Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit and Backdoor Virus


  • This topic is locked This topic is locked
18 replies to this topic

#1 Savion

Savion

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 08 June 2012 - 12:08 AM

Hey everyone,

I have this weird root kit problem and backdoor problem. Both of them have been constantly showing up on my Kaspersky Anti-virus 2012.
Along with this stuff i have these weird "PING.exe *32" that show and take up quite a bit of RAM on my computer.
Google also does this redirection thing where it gives me random several redirection links and also shows pops up randomly .

Computer:HPE-510f
OS: Windows 7 64 bit


1:C:\Windows\assembly\GAC_32\desktop.ini
2:C:\Windows\assembly\GAC_64\desktop.ini
3:C:\windows\installer\{717f206c-d22f-0387-060d-b567ed72417b}\u\80000000.@

Attached File  DDS.txt   30.04KB   1 downloads
Attached File  Attach.txt   17.07KB   1 downloads

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:23 PM

Posted 08 June 2012 - 02:54 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Savion

Savion
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 08 June 2012 - 04:35 AM

Thank you Gringo for assisting me.

Here is the log you requested:

Scan result of Farbar Recovery Scan Tool Version: 06-06-2012 04
Ran by SYSTEM at 08-06-2012 02:20:49
Running from H:\
Windows Seven Black Edition (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart [4464472 2012-05-09] (IObit)
HKLM-x32\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup [336992 2012-05-30] (Power Software Ltd)
HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [202296 2011-04-24] (Kaspersky Lab ZAO)
HKU\Savion\...\Run: [Google Update] "C:\Users\Savion\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-05-02] (Google Inc.)
HKU\Savion\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17355912 2012-05-03] (Skype Technologies S.A.)
HKU\Savion\...\Run: [uTorrent] "D:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [x]
HKU\Savion\...\Run: [Steam] "E:\Program Files (x86)\Steam\Steam.exe" -silent [x]
HKU\Savion\...\Run: [Welcome Center] C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut [898560 2009-11-29] (Microsoft Corporation)
HKU\Savion\...\Run: [Xvid] E:\Program Files (x86)\Xvid\CheckUpdate.exe [x]
HKU\Savion\...\Run: [Dxtory Update Checker 2.0] C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\Savion\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\Savion\...\Run: [PlayNC Launcher] [x]
HKU\Savion\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\Savion\...\Run: [DAEMON Tools Lite] "E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [x]
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO)

==================== Services (Whitelisted) ======

2 AVP; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" -r [202296 2011-04-24] (Kaspersky Lab ZAO)
3 FLEXnet Licensing Service 64; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe" [1038088 2012-05-03] (Acresso Software Inc.)
2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [821592 2012-01-09] (IObit)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 PEVSystemStart; "C:\32788R22FWJFW\pev.3XE" EXEC /i CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:15 "C:\32788R22FWJFW\KNetSvcs.vbs" [407 2012-05-20] ()
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3063968 2012-04-09] (Skype Technologies S.A.)
2 ekrn; "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" [x]
2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [x]
2 iTeleportService; "C:\Program Files (x86)\iTeleport\iTeleport Connect\iTeleportService.exe" [x]
3 wampapache; "C:\wamp\bin\apache\apache2.2.21\bin\httpd.exe" -k runservice [x]
3 wampmysqld; C:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe wampmysqld [x]
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]
2 WinVNC4; "C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe" -service [x]

========================== Drivers (Whitelisted) =============

2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
3 BlackBox; C:\Windows\SysWow64\Drivers\BlackBox.sys [35712 2012-06-06] ()
3 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-05-03] (DT Soft Ltd)
3 FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [21384 2012-01-05] (IObit)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
3 HCW723x; C:\Windows\System32\Drivers\HCW723x.sys [1843712 2011-05-25] (Hauppauge Computer Works, Inc.)
0 KL1; C:\Windows\System32\Drivers\KL1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
1 kl2; C:\Windows\System32\Drivers\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
1 KLIF; C:\Windows\System32\Drivers\KLIF.sys [615728 2012-06-07] (Kaspersky Lab)
1 KLIM6; C:\Windows\System32\Drivers\KLIM6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
3 klmouflt; C:\Windows\System32\Drivers\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [33184 2012-04-28] (IObit.com)
3 RTCore64; \??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [10568 2012-04-19] ()
1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [126944 2012-05-30] (Power Software Ltd)
4 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-05-03] (Duplex Secure Ltd.)
3 UrlFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [21872 2012-04-28] (IObit.com)
3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
3 GPU-Z; \??\C:\Users\Savion\AppData\Local\Temp\GPU-Z.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-08 02:20 - 2012-06-08 02:21 - 00000000 ____D C:\FRST
2012-06-08 01:08 - 2012-06-08 01:08 - 01396571 ____A C:\Users\Savion\Desktop\FRST64.exe
2012-06-07 20:49 - 2012-06-07 20:49 - 00013006 ____A C:\Users\Savion\Desktop\Logs.rar
2012-06-07 19:33 - 2012-06-07 19:33 - 00001730 ____A C:\Users\Public\Desktop\Play League of Legends.lnk
2012-06-07 19:25 - 2012-06-07 19:25 - 00000000 ____D C:\Riot Games
2012-06-07 18:02 - 2012-06-07 19:03 - 00000000 ____D C:\Users\Savion\Desktop\League of legends
2012-06-07 18:00 - 2012-06-07 18:00 - 02353512 ____A C:\Users\Savion\Downloads\LeagueofLegends.exe
2012-06-07 17:52 - 2012-06-07 17:52 - 918376383 ____A C:\Windows\MEMORY.DMP
2012-06-07 17:52 - 2012-06-07 17:52 - 00303552 ____A C:\Windows\Minidump\060712-29109-01.dmp
2012-06-07 17:52 - 2012-06-07 17:52 - 00000000 ____D C:\Windows\Minidump
2012-06-07 13:16 - 2012-06-07 13:16 - 00002130 ____A C:\Users\Savion\Desktop\aswMBR.txt
2012-06-07 13:16 - 2012-06-07 13:16 - 00000512 ____A C:\Users\Savion\Desktop\MBR.dat
2012-06-07 13:14 - 2012-06-07 13:14 - 00030762 ____A C:\Users\Savion\Desktop\DDS.txt
2012-06-07 13:14 - 2012-06-07 13:14 - 00017476 ____A C:\Users\Savion\Desktop\Attach.txt
2012-06-07 13:05 - 2012-06-07 13:05 - 00302592 ____A C:\Users\Savion\Desktop\geh4uji7.exe
2012-06-07 13:03 - 2012-06-07 13:03 - 00607260 ____R (Swearware) C:\Users\Savion\Desktop\dds.scr
2012-06-07 12:55 - 2012-06-07 12:55 - 04731392 ____A (AVAST Software) C:\Users\Savion\Downloads\aswMBR (1).exe
2012-06-07 12:46 - 2012-06-07 12:46 - 00000237 ____A C:\Users\Savion\Downloads\RootkitRemover20120607134604.txt
2012-06-07 12:45 - 2012-06-07 12:46 - 00005578 ____A C:\TDSSKiller.2.7.36.0_07.06.2012_13.45.56_log.txt
2012-06-07 12:45 - 2012-06-07 12:45 - 00475712 ____A (McAfee, Inc.) C:\Users\Savion\Downloads\rootkitremover.exe
2012-06-07 12:35 - 2012-06-07 12:38 - 00137428 ____A C:\TDSSKiller.2.7.36.0_07.06.2012_13.35.56_log.txt
2012-06-07 11:45 - 2012-06-07 11:45 - 02322184 ____A (ESET) C:\Users\Savion\Downloads\esetsmartinstaller_enu.exe
2012-06-07 11:41 - 2012-06-07 11:41 - 00659968 ____A C:\Users\Savion\Downloads\MicrosoftFixit50195.msi
2012-06-07 11:34 - 2012-06-07 11:35 - 04731392 ____A (AVAST Software) C:\Users\Savion\Downloads\aswMBR.exe
2012-06-07 11:33 - 2012-06-07 11:34 - 00137536 ____A C:\TDSSKiller.2.7.36.0_07.06.2012_12.33.10_log.txt
2012-06-07 11:31 - 2012-06-07 11:31 - 00001244 ____A C:\Users\Savion\Desktop\GooredFix.txt
2012-06-07 11:31 - 2012-06-07 11:31 - 00000000 ____D C:\Users\Savion\Desktop\GooredFix Backups
2012-06-07 11:30 - 2012-06-07 11:30 - 00071398 ____A (jpshortstuff) C:\Users\Savion\Downloads\GooredFix.exe
2012-06-07 06:14 - 2008-05-07 21:03 - 00303616 ____A ( ) C:\SetACL.exe
2012-06-07 06:04 - 2012-06-07 06:20 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-06-07 06:03 - 2004-06-11 15:33 - 00290304 ____A (Microsoft Corporation) C:\subinacl.exe
2012-06-07 06:01 - 2012-06-07 06:20 - 00000000 ____D C:\Tweaking.com_Windows_Repair_Logs
2012-06-07 06:01 - 2012-06-07 06:01 - 01941765 ____A C:\Users\Savion\Downloads\tweaking.com_windows_repair_aio.zip
2012-06-07 06:01 - 2011-10-24 12:35 - 00000000 ____D C:\Users\Savion\Desktop\Tweaking.com - Windows Repair
2012-06-07 06:00 - 2012-06-07 06:00 - 00000000 ___SD C:\32788R22FWJFW
2012-06-07 05:59 - 2012-06-07 05:59 - 00045550 ____A C:\Users\Savion\Downloads\05242012_101815.log
2012-06-07 05:57 - 2012-06-07 05:57 - 00149002 ____A C:\Users\Savion\Downloads\OTL.Txt
2012-06-07 05:57 - 2012-06-07 05:57 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-06-07 05:56 - 2012-06-07 05:56 - 08298672 ____A (SurfRight B.V.) C:\Users\Savion\Downloads\HitmanPro36_x64.exe
2012-06-07 05:27 - 2012-06-07 05:27 - 00038400 ____A (NirSoft) C:\Users\Savion\Downloads\cleanafterme.exe
2012-06-07 05:13 - 2012-06-07 05:13 - 00296281 ____A C:\Users\Savion\Downloads\MGlogs (1).zip
2012-06-07 05:12 - 2012-06-07 05:12 - 00015370 ____A C:\Users\Savion\Downloads\MBRCheck_05.30.12_13.45.21.txt
2012-06-07 05:11 - 2012-06-07 05:11 - 00132972 ____A C:\Users\Savion\Downloads\TDSSKiller.2.7.36.0_30.05.2012_13.30.15_log.txt
2012-06-07 05:11 - 2012-06-07 05:11 - 00003026 ____A C:\Users\Savion\Downloads\OTMResults (1).txt
2012-06-07 05:11 - 2012-06-07 05:11 - 00001614 ____A C:\Users\Savion\Downloads\OTMResults.txt
2012-06-07 05:10 - 2012-06-07 05:10 - 64604376 ____A (COMODO) C:\Users\Savion\Downloads\cfw_installer_x86.exe
2012-06-07 04:56 - 2012-06-07 04:56 - 00000000 ____D C:\_OTM
2012-06-07 04:55 - 2012-06-07 04:55 - 00523264 ____A (OldTimer Tools) C:\Users\Savion\Downloads\OTM.exe
2012-06-07 04:53 - 2012-06-07 04:53 - 00296281 ____A C:\Users\Savion\Downloads\MGlogs.zip
2012-06-07 04:44 - 2012-06-07 04:44 - 00080384 ____A C:\Users\Savion\Downloads\MBRCheck (1).exe
2012-06-07 04:43 - 2012-06-07 04:45 - 00041310 ____A C:\TDSSKiller.2.7.36.0_07.06.2012_05.43.47_log.txt
2012-06-07 04:41 - 2012-06-07 04:41 - 00000954 ____A C:\Users\Savion\Downloads\regfix.reg
2012-06-07 04:10 - 2012-06-07 12:38 - 00309186 ____A C:\Windows\ntbtlog.txt
2012-06-07 03:29 - 2012-06-07 03:29 - 00889416 ____A (Microsoft Corporation) C:\Users\Savion\Downloads\dotNetFx40_Full_setup.exe
2012-06-07 03:03 - 2012-06-07 03:03 - 00017408 ____A C:\Users\Savion\AppData\Local\WebpageIcons.db
2012-06-07 03:02 - 2012-06-07 03:20 - 00152233 ____A C:\Windows\System32\Drivers\klin.dat
2012-06-07 03:02 - 2012-06-07 03:20 - 00107177 ____A C:\Windows\System32\Drivers\klick.dat
2012-06-07 03:00 - 2012-06-08 01:18 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2012-06-07 03:00 - 2012-06-07 03:00 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2012-06-07 02:57 - 2012-06-07 02:57 - 00615728 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\klif.sys
2012-06-07 02:50 - 2012-06-07 02:50 - 00000000 ____D C:\Program Files\EAGAME~1
2012-06-06 15:26 - 2012-06-06 15:30 - 00000000 ____D C:\Program Files (x86)\TEdit
2012-06-06 15:26 - 2012-06-06 15:26 - 00389120 ____A C:\Users\Savion\Downloads\TEdit3Installer.msi
2012-06-06 14:40 - 2012-06-06 14:40 - 00000000 ____D C:\Users\All Users\Sophos
2012-06-06 14:40 - 2012-06-06 14:40 - 00000000 ____D C:\Program Files (x86)\Sophos
2012-06-06 14:38 - 2012-06-06 14:38 - 83846584 ____A (Sophos Limited) C:\Users\Savion\Downloads\Sophos Virus Removal Tool.exe
2012-06-06 14:23 - 2012-06-06 14:23 - 00000000 ____D C:\Users\Savion\AppData\Roaming\PowerISO
2012-06-06 14:22 - 2012-06-06 14:22 - 07559656 ____A C:\Users\Savion\Downloads\PowerISO5.exe
2012-06-06 14:22 - 2012-06-06 14:22 - 00001021 ____A C:\Users\Public\Desktop\PowerISO.lnk
2012-06-06 14:22 - 2012-06-06 14:22 - 00000000 ____D C:\Program Files (x86)\PowerISO
2012-06-06 14:22 - 2012-05-30 20:10 - 00126944 ____A (Power Software Ltd) C:\Windows\System32\Drivers\scdemu.sys
2012-06-06 13:08 - 2012-06-06 13:10 - 00134588 ____A C:\TDSSKiller.2.7.36.0_06.06.2012_14.08.57_log.txt
2012-06-06 13:04 - 2012-06-07 12:38 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-06 13:02 - 2012-06-06 13:06 - 00265674 ____A C:\TDSSKiller.2.7.36.0_06.06.2012_14.02.16_log.txt
2012-06-06 12:57 - 2012-06-06 12:57 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Savion\Downloads\tdsskiller.exe
2012-06-06 12:57 - 2012-06-06 12:57 - 00132454 ____A C:\TDSSKiller.2.7.36.0_06.06.2012_13.57.19_log.txt
2012-06-06 12:56 - 2012-06-06 13:00 - 00000366 ____A C:\rkill.log
2012-06-06 12:56 - 2012-06-06 12:56 - 01012656 ____A C:\Users\Savion\Downloads\rkill (1).exe
2012-06-06 12:55 - 2012-06-06 12:55 - 01012656 ____A C:\Users\Savion\Downloads\rkill.exe
2012-06-06 12:45 - 2012-06-06 12:45 - 00000000 ____D C:\Users\Default\AppData\Roaming\IObit
2012-06-06 12:45 - 2012-06-06 12:45 - 00000000 ____D C:\Users\Default User\AppData\Roaming\IObit
2012-06-06 12:41 - 2012-06-06 12:41 - 00050477 ____A C:\Users\Savion\Downloads\Defogger.exe
2012-06-06 12:41 - 2012-06-06 12:41 - 00049024 ____A (Microsoft Corporation) C:\Users\Savion\Downloads\MSOXMLMF.DLL
2012-06-06 12:41 - 2012-06-06 12:41 - 00000654 ____A C:\Users\Savion\Downloads\defogger_disable.log
2012-06-06 12:41 - 2012-06-06 12:41 - 00000188 ____A C:\Users\Savion\defogger_reenable
2012-06-06 12:24 - 2012-06-06 12:24 - 01932256 ____A (Symantec Corporation) C:\Users\Savion\Downloads\FixTDSS.exe
2012-06-06 12:23 - 2012-06-06 12:23 - 00139264 ____A () C:\Users\Savion\Downloads\RKUnhookerLE.EXE
2012-06-06 12:23 - 2012-06-06 12:23 - 00035712 ____A C:\Windows\SysWOW64\Drivers\BlackBox.sys
2012-06-06 12:23 - 2012-06-06 12:23 - 00000206 ____A C:\Users\Savion\Downloads\rku_error_log_456287.txt
2012-06-06 12:12 - 2012-06-06 12:14 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-06-06 12:12 - 2012-06-06 12:12 - 01805736 ____A (Symantec Corporation) C:\Users\Savion\Downloads\FixZeroAccess.exe
2012-06-06 12:09 - 2012-06-06 12:29 - 00007597 ____A C:\Users\Savion\AppData\Local\Resmon.ResmonCfg
2012-06-06 12:07 - 2012-06-06 12:07 - 00187464 ____A (Webroot) C:\Users\Savion\Downloads\antizeroaccess.exe
2012-06-06 12:07 - 2012-06-06 12:07 - 00000135 ____A C:\Users\Savion\Downloads\AntiZeroAccess_Log.txt
2012-06-06 12:06 - 2012-06-06 12:06 - 19551736 ____A (IObit ) C:\Users\Savion\Downloads\imf-setup.exe
2012-06-06 12:06 - 2012-06-06 12:06 - 00001187 ____A C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2012-06-06 12:06 - 2012-06-06 12:06 - 00000000 ____D C:\Users\Savion\AppData\Roaming\IObit
2012-06-06 12:00 - 2012-06-06 12:01 - 00131388 ____A C:\TDSSKiller.2.7.36.0_06.06.2012_13.00.46_log.txt
2012-06-06 12:00 - 2012-06-06 12:00 - 02108959 ____A C:\Users\Savion\Downloads\tdsskiller (1).zip
2012-06-06 11:50 - 2012-06-06 11:50 - 00869194 ____A C:\Users\Savion\Downloads\SecurityCheck.exe
2012-06-06 11:49 - 2012-06-06 11:49 - 05813904 ____A (Check Point Software Technologies LTD) C:\Users\Savion\Downloads\zaSetupWeb_102_047_000.exe
2012-06-06 11:44 - 2012-06-06 11:44 - 01402880 ____A C:\Users\Savion\Downloads\HijackThis.msi
2012-06-06 11:44 - 2012-06-06 11:44 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2012-06-06 11:37 - 2012-06-06 11:37 - 12621696 ____A (Microsoft Corporation) C:\Users\Savion\Downloads\mseinstall.exe
2012-06-06 06:26 - 2012-06-06 11:28 - 00048599 ____A C:\Windows\SysWOW64\epfwdata.bin
2012-06-06 06:26 - 2012-06-06 06:26 - 00019693 ____A C:\Users\Savion\Desktop\4.1.txt
2012-06-06 06:00 - 2012-06-06 11:40 - 00000000 ____D C:\Users\All Users\ESET
2012-06-06 06:00 - 2012-06-06 11:40 - 00000000 ____D C:\Program Files\ESET
2012-06-06 05:58 - 2012-06-06 05:58 - 00302592 ____A C:\Users\Savion\Downloads\diticux2.exe
2012-06-06 05:56 - 2012-06-06 05:56 - 00000360 ____A C:\Users\Savion\Documents\DownloadedLicenses.txt
2012-06-06 05:32 - 2012-06-06 05:32 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-06 05:31 - 2012-06-06 05:31 - 00040448 ____A C:\Users\Savion\Downloads\4-3 practice problems.doc
2012-06-06 05:19 - 2012-06-06 05:19 - 00338059 ____A C:\Users\Savion\Downloads\FSS.exe
2012-06-06 05:19 - 2012-06-06 05:19 - 00002063 ____A C:\Users\Savion\Downloads\FSS.txt
2012-06-06 05:14 - 2012-06-06 05:14 - 00080384 ____A C:\Users\Savion\Downloads\MBRCheck.exe
2012-06-06 05:13 - 2012-06-07 12:38 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-06 05:13 - 2012-06-06 05:17 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-06 05:13 - 2012-06-06 05:16 - 00265852 ____A C:\TDSSKiller.2.7.36.0_06.06.2012_06.13.35_log.txt
2012-06-06 05:13 - 2012-06-06 05:13 - 02108959 ____A C:\Users\Savion\Downloads\tdsskiller.zip
2012-06-06 05:13 - 2012-06-06 05:13 - 00001272 ____A C:\Users\Savion\Desktop\Spybot - Search & Destroy.lnk
2012-06-06 05:12 - 2012-06-06 05:12 - 16409960 ____A (Safer Networking Limited ) C:\Users\Savion\Downloads\spybotsd162.exe
2012-06-06 05:09 - 2012-06-06 05:09 - 04537562 ____A (Swearware) C:\Users\Savion\Downloads\ComboFix (1).exe
2012-06-06 05:00 - 2012-06-06 05:00 - 04127176 ____A (DigiDNA ) C:\Users\Savion\Downloads\DiskAid_5_14.exe
2012-06-06 05:00 - 2012-06-06 05:00 - 00000000 ____D C:\Users\Savion\AppData\Roaming\DiskAid
2012-06-06 04:56 - 2012-06-06 04:59 - 00612457 ____A C:\Users\Savion\Desktop\SharePod.log
2012-06-06 04:56 - 2012-03-28 17:25 - 05591552 ____A (Jeffrey Harris) C:\Users\Savion\Desktop\SharePod.exe
2012-06-06 04:55 - 2012-06-06 04:56 - 02140631 ____A C:\Users\Savion\Downloads\SharePod_3.99.zip
2012-06-06 04:53 - 2008-12-28 16:47 - 16410637 ____A C:\Users\Savion\Desktop\YamiPod.exe
2012-06-06 04:47 - 2012-06-06 04:47 - 00003215 ____A C:\Users\Savion\Downloads\yam-win.torrent
2012-06-06 04:08 - 2011-07-09 00:43 - 01201152 ____A (ShockingSoft) C:\Users\Savion\Desktop\AutoClicker.exe
2012-06-06 03:59 - 2012-06-06 03:59 - 03859563 ____A C:\Users\Savion\Downloads\NodusUpdate.jar
2012-06-06 02:25 - 2012-06-08 00:39 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-06 02:25 - 2012-06-06 02:25 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-06 02:25 - 2012-06-06 02:25 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-06 02:25 - 2012-06-06 02:25 - 00000000 ____D C:\Windows\System32\Macromed
2012-06-04 22:13 - 2012-06-04 22:13 - 00000221 ____A C:\Users\Savion\Desktop\Sanctum.url
2012-06-04 22:01 - 2012-06-04 22:01 - 00000000 ____D C:\Users\Savion\AppData\Local\storage
2012-06-03 20:56 - 2012-06-03 20:56 - 00003600 ____A C:\Users\Savion\Desktop\player1.plr
2012-06-03 19:46 - 2012-06-03 19:43 - 00000992 ____A C:\Users\Savion\Desktop\player1 - Copy.plr
2012-06-03 19:45 - 2012-06-03 19:45 - 00780288 ____A (Chapley) C:\Users\Savion\Downloads\TerrariForm.exe
2012-06-03 19:45 - 2012-06-03 19:45 - 00000049 ____A C:\Users\Savion\Downloads\Favorites.xml
2012-06-03 19:44 - 2012-06-03 19:44 - 00039424 ____A (Microsoft) C:\Users\Savion\Downloads\TerrariServerViewer.exe
2012-06-03 06:03 - 2012-06-05 06:30 - 00061952 ____A C:\Users\Savion\Downloads\Chapter 19 - Study Guide - Answers.doc
2012-06-03 04:51 - 2012-06-03 04:51 - 00000000 ____D C:\Users\Savion\Documents\Rockstar Games
2012-06-03 04:35 - 2012-06-03 05:29 - 201082725 ____A C:\Users\Savion\Downloads\rld-ckup.rar
2012-06-03 04:27 - 2012-06-03 04:27 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2012-06-03 04:05 - 2012-06-03 04:05 - 00000000 ____D C:\Users\All Users\Rockstar Games
2012-06-03 03:59 - 2012-06-03 03:59 - 00000783 ____A C:\Users\Public\Desktop\Initial D Mountain Vengeance.lnk
2012-06-03 03:59 - 1999-04-09 01:14 - 00416304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MPG4C32.DLL
2012-06-02 01:14 - 2012-06-02 01:14 - 00000000 ____D C:\Users\Savion\AppData\Local\Chromium
2012-06-01 14:40 - 2012-06-01 14:40 - 00001012 ____A C:\Users\Savion\Desktop\Aion.lnk
2012-06-01 14:38 - 2012-06-01 14:38 - 06523640 ____A (Macrovision Corporation) C:\Users\Savion\Downloads\NCsoftLauncherSetup.exe
2012-06-01 14:38 - 2012-06-01 14:38 - 00000938 ____A C:\Users\Public\Desktop\NCsoft Launcher.lnk
2012-06-01 01:57 - 2011-05-28 16:57 - 203488660 ____A C:\Users\Savion\Desktop\unl-frsy.exe
2012-06-01 01:51 - 2012-06-01 01:51 - 04180486 ____A C:\Users\Savion\Downloads\case1_sm.rm
2012-06-01 00:31 - 2012-06-01 00:31 - 03653847 ____A C:\Users\Savion\Downloads\Eraser.rar
2012-05-31 20:38 - 2012-05-31 20:38 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-05-31 20:36 - 2012-05-31 20:36 - 00000000 ____D C:\Users\Savion\Documents\BioWare
2012-05-31 20:21 - 2012-05-31 20:23 - 07857454 ____A C:\Users\Savion\Downloads\sc-meu1.rar
2012-05-31 14:25 - 2012-05-31 14:25 - 00000000 ____D C:\Users\Savion\AppData\Local\FLT
2012-05-31 14:25 - 2012-05-31 14:25 - 00000000 ____D C:\Users\All Users\Codemasters
2012-05-31 14:23 - 2012-05-31 14:23 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-05-31 14:23 - 2012-05-31 14:23 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-05-31 14:23 - 2012-05-31 14:23 - 00122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-05-31 14:23 - 2012-05-31 14:23 - 00109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-05-31 14:23 - 2012-05-31 14:23 - 00000000 ____D C:\Program Files (x86)\OpenAL
2012-05-31 14:23 - 2012-05-31 14:23 - 00000000 ____D C:\Program Files (x86)\BRS
2012-05-31 14:23 - 2011-09-05 19:57 - 01306624 ____A (Blue Ripple Sound Limited) C:\Windows\SysWOW64\rapture3d_oal.dll
2012-05-31 14:23 - 2010-09-22 13:12 - 19087360 ____A (Intel Corporation / Blue Ripple Sound Limited) C:\Windows\SysWOW64\mkl_blueripple.dll
2012-05-31 00:08 - 2012-05-31 00:10 - 00000000 ____D C:\Users\Savion\AppData\Local\Ubisoft Game Launcher
2012-05-31 00:07 - 2012-05-31 00:07 - 00000000 ____D C:\Users\All Users\Ubisoft
2012-05-31 00:07 - 2012-05-31 00:07 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2012-05-30 23:12 - 2012-05-30 23:12 - 00000221 ____A C:\Users\Savion\Tom Clancy's Splinter Cell Conviction.url
2012-05-30 18:19 - 2012-05-30 18:57 - 00000000 ____D C:\Users\Savion\AppData\Roaming\Nero
2012-05-30 18:19 - 2012-05-30 18:19 - 00000000 ____D C:\Users\All Users\LightScribe
2012-05-30 18:16 - 2012-05-30 18:16 - 00002915 ____A C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
2012-05-30 18:15 - 2012-05-30 18:17 - 00000000 ____D C:\Users\All Users\Nero
2012-05-30 18:15 - 2012-05-30 18:17 - 00000000 ____D C:\Program Files (x86)\Nero
2012-05-30 07:14 - 2012-05-30 07:22 - 321023920 ____A (Futuremark Corporation) C:\Users\Savion\Downloads\PCMark_7_v104_installer.exe
2012-05-29 01:38 - 2012-05-29 01:38 - 00308224 ____A C:\Users\Savion\Downloads\2010Nov9.ppt
2012-05-29 01:36 - 2012-05-29 01:36 - 00363008 ____A C:\Users\Savion\Downloads\Ch 17 Solubility and Precipitation.doc
2012-05-29 01:30 - 2012-05-29 01:30 - 00038329 ____A C:\Users\Savion\Downloads\17.1ptd.rtf
2012-05-29 01:21 - 2012-05-29 01:21 - 00029696 ____A C:\Users\Savion\Downloads\Eq_Practice_probs.doc
2012-05-28 19:57 - 2012-05-28 20:06 - 153239816 ____A C:\Users\Savion\Downloads\Body Transfer 2 (640x480 WMV9 QB93 Lame VBR Auto60).part2.rar
2012-05-28 19:40 - 2012-05-28 19:51 - 209715200 ____A C:\Users\Savion\Downloads\Body Transfer 2 (640x480 WMV9 QB93 Lame VBR Auto60).part1.rar
2012-05-28 19:34 - 2012-05-28 19:34 - 00064090 ____A C:\Users\Savion\Downloads\Backup-bin.zip
2012-05-28 19:30 - 2012-05-28 19:30 - 00000000 ____D C:\Users\Savion\Desktop\minecraft_server
2012-05-28 19:28 - 2012-05-30 15:24 - 00000384 ____A C:\Users\Savion\Desktop\buksm_config.ini
2012-05-28 19:28 - 2012-05-28 19:28 - 00389396 ____A C:\Users\Savion\Downloads\bukkit_server_manager_1170.zip
2012-05-28 19:28 - 2012-05-23 17:07 - 00261632 ____A (xathz.com) C:\Users\Savion\Desktop\buksm.exe
2012-05-28 19:28 - 2011-08-06 21:01 - 00462336 ____A (Dino Chiesa) C:\Users\Savion\Desktop\Ionic.Zip.dll
2012-05-28 17:46 - 2012-05-28 17:52 - 16088206 ____A C:\Users\Savion\Desktop\hungercity.zip
2012-05-28 17:43 - 2012-05-28 17:43 - 08688607 ____A C:\Users\Savion\Downloads\The Survival Games 2.zip
2012-05-28 01:39 - 2012-05-28 01:42 - 00000000 ____D C:\Users\Savion\AppData\Local\GRAW2
2012-05-28 01:39 - 2012-05-28 01:39 - 00000000 ____D C:\Users\All Users\GRAW2
2012-05-28 01:32 - 2012-05-28 01:32 - 00792704 ____A (AMD) C:\Users\Savion\Downloads\amddriverdownloader (1).exe
2012-05-28 01:31 - 2012-05-28 01:31 - 00792704 ____A (AMD) C:\Users\Savion\Downloads\amddriverdownloader.exe
2012-05-28 01:26 - 2012-05-28 01:27 - 160889384 ____A (Advanced Micro Devices, Inc.) C:\Users\Savion\Downloads\12-4_vista_win7_64_dd_ccc.exe
2012-05-28 01:25 - 2012-05-28 01:25 - 00000000 ____D C:\Users\All Users\Media Center Programs
2012-05-28 00:32 - 2012-06-06 00:57 - 00000000 ____D C:\Users\Savion\AppData\Roaming\Apple Computer
2012-05-28 00:32 - 2012-05-28 00:32 - 00001793 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-05-28 00:32 - 2012-05-28 00:32 - 00000000 ____D C:\Users\Savion\AppData\Local\Apple Computer
2012-05-28 00:31 - 2012-05-28 00:31 - 00000000 ____D C:\Users\All Users\Apple Computer
2012-05-28 00:31 - 2012-05-28 00:31 - 00000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-05-28 00:31 - 2012-05-28 00:31 - 00000000 ____D C:\Program Files\iTunes
2012-05-28 00:31 - 2012-05-28 00:31 - 00000000 ____D C:\Program Files\iPod
2012-05-28 00:31 - 2012-05-28 00:31 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-05-28 00:31 - 2009-05-18 12:17 - 00034152 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-05-28 00:31 - 2008-04-17 11:12 - 00126312 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
2012-05-28 00:31 - 2008-04-17 11:12 - 00107368 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2012-05-28 00:30 - 2012-05-28 00:30 - 00000000 ____D C:\Users\Savion\AppData\Local\Apple
2012-05-28 00:30 - 2012-05-28 00:30 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-05-28 00:30 - 2012-05-28 00:30 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2012-05-28 00:29 - 2012-05-28 00:30 - 00000000 ____D C:\Users\All Users\Apple
2012-05-28 00:29 - 2012-05-28 00:29 - 00000000 ____D C:\Program Files\Bonjour
2012-05-28 00:29 - 2012-05-28 00:29 - 00000000 ____D C:\Program Files (x86)\Bonjour
2012-05-27 23:34 - 2012-05-27 23:34 - 76761968 ____A (Apple Inc.) C:\Users\Savion\Downloads\iTunes64Setup.exe
2012-05-27 22:08 - 2012-05-28 11:57 - 00000990 ____A C:\Users\Savion\Desktop\properties.yml
2012-05-27 04:30 - 2012-05-27 04:30 - 00560318 ____A C:\Users\Savion\Downloads\AutoClicker.zip
2012-05-26 21:36 - 2012-05-26 21:36 - 00124090 ____A C:\Users\Savion\Downloads\Guardian.jar
2012-05-26 21:27 - 2012-05-26 21:27 - 00230952 ____A C:\Users\Savion\Downloads\Interface.zip
2012-05-26 21:26 - 2012-05-26 21:26 - 00024638 ____A C:\Users\Savion\Downloads\Hawk.jar
2012-05-26 21:20 - 2012-05-26 21:20 - 00133125 ____A C:\Users\Savion\Downloads\LogBlock v1.50.zip
2012-05-26 21:19 - 2012-05-26 21:19 - 00062639 ____A C:\Users\Savion\Downloads\AntiCheat.jar
2012-05-26 21:17 - 2012-05-26 21:17 - 00721312 ____A C:\Users\Savion\Downloads\worldedit-5.3.zip
2012-05-26 21:16 - 2012-05-26 21:16 - 00267902 ____A C:\Users\Savion\Downloads\worldguard-5.5.2.jar
2012-05-26 21:15 - 2012-05-26 21:15 - 01237678 ____A C:\Users\Savion\Downloads\Essentials-2.9.1.zip
2012-05-26 21:15 - 2012-05-26 21:15 - 00112522 ____A C:\Users\Savion\Downloads\Essentials-gm-2.9.1.zip
2012-05-26 21:09 - 2012-05-26 21:10 - 00000000 ____D C:\Users\Savion\AppData\Roaming\Notepad++
2012-05-26 21:08 - 2012-05-26 21:09 - 05799969 ____A C:\Users\Savion\Downloads\npp.6.1.2.Installer.exe
2012-05-26 20:46 - 2012-05-26 20:47 - 26024903 ____A (Hervé Leclerc (HeL) ) C:\Users\Savion\Downloads\wampserver2.2d-x64.exe
2012-05-26 20:04 - 2012-05-26 20:04 - 00959648 ____A C:\Users\Savion\Downloads\MCMAPHG0.1.zip
2012-05-26 17:33 - 2012-05-26 17:33 - 00023720 ____A C:\Users\Savion\Documents\jesse's server.veg
2012-05-26 16:46 - 2012-05-26 16:48 - 34517739 ____A C:\Users\Savion\Documents\jesse's mc server.wmv
2012-05-24 17:01 - 2012-05-28 23:03 - 00000944 ____A C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2012-05-24 17:01 - 2012-05-24 17:01 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2012-05-24 15:44 - 2012-05-24 15:44 - 00000000 ____D C:\Users\Savion\AppData\Roaming\LolClient2
2012-05-24 15:25 - 2002-07-03 10:44 - 00053248 ____A (Microsoft Corporation) C:\Windows\amcap.exe
2012-05-24 15:25 - 1998-06-11 22:15 - 00307200 ____A (Microsoft Corporation) C:\Windows\vidcap32.exe
2012-05-24 15:22 - 2012-05-24 15:22 - 00000000 ____D C:\Program Files (x86)\Girl Tech
2012-05-24 15:20 - 2012-05-24 15:20 - 00000000 ____D C:\Program Files (x86)\JL2005C
2012-05-24 04:19 - 2012-05-24 05:35 - 00000000 ____D C:\Users\Savion\AppData\Roaming\wargaming.net
2012-05-23 15:52 - 2012-05-23 15:52 - 00001229 ____A C:\Users\Savion\Desktop\Skyrim.lnk
2012-05-23 14:50 - 2012-05-24 17:03 - 00000000 ____D C:\Users\Savion\AppData\Local\Black_Tree_Gaming
2012-05-23 14:50 - 2012-05-24 16:23 - 00000000 ____D C:\Users\Savion\Documents\Nexus Mod Manager
2012-05-23 14:37 - 2012-05-24 17:11 - 00000000 ____D C:\Users\Savion\AppData\Local\Skyrim
2012-05-23 03:08 - 2012-05-23 03:08 - 00000000 ____D C:\Users\Savion\Documents\Remedy
2012-05-21 23:16 - 2012-05-21 23:52 - 346647485 ____A C:\Users\Savion\Documents\chinese project 1080p.wmv
2012-05-21 23:00 - 2012-05-21 23:08 - 123527485 ____A C:\Users\Savion\Documents\chinese project 480.wmv
2012-05-21 22:30 - 2012-05-21 22:49 - 257503485 ____A C:\Users\Savion\Documents\chinese project.wmv
2012-05-21 20:54 - 2012-05-21 21:04 - 00030696 ____A C:\Reel Take 2.sfk
2012-05-21 20:52 - 2012-05-21 20:52 - 03920760 ____A C:\Reel Take 2.wav
2012-05-21 19:26 - 2012-05-21 21:35 - 00000000 ____D C:\Users\Savion\AppData\Roaming\Audacity
2012-05-21 19:26 - 2012-05-21 19:26 - 00001021 ____A C:\Users\Savion\Desktop\Audacity.lnk
2012-05-21 19:26 - 2012-05-21 19:26 - 00000000 ____D C:\Program Files (x86)\Audacity
2012-05-21 17:37 - 2012-05-21 17:37 - 00000000 ____D C:\Users\Savion\AppData\Roaming\DVDVideoSoftIEHelpers
2012-05-21 17:37 - 2012-05-21 17:37 - 00000000 ____D C:\Users\Savion\AppData\Roaming\DVDVideoSoft
2012-05-21 17:37 - 2012-05-21 17:37 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2012-05-21 17:37 - 2012-04-18 12:49 - 00405176 ____A (Newtonsoft) C:\Windows\SysWOW64\Newtonsoft.Json.Net20.dll
2012-05-21 17:37 - 2012-03-22 12:43 - 02557952 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtCore4.dll
2012-05-21 17:08 - 2012-05-21 17:08 - 00000000 ____D C:\Windows\Sun
2012-05-21 17:07 - 2012-05-21 17:07 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-05-21 17:06 - 2012-05-21 17:06 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-05-21 17:06 - 2012-05-21 17:06 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-05-21 17:06 - 2012-05-21 17:06 - 00000000 ____D C:\Program Files (x86)\Java
2012-05-21 17:06 - 2012-04-04 17:47 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-05-21 17:06 - 2012-04-04 17:47 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-05-21 16:44 - 2012-05-21 16:44 - 14385400 ____A C:\Users\Savion\Documents\Untitled.wmv.sfap0
2012-05-21 16:44 - 2012-05-21 16:44 - 00112456 ____A C:\Users\Savion\Documents\Untitled.wmv.sfk
2012-05-21 16:24 - 2012-05-22 06:31 - 00092200 ____A C:\Users\Savion\Documents\chinese project.veg
2012-05-21 16:24 - 2012-05-21 22:27 - 00094128 ____A C:\Users\Savion\Documents\chinese project.veg.bak
2012-05-21 15:07 - 2012-05-21 15:08 - 00643424 ____A C:\Reel.mp4.sfk
2012-05-21 15:06 - 2012-05-21 15:06 - 101525370 ____A C:\Reel.mp4
2012-05-21 11:26 - 2012-05-21 11:26 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2012-05-21 11:14 - 2012-05-21 11:14 - 00000221 ____A C:\Users\Savion\Desktop\Magicka.url
2012-05-21 03:21 - 2012-05-21 03:21 - 00000222 ____A C:\Users\Savion\Desktop\Terraria.url
2012-05-21 02:09 - 2012-05-21 02:09 - 00000000 ____D C:\Users\Savion\Cisco Packet Tracer 5.3.3
2012-05-21 02:08 - 2012-05-21 02:09 - 00000000 ____D C:\Program Files (x86)\Cisco Packet Tracer 5.3.3
2012-05-21 02:00 - 2012-05-23 04:30 - 00000368 ____A C:\Users\Savion\.packettracer
2012-05-21 02:00 - 2012-05-21 02:00 - 00000000 ____D C:\Users\Savion\Cisco Packet Tracer 5.3
2012-05-21 01:58 - 2012-05-21 01:59 - 00000000 ____D C:\Program Files (x86)\Cisco Packet Tracer 5.3
2012-05-20 23:15 - 2012-05-20 23:15 - 00000000 ____D C:\Users\Savion\Documents\CAPCOM
2012-05-20 17:34 - 2012-05-20 17:34 - 00000000 ____D C:\Windows\SysWOW64\xlive
2012-05-20 17:34 - 2012-05-20 17:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-05-20 17:05 - 2012-05-27 00:00 - 00000000 ____D C:\Users\Savion\Documents\StarCraft II
2012-05-20 17:05 - 2012-05-20 17:11 - 00000753 ____A C:\Users\Public\Desktop\StarCraft II.lnk
2012-05-20 15:54 - 2012-05-20 15:54 - 00000666 ____A C:\Users\Public\Desktop\Counter-Strike 1.6.lnk
2012-05-20 13:24 - 2012-05-20 13:24 - 00000000 ____D C:\Users\Savion\AppData\Roaming\.clickme
2012-05-18 15:48 - 2012-06-06 17:09 - 00000000 ____D C:\Program Files (x86)\Dxtory License Cracked
2012-05-18 15:48 - 2011-05-23 22:29 - 03673600 ____A (Dxtory Software) C:\Windows\System32\DxtoryCodec64.dll
2012-05-18 15:48 - 2011-05-23 22:23 - 03166720 ____A (Dxtory Software) C:\Windows\SysWOW64\DxtoryCodec.dll
2012-05-18 15:00 - 2012-05-18 15:00 - 00000757 ____A C:\Users\Public\Desktop\Nexuiz.lnk
2012-05-18 03:05 - 2012-05-18 03:05 - 00000000 ___RD C:\MSOCache
2012-05-18 01:57 - 2012-05-18 01:57 - 00000000 ____D C:\Users\Savion\AppData\Roaming\Media Player Classic
2012-05-15 20:42 - 2012-05-20 17:11 - 00000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-05-15 20:42 - 2012-05-15 20:42 - 00000000 ____D C:\Users\Savion\Documents\Diablo III
2012-05-15 20:32 - 2012-05-15 20:32 - 00000000 ____D C:\Users\All Users\Battle.net
2012-05-15 17:28 - 2012-05-15 17:28 - 00000794 ____A C:\Users\Savion\Desktop\Diablo.III.Collectors.Edition.lnk
2012-05-14 03:27 - 2012-05-14 03:27 - 00000750 ____A C:\Users\Public\Desktop\Portal 2.lnk
2012-05-13 05:46 - 2012-05-13 05:49 - 13381937 ____A C:\Users\Savion\Documents\Untitled.wmv
2012-05-12 00:13 - 2011-05-30 05:42 - 00255488 ____A C:\Windows\System32\xvidvfw.dll
2012-05-12 00:13 - 2011-05-23 01:52 - 00153088 ____A C:\Windows\SysWOW64\xvid.ax
2012-05-12 00:13 - 2011-05-22 23:49 - 00173568 ____A C:\Windows\System32\xvid.ax
2012-05-12 00:13 - 2011-05-22 23:45 - 00696832 ____A C:\Windows\System32\xvidcore.dll
2012-05-12 00:08 - 2012-05-12 00:08 - 00000000 ____D C:\Users\Savion\AppData\Roaming\Sony Creative Software Inc
2012-05-12 00:01 - 2012-05-12 00:01 - 00000000 ____D C:\Users\Savion\AppData\Roaming\Publish Providers
2012-05-12 00:00 - 2012-05-12 00:00 - 00002556 ____A C:\Users\Savion\Documents\Register Vegas Pro.htm
2012-05-11 23:58 - 2012-05-11 23:59 - 00000000 ____D C:\Users\Savion\AppData\Local\Sony
2012-05-11 23:58 - 2012-05-11 23:58 - 00000000 ____D C:\Users\All Users\Sony
2012-05-11 23:58 - 2012-05-11 23:58 - 00000000 ____D C:\Program Files (x86)\Sony
2012-05-11 23:55 - 2012-05-12 17:12 - 00000000 ____D C:\Users\Savion\AppData\Roaming\Sony
2012-05-11 22:10 - 2012-05-11 22:10 - 00000219 ____A C:\Users\Savion\Desktop\Dota 2.url
2012-05-10 01:41 - 2012-06-08 01:18 - 00000000 ____D C:\Users\Savion\AppData\Local\LogMeIn Hamachi

============ 3 Months Modified Files and Folders =============

2012-06-08 02:21 - 2012-06-08 02:20 - 0000000 ____D C:\FRST
2012-06-08 01:18 - 2012-06-07 03:00 - 0000000 ____D C:\Users\All Users\Kaspersky Lab
2012-06-08 01:18 - 2012-05-10 01:41 - 0000000 ____D C:\Users\Savion\AppData\Local\LogMeIn Hamachi
2012-06-08 01:18 - 2012-05-02 02:41 - 0000000 ____D C:\Users\Savion\AppData\Roaming\uTorrent
2012-06-08 01:16 - 2012-05-02 00:09 - 0023021 ____A C:\Windows\setupact.log
2012-06-08 01:16 - 2012-05-02 00:08 - 0011830 ____A C:\Windows\PFRO.log
2012-06-08 01:16 - 2012-04-26 12:40 - 2146914304 __ASH C:\hiberfil.sys
2012-06-08 01:16 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-08 01:12 - 2012-05-02 00:11 - 1592033 ____A C:\Windows\WindowsUpdate.log
2012-06-08 01:11 - 2012-05-02 02:30 - 0000000 ____D C:\Users\Savion\AppData\Roaming\Skype
2012-06-08 01:11 - 2009-07-13 21:13 - 0782742 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-08 01:08 - 2012-06-08 01:08 - 1396571 ____A C:\Users\Savion\Desktop\FRST64.exe
2012-06-08 01:03 - 2012-05-02 01:58 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1857216960-1225585824-2230566925-1000UA.job
2012-06-08 00:39 - 2012-06-06 02:25 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-07 22:36 - 2012-05-04 14:36 - 0000000 ____D C:\Users\Savion\AppData\Roaming\.minecraft
2012-06-07 21:59 - 2012-05-02 16:39 - 0000000 ____D C:\Users\Savion\AppData\Local\PMB Files
2012-06-07 21:59 - 2012-05-02 16:39 - 0000000 ____D C:\Users\All Users\PMB Files
2012-06-07 20:49 - 2012-06-07 20:49 - 0013006 ____A C:\Users\Savion\Desktop\Logs.rar
2012-06-07 19:33 - 2012-06-07 19:33 - 0001730 ____A C:\Users\Public\Desktop\Play League of Legends.lnk
2012-06-07 19:25 - 2012-06-07 19:25 - 0000000 ____D C:\Riot Games
2012-06-07 19:25 - 2012-05-02 01:40 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-06-07 19:03 - 2012-06-07 18:02 - 0000000 ____D C:\Users\Savion\Desktop\League of legends
2012-06-07 18:00 - 2012-06-07 18:00 - 2353512 ____A C:\Users\Savion\Downloads\LeagueofLegends.exe
2012-06-07 17:58 - 2009-07-13 20:45 - 0014224 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-07 17:58 - 2009-07-13 20:45 - 0014224 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-07 17:52 - 2012-06-07 17:52 - 918376383 ____A C:\Windows\MEMORY.DMP
2012-06-07 17:52 - 2012-06-07 17:52 - 0303552 ____A C:\Windows\Minidump\060712-29109-01.dmp
2012-06-07 17:52 - 2012-06-07 17:52 - 0000000 ____D C:\Windows\Minidump
2012-06-07 15:18 - 2012-05-04 14:48 - 0000000 ____D C:\Users\Savion\AppData\Local\ElevatedDiagnostics
2012-06-07 13:16 - 2012-06-07 13:16 - 0002130 ____A C:\Users\Savion\Desktop\aswMBR.txt
2012-06-07 13:16 - 2012-06-07 13:16 - 0000512 ____A C:\Users\Savion\Desktop\MBR.dat
2012-06-07 13:14 - 2012-06-07 13:14 - 0030762 ____A C:\Users\Savion\Desktop\DDS.txt
2012-06-07 13:14 - 2012-06-07 13:14 - 0017476 ____A C:\Users\Savion\Desktop\Attach.txt
2012-06-07 13:05 - 2012-06-07 13:05 - 0302592 ____A C:\Users\Savion\Desktop\geh4uji7.exe
2012-06-07 13:03 - 2012-06-07 13:03 - 0607260 ____R (Swearware) C:\Users\Savion\Desktop\dds.scr
2012-06-07 12:55 - 2012-06-07 12:55 - 4731392 ____A (AVAST Software) C:\Users\Savion\Downloads\aswMBR (1).exe
2012-06-07 12:46 - 2012-06-07 12:46 - 0000237 ____A C:\Users\Savion\Downloads\RootkitRemover20120607134604.txt
2012-06-07 12:46 - 2012-06-07 12:45 - 0005578 ____A C:\TDSSKiller.2.7.36.0_07.06.2012_13.45.56_log.txt
2012-06-07 12:45 - 2012-06-07 12:45 - 0475712 ____A (McAfee, Inc.) C:\Users\Savion\Downloads\rootkitremover.exe
2012-06-07 12:40 - 2012-05-02 02:30 - 0000000 ____D C:\Users\All Users\boost_interprocess
2012-06-07 12:38 - 2012-06-07 12:35 - 0137428 ____A C:\TDSSKiller.2.7.36.0_07.06.2012_13.35.56_log.txt
2012-06-07 12:38 - 2012-06-07 04:10 - 0309186 ____A C:\Windows\ntbtlog.txt
2012-06-07 12:38 - 2012-06-06 13:04 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-06-07 12:38 - 2012-06-06 05:13 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-07 11:58 - 2012-05-02 01:50 - 0096680 ____A C:\Users\Savion\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-07 11:55 - 2012-05-02 00:08 - 2919200 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-07 11:55 - 2009-07-13 23:45 - 0000000 ____D C:\Users\Public\Recorded TV
2012-06-07 11:45 - 2012-06-07 11:45 - 2322184 ____A (ESET) C:\Users\Savion\Downloads\esetsmartinstaller_enu.exe
2012-06-07 11:41 - 2012-06-07 11:41 - 0659968 ____A C:\Users\Savion\Downloads\MicrosoftFixit50195.msi
2012-06-07 11:35 - 2012-06-07 11:34 - 4731392 ____A (AVAST Software) C:\Users\Savion\Downloads\aswMBR.exe
2012-06-07 11:34 - 2012-06-07 11:33 - 0137536 ____A C:\TDSSKiller.2.7.36.0_07.06.2012_12.33.10_log.txt
2012-06-07 11:31 - 2012-06-07 11:31 - 0001244 ____A C:\Users\Savion\Desktop\GooredFix.txt
2012-06-07 11:31 - 2012-06-07 11:31 - 0000000 ____D C:\Users\Savion\Desktop\GooredFix Backups
2012-06-07 11:30 - 2012-06-07 11:30 - 0071398 ____A (jpshortstuff) C:\Users\Savion\Downloads\GooredFix.exe
2012-06-07 06:20 - 2012-06-07 06:04 - 0181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-06-07 06:20 - 2012-06-07 06:01 - 0000000 ____D C:\Tweaking.com_Windows_Repair_Logs
2012-06-07 06:18 - 2009-07-13 18:34 - 0000855 ____A C:\Windows\System32\Drivers\etc\hosts
2012-06-07 06:17 - 2012-05-02 03:08 - 0782742 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-07 06:01 - 2012-06-07 06:01 - 1941765 ____A C:\Users\Savion\Downloads\tweaking.com_windows_repair_aio.zip
2012-06-07 06:00 - 2012-06-07 06:00 - 0000000 ___SD C:\32788R22FWJFW
2012-06-07 05:59 - 2012-06-07 05:59 - 0045550 ____A C:\Users\Savion\Downloads\05242012_101815.log
2012-06-07 05:57 - 2012-06-07 05:57 - 0149002 ____A C:\Users\Savion\Downloads\OTL.Txt
2012-06-07 05:57 - 2012-06-07 05:57 - 0000000 ____D C:\Users\All Users\HitmanPro
2012-06-07 05:56 - 2012-06-07 05:56 - 8298672 ____A (SurfRight B.V.) C:\Users\Savion\Downloads\HitmanPro36_x64.exe
2012-06-07 05:27 - 2012-06-07 05:27 - 0038400 ____A (NirSoft) C:\Users\Savion\Downloads\cleanafterme.exe
2012-06-07 05:13 - 2012-06-07 05:13 - 0296281 ____A C:\Users\Savion\Downloads\MGlogs (1).zip
2012-06-07 05:12 - 2012-06-07 05:12 - 0015370 ____A C:\Users\Savion\Downloads\MBRCheck_05.30.12_13.45.21.txt
2012-06-07 05:11 - 2012-06-07 05:11 - 0132972 ____A C:\Users\Savion\Downloads\TDSSKiller.2.7.36.0_30.05.2012_13.30.15_log.txt
2012-06-07 05:11 - 2012-06-07 05:11 - 0003026 ____A C:\Users\Savion\Downloads\OTMResults (1).txt
2012-06-07 05:11 - 2012-06-07 05:11 - 0001614 ____A C:\Users\Savion\Downloads\OTMResults.txt
2012-06-07 05:10 - 2012-06-07 05:10 - 64604376 ____A (COMODO) C:\Users\Savion\Downloads\cfw_installer_x86.exe
2012-06-07 04:56 - 2012-06-07 04:56 - 0000000 ____D C:\_OTM
2012-06-07 04:55 - 2012-06-07 04:55 - 0523264 ____A (OldTimer Tools) C:\Users\Savion\Downloads\OTM.exe
2012-06-07 04:53 - 2012-06-07 04:53 - 0296281 ____A C:\Users\Savion\Downloads\MGlogs.zip
2012-06-07 04:45 - 2012-06-07 04:43 - 0041310 ____A C:\TDSSKiller.2.7.36.0_07.06.2012_05.43.47_log.txt
2012-06-07 04:44 - 2012-06-07 04:44 - 0080384 ____A C:\Users\Savion\Downloads\MBRCheck (1).exe
2012-06-07 04:41 - 2012-06-07 04:41 - 0000954 ____A C:\Users\Savion\Downloads\regfix.reg
2012-06-07 04:26 - 2012-05-02 02:30 - 0002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-06-07 03:29 - 2012-06-07 03:29 - 0889416 ____A (Microsoft Corporation) C:\Users\Savion\Downloads\dotNetFx40_Full_setup.exe
2012-06-07 03:29 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-06-07 03:20 - 2012-06-07 03:02 - 0152233 ____A C:\Windows\System32\Drivers\klin.dat
2012-06-07 03:20 - 2012-06-07 03:02 - 0107177 ____A C:\Windows\System32\Drivers\klick.dat
2012-06-07 03:03 - 2012-06-07 03:03 - 0017408 ____A C:\Users\Savion\AppData\Local\WebpageIcons.db
2012-06-07 03:00 - 2012-06-07 03:00 - 0000000 ____D C:\Program Files (x86)\Kaspersky Lab
2012-06-07 02:57 - 2012-06-07 02:57 - 0615728 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\klif.sys
2012-06-07 02:53 - 2012-05-02 02:47 - 0001945 ____A C:\Windows\epplauncher.mif
2012-06-07 02:50 - 2012-06-07 02:50 - 0000000 ____D C:\Program Files\EAGAME~1
2012-06-07 02:03 - 2012-05-02 01:58 - 0000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1857216960-1225585824-2230566925-1000Core.job
2012-06-06 17:09 - 2012-05-18 15:48 - 0000000 ____D C:\Program Files (x86)\Dxtory License Cracked
2012-06-06 15:30 - 2012-06-06 15:26 - 0000000 ____D C:\Program Files (x86)\TEdit
2012-06-06 15:26 - 2012-06-06 15:26 - 0389120 ____A C:\Users\Savion\Downloads\TEdit3Installer.msi
2012-06-06 14:40 - 2012-06-06 14:40 - 0000000 ____D C:\Users\All Users\Sophos
2012-06-06 14:40 - 2012-06-06 14:40 - 0000000 ____D C:\Program Files (x86)\Sophos
2012-06-06 14:38 - 2012-06-06 14:38 - 83846584 ____A (Sophos Limited) C:\Users\Savion\Downloads\Sophos Virus Removal Tool.exe
2012-06-06 14:23 - 2012-06-06 14:23 - 0000000 ____D C:\Users\Savion\AppData\Roaming\PowerISO
2012-06-06 14:22 - 2012-06-06 14:22 - 7559656 ____A C:\Users\Savion\Downloads\PowerISO5.exe
2012-06-06 14:22 - 2012-06-06 14:22 - 0001021 ____A C:\Users\Public\Desktop\PowerISO.lnk
2012-06-06 14:22 - 2012-06-06 14:22 - 0000000 ____D C:\Program Files (x86)\PowerISO
2012-06-06 13:10 - 2012-06-06 13:08 - 0134588 ____A C:\TDSSKiller.2.7.36.0_06.06.2012_14.08.57_log.txt
2012-06-06 13:06 - 2012-06-06 13:02 - 0265674 ____A C:\TDSSKiller.2.7.36.0_06.06.2012_14.02.16_log.txt
2012-06-06 13:00 - 2012-06-06 12:56 - 0000366 ____A C:\rkill.log
2012-06-06 12:57 - 2012-06-06 12:57 - 2127960 ____A (Kaspersky Lab ZAO) C:\Users\Savion\Downloads\tdsskiller.exe
2012-06-06 12:57 - 2012-06-06 12:57 - 0132454 ____A C:\TDSSKiller.2.7.36.0_06.06.2012_13.57.19_log.txt
2012-06-06 12:56 - 2012-06-06 12:56 - 1012656 ____A C:\Users\Savion\Downloads\rkill (1).exe
2012-06-06 12:55 - 2012-06-06 12:55 - 1012656 ____A C:\Users\Savion\Downloads\rkill.exe
2012-06-06 12:49 - 2009-07-13 21:08 - 0012318 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-06 12:45 - 2012-06-06 12:45 - 0000000 ____D C:\Users\Default\AppData\Roaming\IObit
2012-06-06 12:45 - 2012-06-06 12:45 - 0000000 ____D C:\Users\Default User\AppData\Roaming\IObit
2012-06-06 12:41 - 2012-06-06 12:41 - 0050477 ____A C:\Users\Savion\Downloads\Defogger.exe
2012-06-06 12:41 - 2012-06-06 12:41 - 0049024 ____A (Microsoft Corporation) C:\Users\Savion\Downloads\MSOXMLMF.DLL
2012-06-06 12:41 - 2012-06-06 12:41 - 0000654 ____A C:\Users\Savion\Downloads\defogger_disable.log
2012-06-06 12:41 - 2012-06-06 12:41 - 0000188 ____A C:\Users\Savion\defogger_reenable
2012-06-06 12:41 - 2012-05-02 00:25 - 0000000 ____D C:\users\Savion
2012-06-06 12:29 - 2012-06-06 12:09 - 0007597 ____A C:\Users\Savion\AppData\Local\Resmon.ResmonCfg
2012-06-06 12:24 - 2012-06-06 12:24 - 1932256 ____A (Symantec Corporation) C:\Users\Savion\Downloads\FixTDSS.exe
2012-06-06 12:23 - 2012-06-06 12:23 - 0139264 ____A () C:\Users\Savion\Downloads\RKUnhookerLE.EXE
2012-06-06 12:23 - 2012-06-06 12:23 - 0035712 ____A C:\Windows\SysWOW64\Drivers\BlackBox.sys
2012-06-06 12:23 - 2012-06-06 12:23 - 0000206 ____A C:\Users\Savion\Downloads\rku_error_log_456287.txt
2012-06-06 12:14 - 2012-06-06 12:12 - 0027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-06-06 12:12 - 2012-06-06 12:12 - 1805736 ____A (Symantec Corporation) C:\Users\Savion\Downloads\FixZeroAccess.exe
2012-06-06 12:07 - 2012-06-06 12:07 - 0187464 ____A (Webroot) C:\Users\Savion\Downloads\antizeroaccess.exe
2012-06-06 12:07 - 2012-06-06 12:07 - 0000135 ____A C:\Users\Savion\Downloads\AntiZeroAccess_Log.txt
2012-06-06 12:06 - 2012-06-06 12:06 - 19551736 ____A (IObit ) C:\Users\Savion\Downloads\imf-setup.exe
2012-06-06 12:06 - 2012-06-06 12:06 - 0001187 ____A C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2012-06-06 12:06 - 2012-06-06 12:06 - 0000000 ____D C:\Users\Savion\AppData\Roaming\IObit
2012-06-06 12:06 - 2012-05-02 02:20 - 0000000 ____D C:\Program Files (x86)\IObit
2012-06-06 12:01 - 2012-06-06 12:00 - 0131388 ____A C:\TDSSKiller.2.7.36.0_06.06.2012_13.00.46_log.txt
2012-06-06 12:00 - 2012-06-06 12:00 - 2108959 ____A C:\Users\Savion\Downloads\tdsskiller (1).zip
2012-06-06 11:50 - 2012-06-06 11:50 - 0869194 ____A C:\Users\Savion\Downloads\SecurityCheck.exe
2012-06-06 11:49 - 2012-06-06 11:49 - 5813904 ____A (Check Point Software Technologies LTD) C:\Users\Savion\Downloads\zaSetupWeb_102_047_000.exe
2012-06-06 11:47 - 2012-05-04 14:51 - 0000000 ____D C:\Windows\System32\appmgmt
2012-06-06 11:46 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-06-06 11:44 - 2012-06-06 11:44 - 1402880 ____A C:\Users\Savion\Downloads\HijackThis.msi
2012-06-06 11:44 - 2012-06-06 11:44 - 0000000 ____D C:\Program Files (x86)\Trend Micro
2012-06-06 11:40 - 2012-06-06 06:00 - 0000000 ____D C:\Users\All Users\ESET
2012-06-06 11:40 - 2012-06-06 06:00 - 0000000 ____D C:\Program Files\ESET
2012-06-06 11:37 - 2012-06-06 11:37 - 12621696 ____A (Microsoft Corporation) C:\Users\Savion\Downloads\mseinstall.exe
2012-06-06 11:28 - 2012-06-06 06:26 - 0048599 ____A C:\Windows\SysWOW64\epfwdata.bin
2012-06-06 06:26 - 2012-06-06 06:26 - 0019693 ____A C:\Users\Savion\Desktop\4.1.txt
2012-06-06 05:58 - 2012-06-06 05:58 - 0302592 ____A C:\Users\Savion\Downloads\diticux2.exe
2012-06-06 05:56 - 2012-06-06 05:56 - 0000360 ____A C:\Users\Savion\Documents\DownloadedLicenses.txt
2012-06-06 05:32 - 2012-06-06 05:32 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-06 05:31 - 2012-06-06 05:31 - 0040448 ____A C:\Users\Savion\Downloads\4-3 practice problems.doc
2012-06-06 05:19 - 2012-06-06 05:19 - 0338059 ____A C:\Users\Savion\Downloads\FSS.exe
2012-06-06 05:19 - 2012-06-06 05:19 - 0002063 ____A C:\Users\Savion\Downloads\FSS.txt
2012-06-06 05:17 - 2012-06-06 05:13 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-06 05:16 - 2012-06-06 05:13 - 0265852 ____A C:\TDSSKiller.2.7.36.0_06.06.2012_06.13.35_log.txt
2012-06-06 05:14 - 2012-06-06 05:14 - 0080384 ____A C:\Users\Savion\Downloads\MBRCheck.exe
2012-06-06 05:13 - 2012-06-06 05:13 - 2108959 ____A C:\Users\Savion\Downloads\tdsskiller.zip
2012-06-06 05:13 - 2012-06-06 05:13 - 0001272 ____A C:\Users\Savion\Desktop\Spybot - Search & Destroy.lnk
2012-06-06 05:12 - 2012-06-06 05:12 - 16409960 ____A (Safer Networking Limited ) C:\Users\Savion\Downloads\spybotsd162.exe
2012-06-06 05:09 - 2012-06-06 05:09 - 4537562 ____A (Swearware) C:\Users\Savion\Downloads\ComboFix (1).exe
2012-06-06 05:00 - 2012-06-06 05:00 - 4127176 ____A (DigiDNA ) C:\Users\Savion\Downloads\DiskAid_5_14.exe
2012-06-06 05:00 - 2012-06-06 05:00 - 0000000 ____D C:\Users\Savion\AppData\Roaming\DiskAid
2012-06-06 04:59 - 2012-06-06 04:56 - 0612457 ____A C:\Users\Savion\Desktop\SharePod.log
2012-06-06 04:56 - 2012-06-06 04:55 - 2140631 ____A C:\Users\Savion\Downloads\SharePod_3.99.zip
2012-06-06 04:47 - 2012-06-06 04:47 - 0003215 ____A C:\Users\Savion\Downloads\yam-win.torrent
2012-06-06 03:59 - 2012-06-06 03:59 - 3859563 ____A C:\Users\Savion\Downloads\NodusUpdate.jar
2012-06-06 02:25 - 2012-06-06 02:25 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-06 02:25 - 2012-06-06 02:25 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-06 02:25 - 2012-06-06 02:25 - 0000000 ____D C:\Windows\System32\Macromed
2012-06-06 00:57 - 2012-05-28 00:32 - 0000000 ____D C:\Users\Savion\AppData\Roaming\Apple Computer
2012-06-05 06:30 - 2012-06-03 06:03 - 0061952 ____A C:\Users\Savion\Downloads\Chapter 19 - Study Guide - Answers.doc
2012-06-04 22:23 - 2012-05-03 23:34 - 0000000 ____D C:\Users\Savion\Documents\My Games
2012-06-04 22:22 - 2012-05-02 00:24 - 0167648 ____A C:\Windows\DirectX.log
2012-06-04 22:13 - 2012-06-04 22:13 - 0000221 ____A C:\Users\Savion\Desktop\Sanctum.url
2012-06-04 22:13 - 2012-05-02 03:18 - 0000000 ____D C:\Program Files (x86)\MSI Afterburner
2012-06-04 22:01 - 2012-06-04 22:01 - 0000000 ____D C:\Users\Savion\AppData\Local\storage
2012-06-03 20:56 - 2012-06-03 20:56 - 0003600 ____A C:\Users\Savion\Desktop\player1.plr
2012-06-03 19:45 - 2012-06-03 19:45 - 0780288 ____A (Chapley) C:\Users\Savion\Downloads\TerrariForm.exe
2012-06-03 19:45 - 2012-06-03 19:45 - 0000049 ____A C:\Users\Savion\Downloads\Favorites.xml
2012-06-03 19:44 - 2012-06-03 19:44 - 0039424 ____A (Microsoft) C:\Users\Savion\Downloads\TerrariServerViewer.exe
2012-06-03 19:43 - 2012-06-03 19:46 - 0000992 ____A C:\Users\Savion\Desktop\player1 - Copy.plr
2012-06-03 05:29 - 2012-06-03 04:35 - 201082725 ____A C:\Users\Savion\Downloads\rld-ckup.rar
2012-06-03 04:51 - 2012-06-03 04:51 - 0000000 ____D C:\Users\Savion\Documents\Rockstar Games
2012-06-03 04:27 - 2012-06-03 04:27 - 0000000 ____D C:\Program Files (x86)\Rockstar Games
2012-06-03 04:05 - 2012-06-03 04:05 - 0000000 ____D C:\Users\All Users\Rockstar Games
2012-06-03 03:59 - 2012-06-03 03:59 - 0000783 ____A C:\Users\Public\Desktop\Initial D Mountain Vengeance.lnk
2012-06-02 01:14 - 2012-06-02 01:14 - 0000000 ____D C:\Users\Savion\AppData\Local\Chromium
2012-06-01 14:40 - 2012-06-01 14:40 - 0001012 ____A C:\Users\Savion\Desktop\Aion.lnk
2012-06-01 14:38 - 2012-06-01 14:38 - 6523640 ____A (Macrovision Corporation) C:\Users\Savion\Downloads\NCsoftLauncherSetup.exe
2012-06-01 14:38 - 2012-06-01 14:38 - 0000938 ____A C:\Users\Public\Desktop\NCsoft Launcher.lnk
2012-06-01 01:51 - 2012-06-01 01:51 - 4180486 ____A C:\Users\Savion\Downloads\case1_sm.rm
2012-06-01 00:31 - 2012-06-01 00:31 - 3653847 ____A C:\Users\Savion\Downloads\Eraser.rar
2012-05-31 20:38 - 2012-05-31 20:38 - 0000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-05-31 20:36 - 2012-05-31 20:36 - 0000000 ____D C:\Users\Savion\Documents\BioWare
2012-05-31 20:23 - 2012-05-31 20:21 - 7857454 ____A C:\Users\Savion\Downloads\sc-meu1.rar
2012-05-31 14:25 - 2012-05-31 14:25 - 0000000 ____D C:\Users\Savion\AppData\Local\FLT
2012-05-31 14:25 - 2012-05-31 14:25 - 0000000 ____D C:\Users\All Users\Codemasters
2012-05-31 14:23 - 2012-05-31 14:23 - 0466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-05-31 14:23 - 2012-05-31 14:23 - 0444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-05-31 14:23 - 2012-05-31 14:23 - 0122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-05-31 14:23 - 2012-05-31 14:23 - 0109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-05-31 14:23 - 2012-05-31 14:23 - 0000000 ____D C:\Program Files (x86)\OpenAL
2012-05-31 14:23 - 2012-05-31 14:23 - 0000000 ____D C:\Program Files (x86)\BRS
2012-05-31 00:37 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\LiveKernelReports
2012-05-31 00:10 - 2012-05-31 00:08 - 0000000 ____D C:\Users\Savion\AppData\Local\Ubisoft Game Launcher
2012-05-31 00:07 - 2012-05-31 00:07 - 0000000 ____D C:\Users\All Users\Ubisoft
2012-05-31 00:07 - 2012-05-31 00:07 - 0000000 ____D C:\Program Files (x86)\Ubisoft
2012-05-30 23:12 - 2012-05-30 23:12 - 0000221 ____A C:\Users\Savion\Tom Clancy's Splinter Cell Conviction.url
2012-05-30 20:10 - 2012-06-06 14:22 - 0126944 ____A (Power Software Ltd) C:\Windows\System32\Drivers\scdemu.sys
2012-05-30 18:57 - 2012-05-30 18:19 - 0000000 ____D C:\Users\Savion\AppData\Roaming\Nero
2012-05-30 18:19 - 2012-05-30 18:19 - 0000000 ____D C:\Users\All Users\LightScribe
2012-05-30 18:17 - 2012-05-30 18:15 - 0000000 ____D C:\Users\All Users\Nero
2012-05-30 18:17 - 2012-05-30 18:15 - 0000000 ____D C:\Program Files (x86)\Nero
2012-05-30 18:16 - 2012-05-30 18:16 - 0002915 ____A C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
2012-05-30 18:13 - 2012-05-02 02:30 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-05-30 15:24 - 2012-05-28 19:28 - 0000384 ____A C:\Users\Savion\Desktop\buksm_config.ini
2012-05-30 07:22 - 2012-05-30 07:14 - 321023920 ____A (Futuremark Corporation) C:\Users\Savion\Downloads\PCMark_7_v104_installer.exe
2012-05-29 01:38 - 2012-05-29 01:38 - 0308224 ____A C:\Users\Savion\Downloads\2010Nov9.ppt
2012-05-29 01:36 - 2012-05-29 01:36 - 0363008 ____A C:\Users\Savion\Downloads\Ch 17 Solubility and Precipitation.doc
2012-05-29 01:30 - 2012-05-29 01:30 - 0038329 ____A C:\Users\Savion\Downloads\17.1ptd.rtf
2012-05-29 01:21 - 2012-05-29 01:21 - 0029696 ____A C:\Users\Savion\Downloads\Eq_Practice_probs.doc
2012-05-28 23:03 - 2012-05-24 17:01 - 0000944 ____A C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2012-05-28 20:06 - 2012-05-28 19:57 - 153239816 ____A C:\Users\Savion\Downloads\Body Transfer 2 (640x480 WMV9 QB93 Lame VBR Auto60).part2.rar
2012-05-28 19:51 - 2012-05-28 19:40 - 209715200 ____A C:\Users\Savion\Downloads\Body Transfer 2 (640x480 WMV9 QB93 Lame VBR Auto60).part1.rar
2012-05-28 19:34 - 2012-05-28 19:34 - 0064090 ____A C:\Users\Savion\Downloads\Backup-bin.zip
2012-05-28 19:30 - 2012-05-28 19:30 - 0000000 ____D C:\Users\Savion\Desktop\minecraft_server
2012-05-28 19:28 - 2012-05-28 19:28 - 0389396 ____A C:\Users\Savion\Downloads\bukkit_server_manager_1170.zip
2012-05-28 17:52 - 2012-05-28 17:46 - 16088206 ____A C:\Users\Savion\Desktop\hungercity.zip
2012-05-28 17:43 - 2012-05-28 17:43 - 8688607 ____A C:\Users\Savion\Downloads\The Survival Games 2.zip
2012-05-28 11:57 - 2012-05-27 22:08 - 0000990 ____A C:\Users\Savion\Desktop\properties.yml
2012-05-28 01:42 - 2012-05-28 01:39 - 0000000 ____D C:\Users\Savion\AppData\Local\GRAW2
2012-05-28 01:39 - 2012-05-28 01:39 - 0000000 ____D C:\Users\All Users\GRAW2
2012-05-28 01:32 - 2012-05-28 01:32 - 0792704 ____A (AMD) C:\Users\Savion\Downloads\amddriverdownloader (1).exe
2012-05-28 01:31 - 2012-05-28 01:31 - 0792704 ____A (AMD) C:\Users\Savion\Downloads\amddriverdownloader.exe
2012-05-28 01:27 - 2012-05-28 01:26 - 160889384 ____A (Advanced Micro Devices, Inc.) C:\Users\Savion\Downloads\12-4_vista_win7_64_dd_ccc.exe
2012-05-28 01:25 - 2012-05-28 01:25 - 0000000 ____D C:\Users\All Users\Media Center Programs
2012-05-28 00:32 - 2012-05-28 00:32 - 0001793 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-05-28 00:32 - 2012-05-28 00:32 - 0000000 ____D C:\Users\Savion\AppData\Local\Apple Computer
2012-05-28 00:31 - 2012-05-28 00:31 - 0000000 ____D C:\Users\All Users\Apple Computer
2012-05-28 00:31 - 2012-05-28 00:31 - 0000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-05-28 00:31 - 2012-05-28 00:31 - 0000000 ____D C:\Program Files\iTunes
2012-05-28 00:31 - 2012-05-28 00:31 - 0000000 ____D C:\Program Files\iPod
2012-05-28 00:31 - 2012-05-28 00:31 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-05-28 00:30 - 2012-05-28 00:30 - 0000000 ____D C:\Users\Savion\AppData\Local\Apple
2012-05-28 00:30 - 2012-05-28 00:30 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-05-28 00:30 - 2012-05-28 00:30 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-05-28 00:30 - 2012-05-28 00:29 - 0000000 ____D C:\Users\All Users\Apple
2012-05-28 00:29 - 2012-05-28 00:29 - 0000000 ____D C:\Program Files\Bonjour
2012-05-28 00:29 - 2012-05-28 00:29 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-05-27 23:34 - 2012-05-27 23:34 - 76761968 ____A (Apple Inc.) C:\Users\Savion\Downloads\iTunes64Setup.exe
2012-05-27 04:30 - 2012-05-27 04:30 - 0560318 ____A C:\Users\Savion\Downloads\AutoClicker.zip
2012-05-27 00:00 - 2012-05-20 17:05 - 0000000 ____D C:\Users\Savion\Documents\StarCraft II
2012-05-26 21:36 - 2012-05-26 21:36 - 0124090 ____A C:\Users\Savion\Downloads\Guardian.jar
2012-05-26 21:27 - 2012-05-26 21:27 - 0230952 ____A C:\Users\Savion\Downloads\Interface.zip
2012-05-26 21:26 - 2012-05-26 21:26 - 0024638 ____A C:\Users\Savion\Downloads\Hawk.jar
2012-05-26 21:20 - 2012-05-26 21:20 - 0133125 ____A C:\Users\Savion\Downloads\LogBlock v1.50.zip
2012-05-26 21:19 - 2012-05-26 21:19 - 0062639 ____A C:\Users\Savion\Downloads\AntiCheat.jar
2012-05-26 21:17 - 2012-05-26 21:17 - 0721312 ____A C:\Users\Savion\Downloads\worldedit-5.3.zip
2012-05-26 21:16 - 2012-05-26 21:16 - 0267902 ____A C:\Users\Savion\Downloads\worldguard-5.5.2.jar
2012-05-26 21:15 - 2012-05-26 21:15 - 1237678 ____A C:\Users\Savion\Downloads\Essentials-2.9.1.zip
2012-05-26 21:15 - 2012-05-26 21:15 - 0112522 ____A C:\Users\Savion\Downloads\Essentials-gm-2.9.1.zip
2012-05-26 21:10 - 2012-05-26 21:09 - 0000000 ____D C:\Users\Savion\AppData\Roaming\Notepad++
2012-05-26 21:09 - 2012-05-26 21:08 - 5799969 ____A C:\Users\Savion\Downloads\npp.6.1.2.Installer.exe
2012-05-26 20:51 - 2009-07-13 18:34 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts_bak_610
2012-05-26 20:47 - 2012-05-26 20:46 - 26024903 ____A (Hervé Leclerc (HeL) ) C:\Users\Savion\Downloads\wampserver2.2d-x64.exe
2012-05-26 20:04 - 2012-05-26 20:04 - 0959648 ____A C:\Users\Savion\Downloads\MCMAPHG0.1.zip
2012-05-26 17:33 - 2012-05-26 17:33 - 0023720 ____A C:\Users\Savion\Documents\jesse's server.veg
2012-05-26 16:48 - 2012-05-26 16:46 - 34517739 ____A C:\Users\Savion\Documents\jesse's mc server.wmv
2012-05-26 13:14 - 2012-05-04 03:22 - 0000000 ____D C:\Users\Savion\AppData\Roaming\vlc
2012-05-25 18:18 - 2012-05-06 23:01 - 0000000 ____D C:\Users\Savion\AppData\Local\SKIDROW
2012-05-24 17:11 - 2012-05-23 14:37 - 0000000 ____D C:\Users\Savion\AppData\Local\Skyrim
2012-05-24 17:03 - 2012-05-23 14:50 - 0000000 ____D C:\Users\Savion\AppData\Local\Black_Tree_Gaming
2012-05-24 17:01 - 2012-05-24 17:01 - 0000000 ____D C:\Program Files\Nexus Mod Manager
2012-05-24 16:23 - 2012-05-23 14:50 - 0000000 ____D C:\Users\Savion\Documents\Nexus Mod Manager
2012-05-24 15:44 - 2012-05-24 15:44 - 0000000 ____D C:\Users\Savion\AppData\Roaming\LolClient2
2012-05-24 15:22 - 2012-05-24 15:22 - 0000000 ____D C:\Program Files (x86)\Girl Tech
2012-05-24 15:20 - 2012-05-24 15:20 - 0000000 ____D C:\Program Files (x86)\JL2005C
2012-05-24 05:35 - 2012-05-24 04:19 - 0000000 ____D C:\Users\Savion\AppData\Roaming\wargaming.net
2012-05-24 04:18 - 2012-05-02 03:20 - 0000000 ____D C:\Windows\SysWOW64\directx
2012-05-23 17:07 - 2012-05-28 19:28 - 0261632 ____A (xathz.com) C:\Users\Savion\Desktop\buksm.exe
2012-05-23 17:04 - 2012-05-02 02:00 - 0002378 ____A C:\Users\Savion\Desktop\Google Chrome.lnk
2012-05-23 15:52 - 2012-05-23 15:52 - 0001229 ____A C:\Users\Savion\Desktop\Skyrim.lnk
2012-05-23 04:30 - 2012-05-21 02:00 - 0000368 ____A C:\Users\Savion\.packettracer
2012-05-23 03:08 - 2012-05-23 03:08 - 0000000 ____D C:\Users\Savion\Documents\Remedy
2012-05-22 06:31 - 2012-05-21 16:24 - 0092200 ____A C:\Users\Savion\Documents\chinese project.veg
2012-05-21 23:52 - 2012-05-21 23:16 - 346647485 ____A C:\Users\Savion\Documents\chinese project 1080p.wmv
2012-05-21 23:08 - 2012-05-21 23:00 - 123527485 ____A C:\Users\Savion\Documents\chinese project 480.wmv
2012-05-21 22:49 - 2012-05-21 22:30 - 257503485 ____A C:\Users\Savion\Documents\chinese project.wmv
2012-05-21 22:27 - 2012-05-21 16:24 - 0094128 ____A C:\Users\Savion\Documents\chinese project.veg.bak
2012-05-21 21:35 - 2012-05-21 19:26 - 0000000 ____D C:\Users\Savion\AppData\Roaming\Audacity
2012-05-21 21:04 - 2012-05-21 20:54 - 0030696 ____A C:\Reel Take 2.sfk
2012-05-21 20:52 - 2012-05-21 20:52 - 3920760 ____A C:\Reel Take 2.wav
2012-05-21 19:26 - 2012-05-21 19:26 - 0001021 ____A C:\Users\Savion\Desktop\Audacity.lnk
2012-05-21 19:26 - 2012-05-21 19:26 - 0000000 ____D C:\Program Files (x86)\Audacity
2012-05-21 17:37 - 2012-05-21 17:37 - 0000000 ____D C:\Users\Savion\AppData\Roaming\DVDVideoSoftIEHelpers
2012-05-21 17:37 - 2012-05-21 17:37 - 0000000 ____D C:\Users\Savion\AppData\Roaming\DVDVideoSoft
2012-05-21 17:37 - 2012-05-21 17:37 - 0000000 ____D C:\Program Files (x86)\DVDVideoSoft
2012-05-21 17:08 - 2012-05-21 17:08 - 0000000 ____D C:\Windows\Sun
2012-05-21 17:07 - 2012-05-21 17:07 - 0000000 ____D C:\Program Files (x86)\Oracle
2012-05-21 17:06 - 2012-05-21 17:06 - 0174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-05-21 17:06 - 2012-05-21 17:06 - 0174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-05-21 17:06 - 2012-05-21 17:06 - 0000000 ____D C:\Program Files (x86)\Java
2012-05-21 17:06 - 2012-05-02 00:25 - 0000000 ____D C:\Users\Savion\AppData\LocalLow
2012-05-21 16:44 - 2012-05-21 16:44 - 14385400 ____A C:\Users\Savion\Documents\Untitled.wmv.sfap0
2012-05-21 16:44 - 2012-05-21 16:44 - 0112456 ____A C:\Users\Savion\Documents\Untitled.wmv.sfk
2012-05-21 15:08 - 2012-05-21 15:07 - 0643424 ____A C:\Reel.mp4.sfk
2012-05-21 15:06 - 2012-05-21 15:06 - 101525370 ____A C:\Reel.mp4
2012-05-21 11:26 - 2012-05-21 11:26 - 0000000 ____D C:\Program Files (x86)\Microsoft XNA
2012-05-21 11:14 - 2012-05-21 11:14 - 0000221 ____A C:\Users\Savion\Desktop\Magicka.url
2012-05-21 03:21 - 2012-05-21 03:21 - 0000222 ____A C:\Users\Savion\Desktop\Terraria.url
2012-05-21 02:09 - 2012-05-21 02:09 - 0000000 ____D C:\Users\Savion\Cisco Packet Tracer 5.3.3
2012-05-21 02:09 - 2012-05-21 02:08 - 0000000 ____D C:\Program Files (x86)\Cisco Packet Tracer 5.3.3
2012-05-21 02:00 - 2012-05-21 02:00 - 0000000 ____D C:\Users\Savion\Cisco Packet Tracer 5.3
2012-05-21 01:59 - 2012-05-21 01:58 - 0000000 ____D C:\Program Files (x86)\Cisco Packet Tracer 5.3
2012-05-20 23:15 - 2012-05-20 23:15 - 0000000 ____D C:\Users\Savion\Documents\CAPCOM
2012-05-20 17:34 - 2012-05-20 17:34 - 0000000 ____D C:\Windows\SysWOW64\xlive
2012-05-20 17:34 - 2012-05-20 17:34 - 0000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-05-20 17:11 - 2012-05-20 17:05 - 0000753 ____A C:\Users\Public\Desktop\StarCraft II.lnk
2012-05-20 17:11 - 2012-05-15 20:42 - 0000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-05-20 15:54 - 2012-05-20 15:54 - 0000666 ____A C:\Users\Public\Desktop\Counter-Strike 1.6.lnk
2012-05-20 13:24 - 2012-05-20 13:24 - 0000000 ____D C:\Users\Savion\AppData\Roaming\.clickme
2012-05-18 19:51 - 2012-05-02 01:58 - 0000000 ____D C:\Users\Savion\AppData\Local\Deployment
2012-05-18 15:48 - 2012-05-03 23:49 - 0000000 ____D C:\Users\Savion\AppData\Local\Dxtory Software
2012-05-18 15:00 - 2012-05-18 15:00 - 0000757 ____A C:\Users\Public\Desktop\Nexuiz.lnk
2012-05-18 03:05 - 2012-05-18 03:05 - 0000000 ___RD C:\MSOCache
2012-05-18 01:57 - 2012-05-18 01:57 - 0000000 ____D C:\Users\Savion\AppData\Roaming\Media Player Classic
2012-05-17 22:18 - 2012-05-03 18:47 - 0000000 ____D C:\Users\Savion\AppData\Roaming\DAEMON Tools Lite
2012-05-15 20:42 - 2012-05-15 20:42 - 0000000 ____D C:\Users\Savion\Documents\Diablo III
2012-05-15 20:32 - 2012-05-15 20:32 - 0000000 ____D C:\Users\All Users\Battle.net
2012-05-15 17:28 - 2012-05-15 17:28 - 0000794 ____A C:\Users\Savion\Desktop\Diablo.III.Collectors.Edition.lnk
2012-05-14 03:27 - 2012-05-14 03:27 - 0000750 ____A C:\Users\Public\Desktop\Portal 2.lnk
2012-05-13 05:49 - 2012-05-13 05:46 - 13381937 ____A C:\Users\Savion\Documents\Untitled.wmv
2012-05-12 17:12 - 2012-05-11 23:55 - 0000000 ____D C:\Users\Savion\AppData\Roaming\Sony
2012-05-12 00:08 - 2012-05-12 00:08 - 0000000 ____D C:\Users\Savion\AppData\Roaming\Sony Creative Software Inc
2012-05-12 00:01 - 2012-05-12 00:01 - 0000000 ____D C:\Users\Savion\AppData\Roaming\Publish Providers
2012-05-12 00:00 - 2012-05-12 00:00 - 0002556 ____A C:\Users\Savion\Documents\Register Vegas Pro.htm
2012-05-11 23:59 - 2012-05-11 23:58 - 0000000 ____D C:\Users\Savion\AppData\Local\Sony
2012-05-11 23:58 - 2012-05-11 23:58 - 0000000 ____D C:\Users\All Users\Sony
2012-05-11 23:58 - 2012-05-11 23:58 - 0000000 ____D C:\Program Files (x86)\Sony
2012-05-11 22:10 - 2012-05-11 22:10 - 0000219 ____A C:\Users\Savion\Desktop\Dota 2.url
2012-05-08 21:23 - 2012-05-08 21:23 - 0000348 ____A C:\Users\Savion\Desktop\Minecraft Launcher.appref-ms
2012-05-07 21:18 - 2012-05-07 21:18 - 0000000 ____D C:\Users\Savion\AppData\Roaming\Ventrilo
2012-05-07 21:17 - 2012-05-07 21:17 - 0000641 ____A C:\Users\Savion\Desktop\Ventrilo.lnk
2012-05-07 21:17 - 2012-05-07 21:17 - 0000262 ____A C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
2012-05-07 15:03 - 2012-05-07 15:03 - 0000000 ____A C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-05-07 00:29 - 2012-05-07 00:29 - 0000000 ____D C:\Users\Savion\Documents\Syndicate
2012-05-06 23:03 - 2012-05-06 23:02 - 0000000 ____D C:\Users\Savion\AppData\Local\SniperV2
2012-05-06 22:13 - 2012-05-06 22:13 - 0000000 ____D C:\Program Files (x86)\Rebellion
2012-05-06 20:15 - 2012-05-03 15:49 - 0000000 ____D C:\Users\All Users\Adobe
2012-05-06 20:15 - 2012-05-03 15:46 - 0000000 ____D C:\Users\Savion\AppData\Local\Adobe
2012-05-06 20:15 - 2012-05-02 02:01 - 0000000 ____D C:\Users\Savion\AppData\Roaming\Adobe
2012-05-06 20:14 - 2012-05-06 20:14 - 0002029 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-05-06 20:13 - 2012-05-03 15:45 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-05-06 10:39 - 2012-05-06 05:26 - 0004349 ____A C:\proxy socks.txt
2012-05-06 09:57 - 2012-05-06 09:54 - 0000000 ____D C:\Users\Savion\AppData\Roaming\TeamViewer
2012-05-06 09:54 - 2012-05-06 09:54 - 0001176 ____A C:\Users\Public\Desktop\TeamViewer 7.lnk
2012-05-06 09:54 - 2012-05-06 09:54 - 0000000 ____D C:\Program Files (x86)\TeamViewer
2012-05-06 05:59 - 2012-05-06 05:59 - 0000000 ____D C:\Users\Savion\.sessionstealer
2012-05-06 05:23 - 2012-05-06 05:23 - 0001198 ____A C:\Users\Public\Desktop\Socks Proxy Checker.lnk
2012-05-06 05:23 - 2012-05-06 05:23 - 0000000 ____D C:\Users\All Users\SPC
2012-05-06 05:23 - 2012-05-06 05:23 - 0000000 ____D C:\Program Files (x86)\My-Proxy
2012-05-05 20:44 - 2012-05-05 20:44 - 0000000 ____D C:\Users\All Users\Nexon
2012-05-05 20:44 - 2012-05-03 18:21 - 0000000 ____D C:\Users\All Users\NexonUS
2012-05-05 19:49 - 2012-05-05 18:09 - 0000000 ____D C:\Users\Savion\AppData\Roaming\.platinum
2012-05-05 19:04 - 2012-05-05 19:04 - 0000000 ____D C:\Users\Savion\AppData\Local\2K Games
2012-05-04 17:35 - 2012-05-04 17:33 - 0000000 ____D C:\Users\Savion\Documents\Mount&Blade Warband
2012-05-04 17:34 - 2012-05-04 17:34 - 0000000 ____D C:\Users\Savion\Documents\Mount&Blade Warband Savegames
2012-05-04 17:34 - 2012-05-04 17:33 - 0000000 ____D C:\Users\Savion\AppData\Roaming\Mount&Blade Warband
2012-05-04 17:29 - 2012-05-04 17:29 - 0000221 ____A C:\Users\Savion\Desktop\Mount & Blade Warband.url
2012-05-04 16:54 - 2012-05-02 15:30 - 0000000 ____D C:\Users\Savion\AppData\Roaming\TS3Client
2012-05-04 14:51 - 2012-05-04 14:52 - 0544032 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-05-04 14:51 - 2012-05-04 14:52 - 0525600 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-05-04 14:51 - 2012-05-04 14:52 - 0191264 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-05-04 14:51 - 2012-05-04 14:52 - 0172320 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-05-04 14:51 - 2012-05-04 14:52 - 0172320 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-05-04 14:51 - 2012-05-04 14:51 - 0000000 ____D C:\Program Files\Java
2012-05-04 05:04 - 2012-05-04 04:56 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-04 05:01 - 2012-05-04 05:01 - 0000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2012-05-04 05:01 - 2009-07-13 23:46 - 0000000 ____D C:\Windows\ShellNew
2012-05-04 05:01 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\MSBuild
2012-05-04 05:00 - 2012-05-04 05:00 - 0000000 ____D C:\Windows\PCHEALTH
2012-05-04 05:00 - 2012-05-04 05:00 - 0000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2012-05-04 05:00 - 2012-05-04 05:00 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-05-04 05:00 - 2012-05-04 04:56 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-05-04 04:58 - 2012-05-04 04:58 - 0000000 ____D C:\Program Files\Microsoft Office
2012-05-04 04:58 - 2012-05-04 04:58 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2012-05-04 04:57 - 2012-05-04 04:57 - 0000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2012-05-04 04:57 - 2009-07-13 18:34 - 0000478 ____A C:\Windows\win.ini
2012-05-04 04:56 - 2012-05-04 04:56 - 0000000 ____D C:\Users\Savion\AppData\Local\Microsoft Help
2012-05-03 23:57 - 2012-05-03 23:57 - 0715038 ____A C:\Windows\unins000.exe
2012-05-03 23:57 - 2012-05-03 23:57 - 0001992 ____A C:\Windows\unins000.dat
2012-05-03 23:56 - 2012-05-03 23:56 - 0000000 ____D C:\Users\Savion\AppData\Roaming\DivX
2012-05-03 23:49 - 2012-05-03 23:49 - 0000000 ____D C:\Program Files (x86)\Dxtory Software
2012-05-03 23:29 - 2012-05-03 23:29 - 0178800 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2012-05-03 23:22 - 2012-05-02 01:42 - 0000000 ____D C:\Users\All Users\DAEMON Tools Lite
2012-05-03 23:21 - 2012-05-03 23:21 - 0283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-05-03 19:50 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-05-03 18:47 - 2012-05-03 18:47 - 0000864 ____A C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2012-05-03 18:47 - 2012-05-02 01:43 - 0560184 ____A (Duplex Secure Ltd.) C:\Windows\System32\Drivers\sptd.sys
2012-05-03 18:26 - 2012-05-03 18:26 - 0000717 ____A C:\Users\Public\Desktop\Steam.lnk
2012-05-03 15:55 - 2012-05-03 15:44 - 0000000 ____D C:\Program Files\Common Files\Adobe
2012-05-03 15:48 - 2012-05-03 15:48 - 0000000 ____D C:\Windows\SysWOW64\spool
2012-05-03 15:45 - 2012-05-03 15:45 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-05-03 15:44 - 2012-05-03 15:44 - 0000000 ____D C:\Program Files\Common Files\Macrovision Shared
2012-05-03 15:38 - 2012-05-02 00:25 - 0000000 ____D C:\Program Files\WinRAR
2012-05-03 13:53 - 2012-05-03 13:53 - 0000000 ____D C:\Windows\SysWOW64\RTCOM
2012-05-03 13:53 - 2012-05-03 13:53 - 0000000 ____D C:\Program Files\Realtek
2012-05-03 13:53 - 2012-05-03 13:53 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-03 13:50 - 2012-05-02 15:48 - 0007052 ____A C:\Windows\IE9_main.log
2012-05-03 13:48 - 2012-05-03 13:48 - 0000000 ____D C:\Windows\System32\Hauppauge
2012-05-02 17:34 - 2012-05-02 17:34 - 0000000 ____D C:\Users\Savion\AppData\Roaming\LolClient
2012-05-02 16:39 - 2012-05-02 16:39 - 0000000 ____D C:\Program Files (x86)\Pando Networks
2012-05-02 16:18 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-05-02 15:30 - 2012-05-02 15:30 - 0001186 ____A C:\Users\Savion\Desktop\TeamSpeak 3 Client.lnk
2012-05-02 15:30 - 2012-05-02 15:30 - 0000000 ____D C:\Users\Savion\AppData\Local\TeamSpeak 3 Client
2012-05-02 03:19 - 2012-05-02 03:19 - 0001100 ____A C:\Users\Savion\Desktop\MSI Afterburner.lnk
2012-05-02 02:57 - 2012-05-02 02:57 - 0000473 ____A C:\Users\Savion\Desktop\E DRIVE.lnk
2012-05-02 02:44 - 2012-05-02 02:43 - 0001123 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-02 02:44 - 2012-05-02 02:43 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-02 02:43 - 2012-05-02 02:43 - 0000000 ____D C:\Users\Savion\AppData\Roaming\WinRAR
2012-05-02 02:43 - 2012-05-02 02:43 - 0000000 ____D C:\Users\Savion\AppData\Roaming\Malwarebytes
2012-05-02 02:43 - 2012-05-02 02:43 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-05-02 02:41 - 2012-05-02 02:41 - 0000653 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-05-02 02:30 - 2012-05-02 02:30 - 0000000 ____D C:\Users\All Users\Skype
2012-05-02 02:29 - 2012-05-02 02:29 - 0000000 ____D C:\Users\All Users\Sun
2012-05-02 02:27 - 2012-05-02 02:27 - 0000000 ____D C:\Users\Savion\AppData\Roaming\ATI
2012-05-02 02:27 - 2012-05-02 02:27 - 0000000 ____D C:\Users\Savion\AppData\Local\ATI
2012-05-02 02:27 - 2012-05-02 02:27 - 0000000 ____D C:\Users\Savion\AppData\Local\AMD
2012-05-02 02:27 - 2012-05-02 02:27 - 0000000 ____D C:\Users\All Users\ATI
2012-05-02 02:27 - 2012-05-02 02:27 - 0000000 ____D C:\Program Files\Common Files\ATI Technologies
2012-05-02 02:27 - 2012-05-02 02:27 - 0000000 ____D C:\Program Files (x86)\AMD AVT
2012-05-02 02:27 - 2012-05-02 02:27 - 0000000 ____D C:\Program Files (x86)\AMD APP
2012-05-02 02:27 - 2012-05-02 02:26 - 0000000 ____D C:\Users\All Users\AMD
2012-05-02 02:26 - 2012-05-02 02:24 - 0000000 ____D C:\Program Files\ATI Technologies
2012-05-02 02:25 - 2012-05-02 02:25 - 0000000 ____D C:\Program Files\ATI
2012-05-02 02:20 - 2012-05-02 02:20 - 0001170 ____A C:\Users\Public\Desktop\Game Booster 3.lnk
2012-05-02 02:20 - 2012-05-02 02:20 - 0000000 ____D C:\Users\All Users\IObit
2012-05-02 02:20 - 2012-05-02 02:20 - 0000000 ____D C:\Program Files (x86)\ffdshow
2012-05-02 02:01 - 2012-05-02 02:01 - 0000000 ____D C:\Users\Savion\AppData\Roaming\Macromedia
2012-05-02 02:00 - 2012-05-02 01:58 - 0000000 ____D C:\Users\Savion\AppData\Local\Google
2012-05-02 01:58 - 2012-05-02 01:58 - 0000000 ____D C:\Users\Savion\AppData\Local\Apps\2.0
2012-05-02 01:52 - 2009-07-13 15:38 - 1008640 ____A (Microsoft Corporation) C:\Windows\System32\user32.dll.old
2012-05-02 01:52 - 2009-07-13 15:24 - 0833024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll.old
2012-05-02 01:46 - 2012-05-02 01:46 - 0000000 ____A C:\Windows\ativpsrm.bin
2012-05-02 01:44 - 2012-05-02 01:44 - 0000000 ____D C:\Program Files (x86)\DAEMON Tools Toolbar
2012-05-02 01:44 - 2012-05-02 01:07 - 0003572 ____A C:\WPI_Log_2012.05.02_02.07.27.txt
2012-05-02 01:42 - 2012-05-02 01:42 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-05-02 01:41 - 2012-05-02 01:41 - 0002629 ____A C:\Windows\System32\RaCoInst.log
2012-05-02 01:41 - 2012-05-02 01:41 - 0000000 ____D C:\Program Files\7-Zip
2012-05-02 01:40 - 2012-05-02 01:40 - 0000000 ____D C:\Users\Savion\AppData\Roaming\InstallShield
2012-05-02 01:40 - 2012-05-02 01:40 - 0000000 ____D C:\Users\All Users\Ralink Driver
2012-05-02 01:40 - 2012-05-02 01:40 - 0000000 ____D C:\Program Files (x86)\ATI Technologies
2012-05-02 01:39 - 2012-05-02 01:39 - 0000000 ____D C:\Users\Savion\AppData\Roaming\WinBatch
2012-05-02 01:38 - 2012-05-02 01:38 - 0000000 ____D C:\Program Files (x86)\VideoLAN
2012-05-02 01:35 - 2012-05-02 01:35 - 0000000 ____D C:\Windows\SysWOW64\QuickTime
2012-05-02 01:34 - 2012-05-02 01:34 - 0000000 ____D C:\Program Files (x86)\Combined Community Codec Pack
2012-05-02 01:07 - 2012-05-02 01:07 - 0025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2012-05-02 01:07 - 2009-07-13 21:32 - 0028672 ____A C:\Windows\System32\config\BCD-Template
2012-05-02 00:26 - 2009-07-13 19:18 - 0000000 __SHD C:\$Recycle.Bin
2012-05-02 00:25 - 2012-05-02 00:25 - 0000861 ____A C:\Tweaker.exe.lnk
2012-05-02 00:25 - 2012-05-02 00:25 - 0000020 ___SH C:\Users\Savion\ntuser.ini
2012-05-02 00:25 - 2012-05-02 00:25 - 0000000 __SHD C:\Users\Savion\Templates
2012-05-02 00:25 - 2012-05-02 00:25 - 0000000 __SHD C:\Users\Savion\Start Menu
2012-05-02 00:25 - 2012-05-02 00:25 - 0000000 __SHD C:\Users\Savion\PrintHood
2012-05-02 00:25 - 2012-05-02 00:25 - 0000000 __SHD C:\Users\Savion\NetHood
2012-05-02 00:25 - 2012-05-02 00:25 - 0000000 __SHD C:\Users\Savion\My Documents
2012-05-02 00:25 - 2012-05-02 00:25 - 0000000 __SHD C:\Users\Savion\Documents\My Videos
2012-05-02 00:25 - 2012-05-02 00:25 - 0000000 __SHD C:\Users\Savion\Documents\My Pictures
2012-05-02 00:25 - 2012-05-02 00:25 - 0000000 __SHD C:\Users\Savion\Documents\My Music
2012-05-02 00:25 - 2012-05-02 00:25 - 0000000 __SHD C:\Users\Savion\AppData\Local\Temporary Internet Files
2012-05-02 00:25 - 2012-05-02 00:25 - 0000000 __SHD C:\Users\Savion\AppData\Local\History
2012-05-02 00:25 - 2012-05-02 00:25 - 0000000 ____D C:\Program Files (x86)\Tweaker
2012-05-02 00:25 - 2009-10-14 05:08 - 0000000 ____D C:\Windows\Panther
2012-05-02 00:24 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\restore
2012-05-02 00:23 - 2012-05-02 00:23 - 0000000 __SHD C:\Users\Public\Documents\My Videos
2012-05-02 00:23 - 2012-05-02 00:23 - 0000000 __SHD C:\Users\Public\Documents\My Pictures
2012-05-02 00:23 - 2012-05-02 00:23 - 0000000 __SHD C:\Users\Public\Documents\My Music
2012-05-02 00:23 - 2012-05-02 00:23 - 0000000 __SHD C:\Users\Default\Templates
2012-05-02 00:23 - 2012-05-02 00:23 - 0000000 __SHD C:\Users\Default\Start Menu
2012-05-02 00:23 - 2012-05-02 00:23 - 0000000 __SHD C:\Users\Default\PrintHood
2012-05-02 00:23 - 2012-05-02 00:23 - 0000000 __SHD C:\Users\Default\NetHood
2012-05-02 00:23 - 2012-05-02 00:23 - 0000000 __SHD C:\Users\Default\My Documents
2012-05-02 00:23 - 2012-05-02 00:23 - 0000000 __SHD C:\Users\Default\Documents\My Videos
2012-05-02 00:23 - 2012-05-02 00:23 - 0000000 __SHD C:\Users\Default\Documents\My Pictures
2012-05-02 00:23 - 2012-05-02 00:23 - 0000000 __SHD C:\Users\Default\Documents\My Music
2012-05-02 00:23 - 2012-05-02 00:23 - 0000000 __SHD C:\Users\Default\AppData\Local\Temporary Internet Files
2012-05-02 00:23 - 2012-05-02 00:23 - 0000000 __SHD C:\Users\Default\AppData\Local\History
2012-05-02 00:23 - 2012-05-02 00:23 - 0000000 __SHD C:\Users\Default User\Documents\My Videos
2012-05-02 00:23 - 2012-05-02 00:23 - 0000000 __SHD C:\Users\Default User\Documents\My Pictures
2012-05-02 00:23 - 2012-05-02 00:23 - 0000000 __SHD C:\Users\Default User\Documents\My Music
2012-05-02 00:23 - 2012-05-02 00:23 - 0000000 __SHD C:\Users\Default User\AppData\Local\Temporary Internet Files
2012-05-02 00:23 - 2012-05-02 00:23 - 0000000 __SHD C:\Users\Default User\AppData\Local\History
2012-05-02 00:23 - 2012-05-02 00:23 - 0000000 __SHD C:\users\Default User
2012-05-02 00:23 - 2012-05-02 00:23 - 0000000 __SHD C:\Users\All Users\Templates
2012-05-02 00:23 - 2012-05-02 00:23 - 0000000 __SHD C:\Users\All Users\Start Menu
2012-05-02 00:23 - 2012-05-02 00:23 - 0000000 __SHD C:\users\All Users
2012-05-02 00:23 - 2010-05-04 10:03 - 0000000 __SHD C:\Recovery
2012-05-02 00:23 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Default
2012-05-02 00:23 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Recovery
2012-05-02 00:14 - 2012-05-02 00:14 - 0001313 ____A C:\Windows\TSSysprep.log
2012-05-02 00:14 - 2012-05-02 00:14 - 0000504 ____A C:\Windows\DtcInstall.log
2012-05-02 00:14 - 2009-07-13 21:01 - 0042045 ____A C:\Windows\SysWOW64\license.rtf
2012-05-02 00:14 - 2009-07-13 21:01 - 0042045 ____A C:\Windows\System32\license.rtf
2012-05-02 00:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-05-02 00:13 - 2012-05-02 00:13 - 0000000 ____A C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-05-02 00:09 - 2012-05-02 00:09 - 0000000 ____D C:\Windows\CSC
2012-05-02 00:09 - 2012-05-02 00:09 - 0000000 ____A C:\Windows\setuperr.log
2012-04-26 13:26 - 2012-04-26 13:26 - 0000000 ____D C:\AMD
2012-04-18 12:49 - 2012-05-21 17:37 - 0405176 ____A (Newtonsoft) C:\Windows\SysWOW64\Newtonsoft.Json.Net20.dll
2012-04-05 21:34 - 2012-04-05 21:34 - 0187392 ____A C:\Windows\System32\clinfo.exe
2012-04-05 21:34 - 2012-04-05 21:34 - 0074752 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-04-05 21:34 - 2012-04-05 21:34 - 0064512 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-04-05 21:33 - 2012-04-05 21:33 - 0063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
2012-04-05 21:33 - 2012-04-05 21:33 - 0056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2012-04-05 21:32 - 2012-04-05 21:32 - 13007872 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-04-05 21:32 - 2012-04-05 21:32 - 0054784 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-04-05 21:32 - 2012-04-05 21:32 - 0050176 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-04-05 21:22 - 2012-04-05 21:22 - 11174400 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-04-05 18:23 - 2012-04-05 18:23 - 0245896 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-04-05 18:23 - 2012-04-05 18:23 - 0245896 ____A C:\Windows\System32\atiapfxx.blb
2012-04-05 18:22 - 2012-04-05 18:22 - 0159744 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-04-05 18:21 - 2012-05-02 01:40 - 0909312 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2012-04-05 18:20 - 2012-05-02 01:40 - 1067520 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
2012-04-05 18:16 - 2012-04-05 18:16 - 0503808 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-04-05 18:16 - 2012-04-05 18:16 - 0442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-04-05 18:16 - 2012-04-05 18:16 - 0236544 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-04-05 18:14 - 2012-04-05 18:14 - 0120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-04-05 18:14 - 2012-04-05 18:14 - 0059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-04-05 18:14 - 2012-04-05 18:14 - 0043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-04-05 18:14 - 2012-04-05 18:14 - 0021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-04-05 18:13 - 2012-04-05 18:13 - 6800896 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2012-04-05 18:10 - 2012-04-05 18:10 - 26181632 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-04-05 18:00 - 2012-05-02 01:40 - 0064000 ____A (AMD) C:\Windows\System32\coinst.dll
2012-04-05 17:54 - 2012-05-02 01:40 - 7479296 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
2012-04-05 17:50 - 2012-04-05 17:50 - 19753984 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-04-05 17:35 - 2012-04-05 17:35 - 1120768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6v.dll
2012-04-05 17:34 - 2012-05-02 01:40 - 6203392 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2012-04-05 17:34 - 2012-04-05 17:34 - 4731904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2012-04-05 17:34 - 2012-04-05 17:34 - 1831424 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdmv.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 0051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 0046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 0044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 0044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-04-05 17:29 - 2012-04-05 17:29 - 2631008 ____A C:\Windows\System32\atiumd6a.cap
2012-04-05 17:29 - 2012-04-05 17:29 - 16090624 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-04-05 17:29 - 2012-04-05 17:29 - 0204952 ____A C:\Windows\SysWOW64\ativvsvl.dat
2012-04-05 17:29 - 2012-04-05 17:29 - 0204952 ____A C:\Windows\System32\ativvsvl.dat
2012-04-05 17:29 - 2012-04-05 17:29 - 0157144 ____A C:\Windows\SysWOW64\ativvsva.dat
2012-04-05 17:29 - 2012-04-05 17:29 - 0157144 ____A C:\Windows\System32\ativvsva.dat
2012-04-05 17:25 - 2012-04-05 17:25 - 13764096 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-04-05 17:23 - 2012-04-05 17:23 - 7431680 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2012-04-05 17:22 - 2012-05-02 01:40 - 4795904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2012-04-05 17:21 - 2012-04-05 17:21 - 2664704 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-04-05 17:11 - 2012-04-05 17:11 - 0514560 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 0041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 0017408 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 0014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 0014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-04-05 17:11 - 2011-10-24 03:41 - 0360448 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-04-05 17:10 - 2012-04-05 17:10 - 0343040 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-04-05 17:10 - 2012-04-05 17:10 - 0033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-04-05 17:09 - 2012-05-02 01:40 - 0054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
2012-04-05 17:09 - 2012-05-02 01:40 - 0044544 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2012-04-05 17:09 - 2012-05-02 01:40 - 0032256 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2012-04-05 17:09 - 2012-04-05 17:09 - 0053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-04-05 17:09 - 2012-04-05 17:09 - 0041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 0054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 0054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 0053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 0053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-04-04 17:47 - 2012-05-21 17:06 - 0772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-04-04 17:47 - 2012-05-21 17:06 - 0227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-04-04 17:47 - 2012-05-02 02:28 - 0687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-04-04 14:56 - 2012-05-02 02:43 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-29 02:00 - 2009-10-14 04:51 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-28 17:25 - 2012-06-06 04:56 - 5591552 ____A (Jeffrey Harris) C:\Users\Savion\Desktop\SharePod.exe
2012-03-22 12:43 - 2012-05-21 17:37 - 2557952 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtCore4.dll
2012-03-14 07:40 - 2012-03-14 07:40 - 0038288 ____A (ESET) C:\Windows\System32\Drivers\EpfwLWF.sys

C:\Windows\Installer\{717d206c-d22f-0387-060d-b567ed72417b}
C:\Windows\Installer\{717d206c-d22f-0387-060d-b567ed72417b}\@
C:\Windows\Installer\{717d206c-d22f-0387-060d-b567ed72417b}\L
C:\Windows\Installer\{717d206c-d22f-0387-060d-b567ed72417b}\U
C:\Windows\Installer\{717d206c-d22f-0387-060d-b567ed72417b}\L\00000004.@
C:\Windows\Installer\{717d206c-d22f-0387-060d-b567ed72417b}\L\1afb2d56
C:\Windows\Installer\{717d206c-d22f-0387-060d-b567ed72417b}\L\201d3dde
C:\Windows\Installer\{717d206c-d22f-0387-060d-b567ed72417b}\U\00000004.@
C:\Windows\Installer\{717d206c-d22f-0387-060d-b567ed72417b}\U\00000008.@
C:\Windows\Installer\{717d206c-d22f-0387-060d-b567ed72417b}\U\000000cb.@
C:\Windows\Installer\{717d206c-d22f-0387-060d-b567ed72417b}\U\80000000.@
C:\Windows\Installer\{717d206c-d22f-0387-060d-b567ed72417b}\U\80000032.@
C:\Windows\Installer\{717d206c-d22f-0387-060d-b567ed72417b}\U\80000064.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 8191.28 MB
Available physical RAM: 7364.19 MB
Total Pagefile: 8189.43 MB
Available Pagefile: 7350.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Local Disk) (Fixed) (Total:298.09 GB) (Free:238.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (Stuff) (Fixed) (Total:97.65 GB) (Free:68.57 GB) NTFS
3 Drive f: (Extra Stuff) (Fixed) (Total:1286.5 GB) (Free:784.07 GB) NTFS
4 Drive g: (Apr 21 2010) (CDROM) (Total:0.69 GB) (Free:0.5 GB) UDF
5 Drive h: () (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32
6 Drive i: (WILLY'S FD) (Removable) (Total:7.45 GB) (Free:4.4 GB) FAT32
7 Drive j: (PHONE CARD) (Removable) (Total:3.68 GB) (Free:3.68 GB) FAT32
11 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
12 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 1397 GB 13 GB
Disk 1 Online 298 GB 1024 KB
Disk 2 Online 7633 MB 0 B
Disk 3 Online 7633 MB 0 B
Disk 4 Online 3781 MB 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B
Disk 7 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 1286 GB 101 MB
Partition 0 Extended 97 GB 1286 GB
Partition 3 Logical 97 GB 1286 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 F Extra Stuff NTFS Partition 1286 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Stuff NTFS Partition 97 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 1024 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 C Local Disk NTFS Partition 298 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7633 MB 16 KB

======================================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT32 Removable 7633 MB Healthy

======================================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7633 MB 16 KB

======================================================================================================

Disk: 3
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I WILLY'S FD FAT32 Removable 7633 MB Healthy

======================================================================================================

Partitions of Disk 4:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3777 MB 4096 KB

======================================================================================================

Disk: 4
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 J PHONE CARD FAT32 Removable 3777 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-29 17:32

======================= End Of Log ==========================

Edited by Savion, 08 June 2012 - 04:43 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:23 PM

Posted 08 June 2012 - 07:32 AM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

C:\Windows\Installer\{717d206c-d22f-0387-060d-b567ed72417b}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Savion

Savion
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 08 June 2012 - 10:11 AM

Hey Gringo,
It seems like the gac_32/desktop.ini and installer virus still appears up on my kaspersky anti-virus.
Anyways here is the fixlog.

FIXLOG:
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 06-06-2012 04
Ran by SYSTEM at 2012-06-08 07:56:59 Run:1
Running from H:\

==============================================

C:\Windows\Installer\{717d206c-d22f-0387-060d-b567ed72417b} moved successfully.

==== End of Fixlog ====

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:23 PM

Posted 08 June 2012 - 12:47 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Savion

Savion
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 09 June 2012 - 11:32 PM

Hello Gringo,

I still have these weird pop ups from my kaspersky and I'm wondering why that is doing so.
It still requires me to reboot to remove the GAC_32/desktop.ini virus thing.
It is still persistent and keeps on telling my that my programs are trying to run the desktop.ini out of no where.
The computer is doing fine for the moment but i'm still getting those messages that keep popping up. <_<



LOG:

ComboFix 12-06-08.02 - Savion 06/08/2012 16:22:22.2.6 - x64
Microsoft Windows 7 GAMER™ 2010 6.1.7600.0.1252.1.1033.18.8191.6309 [GMT -7:00]
Running from: c:\users\Savion\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Savion\AppData\Local\assembly\tmp
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-05-08 to 2012-06-08 )))))))))))))))))))))))))))))))
.
.
2012-06-08 10:20 . 2012-06-08 10:21 -------- d-----w- C:\FRST
2012-06-08 03:25 . 2012-06-08 03:25 -------- d-----w- C:\Riot Games
2012-06-07 14:16 . 2012-06-07 14:17 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2012-06-07 14:14 . 2008-05-08 05:03 303616 ----a-w- C:\SetACL.exe
2012-06-07 14:04 . 2012-06-07 14:20 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-06-07 14:03 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe
2012-06-07 14:01 . 2012-06-07 14:20 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-06-07 13:57 . 2012-06-07 13:57 -------- d-----w- c:\programdata\HitmanPro
2012-06-07 12:56 . 2012-06-07 12:56 -------- d-----w- C:\_OTM
2012-06-07 11:00 . 2012-06-08 23:29 -------- d-----w- c:\programdata\Kaspersky Lab
2012-06-07 11:00 . 2012-06-07 11:00 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-06-07 10:50 . 2012-06-07 10:50 -------- d-----w- c:\program files\EAGAME~1
2012-06-06 23:26 . 2012-06-06 23:30 -------- d-----w- c:\program files (x86)\TEdit
2012-06-06 22:40 . 2012-06-06 22:40 -------- d-----w- c:\programdata\Sophos
2012-06-06 22:40 . 2012-06-06 22:40 73728 ----a-r- c:\users\Savion\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-06-06 22:40 . 2012-06-06 22:40 73728 ----a-r- c:\users\Savion\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-06-06 22:40 . 2012-06-06 22:40 73728 ----a-r- c:\users\Savion\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-06-06 22:40 . 2012-06-06 22:40 -------- d-----w- c:\program files (x86)\Sophos
2012-06-06 22:23 . 2012-06-06 22:23 -------- d-----w- c:\users\Savion\AppData\Roaming\PowerISO
2012-06-06 22:22 . 2012-06-06 22:22 -------- d-----w- c:\program files (x86)\PowerISO
2012-06-06 22:22 . 2012-05-31 04:10 126944 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-06-06 21:04 . 2012-06-07 20:38 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-06 20:46 . 2012-06-06 20:46 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\AMD
2012-06-06 20:45 . 2012-06-06 20:45 -------- d-----w- c:\users\Default\AppData\Roaming\IObit
2012-06-06 20:45 . 2012-06-06 20:45 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\ATI
2012-06-06 20:45 . 2012-06-06 20:45 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\ATI
2012-06-06 20:23 . 2012-06-06 20:23 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2012-06-06 20:12 . 2012-06-06 20:14 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-06-06 20:06 . 2012-06-06 20:06 -------- d-----w- c:\users\Savion\AppData\Roaming\IObit
2012-06-06 19:44 . 2012-06-06 19:44 388096 ----a-r- c:\users\Savion\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-06 19:44 . 2012-06-06 19:44 -------- d-----w- c:\program files (x86)\Trend Micro
2012-06-06 14:26 . 2012-06-06 19:28 48599 ----a-w- c:\windows\SysWow64\epfwdata.bin
2012-06-06 14:00 . 2012-06-06 19:40 -------- d-----w- c:\program files\ESET
2012-06-06 13:32 . 2012-06-06 13:32 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-06 13:13 . 2012-06-07 20:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-06 13:13 . 2012-06-06 13:17 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-06-06 13:00 . 2012-06-06 13:00 -------- d-----w- c:\users\Savion\AppData\Roaming\DiskAid
2012-06-06 10:25 . 2012-06-06 10:25 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-06 10:25 . 2012-06-06 10:25 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-06 10:25 . 2012-06-06 10:25 -------- d-----w- c:\windows\system32\Macromed
2012-06-05 06:01 . 2012-06-05 06:01 -------- d-----w- c:\users\Savion\AppData\Local\storage
2012-06-03 12:27 . 2012-06-03 12:27 -------- d-----w- c:\program files (x86)\Rockstar Games
2012-06-03 12:05 . 2012-06-03 12:05 -------- d-----w- c:\programdata\Rockstar Games
2012-06-03 11:59 . 1999-04-09 09:14 416304 ----a-w- c:\windows\SysWow64\MPG4C32.DLL
2012-06-03 11:56 . 2012-06-03 11:57 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2012-06-02 09:14 . 2012-06-02 09:14 -------- d-----w- c:\users\Savion\AppData\Local\Chromium
2012-06-01 22:39 . 2012-06-08 23:28 -------- d-----w- c:\users\Savion\AppData\Local\assembly
2012-06-01 04:38 . 2012-06-01 04:38 -------- d-----w- c:\program files (x86)\Common Files\EAInstaller
2012-06-01 04:38 . 2012-06-01 04:38 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-05-31 22:25 . 2012-05-31 22:25 -------- d-----w- c:\programdata\Codemasters
2012-05-31 22:25 . 2012-05-31 22:25 -------- d-----w- c:\users\Savion\AppData\Local\FLT
2012-05-31 22:23 . 2011-09-06 03:57 1306624 ----a-w- c:\windows\SysWow64\rapture3d_oal.dll
2012-05-31 22:23 . 2010-09-22 21:12 19087360 ----a-w- c:\windows\SysWow64\mkl_blueripple.dll
2012-05-31 22:23 . 2012-05-31 22:23 -------- d-----w- c:\program files (x86)\BRS
2012-05-31 22:23 . 2012-05-31 22:23 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-05-31 22:23 . 2012-05-31 22:23 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-05-31 22:23 . 2012-05-31 22:23 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-05-31 22:23 . 2012-05-31 22:23 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-05-31 22:23 . 2012-05-31 22:23 -------- d-----w- c:\program files (x86)\OpenAL
2012-05-31 08:08 . 2012-05-31 08:10 -------- d-----w- c:\users\Savion\AppData\Local\Ubisoft Game Launcher
2012-05-31 08:07 . 2012-05-31 08:07 -------- d-----w- c:\programdata\Ubisoft
2012-05-31 08:07 . 2012-05-31 08:07 -------- d-----w- c:\program files (x86)\Ubisoft
2012-05-31 02:19 . 2012-05-31 02:19 -------- d-----w- c:\programdata\LightScribe
2012-05-31 02:19 . 2012-05-31 02:57 -------- d-----w- c:\users\Savion\AppData\Roaming\Nero
2012-05-31 02:15 . 2012-05-31 02:16 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-05-31 02:15 . 2012-05-31 02:17 -------- d-----w- c:\program files (x86)\Nero
2012-05-31 02:15 . 2012-05-31 02:17 -------- d-----w- c:\programdata\Nero
2012-05-31 00:33 . 2012-05-31 00:33 -------- d-----w- c:\program files (x86)\Common Files\LightScribe
2012-05-28 09:39 . 2012-05-28 09:42 -------- d-----w- c:\users\Savion\AppData\Local\GRAW2
2012-05-28 09:39 . 2012-05-28 09:39 -------- d-----w- c:\programdata\GRAW2
2012-05-28 09:25 . 2012-05-28 09:25 -------- d-----w- c:\programdata\Media Center Programs
2012-05-28 08:32 . 2012-06-06 08:57 -------- d-----w- c:\users\Savion\AppData\Roaming\Apple Computer
2012-05-28 08:32 . 2012-05-28 08:32 -------- d-----w- c:\users\Savion\AppData\Local\Apple Computer
2012-05-28 08:31 . 2012-05-28 08:31 -------- dc----w- c:\windows\system32\DRVSTORE
2012-05-28 08:31 . 2009-05-18 20:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-05-28 08:29 . 2012-05-28 08:30 -------- d-----w- c:\programdata\Apple
2012-05-27 05:09 . 2012-05-27 05:10 -------- d-----w- c:\users\Savion\AppData\Roaming\Notepad++
2012-05-25 01:01 . 2012-05-25 01:01 -------- d-----w- c:\program files\Nexus Mod Manager
2012-05-24 23:44 . 2012-05-24 23:44 -------- d-----w- c:\users\Savion\AppData\Roaming\LolClient2
2012-05-24 23:25 . 2002-07-03 18:44 53248 ----a-w- c:\windows\amcap.exe
2012-05-24 23:25 . 1998-06-12 06:15 307200 ----a-w- c:\windows\vidcap32.exe
2012-05-24 23:22 . 2012-05-24 23:22 -------- d-----w- c:\program files (x86)\Girl Tech
2012-05-24 23:20 . 2012-05-24 23:20 -------- d-----w- c:\program files (x86)\JL2005C
2012-05-24 12:19 . 2012-05-24 13:35 -------- d-----w- c:\users\Savion\AppData\Roaming\wargaming.net
2012-05-23 22:50 . 2012-05-25 01:03 -------- d-----w- c:\users\Savion\AppData\Local\Black_Tree_Gaming
2012-05-23 22:37 . 2012-05-25 01:11 -------- d-----w- c:\users\Savion\AppData\Local\Skyrim
2012-05-22 03:26 . 2012-05-22 05:35 -------- d-----w- c:\users\Savion\AppData\Roaming\Audacity
2012-05-22 03:26 . 2012-05-22 03:26 -------- d-----w- c:\program files (x86)\Audacity
2012-05-22 01:37 . 2012-03-22 20:43 2557952 ----a-w- c:\windows\SysWow64\QtCore4.dll
2012-05-22 01:37 . 2012-04-18 20:49 405176 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-05-22 01:37 . 2012-05-22 01:37 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2012-05-22 01:37 . 2012-05-22 01:37 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2012-05-22 01:37 . 2012-05-22 01:37 -------- d-----w- c:\users\Savion\AppData\Roaming\DVDVideoSoft
2012-05-22 01:08 . 2012-05-22 01:08 -------- d-----w- c:\windows\Sun
2012-05-22 01:07 . 2012-05-22 01:07 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-22 01:07 . 2012-05-22 01:07 -------- d-----w- c:\program files (x86)\Oracle
2012-05-22 01:06 . 2012-04-05 01:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-22 01:06 . 2012-05-22 01:06 -------- d-----w- c:\program files (x86)\Java
2012-05-21 19:26 . 2012-05-21 19:26 -------- d-----w- c:\program files (x86)\Microsoft XNA
2012-05-21 10:00 . 2012-05-21 10:00 -------- d-----w- c:\users\Savion\Cisco Packet Tracer 5.3
2012-05-21 09:58 . 2012-05-21 09:59 -------- d-----w- c:\program files (x86)\Cisco Packet Tracer 5.3
2012-05-21 01:34 . 2012-05-21 01:34 -------- d-----w- c:\windows\SysWow64\xlive
2012-05-21 01:34 . 2012-05-21 01:34 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-05-20 21:55 . 2012-05-21 01:11 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-05-20 21:24 . 2012-05-20 21:24 -------- d-----w- c:\users\Savion\AppData\Roaming\.clickme
2012-05-18 23:48 . 2012-06-07 01:09 -------- d-----w- c:\program files (x86)\Dxtory License Cracked
2012-05-18 23:48 . 2011-05-24 06:29 3673600 ----a-w- c:\windows\system32\DxtoryCodec64.dll
2012-05-18 23:48 . 2011-05-24 06:23 3166720 ----a-w- c:\windows\SysWow64\DxtoryCodec.dll
2012-05-18 11:05 . 2012-05-18 11:05 -------- d-----r- C:\MSOCache
2012-05-18 09:57 . 2012-05-18 09:57 -------- d-----w- c:\users\Savion\AppData\Roaming\Media Player Classic
2012-05-16 04:42 . 2012-05-21 01:11 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-05-16 04:32 . 2012-05-16 04:32 -------- d-----w- c:\programdata\Battle.net
2012-05-12 08:13 . 2011-05-30 13:42 255488 ----a-w- c:\windows\system32\xvidvfw.dll
2012-05-12 08:13 . 2011-05-23 09:52 153088 ----a-w- c:\windows\SysWow64\xvid.ax
2012-05-12 08:13 . 2011-05-23 07:49 173568 ----a-w- c:\windows\system32\xvid.ax
2012-05-12 08:13 . 2011-05-23 07:45 696832 ----a-w- c:\windows\system32\xvidcore.dll
2012-05-12 08:08 . 2012-05-12 08:08 -------- d-----w- c:\users\Savion\AppData\Roaming\Sony Creative Software Inc
2012-05-12 08:01 . 2012-05-12 08:01 -------- d-----w- c:\users\Savion\AppData\Roaming\Publish Providers
2012-05-12 07:58 . 2012-05-12 07:59 -------- d-----w- c:\users\Savion\AppData\Local\Sony
2012-05-12 07:58 . 2012-05-12 07:58 -------- d-----w- c:\programdata\Sony
2012-05-12 07:58 . 2012-05-12 07:58 -------- d-----w- c:\program files (x86)\Sony
2012-05-12 07:55 . 2012-05-13 01:12 -------- d-----w- c:\users\Savion\AppData\Roaming\Sony
2012-05-10 09:41 . 2012-06-08 23:28 -------- d-----w- c:\users\Savion\AppData\Local\LogMeIn Hamachi
2012-05-10 09:40 . 2012-06-08 23:30 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\LogMeIn Hamachi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 22:51 . 2012-05-04 22:52 544032 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-04 22:51 . 2012-05-04 22:52 525600 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 07:57 . 2012-05-04 07:57 715038 ----a-w- c:\windows\unins000.exe
2012-05-04 07:29 . 2012-05-04 07:29 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-05-04 07:21 . 2012-05-04 07:21 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-04 02:47 . 2012-05-02 09:43 560184 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-05-02 09:52 . 2009-07-13 23:38 1008640 ----a-w- c:\windows\system32\user32.dll.old
2012-05-02 09:52 . 2009-07-13 23:24 833024 ----a-w- c:\windows\SysWow64\user32.dll.old
2012-04-06 05:34 . 2012-04-06 05:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 05:34 . 2012-04-06 05:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-06 05:34 . 2012-04-06 05:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-06 05:33 . 2012-04-06 05:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-06 05:33 . 2012-04-06 05:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-06 05:32 . 2012-04-06 05:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-06 05:32 . 2012-04-06 05:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-06 05:32 . 2012-04-06 05:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-05-02 09:40 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2012-05-02 09:40 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2012-05-02 09:40 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2012-05-02 09:40 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-05-02 09:40 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-05-02 09:40 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2011-10-24 11:41 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2012-05-02 09:40 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-05-02 09:40 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-05-02 09:40 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-04-05 01:47 . 2012-05-02 10:28 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 22:56 . 2012-05-02 10:43 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-14 15:40 . 2012-03-14 15:40 38288 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[-] 2009-07-14 . 50BEA589F7D7958BDD2528A8F69D05CC . 329216 . . [6.1.7600.16385] .. c:\windows\system32\services.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
"uTorrent"="d:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-11 880496]
"Steam"="e:\program files (x86)\Steam\Steam.exe" [2012-05-04 1242448]
"Welcome Center"="c:\windows\system32\rundll32.exe" [2009-07-14 44544]
"Xvid"="e:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Dxtory Update Checker 2.0"="c:\program files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe" [2010-10-17 93696]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="e:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"LogMeIn Hamachi Ui"="e:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-29 1987976]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-05-09 4464472]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-05-31 336992]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-25 202296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Welcome Center"="c:\windows\system32\rundll32.exe" [2009-07-14 44544]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 257696]
R3 BlackBox;BlackBox SR2; [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-06 21384]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-05-03 1038088]
R3 GPU-Z;GPU-Z;c:\users\Savion\AppData\Local\Temp\GPU-Z.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-04-28 33184]
R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2012-04-19 10568]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-04-28 21872]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [2010-11-01 14544]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;e:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-29 2343816]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-10 821592]
S2 iTeleportService;iTeleportService;e:\program files (x86)\iTeleport\iTeleport Connect\iTeleportService.exe [2011-12-08 25600]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-04-09 3063968]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 HCW723x;Hauppauge WinTV 723x PCIe Card;c:\windows\system32\DRIVERS\HCW723x.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 10:25]
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1857216960-1225585824-2230566925-1000Core.job
- c:\users\Savion\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-02 09:58]
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1857216960-1225585824-2230566925-1000UA.job
- c:\users\Savion\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-02 09:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: mswsock.dll
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Wow6432Node-HKU-Default-Run-DAEMON Tools Lite - c:\program files (x86)\DAEMON Tools Lite\DTLite.exe
Notify-klogon - (no file)
Toolbar-Locked - (no file)
AddRemove-Alan Wake American Nightmare_is1 - c:\program files (x86)\GOG.com\Alan Wake American Nightmare\unins000.exe
AddRemove-Sniper Elite V2_is1 - c:\program files (x86)\Rebellion\SniperEliteV2\unins000.exe
.
.
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
e:\program files (x86)\RealVNC\VNC4\WinVNC4.exe
.
**************************************************************************
.
Completion time: 2012-06-08 16:35:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-08 23:35
.
Pre-Run: 255,834,632,192 bytes free
Post-Run: 255,585,337,344 bytes free
.
- - End Of File - - 52FD11B7BBA47678F20C64DBF7966EDB

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:23 PM

Posted 09 June 2012 - 11:39 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Savion

Savion
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 10 June 2012 - 04:45 AM

No problems at the moment. But my DNS server randomly went down for only my computer.
Some times the malware locks me out and i can not run any programs at all without having a weird pop-up that says i do not have permissions to open the file.

TDSS LOG:
22:42:25.0399 11028 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
22:42:27.0401 11028 ============================================================
22:42:27.0401 11028 Current date / time: 2012/06/09 22:42:27.0401
22:42:27.0401 11028 SystemInfo:
22:42:27.0401 11028
22:42:27.0402 11028 OS Version: 6.1.7600 ServicePack: 0.0
22:42:27.0402 11028 Product type: Workstation
22:42:27.0402 11028 ComputerName: SAVION-PC
22:42:27.0402 11028 UserName: Savion
22:42:27.0402 11028 Windows directory: C:\Windows
22:42:27.0402 11028 System windows directory: C:\Windows
22:42:27.0402 11028 Running under WOW64
22:42:27.0402 11028 Processor architecture: Intel x64
22:42:27.0402 11028 Number of processors: 6
22:42:27.0402 11028 Page size: 0x1000
22:42:27.0402 11028 Boot type: Normal boot
22:42:27.0402 11028 ============================================================
22:42:28.0310 11028 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:42:28.0330 11028 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:42:28.0348 11028 Drive \Device\Harddisk2\DR2 - Size: 0x1DD180000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:42:28.0370 11028 ============================================================
22:42:28.0370 11028 \Device\Harddisk0\DR0:
22:42:28.0392 11028 MBR partitions:
22:42:28.0392 11028 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:42:28.0392 11028 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xA0D01800
22:42:28.0423 11028 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xA0D34800, BlocksNum 0xC34F000
22:42:28.0423 11028 \Device\Harddisk1\DR1:
22:42:28.0424 11028 MBR partitions:
22:42:28.0424 11028 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D000
22:42:28.0424 11028 \Device\Harddisk2\DR2:
22:42:28.0425 11028 MBR partitions:
22:42:28.0426 11028 \Device\Harddisk2\DR2\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEE8BE0
22:42:28.0426 11028 ============================================================
22:42:28.0571 11028 C: <-> \Device\Harddisk1\DR1\Partition0
22:42:28.0605 11028 D: <-> \Device\Harddisk0\DR0\Partition2
22:42:28.0656 11028 E: <-> \Device\Harddisk0\DR0\Partition1
22:42:28.0657 11028 ============================================================
22:42:28.0657 11028 Initialize success
22:42:28.0657 11028 ============================================================
22:42:34.0877 11112 ============================================================
22:42:34.0877 11112 Scan started
22:42:34.0877 11112 Mode: Manual;
22:42:34.0877 11112 ============================================================
22:42:37.0556 11112 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
22:42:37.0569 11112 1394ohci - ok
22:42:37.0661 11112 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
22:42:37.0664 11112 ACPI - ok
22:42:37.0684 11112 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
22:42:37.0686 11112 AcpiPmi - ok
22:42:37.0858 11112 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
22:42:37.0860 11112 adfs - ok
22:42:38.0095 11112 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:42:38.0097 11112 AdobeARMservice - ok
22:42:38.0447 11112 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:42:38.0449 11112 AdobeFlashPlayerUpdateSvc - ok
22:42:38.0487 11112 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:42:38.0493 11112 adp94xx - ok
22:42:38.0524 11112 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:42:38.0529 11112 adpahci - ok
22:42:38.0551 11112 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:42:38.0554 11112 adpu320 - ok
22:42:38.0582 11112 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:42:38.0583 11112 AeLookupSvc - ok
22:42:38.0615 11112 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
22:42:38.0621 11112 AFD - ok
22:42:38.0637 11112 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
22:42:38.0639 11112 agp440 - ok
22:42:38.0654 11112 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:42:38.0656 11112 ALG - ok
22:42:38.0712 11112 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
22:42:38.0786 11112 aliide - ok
22:42:38.0841 11112 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
22:42:38.0844 11112 AMD External Events Utility - ok
22:42:38.0914 11112 AMD FUEL Service - ok
22:42:38.0928 11112 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
22:42:38.0929 11112 amdide - ok
22:42:38.0944 11112 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
22:42:38.0945 11112 amdiox64 - ok
22:42:38.0972 11112 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:42:38.0974 11112 AmdK8 - ok
22:42:40.0806 11112 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
22:42:41.0037 11112 amdkmdag - ok
22:42:41.0212 11112 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
22:42:41.0216 11112 amdkmdap - ok
22:42:41.0248 11112 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:42:41.0249 11112 AmdPPM - ok
22:42:41.0273 11112 amdsata (f747497a0ee5498f79b207f215b3d2d8) C:\Windows\system32\DRIVERS\amdsata.sys
22:42:41.0274 11112 amdsata - ok
22:42:41.0301 11112 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:42:41.0304 11112 amdsbs - ok
22:42:41.0343 11112 amdxata (2946d695e158615baaa16248e63c7adb) C:\Windows\system32\DRIVERS\amdxata.sys
22:42:41.0344 11112 amdxata - ok
22:42:41.0447 11112 AODDriver4.1 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
22:42:41.0449 11112 AODDriver4.1 - ok
22:42:41.0508 11112 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
22:42:41.0510 11112 AppID - ok
22:42:41.0529 11112 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:42:41.0530 11112 AppIDSvc - ok
22:42:41.0546 11112 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
22:42:41.0547 11112 Appinfo - ok
22:42:41.0632 11112 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:42:41.0633 11112 Apple Mobile Device - ok
22:42:41.0648 11112 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
22:42:41.0651 11112 AppMgmt - ok
22:42:41.0673 11112 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:42:41.0675 11112 arc - ok
22:42:41.0682 11112 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:42:41.0683 11112 arcsas - ok
22:42:42.0008 11112 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:42:42.0016 11112 aspnet_state - ok
22:42:42.0108 11112 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:42:42.0109 11112 AsyncMac - ok
22:42:42.0193 11112 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
22:42:42.0194 11112 atapi - ok
22:42:42.0447 11112 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
22:42:42.0482 11112 AtiHDAudioService - ok
22:42:42.0790 11112 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
22:42:42.0798 11112 AudioEndpointBuilder - ok
22:42:42.0804 11112 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
22:42:42.0807 11112 AudioSrv - ok
22:42:42.0995 11112 AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
22:42:42.0996 11112 AVP - ok
22:42:43.0101 11112 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
22:42:43.0104 11112 AxInstSV - ok
22:42:43.0240 11112 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:42:43.0262 11112 b06bdrv - ok
22:42:43.0324 11112 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:42:43.0328 11112 b57nd60a - ok
22:42:43.0367 11112 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:42:43.0368 11112 Beep - ok
22:42:43.0557 11112 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
22:42:43.0565 11112 BFE - ok
22:42:43.0681 11112 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
22:42:43.0703 11112 BITS - ok
22:42:43.0775 11112 BlackBox - ok
22:42:43.0810 11112 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:42:43.0811 11112 blbdrive - ok
22:42:43.0940 11112 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:42:43.0943 11112 Bonjour Service - ok
22:42:44.0027 11112 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
22:42:44.0029 11112 bowser - ok
22:42:44.0053 11112 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:42:44.0054 11112 BrFiltLo - ok
22:42:44.0114 11112 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:42:44.0115 11112 BrFiltUp - ok
22:42:44.0297 11112 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:42:44.0299 11112 BridgeMP - ok
22:42:44.0396 11112 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
22:42:44.0464 11112 Browser - ok
22:42:44.0933 11112 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:42:44.0947 11112 Brserid - ok
22:42:44.0964 11112 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:42:44.0965 11112 BrSerWdm - ok
22:42:44.0982 11112 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:42:44.0984 11112 BrUsbMdm - ok
22:42:44.0996 11112 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:42:44.0997 11112 BrUsbSer - ok
22:42:45.0014 11112 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:42:45.0016 11112 BTHMODEM - ok
22:42:45.0128 11112 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:42:45.0153 11112 bthserv - ok
22:42:45.0194 11112 catchme - ok
22:42:45.0219 11112 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:42:45.0222 11112 cdfs - ok
22:42:45.0270 11112 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
22:42:45.0273 11112 cdrom - ok
22:42:45.0371 11112 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
22:42:45.0373 11112 CertPropSvc - ok
22:42:45.0411 11112 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:42:45.0412 11112 circlass - ok
22:42:45.0445 11112 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:42:45.0450 11112 CLFS - ok
22:42:45.0494 11112 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:42:45.0497 11112 clr_optimization_v2.0.50727_32 - ok
22:42:45.0541 11112 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:42:45.0543 11112 clr_optimization_v2.0.50727_64 - ok
22:42:45.0598 11112 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:42:45.0600 11112 clr_optimization_v4.0.30319_32 - ok
22:42:45.0710 11112 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:42:45.0712 11112 clr_optimization_v4.0.30319_64 - ok
22:42:45.0798 11112 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:42:45.0799 11112 CmBatt - ok
22:42:45.0845 11112 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
22:42:45.0846 11112 cmdide - ok
22:42:45.0923 11112 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
22:42:45.0928 11112 CNG - ok
22:42:45.0943 11112 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:42:45.0944 11112 Compbatt - ok
22:42:45.0956 11112 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:42:45.0959 11112 CompositeBus - ok
22:42:45.0961 11112 COMSysApp - ok
22:42:45.0972 11112 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:42:45.0973 11112 crcdisk - ok
22:42:45.0998 11112 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
22:42:46.0001 11112 CryptSvc - ok
22:42:46.0041 11112 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
22:42:46.0047 11112 CSC - ok
22:42:46.0099 11112 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
22:42:46.0106 11112 CscService - ok
22:42:46.0153 11112 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
22:42:46.0159 11112 DcomLaunch - ok
22:42:46.0194 11112 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:42:46.0199 11112 defragsvc - ok
22:42:46.0236 11112 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
22:42:46.0238 11112 DfsC - ok
22:42:46.0259 11112 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
22:42:46.0263 11112 Dhcp - ok
22:42:46.0285 11112 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:42:46.0287 11112 discache - ok
22:42:46.0303 11112 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:42:46.0304 11112 Disk - ok
22:42:46.0356 11112 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
22:42:46.0359 11112 Dnscache - ok
22:42:46.0406 11112 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
22:42:46.0410 11112 dot3svc - ok
22:42:46.0433 11112 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
22:42:46.0436 11112 DPS - ok
22:42:46.0478 11112 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:42:46.0479 11112 drmkaud - ok
22:42:46.0533 11112 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
22:42:46.0536 11112 dtsoftbus01 - ok
22:42:46.0672 11112 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
22:42:46.0683 11112 DXGKrnl - ok
22:42:46.0760 11112 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
22:42:46.0763 11112 E1G60 - ok
22:42:46.0775 11112 EagleX64 - ok
22:42:46.0799 11112 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:42:46.0802 11112 EapHost - ok
22:42:47.0171 11112 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:42:47.0312 11112 ebdrv - ok
22:42:47.0591 11112 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
22:42:47.0593 11112 EFS - ok
22:42:47.0680 11112 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
22:42:47.0685 11112 ehRecvr - ok
22:42:47.0737 11112 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:42:47.0738 11112 ehSched - ok
22:42:47.0798 11112 ekrn - ok
22:42:47.0859 11112 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:42:47.0866 11112 elxstor - ok
22:42:47.0875 11112 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
22:42:47.0876 11112 ErrDev - ok
22:42:47.0921 11112 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:42:47.0926 11112 EventSystem - ok
22:42:47.0949 11112 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:42:47.0952 11112 exfat - ok
22:42:47.0975 11112 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:42:47.0978 11112 fastfat - ok
22:42:48.0016 11112 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
22:42:48.0024 11112 Fax - ok
22:42:48.0042 11112 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:42:48.0044 11112 fdc - ok
22:42:48.0056 11112 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:42:48.0057 11112 fdPHost - ok
22:42:48.0079 11112 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:42:48.0081 11112 FDResPub - ok
22:42:48.0092 11112 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:42:48.0093 11112 FileInfo - ok
22:42:48.0193 11112 FileMonitor (060cc45cecae2feaff9c8c52d8fafaa8) C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys
22:42:48.0195 11112 FileMonitor - ok
22:42:48.0218 11112 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:42:48.0219 11112 Filetrace - ok
22:42:48.0309 11112 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:42:48.0327 11112 FLEXnet Licensing Service - ok
22:42:48.0456 11112 FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
22:42:48.0467 11112 FLEXnet Licensing Service 64 - ok
22:42:48.0668 11112 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:42:48.0669 11112 flpydisk - ok
22:42:48.0709 11112 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
22:42:48.0713 11112 FltMgr - ok
22:42:48.0778 11112 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
22:42:48.0791 11112 FontCache - ok
22:42:48.0856 11112 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:42:48.0858 11112 FontCache3.0.0.0 - ok
22:42:48.0891 11112 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:42:48.0893 11112 FsDepends - ok
22:42:48.0913 11112 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
22:42:48.0915 11112 Fs_Rec - ok
22:42:48.0926 11112 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:42:48.0928 11112 gagp30kx - ok
22:42:48.0946 11112 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:42:48.0948 11112 GEARAspiWDM - ok
22:42:48.0993 11112 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
22:42:49.0002 11112 gpsvc - ok
22:42:49.0134 11112 GPU-Z - ok
22:42:49.0170 11112 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
22:42:49.0172 11112 hamachi - ok
22:42:49.0353 11112 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
22:42:49.0366 11112 Hamachi2Svc - ok
22:42:49.0478 11112 HCW723x (02b592c2aecff69f844aa8f4520c39e9) C:\Windows\system32\DRIVERS\HCW723x.sys
22:42:49.0499 11112 HCW723x - ok
22:42:49.0626 11112 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:42:49.0628 11112 hcw85cir - ok
22:42:49.0674 11112 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
22:42:49.0679 11112 HdAudAddService - ok
22:42:49.0708 11112 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:42:49.0710 11112 HDAudBus - ok
22:42:49.0725 11112 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:42:49.0726 11112 HidBatt - ok
22:42:49.0741 11112 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:42:49.0744 11112 HidBth - ok
22:42:49.0911 11112 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:42:49.0912 11112 HidIr - ok
22:42:49.0933 11112 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
22:42:49.0935 11112 hidserv - ok
22:42:49.0949 11112 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
22:42:49.0950 11112 HidUsb - ok
22:42:49.0975 11112 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
22:42:49.0977 11112 hkmsvc - ok
22:42:49.0997 11112 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
22:42:50.0001 11112 HomeGroupListener - ok
22:42:50.0039 11112 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
22:42:50.0043 11112 HomeGroupProvider - ok
22:42:50.0061 11112 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
22:42:50.0063 11112 HpSAMD - ok
22:42:50.0099 11112 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
22:42:50.0108 11112 HTTP - ok
22:42:50.0126 11112 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
22:42:50.0127 11112 hwpolicy - ok
22:42:50.0144 11112 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:42:50.0146 11112 i8042prt - ok
22:42:50.0187 11112 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
22:42:50.0192 11112 iaStorV - ok
22:42:50.0281 11112 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:42:50.0291 11112 idsvc - ok
22:42:50.0312 11112 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:42:50.0314 11112 iirsp - ok
22:42:50.0366 11112 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
22:42:50.0376 11112 IKEEXT - ok
22:42:50.0479 11112 IMFservice (8ae99ebe30e8338907361018d9030835) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
22:42:50.0489 11112 IMFservice - ok
22:42:50.0733 11112 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
22:42:50.0760 11112 IntcAzAudAddService - ok
22:42:50.0889 11112 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
22:42:50.0890 11112 intelide - ok
22:42:50.0907 11112 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:42:50.0909 11112 intelppm - ok
22:42:50.0938 11112 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:42:50.0940 11112 IPBusEnum - ok
22:42:50.0960 11112 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:42:50.0963 11112 IpFilterDriver - ok
22:42:51.0010 11112 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
22:42:51.0017 11112 iphlpsvc - ok
22:42:51.0024 11112 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:42:51.0026 11112 IPMIDRV - ok
22:42:51.0034 11112 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:42:51.0036 11112 IPNAT - ok
22:42:51.0164 11112 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
22:42:51.0170 11112 iPod Service - ok
22:42:51.0196 11112 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:42:51.0198 11112 IRENUM - ok
22:42:51.0206 11112 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
22:42:51.0207 11112 isapnp - ok
22:42:51.0232 11112 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
22:42:51.0236 11112 iScsiPrt - ok
22:42:51.0280 11112 iTeleportService (42ca31fcfb1f023e91243b688f022c1f) E:\Program Files (x86)\iTeleport\iTeleport Connect\iTeleportService.exe
22:42:51.0281 11112 iTeleportService - ok
22:42:51.0293 11112 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:42:51.0295 11112 kbdclass - ok
22:42:51.0344 11112 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
22:42:51.0345 11112 kbdhid - ok
22:42:51.0374 11112 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:42:51.0375 11112 KeyIso - ok
22:42:51.0433 11112 KL1 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys
22:42:51.0440 11112 KL1 - ok
22:42:51.0479 11112 kl2 (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys
22:42:51.0480 11112 kl2 - ok
22:42:51.0533 11112 KLIF (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys
22:42:51.0541 11112 KLIF - ok
22:42:51.0576 11112 KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys
22:42:51.0577 11112 KLIM6 - ok
22:42:51.0607 11112 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
22:42:51.0609 11112 klmouflt - ok
22:42:51.0634 11112 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
22:42:51.0636 11112 KSecDD - ok
22:42:51.0650 11112 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
22:42:51.0653 11112 KSecPkg - ok
22:42:51.0677 11112 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:42:51.0678 11112 ksthunk - ok
22:42:51.0715 11112 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:42:51.0720 11112 KtmRm - ok
22:42:51.0777 11112 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
22:42:51.0781 11112 LanmanServer - ok
22:42:51.0802 11112 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
22:42:51.0805 11112 LanmanWorkstation - ok
22:42:51.0884 11112 LightScribeService (83d8be94e1cbcbe2ea8372db1a95a159) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
22:42:51.0885 11112 LightScribeService - ok
22:42:51.0915 11112 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:42:51.0917 11112 lltdio - ok
22:42:51.0954 11112 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:42:51.0959 11112 lltdsvc - ok
22:42:51.0973 11112 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:42:51.0975 11112 lmhosts - ok
22:42:51.0990 11112 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:42:51.0993 11112 LSI_FC - ok
22:42:52.0005 11112 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:42:52.0008 11112 LSI_SAS - ok
22:42:52.0022 11112 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:42:52.0024 11112 LSI_SAS2 - ok
22:42:52.0039 11112 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:42:52.0041 11112 LSI_SCSI - ok
22:42:52.0057 11112 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:42:52.0059 11112 luafv - ok
22:42:52.0076 11112 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
22:42:52.0077 11112 MBAMProtector - ok
22:42:52.0127 11112 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:42:52.0136 11112 MBAMService - ok
22:42:52.0161 11112 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
22:42:52.0164 11112 Mcx2Svc - ok
22:42:52.0186 11112 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:42:52.0188 11112 megasas - ok
22:42:52.0204 11112 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:42:52.0207 11112 MegaSR - ok
22:42:52.0251 11112 Microsoft SharePoint Workspace Audit Service - ok
22:42:52.0266 11112 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:42:52.0268 11112 MMCSS - ok
22:42:52.0277 11112 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:42:52.0279 11112 Modem - ok
22:42:52.0289 11112 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:42:52.0291 11112 monitor - ok
22:42:52.0312 11112 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:42:52.0314 11112 mouclass - ok
22:42:52.0326 11112 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:42:52.0328 11112 mouhid - ok
22:42:52.0345 11112 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
22:42:52.0347 11112 mountmgr - ok
22:42:52.0362 11112 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
22:42:52.0365 11112 mpio - ok
22:42:52.0374 11112 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:42:52.0377 11112 mpsdrv - ok
22:42:52.0439 11112 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
22:42:52.0449 11112 MpsSvc - ok
22:42:52.0468 11112 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
22:42:52.0470 11112 MRxDAV - ok
22:42:52.0492 11112 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:42:52.0495 11112 mrxsmb - ok
22:42:52.0508 11112 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:42:52.0512 11112 mrxsmb10 - ok
22:42:52.0529 11112 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:42:52.0531 11112 mrxsmb20 - ok
22:42:52.0554 11112 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
22:42:52.0556 11112 msahci - ok
22:42:52.0568 11112 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
22:42:52.0570 11112 msdsm - ok
22:42:52.0601 11112 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:42:52.0605 11112 MSDTC - ok
22:42:52.0635 11112 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:42:52.0636 11112 Msfs - ok
22:42:52.0647 11112 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:42:52.0648 11112 mshidkmdf - ok
22:42:52.0657 11112 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
22:42:52.0658 11112 msisadrv - ok
22:42:52.0685 11112 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:42:52.0688 11112 MSiSCSI - ok
22:42:52.0692 11112 msiserver - ok
22:42:52.0718 11112 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:42:52.0720 11112 MSKSSRV - ok
22:42:52.0740 11112 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:42:52.0741 11112 MSPCLOCK - ok
22:42:52.0971 11112 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:42:52.0975 11112 MSPQM - ok
22:42:53.0017 11112 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
22:42:53.0022 11112 MsRPC - ok
22:42:53.0066 11112 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
22:42:53.0067 11112 mssmbios - ok
22:42:53.0076 11112 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:42:53.0077 11112 MSTEE - ok
22:42:53.0120 11112 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:42:53.0121 11112 MTConfig - ok
22:42:53.0141 11112 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:42:53.0142 11112 Mup - ok
22:42:53.0188 11112 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
22:42:53.0195 11112 napagent - ok
22:42:53.0231 11112 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:42:53.0236 11112 NativeWifiP - ok
22:42:53.0335 11112 NAUpdate (934bb0d23a25c8c136570800a5a149b6) C:\Program Files (x86)\Nero\Update\NASvc.exe
22:42:53.0343 11112 NAUpdate - ok
22:42:53.0405 11112 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
22:42:53.0415 11112 NDIS - ok
22:42:53.0432 11112 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:42:53.0434 11112 NdisCap - ok
22:42:53.0453 11112 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:42:53.0455 11112 NdisTapi - ok
22:42:53.0475 11112 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
22:42:53.0477 11112 Ndisuio - ok
22:42:53.0499 11112 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:42:53.0502 11112 NdisWan - ok
22:42:53.0517 11112 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
22:42:53.0519 11112 NDProxy - ok
22:42:53.0530 11112 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:42:53.0532 11112 NetBIOS - ok
22:42:53.0574 11112 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
22:42:53.0577 11112 NetBT - ok
22:42:53.0606 11112 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:42:53.0608 11112 Netlogon - ok
22:42:53.0656 11112 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:42:53.0662 11112 Netman - ok
22:42:53.0748 11112 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:42:53.0751 11112 NetMsmqActivator - ok
22:42:53.0754 11112 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:42:53.0755 11112 NetPipeActivator - ok
22:42:53.0798 11112 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:42:53.0804 11112 netprofm - ok
22:42:53.0913 11112 netr28x (ec2e3c603b5aa48570acb1f2f4631ff1) C:\Windows\system32\DRIVERS\netr28x.sys
22:42:53.0933 11112 netr28x - ok
22:42:54.0048 11112 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:42:54.0049 11112 NetTcpActivator - ok
22:42:54.0053 11112 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:42:54.0054 11112 NetTcpPortSharing - ok
22:42:54.0139 11112 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:42:54.0142 11112 nfrd960 - ok
22:42:54.0175 11112 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
22:42:54.0179 11112 NlaSvc - ok
22:42:54.0193 11112 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:42:54.0194 11112 Npfs - ok
22:42:54.0204 11112 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:42:54.0206 11112 nsi - ok
22:42:54.0233 11112 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:42:54.0235 11112 nsiproxy - ok
22:42:54.0324 11112 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
22:42:54.0342 11112 Ntfs - ok
22:42:54.0474 11112 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:42:54.0476 11112 Null - ok
22:42:54.0498 11112 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
22:42:54.0501 11112 nvraid - ok
22:42:54.0520 11112 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
22:42:54.0522 11112 nvstor - ok
22:42:54.0538 11112 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
22:42:54.0541 11112 nv_agp - ok
22:42:54.0548 11112 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
22:42:54.0550 11112 ohci1394 - ok
22:42:54.0625 11112 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:42:54.0628 11112 ose - ok
22:42:55.0072 11112 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:42:55.0196 11112 osppsvc - ok
22:42:55.0370 11112 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:42:55.0375 11112 p2pimsvc - ok
22:42:55.0432 11112 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:42:55.0438 11112 p2psvc - ok
22:42:55.0503 11112 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:42:55.0505 11112 Parport - ok
22:42:55.0518 11112 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
22:42:55.0520 11112 partmgr - ok
22:42:55.0535 11112 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:42:55.0538 11112 PcaSvc - ok
22:42:55.0554 11112 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
22:42:55.0575 11112 pci - ok
22:42:55.0641 11112 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
22:42:55.0643 11112 pciide - ok
22:42:55.0653 11112 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:42:55.0657 11112 pcmcia - ok
22:42:55.0669 11112 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:42:55.0670 11112 pcw - ok
22:42:55.0708 11112 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:42:55.0717 11112 PEAUTH - ok
22:42:55.0790 11112 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
22:42:55.0805 11112 PeerDistSvc - ok
22:42:55.0854 11112 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:42:55.0856 11112 PerfHost - ok
22:42:55.0989 11112 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
22:42:56.0005 11112 pla - ok
22:42:56.0045 11112 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
22:42:56.0051 11112 PlugPlay - ok
22:42:56.0064 11112 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:42:56.0066 11112 PNRPAutoReg - ok
22:42:56.0095 11112 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:42:56.0097 11112 PNRPsvc - ok
22:42:56.0140 11112 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
22:42:56.0147 11112 PolicyAgent - ok
22:42:56.0176 11112 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:42:56.0179 11112 Power - ok
22:42:56.0222 11112 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
22:42:56.0225 11112 PptpMiniport - ok
22:42:56.0238 11112 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:42:56.0240 11112 Processor - ok
22:42:56.0273 11112 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
22:42:56.0277 11112 ProfSvc - ok
22:42:56.0299 11112 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:42:56.0300 11112 ProtectedStorage - ok
22:42:56.0315 11112 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
22:42:56.0316 11112 Psched - ok
22:42:56.0392 11112 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:42:56.0409 11112 ql2300 - ok
22:42:56.0553 11112 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:42:56.0556 11112 ql40xx - ok
22:42:56.0593 11112 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:42:56.0597 11112 QWAVE - ok
22:42:56.0618 11112 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:42:56.0620 11112 QWAVEdrv - ok
22:42:56.0632 11112 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:42:56.0634 11112 RasAcd - ok
22:42:56.0642 11112 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:42:56.0644 11112 RasAgileVpn - ok
22:42:56.0664 11112 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:42:56.0667 11112 RasAuto - ok
22:42:56.0675 11112 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:42:56.0677 11112 Rasl2tp - ok
22:42:56.0702 11112 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
22:42:56.0708 11112 RasMan - ok
22:42:56.0731 11112 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:42:56.0733 11112 RasPppoe - ok
22:42:56.0754 11112 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:42:56.0756 11112 RasSstp - ok
22:42:56.0776 11112 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
22:42:56.0780 11112 rdbss - ok
22:42:56.0792 11112 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:42:56.0793 11112 rdpbus - ok
22:42:56.0800 11112 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:42:56.0801 11112 RDPCDD - ok
22:42:56.0826 11112 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
22:42:56.0829 11112 RDPDR - ok
22:42:56.0844 11112 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:42:56.0846 11112 RDPENCDD - ok
22:42:56.0890 11112 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:42:56.0914 11112 RDPREFMP - ok
22:42:56.0958 11112 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
22:42:56.0962 11112 RDPWD - ok
22:42:56.0992 11112 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
22:42:56.0995 11112 rdyboost - ok
22:42:57.0080 11112 RegFilter (c3b79061634fbc3ba3379f557ad952c7) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys
22:42:57.0082 11112 RegFilter - ok
22:42:57.0118 11112 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:42:57.0121 11112 RemoteAccess - ok
22:42:57.0169 11112 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:42:57.0172 11112 RemoteRegistry - ok
22:42:57.0223 11112 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:42:57.0225 11112 RpcEptMapper - ok
22:42:57.0266 11112 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:42:57.0268 11112 RpcLocator - ok
22:42:57.0349 11112 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\System32\rpcss.dll
22:42:57.0354 11112 RpcSs - ok
22:42:57.0392 11112 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:42:57.0395 11112 rspndr - ok
22:42:57.0433 11112 RTCore64 (4b60ef388071e0baf299496e3d6590ae) C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
22:42:57.0435 11112 RTCore64 - ok
22:42:57.0486 11112 RTL8167 (47032c855ddcb5ad7236286689ede288) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:42:57.0488 11112 RTL8167 - ok
22:42:57.0506 11112 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
22:42:57.0507 11112 s3cap - ok
22:42:57.0532 11112 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:42:57.0533 11112 SamSs - ok
22:42:57.0557 11112 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
22:42:57.0559 11112 sbp2port - ok
22:42:57.0643 11112 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
22:42:57.0651 11112 SBSDWSCService - ok
22:42:57.0684 11112 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:42:57.0688 11112 SCardSvr - ok
22:42:57.0746 11112 SCDEmu (efd61bd67e5ce72ca5ce8bb6ad3e1fdb) C:\Windows\system32\drivers\SCDEmu.sys
22:42:57.0749 11112 SCDEmu - ok
22:42:57.0771 11112 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
22:42:57.0773 11112 scfilter - ok
22:42:57.0839 11112 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
22:42:57.0853 11112 Schedule - ok
22:42:57.0887 11112 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
22:42:57.0888 11112 SCPolicySvc - ok
22:42:57.0931 11112 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
22:42:57.0935 11112 SDRSVC - ok
22:42:57.0972 11112 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:42:57.0973 11112 secdrv - ok
22:42:57.0982 11112 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
22:42:57.0984 11112 seclogon - ok
22:42:58.0000 11112 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
22:42:58.0003 11112 SENS - ok
22:42:58.0021 11112 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:42:58.0024 11112 SensrSvc - ok
22:42:58.0028 11112 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:42:58.0029 11112 Serenum - ok
22:42:58.0048 11112 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:42:58.0050 11112 Serial - ok
22:42:58.0059 11112 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:42:58.0060 11112 sermouse - ok
22:42:58.0096 11112 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
22:42:58.0099 11112 SessionEnv - ok
22:42:58.0121 11112 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:42:58.0122 11112 sffdisk - ok
22:42:58.0133 11112 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:42:58.0135 11112 sffp_mmc - ok
22:42:58.0145 11112 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
22:42:58.0148 11112 sffp_sd - ok
22:42:58.0169 11112 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:42:58.0170 11112 sfloppy - ok
22:42:58.0243 11112 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:42:58.0248 11112 SharedAccess - ok
22:42:58.0308 11112 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
22:42:58.0314 11112 ShellHWDetection - ok
22:42:58.0323 11112 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:42:58.0325 11112 SiSRaid2 - ok
22:42:58.0346 11112 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:42:58.0348 11112 SiSRaid4 - ok
22:42:58.0561 11112 Skype C2C Service (192d93ee7ae6a3c599c96cd8d736e914) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
22:42:58.0578 11112 Skype C2C Service - ok
22:42:58.0620 11112 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files (x86)\Skype\Updater\Updater.exe
22:42:58.0624 11112 SkypeUpdate - ok
22:42:58.0763 11112 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:42:58.0765 11112 Smb - ok
22:42:58.0789 11112 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:42:58.0792 11112 SNMPTRAP - ok
22:42:58.0807 11112 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:42:58.0809 11112 spldr - ok
22:42:58.0849 11112 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
22:42:58.0857 11112 Spooler - ok
22:42:59.0015 11112 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
22:42:59.0057 11112 sppsvc - ok
22:42:59.0216 11112 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:42:59.0219 11112 sppuinotify - ok
22:42:59.0222 11112 sptd - ok
22:42:59.0286 11112 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
22:42:59.0292 11112 srv - ok
22:42:59.0320 11112 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
22:42:59.0325 11112 srv2 - ok
22:42:59.0345 11112 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
22:42:59.0348 11112 srvnet - ok
22:42:59.0380 11112 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:42:59.0384 11112 SSDPSRV - ok
22:42:59.0399 11112 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:42:59.0402 11112 SstpSvc - ok
22:42:59.0470 11112 Steam Client Service - ok
22:42:59.0498 11112 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:42:59.0500 11112 stexstor - ok
22:42:59.0556 11112 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
22:42:59.0565 11112 stisvc - ok
22:42:59.0576 11112 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
22:42:59.0577 11112 storflt - ok
22:42:59.0588 11112 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
22:42:59.0589 11112 storvsc - ok
22:42:59.0596 11112 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
22:42:59.0598 11112 swenum - ok
22:42:59.0638 11112 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:42:59.0646 11112 swprv - ok
22:42:59.0746 11112 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
22:42:59.0767 11112 SysMain - ok
22:42:59.0898 11112 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
22:42:59.0904 11112 TapiSrv - ok
22:42:59.0919 11112 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:42:59.0922 11112 TBS - ok
22:43:00.0169 11112 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
22:43:00.0189 11112 Tcpip - ok
22:43:00.0406 11112 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
22:43:00.0416 11112 TCPIP6 - ok
22:43:00.0566 11112 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
22:43:00.0568 11112 tcpipreg - ok
22:43:00.0583 11112 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:43:00.0584 11112 TDPIPE - ok
22:43:00.0604 11112 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
22:43:00.0606 11112 TDTCP - ok
22:43:00.0622 11112 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
22:43:00.0624 11112 tdx - ok
22:43:00.0763 11112 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
22:43:00.0793 11112 TeamViewer7 - ok
22:43:00.0928 11112 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
22:43:00.0930 11112 TermDD - ok
22:43:00.0991 11112 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
22:43:01.0000 11112 TermService - ok
22:43:01.0051 11112 Themes (88e2696a4a1521b0f5ff62977259cdd1) C:\Windows\system32\themeservice.dll
22:43:01.0054 11112 Themes - ok
22:43:01.0073 11112 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:43:01.0075 11112 THREADORDER - ok
22:43:01.0094 11112 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:43:01.0097 11112 TrkWks - ok
22:43:01.0139 11112 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
22:43:01.0142 11112 TrustedInstaller - ok
22:43:01.0161 11112 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:43:01.0163 11112 tssecsrv - ok
22:43:01.0180 11112 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
22:43:01.0182 11112 tunnel - ok
22:43:01.0204 11112 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:43:01.0206 11112 uagp35 - ok
22:43:01.0231 11112 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
22:43:01.0236 11112 udfs - ok
22:43:01.0265 11112 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:43:01.0269 11112 UI0Detect - ok
22:43:01.0285 11112 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
22:43:01.0287 11112 uliagpkx - ok
22:43:01.0296 11112 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
22:43:01.0298 11112 umbus - ok
22:43:01.0306 11112 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:43:01.0308 11112 UmPass - ok
22:43:01.0328 11112 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
22:43:01.0332 11112 UmRdpService - ok
22:43:01.0403 11112 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:43:01.0409 11112 upnphost - ok
22:43:01.0503 11112 UrlFilter (401984715693b87fdf4f600fbbebd366) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys
22:43:01.0504 11112 UrlFilter - ok
22:43:01.0539 11112 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
22:43:01.0541 11112 USBAAPL64 - ok
22:43:01.0580 11112 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
22:43:01.0582 11112 usbaudio - ok
22:43:01.0607 11112 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
22:43:01.0610 11112 usbccgp - ok
22:43:01.0629 11112 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
22:43:01.0632 11112 usbcir - ok
22:43:01.0657 11112 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
22:43:01.0659 11112 usbehci - ok
22:43:01.0690 11112 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
22:43:01.0695 11112 usbhub - ok
22:43:01.0705 11112 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
22:43:01.0707 11112 usbohci - ok
22:43:01.0719 11112 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:43:01.0720 11112 usbprint - ok
22:43:01.0741 11112 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:43:01.0744 11112 USBSTOR - ok
22:43:01.0758 11112 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
22:43:01.0759 11112 usbuhci - ok
22:43:01.0788 11112 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:43:01.0790 11112 UxSms - ok
22:43:01.0822 11112 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:43:01.0824 11112 VaultSvc - ok
22:43:01.0850 11112 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
22:43:01.0851 11112 vdrvroot - ok
22:43:01.0892 11112 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
22:43:01.0899 11112 vds - ok
22:43:01.0941 11112 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:43:01.0942 11112 vga - ok
22:43:01.0966 11112 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:43:01.0996 11112 VgaSave - ok
22:43:02.0051 11112 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
22:43:02.0055 11112 vhdmp - ok
22:43:02.0069 11112 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
22:43:02.0070 11112 viaide - ok
22:43:02.0092 11112 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
22:43:02.0096 11112 vmbus - ok
22:43:02.0124 11112 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
22:43:02.0125 11112 VMBusHID - ok
22:43:02.0140 11112 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
22:43:02.0143 11112 volmgr - ok
22:43:02.0174 11112 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
22:43:02.0179 11112 volmgrx - ok
22:43:02.0205 11112 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
22:43:02.0209 11112 volsnap - ok
22:43:02.0229 11112 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:43:02.0232 11112 vsmraid - ok
22:43:02.0321 11112 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
22:43:02.0340 11112 VSS - ok
22:43:02.0477 11112 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:43:02.0479 11112 vwifibus - ok
22:43:02.0496 11112 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:43:02.0498 11112 vwififlt - ok
22:43:02.0537 11112 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:43:02.0551 11112 W32Time - ok
22:43:02.0563 11112 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:43:02.0565 11112 WacomPen - ok
22:43:02.0680 11112 wampapache (5cf6e9a685199445fee02fe8c191c9ba) E:\wamp\bin\apache\apache2.2.21\bin\httpd.exe
22:43:02.0681 11112 wampapache - ok
22:43:02.0724 11112 wampmysqld - ok
22:43:02.0741 11112 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:43:02.0743 11112 WANARP - ok
22:43:02.0747 11112 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:43:02.0748 11112 Wanarpv6 - ok
22:43:02.0840 11112 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:43:02.0854 11112 WatAdminSvc - ok
22:43:02.0942 11112 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
22:43:02.0960 11112 wbengine - ok
22:43:03.0121 11112 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:43:03.0126 11112 WbioSrvc - ok
22:43:03.0179 11112 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
22:43:03.0185 11112 wcncsvc - ok
22:43:03.0202 11112 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:43:03.0205 11112 WcsPlugInService - ok
22:43:03.0248 11112 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:43:03.0250 11112 Wd - ok
22:43:03.0291 11112 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:43:03.0299 11112 Wdf01000 - ok
22:43:03.0327 11112 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:43:03.0330 11112 WdiServiceHost - ok
22:43:03.0333 11112 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:43:03.0335 11112 WdiSystemHost - ok
22:43:03.0374 11112 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
22:43:03.0379 11112 WebClient - ok
22:43:03.0401 11112 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:43:03.0406 11112 Wecsvc - ok
22:43:03.0423 11112 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:43:03.0426 11112 wercplsupport - ok
22:43:03.0442 11112 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:43:03.0445 11112 WerSvc - ok
22:43:03.0484 11112 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:43:03.0486 11112 WfpLwf - ok
22:43:03.0500 11112 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:43:03.0501 11112 WIMMount - ok
22:43:03.0524 11112 WinDefend - ok
22:43:03.0533 11112 WinHttpAutoProxySvc - ok
22:43:03.0598 11112 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:43:03.0602 11112 Winmgmt - ok
22:43:03.0703 11112 WinRing0_1_2_0 (0c0195c48b6b8582fa6f6373032118da) C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys
22:43:03.0705 11112 WinRing0_1_2_0 - ok
22:43:03.0812 11112 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
22:43:03.0835 11112 WinRM - ok
22:43:04.0002 11112 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
22:43:04.0011 11112 WinUsb - ok
22:43:04.0120 11112 WinVNC4 (f3edc9909a02e6bca863eb702d37b505) E:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe
22:43:04.0387 11112 WinVNC4 - ok
22:43:04.0460 11112 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:43:04.0471 11112 Wlansvc - ok
22:43:04.0519 11112 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:43:04.0520 11112 WmiAcpi - ok
22:43:04.0572 11112 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:43:04.0575 11112 wmiApSrv - ok
22:43:04.0606 11112 WMPNetworkSvc - ok
22:43:04.0639 11112 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:43:04.0642 11112 WPCSvc - ok
22:43:04.0661 11112 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
22:43:04.0664 11112 WPDBusEnum - ok
22:43:04.0689 11112 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:43:04.0690 11112 ws2ifsl - ok
22:43:04.0717 11112 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
22:43:04.0720 11112 wscsvc - ok
22:43:04.0724 11112 WSearch - ok
22:43:04.0839 11112 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
22:43:04.0868 11112 wuauserv - ok
22:43:05.0185 11112 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
22:43:05.0187 11112 WudfPf - ok
22:43:05.0207 11112 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:43:05.0210 11112 WUDFRd - ok
22:43:05.0233 11112 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
22:43:05.0236 11112 wudfsvc - ok
22:43:05.0267 11112 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:43:05.0272 11112 WwanSvc - ok
22:43:05.0285 11112 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:43:05.0579 11112 \Device\Harddisk0\DR0 - ok
22:43:05.0600 11112 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
22:43:05.0737 11112 \Device\Harddisk1\DR1 - ok
22:43:05.0745 11112 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
22:43:05.0750 11112 \Device\Harddisk2\DR2 - ok
22:43:05.0753 11112 Boot (0x1200) (3fa92740f3ceff1e8f5f4c46b1226338) \Device\Harddisk0\DR0\Partition0
22:43:05.0754 11112 \Device\Harddisk0\DR0\Partition0 - ok
22:43:05.0757 11112 Boot (0x1200) (d3aa689d1bdb29faf7ed553d16251e4f) \Device\Harddisk0\DR0\Partition1
22:43:05.0758 11112 \Device\Harddisk0\DR0\Partition1 - ok
22:43:05.0761 11112 Boot (0x1200) (23310d304d0886644f618e37dc33c5a1) \Device\Harddisk0\DR0\Partition2
22:43:05.0762 11112 \Device\Harddisk0\DR0\Partition2 - ok
22:43:05.0766 11112 Boot (0x1200) (4345ebc7d3febc4251b19acee51f76bc) \Device\Harddisk1\DR1\Partition0
22:43:05.0767 11112 \Device\Harddisk1\DR1\Partition0 - ok
22:43:05.0772 11112 Boot (0x1200) (706c2335f0269ad9aaa200f6569fd9d7) \Device\Harddisk2\DR2\Partition0
22:43:05.0773 11112 \Device\Harddisk2\DR2\Partition0 - ok
22:43:05.0774 11112 ============================================================
22:43:05.0774 11112 Scan finished
22:43:05.0774 11112 ============================================================
22:43:05.0784 10316 Detected object count: 0
22:43:05.0784 10316 Actual detected object count: 0
22:49:12.0154 10604 Deinitialize success


aswMBR LOG:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-09 22:47:59
-----------------------------
22:47:59.927 OS Version: Windows x64 6.1.7600
22:47:59.927 Number of processors: 6 586 0xA00
22:47:59.928 ComputerName: SAVION-PC UserName: Savion
22:48:01.656 Initialize success
22:48:41.253 AVAST engine defs: 12060901
22:49:25.718 Disk 0 \Device\Harddisk0\DR0 -> \Device\00000071
22:49:25.720 Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 11
22:49:25.722 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000073
22:49:25.724 Disk 1 Vendor: Hitachi_ V54O Size: 305245MB BusType: 11
22:49:25.732 Disk 1 MBR read successfully
22:49:25.735 Disk 1 MBR scan
22:49:25.739 Disk 1 Windows 7 default MBR code
22:49:25.745 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305242 MB offset 2048
22:49:25.772 Disk 1 scanning C:\Windows\system32\drivers
22:49:33.456 Service scanning
22:50:06.291 Modules scanning
22:50:06.292 Disk 1 trace - called modules:
22:50:06.309 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
22:50:06.311 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8007b4a060]
22:50:06.312 3 CLASSPNP.SYS[fffff88001dcb43f] -> nt!IofCallDriver -> [0xfffffa8007873200]
22:50:06.312 5 amdxata.sys[fffff88000e637a8] -> nt!IofCallDriver -> \Device\00000073[0xfffffa800786d060]
22:50:08.755 AVAST engine scan C:\Windows
22:50:11.555 AVAST engine scan C:\Windows\system32
22:51:41.643 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
22:51:43.466 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
22:53:10.166 AVAST engine scan C:\Windows\system32\drivers
22:53:23.779 AVAST engine scan C:\Users\Savion
22:55:46.310 AVAST engine scan C:\ProgramData
23:00:06.673 Scan finished successfully
23:14:10.932 Disk 1 MBR has been saved successfully to "C:\Users\Savion\Desktop\MBR.dat"
23:14:10.970 The log file has been saved successfully to "C:\Users\Savion\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:23 PM

Posted 10 June 2012 - 05:03 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

FCopy::
c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe | c:\windows\system32\services.exe

File::
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Savion

Savion
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 10 June 2012 - 06:56 AM

Hello Gringo,

It seems like the antivirus has stopped picking up the traces of the malware and i'm happy to say that it is gone for now.
Thanks for helping me since now my computer is working like normal. :clapping:

LOG:

ComboFix 12-06-09.02 - Savion 06/10/2012 4:37.3.6 - x64
Microsoft Windows 7 GAMER™ 2010 6.1.7600.0.1252.1.1033.18.8191.6175 [GMT -7:00]
Running from: c:\users\Savion\Desktop\ComboFix.exe
Command switches used :: c:\users\Savion\Desktop\CFScript.txt
* Created a new restore point
.
FILE ::
"c:\windows\assembly\GAC_32\Desktop.ini"
"c:\windows\assembly\GAC_64\Desktop.ini"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache86\userinit.exe
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --> c:\windows\system32\services.exe
.
((((((((((((((((((((((((( Files Created from 2012-05-10 to 2012-06-10 )))))))))))))))))))))))))))))))
.
.
2012-06-10 11:44 . 2012-06-10 11:44 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-06-10 11:44 . 2012-06-10 11:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-10 09:06 . 2012-06-10 09:06 -------- d-----w- c:\windows\LastGood.Tmp
2012-06-09 13:55 . 2012-06-09 13:55 -------- d-----w- c:\program files (x86)\LOLReplay
2012-06-08 10:20 . 2012-06-08 10:21 -------- d-----w- C:\FRST
2012-06-08 03:25 . 2012-06-08 03:25 -------- d-----w- C:\Riot Games
2012-06-07 14:16 . 2012-06-07 14:17 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2012-06-07 14:14 . 2008-05-08 05:03 303616 ----a-w- C:\SetACL.exe
2012-06-07 14:04 . 2012-06-07 14:20 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-06-07 14:03 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe
2012-06-07 14:01 . 2012-06-07 14:20 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-06-07 13:57 . 2012-06-07 13:57 -------- d-----w- c:\programdata\HitmanPro
2012-06-07 12:56 . 2012-06-07 12:56 -------- d-----w- C:\_OTM
2012-06-07 11:00 . 2012-06-10 11:46 -------- d-----w- c:\programdata\Kaspersky Lab
2012-06-07 11:00 . 2012-06-07 11:00 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-06-07 10:50 . 2012-06-07 10:50 -------- d-----w- c:\program files\EAGAME~1
2012-06-06 23:26 . 2012-06-06 23:30 -------- d-----w- c:\program files (x86)\TEdit
2012-06-06 22:40 . 2012-06-06 22:40 -------- d-----w- c:\programdata\Sophos
2012-06-06 22:40 . 2012-06-06 22:40 73728 ----a-r- c:\users\Savion\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-06-06 22:40 . 2012-06-06 22:40 73728 ----a-r- c:\users\Savion\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-06-06 22:40 . 2012-06-06 22:40 73728 ----a-r- c:\users\Savion\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-06-06 22:40 . 2012-06-06 22:40 -------- d-----w- c:\program files (x86)\Sophos
2012-06-06 22:23 . 2012-06-06 22:23 -------- d-----w- c:\users\Savion\AppData\Roaming\PowerISO
2012-06-06 22:22 . 2012-06-06 22:22 -------- d-----w- c:\program files (x86)\PowerISO
2012-06-06 22:22 . 2012-05-31 04:10 126944 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-06-06 21:04 . 2012-06-07 20:38 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-06 20:46 . 2012-06-06 20:46 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\AMD
2012-06-06 20:45 . 2012-06-06 20:45 -------- d-----w- c:\users\Default\AppData\Roaming\IObit
2012-06-06 20:45 . 2012-06-06 20:45 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\ATI
2012-06-06 20:45 . 2012-06-06 20:45 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\ATI
2012-06-06 20:23 . 2012-06-06 20:23 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2012-06-06 20:12 . 2012-06-06 20:14 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-06-06 20:06 . 2012-06-06 20:06 -------- d-----w- c:\users\Savion\AppData\Roaming\IObit
2012-06-06 19:44 . 2012-06-06 19:44 388096 ----a-r- c:\users\Savion\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-06 19:44 . 2012-06-06 19:44 -------- d-----w- c:\program files (x86)\Trend Micro
2012-06-06 14:26 . 2012-06-06 19:28 48599 ----a-w- c:\windows\SysWow64\epfwdata.bin
2012-06-06 14:00 . 2012-06-06 19:40 -------- d-----w- c:\program files\ESET
2012-06-06 13:32 . 2012-06-06 13:32 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-06 13:13 . 2012-06-07 20:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-06 13:13 . 2012-06-06 13:17 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-06-06 13:00 . 2012-06-06 13:00 -------- d-----w- c:\users\Savion\AppData\Roaming\DiskAid
2012-06-06 10:25 . 2012-06-06 10:25 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-06 10:25 . 2012-06-06 10:25 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-06 10:25 . 2012-06-06 10:25 -------- d-----w- c:\windows\system32\Macromed
2012-06-05 06:01 . 2012-06-05 06:01 -------- d-----w- c:\users\Savion\AppData\Local\storage
2012-06-03 12:27 . 2012-06-03 12:27 -------- d-----w- c:\program files (x86)\Rockstar Games
2012-06-03 12:05 . 2012-06-03 12:05 -------- d-----w- c:\programdata\Rockstar Games
2012-06-03 11:59 . 1999-04-09 09:14 416304 ----a-w- c:\windows\SysWow64\MPG4C32.DLL
2012-06-03 11:56 . 2012-06-03 11:57 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2012-06-02 09:14 . 2012-06-02 09:14 -------- d-----w- c:\users\Savion\AppData\Local\Chromium
2012-06-01 22:39 . 2012-06-08 23:28 -------- d-----w- c:\users\Savion\AppData\Local\assembly
2012-06-01 04:38 . 2012-06-01 04:38 -------- d-----w- c:\program files (x86)\Common Files\EAInstaller
2012-06-01 04:38 . 2012-06-01 04:38 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-05-31 22:25 . 2012-05-31 22:25 -------- d-----w- c:\programdata\Codemasters
2012-05-31 22:25 . 2012-05-31 22:25 -------- d-----w- c:\users\Savion\AppData\Local\FLT
2012-05-31 22:23 . 2011-09-06 03:57 1306624 ----a-w- c:\windows\SysWow64\rapture3d_oal.dll
2012-05-31 22:23 . 2010-09-22 21:12 19087360 ----a-w- c:\windows\SysWow64\mkl_blueripple.dll
2012-05-31 22:23 . 2012-05-31 22:23 -------- d-----w- c:\program files (x86)\BRS
2012-05-31 22:23 . 2012-05-31 22:23 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-05-31 22:23 . 2012-05-31 22:23 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-05-31 22:23 . 2012-05-31 22:23 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-05-31 22:23 . 2012-05-31 22:23 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-05-31 22:23 . 2012-05-31 22:23 -------- d-----w- c:\program files (x86)\OpenAL
2012-05-31 08:08 . 2012-05-31 08:10 -------- d-----w- c:\users\Savion\AppData\Local\Ubisoft Game Launcher
2012-05-31 08:07 . 2012-05-31 08:07 -------- d-----w- c:\programdata\Ubisoft
2012-05-31 08:07 . 2012-05-31 08:07 -------- d-----w- c:\program files (x86)\Ubisoft
2012-05-31 02:19 . 2012-05-31 02:19 -------- d-----w- c:\programdata\LightScribe
2012-05-31 02:19 . 2012-05-31 02:57 -------- d-----w- c:\users\Savion\AppData\Roaming\Nero
2012-05-31 02:15 . 2012-05-31 02:16 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-05-31 02:15 . 2012-05-31 02:17 -------- d-----w- c:\program files (x86)\Nero
2012-05-31 02:15 . 2012-05-31 02:17 -------- d-----w- c:\programdata\Nero
2012-05-31 00:33 . 2012-05-31 00:33 -------- d-----w- c:\program files (x86)\Common Files\LightScribe
2012-05-28 09:39 . 2012-05-28 09:42 -------- d-----w- c:\users\Savion\AppData\Local\GRAW2
2012-05-28 09:39 . 2012-05-28 09:39 -------- d-----w- c:\programdata\GRAW2
2012-05-28 09:25 . 2012-05-28 09:25 -------- d-----w- c:\programdata\Media Center Programs
2012-05-28 08:32 . 2012-06-06 08:57 -------- d-----w- c:\users\Savion\AppData\Roaming\Apple Computer
2012-05-28 08:32 . 2012-05-28 08:32 -------- d-----w- c:\users\Savion\AppData\Local\Apple Computer
2012-05-28 08:31 . 2012-05-28 08:31 -------- dc----w- c:\windows\system32\DRVSTORE
2012-05-28 08:31 . 2009-05-18 20:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-05-28 08:29 . 2012-05-28 08:30 -------- d-----w- c:\programdata\Apple
2012-05-27 05:09 . 2012-05-27 05:10 -------- d-----w- c:\users\Savion\AppData\Roaming\Notepad++
2012-05-25 01:01 . 2012-05-25 01:01 -------- d-----w- c:\program files\Nexus Mod Manager
2012-05-24 23:44 . 2012-05-24 23:44 -------- d-----w- c:\users\Savion\AppData\Roaming\LolClient2
2012-05-24 23:25 . 2002-07-03 18:44 53248 ----a-w- c:\windows\amcap.exe
2012-05-24 23:25 . 1998-06-12 06:15 307200 ----a-w- c:\windows\vidcap32.exe
2012-05-24 23:22 . 2012-05-24 23:22 -------- d-----w- c:\program files (x86)\Girl Tech
2012-05-24 23:20 . 2012-05-24 23:20 -------- d-----w- c:\program files (x86)\JL2005C
2012-05-24 12:19 . 2012-05-24 13:35 -------- d-----w- c:\users\Savion\AppData\Roaming\wargaming.net
2012-05-23 22:50 . 2012-05-25 01:03 -------- d-----w- c:\users\Savion\AppData\Local\Black_Tree_Gaming
2012-05-23 22:37 . 2012-05-25 01:11 -------- d-----w- c:\users\Savion\AppData\Local\Skyrim
2012-05-22 03:26 . 2012-05-22 05:35 -------- d-----w- c:\users\Savion\AppData\Roaming\Audacity
2012-05-22 03:26 . 2012-05-22 03:26 -------- d-----w- c:\program files (x86)\Audacity
2012-05-22 01:37 . 2012-03-22 20:43 2557952 ----a-w- c:\windows\SysWow64\QtCore4.dll
2012-05-22 01:37 . 2012-04-18 20:49 405176 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-05-22 01:37 . 2012-05-22 01:37 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2012-05-22 01:37 . 2012-05-22 01:37 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2012-05-22 01:37 . 2012-05-22 01:37 -------- d-----w- c:\users\Savion\AppData\Roaming\DVDVideoSoft
2012-05-22 01:08 . 2012-05-22 01:08 -------- d-----w- c:\windows\Sun
2012-05-22 01:07 . 2012-05-22 01:07 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-22 01:07 . 2012-05-22 01:07 -------- d-----w- c:\program files (x86)\Oracle
2012-05-22 01:06 . 2012-04-05 01:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-22 01:06 . 2012-05-22 01:06 -------- d-----w- c:\program files (x86)\Java
2012-05-21 19:26 . 2012-05-21 19:26 -------- d-----w- c:\program files (x86)\Microsoft XNA
2012-05-21 10:00 . 2012-05-21 10:00 -------- d-----w- c:\users\Savion\Cisco Packet Tracer 5.3
2012-05-21 09:58 . 2012-05-21 09:59 -------- d-----w- c:\program files (x86)\Cisco Packet Tracer 5.3
2012-05-21 01:34 . 2012-05-21 01:34 -------- d-----w- c:\windows\SysWow64\xlive
2012-05-21 01:34 . 2012-05-21 01:34 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-05-20 21:55 . 2012-05-21 01:11 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-05-20 21:24 . 2012-05-20 21:24 -------- d-----w- c:\users\Savion\AppData\Roaming\.clickme
2012-05-18 23:48 . 2012-06-07 01:09 -------- d-----w- c:\program files (x86)\Dxtory License Cracked
2012-05-18 23:48 . 2011-05-24 06:29 3673600 ----a-w- c:\windows\system32\DxtoryCodec64.dll
2012-05-18 23:48 . 2011-05-24 06:23 3166720 ----a-w- c:\windows\SysWow64\DxtoryCodec.dll
2012-05-18 11:05 . 2012-05-18 11:05 -------- d-----r- C:\MSOCache
2012-05-18 09:57 . 2012-05-18 09:57 -------- d-----w- c:\users\Savion\AppData\Roaming\Media Player Classic
2012-05-16 04:42 . 2012-05-21 01:11 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-05-16 04:32 . 2012-05-16 04:32 -------- d-----w- c:\programdata\Battle.net
2012-05-12 08:13 . 2011-05-30 13:42 255488 ----a-w- c:\windows\system32\xvidvfw.dll
2012-05-12 08:13 . 2011-05-23 09:52 153088 ----a-w- c:\windows\SysWow64\xvid.ax
2012-05-12 08:13 . 2011-05-23 07:49 173568 ----a-w- c:\windows\system32\xvid.ax
2012-05-12 08:13 . 2011-05-23 07:45 696832 ----a-w- c:\windows\system32\xvidcore.dll
2012-05-12 08:08 . 2012-05-12 08:08 -------- d-----w- c:\users\Savion\AppData\Roaming\Sony Creative Software Inc
2012-05-12 08:01 . 2012-05-12 08:01 -------- d-----w- c:\users\Savion\AppData\Roaming\Publish Providers
2012-05-12 07:58 . 2012-05-12 07:59 -------- d-----w- c:\users\Savion\AppData\Local\Sony
2012-05-12 07:58 . 2012-05-12 07:58 -------- d-----w- c:\programdata\Sony
2012-05-12 07:58 . 2012-05-12 07:58 -------- d-----w- c:\program files (x86)\Sony
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 22:51 . 2012-05-04 22:52 544032 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-04 22:51 . 2012-05-04 22:52 525600 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 07:57 . 2012-05-04 07:57 715038 ----a-w- c:\windows\unins000.exe
2012-05-04 07:29 . 2012-05-04 07:29 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-05-04 07:21 . 2012-05-04 07:21 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-04 02:47 . 2012-05-02 09:43 560184 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-05-02 09:52 . 2009-07-13 23:38 1008640 ----a-w- c:\windows\system32\user32.dll.old
2012-05-02 09:52 . 2009-07-13 23:24 833024 ----a-w- c:\windows\SysWow64\user32.dll.old
2012-04-06 05:34 . 2012-04-06 05:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 05:34 . 2012-04-06 05:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-06 05:34 . 2012-04-06 05:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-06 05:33 . 2012-04-06 05:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-06 05:33 . 2012-04-06 05:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-06 05:32 . 2012-04-06 05:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-06 05:32 . 2012-04-06 05:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-06 05:32 . 2012-04-06 05:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-05-02 09:40 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2012-05-02 09:40 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2012-05-02 09:40 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2012-05-02 09:40 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-05-02 09:40 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-05-02 09:40 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2011-10-24 11:41 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2012-05-02 09:40 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-05-02 09:40 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-05-02 09:40 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-04-05 01:47 . 2012-05-02 10:28 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 22:56 . 2012-05-02 10:43 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-14 15:40 . 2012-03-14 15:40 38288 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-08_23.30.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-11 06:15 . 2012-06-10 11:49 37390 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-10 11:49 47038 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-05-02 09:49 . 2012-06-10 11:49 10310 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1857216960-1225585824-2230566925-1000_UserData.bin
+ 2012-05-02 08:19 . 2012-06-10 09:05 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-05-02 08:19 . 2012-06-07 23:16 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-10 09:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-07 23:16 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-05-02 09:07 . 2012-06-08 22:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-05-02 09:07 . 2012-06-10 11:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-05-02 09:07 . 2012-06-10 11:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-05-02 09:07 . 2012-06-08 22:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-05-05 13:11 . 2012-06-08 14:53 3296 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-05-05 13:11 . 2012-06-10 11:44 3296 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-06-10 11:45 . 2012-06-10 11:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-08 23:29 . 2012-06-08 23:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-10 11:45 . 2012-06-10 11:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-08 23:29 . 2012-06-08 23:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-02 19:24 . 2012-06-10 04:28 317090 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-06-08 23:24 662902 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-10 08:55 662902 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-10 08:55 121770 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-08 23:24 121770 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-06-08 23:28 389228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-10 11:44 389228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:34 . 2012-06-10 09:15 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-06-07 23:45 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-05-02 10:49 . 2012-06-10 11:44 5797344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-05-02 10:49 . 2012-06-08 23:28 5797344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-05-04 02:59 . 2012-06-08 23:28 1877740 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1857216960-1225585824-2230566925-1000-12288.dat
+ 2012-05-04 02:59 . 2012-06-10 11:44 1877740 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1857216960-1225585824-2230566925-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
"uTorrent"="d:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-11 880496]
"Steam"="e:\program files (x86)\Steam\Steam.exe" [2012-05-04 1242448]
"Welcome Center"="c:\windows\system32\rundll32.exe" [2009-07-14 44544]
"Xvid"="e:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Dxtory Update Checker 2.0"="c:\program files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe" [2010-10-17 93696]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="e:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"LogMeIn Hamachi Ui"="e:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-29 1987976]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-05-09 4464472]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-05-31 336992]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-25 202296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Welcome Center"="c:\windows\system32\rundll32.exe" [2009-07-14 44544]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2012-6-7 510976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klogon]
[BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 257696]
R3 BlackBox;BlackBox SR2; [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-06 21384]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-05-03 1038088]
R3 GPU-Z;GPU-Z;c:\users\Savion\AppData\Local\Temp\GPU-Z.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-04-28 33184]
R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2012-04-19 10568]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-04-28 21872]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [2010-11-01 14544]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;e:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-29 2343816]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-10 821592]
S2 iTeleportService;iTeleportService;e:\program files (x86)\iTeleport\iTeleport Connect\iTeleportService.exe [2011-12-08 25600]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-04-09 3063968]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 HCW723x;Hauppauge WinTV 723x PCIe Card;c:\windows\system32\DRIVERS\HCW723x.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 10:25]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1857216960-1225585824-2230566925-1000Core.job
- c:\users\Savion\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-02 09:58]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1857216960-1225585824-2230566925-1000UA.job
- c:\users\Savion\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-02 09:58]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
e:\program files (x86)\RealVNC\VNC4\WinVNC4.exe
.
**************************************************************************
.
Completion time: 2012-06-10 04:52:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-10 11:52
ComboFix2.txt 2012-06-08 23:35
.
Pre-Run: 252,536,545,280 bytes free
Post-Run: 252,680,163,328 bytes free
.
- - End Of File - - 14D3D56E528F936B861D101752A58747

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:23 PM

Posted 10 June 2012 - 11:09 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Savion

Savion
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 10 June 2012 - 12:49 PM

Uninstalled uTorrent and cleaned used the program that you suggested. Nothing more interesting than these scans which show nothing for the moment.

HiJackThis LOG:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:46:07 AM, on 6/10/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16968)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files (x86)\Dxtory Software\Dxtory2.0\Dxtory.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
E:\Program Files (x86)\Steam\Steam.exe
C:\Users\Savion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Savion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Savion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Savion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Savion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Savion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Savion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Savion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Savion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Savion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Savion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Savion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Savion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: (no name) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Steam] "E:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Welcome Center] C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
O4 - HKCU\..\Run: [Xvid] E:\Program Files (x86)\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [Dxtory Update Checker 2.0] C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [Welcome Center] C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Welcome Center] C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut (User 'Default user')
O4 - Global Startup: LOLRecorder.lnk = C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\nwprovau.dll' missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 10.4.1) -
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 10.4.1) -
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - E:\wamp\bin\apache\apache2.2.21\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - E:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - E:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13290 bytes


MalwareBytes Log:

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.10.06

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Savion :: SAVION-PC [administrator]

Protection: Enabled

6/10/2012 10:44:11 AM
mbam-log-2012-06-10 (10-44-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213181
Time elapsed: 2 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:23 PM

Posted 10 June 2012 - 01:45 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
      O4 - HKCU\..\Run: [Steam] "E:\Program Files (x86)\Steam\Steam.exe" -silent
      O4 - HKCU\..\Run: [Welcome Center] C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
      O4 - HKCU\..\Run: [Xvid] E:\Program Files (x86)\Xvid\CheckUpdate.exe
      O4 - HKCU\..\Run: [Dxtory Update Checker 2.0] C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe
      O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
      O4 - HKUS\S-1-5-18\..\Run: [Welcome Center] C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [Welcome Center] C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut (User 'Default user')
      O4 - Global Startup: LOLRecorder.lnk = C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Savion

Savion
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 10 June 2012 - 11:11 PM

Took forever just for this one log. >_>


C:\FRST\Quarantine\{717d206c-d22f-0387-060d-b567ed72417b}\U\00000008.@ Win64/Agent.BA trojan
C:\FRST\Quarantine\{717d206c-d22f-0387-060d-b567ed72417b}\U\80000032.@ probably a variant of Win32/Sirefef.EU trojan
C:\FRST\Quarantine\{717d206c-d22f-0387-060d-b567ed72417b}\U\80000064.@ Win64/Sirefef.AE trojan
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.AD trojan
C:\_OTM\MovedFiles\06072012_055604\C_windows\assembly\GAC_64\Desktop.ini Win64/Sirefef.AD trojan
C:\_OTM\MovedFiles\06072012_060211\C_windows\assembly\GAC_64\Desktop.ini Win64/Sirefef.AD trojan
E:\Games Stuff\Max Payne 3\gsrld.dll a variant of Win32/Packed.VMProtect.AAH trojan
E:\Games Stuff\Max Payne 3\mp3c.dll a variant of Win32/Adware.Virtumonde.NAQ application




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users