22 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-19 03:22 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-19 03:22 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-05-19 03:22 . 2011-04-28 03:55 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-05-19 03:22 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2012-05-19 03:20 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-19 03:20 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-19 03:20 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-19 03:20 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-19 03:20 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-19 03:20 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-05-19 03:20 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-05-19 03:17 . 2012-05-19 03:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-19 03:16 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-05-19 03:16 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-05-18 21:39 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-18 21:37 . 2012-05-19 02:33 -------- d-----w- c:\programdata\AVAST Software
2012-05-18 21:37 . 2012-05-18 21:37 -------- d-----w- c:\program files\AVAST Software
2012-05-18 19:49 . 2012-05-19 02:32 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-05-18 19:49 . 2012-05-19 02:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-18 05:55 . 2012-05-18 05:55 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-05-06 12:12 . 2012-05-06 12:12 -------- d-----w- c:\programdata\PACE
2012-05-06 12:12 . 2012-05-06 12:12 -------- d-----w- c:\program files (x86)\Common Files\PACE
2012-05-06 11:58 . 2012-05-06 12:28 -------- d-----w- c:\users\Lion\AppData\Roaming\Edison
2012-04-24 19:21 . 2012-04-24 19:21 -------- d-----w- C:\TeamViewerPortable
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 14:17 . 2012-04-09 16:17 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 14:17 . 2011-07-29 12:44 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 14:17 . 2012-04-09 17:12 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-04 19:56 . 2012-03-22 05:37 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-16 17:02 . 2012-03-16 17:02 318464 ----a-w- c:\windows\system32\REX Shared Library.dll
2012-03-16 17:02 . 2012-02-01 19:01 275968 ----a-w- c:\windows\SysWow64\REX Shared Library.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-25 336384]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Lion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-12-3 576000]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
TweetDeck.lnk - c:\program files (x86)\TweetDeck\TweetDeck.exe [2011-12-8 142336]
Vista Audio Changer.lnk - c:\users\Lion\AppData\Roaming\Microsoft\Installer\{92CB3C8D-E408-492B-B694-FF0DA8FE684A}\_EA1D0B74FFA73AD986CA32.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2011-7-29 723560]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 102912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi1"=myokent.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R1 ISODisk;ISODisk; [x]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [x]
R2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 872552]
R2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-26 29696]
R2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R2 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2011-09-08 2932224]
R2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-07-13 24168]
R2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [x]
R2 VFPRadioSupportService;Bluetooth Feature Support;c:\program files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [2009-06-30 145280]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys [x]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 csr_a2dp;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
R3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\DRIVERS\MAudioFastTrack.sys [x]
R3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\DRIVERS\nvnusbaudio.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 14:18]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2458918284-3737494053-423885019-1000Core.job
- c:\users\Lion\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-30 05:29]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2458918284-3737494053-423885019-1000UA.job
- c:\users\Lion\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-30 05:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-05-10 1831528]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 798728]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://acer.msn.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
SafeBoot-13983171.sys
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-22 20:25:42
ComboFix-quarantined-files.txt 2012-05-23 00:25
.
Pre-Run: 111,122,059,264 bytes free
Post-Run: 110,805,229,568 bytes free
.
- - End Of File - - 8839614B5FFC3CBFBBAC48A0F5B97493

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:28 AM

Posted 22 May 2012 - 08:04 PM

Hi,

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish


NEXT

Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 rd4k1

rd4k1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 23 May 2012 - 08:16 AM

Thus far I havent had any redirections (which did come back before this) no pop-ups. But I still have concerns about the exes running. I'm not so sure I should have 80 processes running, especially around a dozen svchost instances. I've never witness such a thing. Plus I'm still pretty high in cpu usage.

I was able to run ESET, but it did not finish. I may try again.
Treat list after Malwarebytes log

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.23.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Lion :: BOOKOFOMENS [administrator]

5/22/2012 11:06:27 PM
mbam-log-2012-05-22 (23-06-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204202
Time elapsed: 5 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


C:\BAK\NOOB_KILLER.by.Leerz.rar Win32/Shutdown.NAA application
C:\DAW\VSTPlugins\Effects\QuikQuak\RaySpace\keygen.exe a variant of Win32/Keygen.AD application
C:\Gamez\LIMBO\limbo_lang.exe a variant of Win32/Kryptik.EIF trojan
C:\Gamez\Tom Clancy's Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan
C:\Qoobox\Quarantine\C\Users\Lion\AppData\Local\{6bbc9dec-90d2-6ddc-66a2-7b501d83eb05}\n.vir Win64/Sirefef.W trojan
C:\Qoobox\Quarantine\C\Users\Lion\AppData\Local\{6bbc9dec-90d2-6ddc-66a2-7b501d83eb05}\L\80000032.@.vir probably a variant of Win32/Sirefef.EU trojan
C:\Qoobox\Quarantine\C\Users\Lion\AppData\Local\{6bbc9dec-90d2-6ddc-66a2-7b501d83eb05}\U\00000008.@.vir Win64/Agent.BA trojan
C:\Qoobox\Quarantine\C\Users\Lion\AppData\Local\{6bbc9dec-90d2-6ddc-66a2-7b501d83eb05}\U\80000000.@.vir Win64/Sirefef.AE trojan
C:\Qoobox\Quarantine\C\Users\Lion\AppData\Local\{6bbc9dec-90d2-6ddc-66a2-7b501d83eb05}\U\80000032.@.vir probably a variant of Win32/Sirefef.EU trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{6bbc9dec-90d2-6ddc-66a2-7b501d83eb05}\n.vir Win64/Sirefef.W trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{6bbc9dec-90d2-6ddc-66a2-7b501d83eb05}\U\00000008.@.vir Win64/Agent.BA trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{6bbc9dec-90d2-6ddc-66a2-7b501d83eb05}\U\80000000.@.vir Win64/Sirefef.AE trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{6bbc9dec-90d2-6ddc-66a2-7b501d83eb05}\U\80000032.@.vir probably a variant of Win32/Sirefef.EU trojan
C:\Users\Lion\Documents\NewBlue.Plugins.Multipack.v1.0.REPACK-DI.rar a variant of Win32/Keygen.AR application

Edited by rd4k1, 23 May 2012 - 08:48 AM.


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:28 AM

Posted 23 May 2012 - 05:57 PM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\BAK\NOOB_KILLER.by.Leerz.rar 
C:\DAW\VSTPlugins\Effects\QuikQuak\RaySpace\keygen.exe 
C:\Gamez\LIMBO\limbo_lang.exe 
C:\Gamez\Tom Clancy's Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll 
C:\Users\Lion\Documents\NewBlue.Plugins.Multipack.v1.0.REPACK-DI.rar 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 rd4k1

rd4k1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 24 May 2012 - 11:34 AM

Been browsing, havent had any popups or redirects on google.

Had to attach the log, post was too long

Attached Files



#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:28 AM

Posted 24 May 2012 - 05:44 PM

Hi

Just some housekeeping to do now, please do the following:

Go to Start > Control panel > Programs and Features > remove all the Java installations you find, then download the latest Java from the following link (Java version 7 update 4)

http://java.com/en/download/index.jsp


NEXT



You can delete the DDS and FRST logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users